Friday, March 16, 2018

Spycam: John E. Lola kinks aim him to The Clink

MA - A former Framingham supermarket employee installed a spy camera in an employee ladies room last year, recording unsuspecting co-workers as they used the toilet, authorities said.

John E. Lola Jr., 47, of Holliston, pleaded not guilty to the charges at his Framingham District Court arraignment on Tuesday.

Lola was a longtime employee at the Stop and Shop on Temple Street. On Nov. 18 of last year, a female employee discovered the camera in a unisex employees-only restroom...

The camera was disguised as an electrical outlet. According to the report, the female employee was suspicious when she saw a new outlet in a stall. When she touched it, the outlet fell to the floor and revealed the camera, which was aimed at the level of someone sitting on a toilet, police wrote.

The small video camera had a disc attached to it. Police got a warrant to view the contents of the disc, which contained 34 videos, mostly about one-minute long each.

"Most were of females using the bathroom, primarily of the private parts are visible," police wrote in the report.

The videos did not show any of the people's faces. However, the video did catch a closeup of the person installing the camera. It appeared the camera was turned on as the man attached the camera to the stall's wall, police wrote in the video. more  The Clink

Note to businesses: This spy camera was found by chance. Lawsuits often follow this type of embarrassing discovery. Periodic inspections for hidden cameras in expectation of privacy areas by trained staff is a nice defense to have.

Wednesday, March 14, 2018

From Those Wonderful Folks Who Killed Air-Gap Security - This Bud Screws You

A research team from Israel’s Ben-Gurion University of the Negev's cybersecurity research center has discovered a new way of data extraction from air-gapped computers via using passive devices like earbuds, earphones, headphones, and speakers.

Now, the same research center has claimed to be able to use computer speakers and headphones to act as microphones and receive data. The devices can be used to send back the signals and make the otherwise safe practice of air-gapping less secure.

As per the new technique [PDF], data is extracted in the form of inaudible ultrasonic sound waves and transmission occurs between two computers installed in the same room while data is shared without using microphones. more

Off-the-shelf Smart Devices Easy to Hack

Off-the-shelf devices that include baby monitors, home security cameras, doorbells, and thermostats were easily co-opted by cyber researchers at Ben-Gurion University of the Negev (BGU). As part of their ongoing research into detecting vulnerabilities of devices and networks expanding in the smart home and Internet of Things (IoT), the researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.

"It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices," says Dr. Yossi Oren, a senior lecturer in BGU's Department of Software and Information Systems Engineering and head of the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU. "Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products."

"It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand," says Omer Shwartz, a Ph.D. student and member of Dr. Oren's lab. "Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely." more

Monday, March 12, 2018

Combatting Corporate Espionage -- Warning Signs

by Adam Brown
In the modern age of relatively cheap and ever-evolving technology, corporate espionage is a real threat that could be perpetrated by any employee or other insider at any time. 

The term “corporate espionage” covers many different types of behavior, ordinarily taking the form of a malicious company insider secretly stealing confidential company information, usually for use in a competing business. The insider may be planning on joining an existing competitor, or may be planning on founding a new competing business of their own.

Hiding a bug in a book binding. | Murray Associates TSCM
Hiding a bug in a book binding.
In essence, however, the term refers to any act of spying that is carried out for commercial purposes. Regardless of the form it takes, the wrongdoer will be looking to exploit the time, money, and hard work you have put in to make your business successful for their own malicious purposes.

Corporate espionage comes in many forms, some more sophisticated than others. While there is no foolproof way to spot all transgressions before it is too late, here are some general warning signs to watch for:
  • The employee begins working from home or out of the office more often;
  • You see an increase in after-hours work or unusual office or remote computer access;
  • The employee begins meeting with customers without recording meetings in company systems;
  • The employee knows about business matters they are not directly involved in;*
  • The employee becomes disgruntled or has a sudden change in attitude;
  • Files or other materials are missing from the office with no explanation;
  • The employee unexpectedly resigns without advance notice; and
  • The employee refuses an exit interview or does not want to discuss post-resignation employment plans. While not necessarily indicative of any improper actions, any of these behaviors should be considered “red flags” that merit further investigation or research. more
* Electronic eavesdropping.
Time for a technical surveillance countermeasures (TSCM) inspection.

You may also want to read... Business Espionage: The Employee Competitor… and what to do about it.

What is the Salary for a Female Spy in Australia?

Australia - The anti-corruption watchdog sought special exemption from the Anti-Discrimination Board of NSW to advertise for the $127,627 ($100,440.71 USD) job which requires women to be sent into the field in “covert” spying operations.

“The exemption is required to ensure operational effectiveness and flexibility,”... more ($)

Cameras at Women’s Apparel Shop Hacked

A viral Peeping Tom who hacked into the closed-circuit TV surveillance camera at a women’s bathing suit shop has led to a warning from the Israel Police Cybercrimes Unit that similar systems may be compromised and violate the privacy of unsuspecting persons.

According to police, an unidentified 41-year-old man was arrested on Wednesday after he allegedly used his computer to hack into the CCTV system at a high-end boutique in northern Tel Aviv and recorded customers as they undressed and tried on bathing suits.

While details of the incident remain unclear due to a gag order, police said the suspect subsequently posted the videos to a social media page. more

So, uh, why were there cameras in the changing areas in the first place? Better learn how to spot the cam.

Sunday, March 11, 2018

Has Your Information Been Compromised? Check Here to See

"We build NoSecrets to inform the public that their information is being traded and sold not just on the dark web, but between data brokering companies."

Do data brokers hold information about you that they should not hold, thus putting you at risk?

You can check here.

Friday, March 9, 2018

Pruitt Do It In a SCIF

African Union Bugged by China: Cyber Espionage as Evidence of Strategic Shifts
A number of African leaders have turned to Chinese investment as a viable alternative to Western development aid. The recent allegations of Chinese cyberespionage of the African Union's headquarters might prompt them to reconsider... Although this sort of spycraft is fairly routine, it signals Africa’s growing strategic importance to China. In a world of finite resources, states spy on states that matter to them. more

Russia has found yet another way surreptitiously to influence U.S. public policy: Stealing the identities of real Americans and then using these identities to file fake comments during the comment submission period preceding the formulation of public policies... Researchers, journalists, and public servants have found a wide range of fake comments and stolen identities in the public proceedings of the Labor Department, Consumer Financial Protection Bureau, Federal Energy Regulatory Commission, and Securities and Exchange Commission. more

The impact of a data breach should not be underestimated. A breach can lead to regulatory investigations by a number of agencies, including the Federal Bureau of Investigation, Secret Service, Immigration and Customs Enforcement as well as through enforcement actions by regulators including State Attorneys General, the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC), among many others. more

So, is it any wonder paranoia is forcing SCIF spending...

The Environmental Protection Agency is spending nearly $25,000 to build a soundproof communications booth in Administrator Scott Pruitt’s office, according to media reports.

The Washington Post first reported details of the contract on Tuesday evening, which will cost the government $24,570.

The “privacy booth” will be installed by Oct. 9, so Pruitt can have “a secured communication area in the administrator’s office so secured calls can be received and made,” EPA spokeswoman Liz Bowman told the Post in a statement.

“Federal agencies need to have one of these so that secured communications, not subject to hacking from the outside, can be held,” Bowman continued. “This is something which a number, if not all, cabinet offices have and EPA needs to have updated.” more sing-a-long (for what it's worth)

Wednesday, March 7, 2018

A Very Weird Tale of Corporate Espionage and Murder and More Corporate Espionage

Apotex claims longtime chemist went rogue and stole drug secrets...

Apotex Inc., the generic-drug giant founded by murdered billionaire Barry Sherman, has been waging a year-long court battle against an ex-employee who was fired for allegedly stealing millions of dollars’ worth of pharmaceutical trade secrets from a laboratory computer—in the hopes of launching a rival company in his native Pakistan...

Barry Sherman, 75, and his wife, Honey Sherman, 70, were discovered strangled inside their North York mansion nearly three months ago, the victims of what police have labeled a “targeted” double homicide. Since then, detectives have said little else about the high-profile murders...

News of the lawsuit comes at the same time as Apotex tries to defend itself against similar allegations of corporate espionage. In a court action launched last July in the United States, Sherman’s company is accused of using sex, lies and USB drives to illegally obtain valuable trade secrets from the world’s largest generic drug-maker, Israel’s Teva Pharmaceutical Industries Ltd. As Maclean’s reported last month, a Pennsylvania judge denied Apotex’s attempt to throw out the sensational lawsuit, which accuses a former Teva executive of leaking confidential information to her boyfriend—then-Apotex CEO Jeremy Desai. Desai abruptly resigned in January, six weeks after the Shermans were killed, “to pursue other opportunities.” more

Further insights... Business Espionage: The Employee Competitor… and what to do about it.

Australian Spy Who Revealed Bugging Under 'Effective House Arrest'

The spy who blew the whistle on Australia’s bugging of Timor-Leste’s cabinet room during sensitive oil and gas negotiations is still under “effective house arrest” and has been treated disgracefully by Australia in retaliation for his actions, his lawyer says.

The Australian secret intelligence service agent, known only as Witness K, had his passport seized in 2013 as he prepared to give evidence in The Hague on an Australian bugging operation.

In 2004, Witness K was involved in a covert mission to listen in on the Timor-Leste cabinet aimed at giving Australia the upper hand during negotiations to carve up oil and gas reserves in the Timor Sea, estimated to be worth about $53bn. more

Secret Agent Man & Daughter

Intrigue continues to swirl as the “poisoned spy”, Sergei Skripal, and his daughter, Yulia, remain in intensive care. Counter-terrorism police have taken over the investigation. Boris Johnson has said the possibility of a Russian assassination attempt means UK officials might boycott the World Cup.

This morning, Shaun Walker examines how the Skripal case looks like a warning about the fate awaiting those who collaborate with western intelligence agencies.

And more details are emerging about the life of the former double agent, known in his Salisbury neighborhood as a genial man with a penchant for Polish sausage and lottery scratch cards. more video sing-a-long

Monday, March 5, 2018

Court Admits Husband's Illegal Bugging into Evidence

Turkey - A top appeals court decided that evidence collected through illegal bugging could not be used by itself to prove guilt but could be used in conjunction with other evidence in a 2015 case where a man in the Aegean province of Aydın believed his wife was cheating on him and installed a bugging application onto her cell phone.

The application turned the cell phone into a recording device. The recordings showed the woman really was cheating on him with a colleague from work. The man immediately filed for divorce, demanding compensation from his wife and the custody of their child. more

An app that can help determine if an Android phone is infected with spyware.

10 New Attacks on 4G LTE Discovered

A group of researchers has uncovered ten new attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.

The attacks exploit design flaws in the communications protocol and unsafe practices employed by the stakeholders and can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on SMS communications, and more.

Among the uncovered attacks they consider one particularly worrying: an authentication relay attack that allows an adversary to impersonate an existing user (mobile phone) without possessing any legitimate credentials.

“Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” they pointed out. more

Cuba's Sonic Attacks - Possibly a Side-Effect of Spying

Its surveillance tools may have transmitted ultrasonic sounds by mistake...

Remember those 'sonic attacks' against the American and Canadian embassies last summer, making staff queasy and raising all kinds of questions as to what happened? There might have an answer. University of Michigan researchers have theorized that the incidents were really the result of ultrasonic signals from poorly functioning surveillance equipment. While individual ultrasonic signals can't harm people outside of extreme circumstances, multiple signals can clash with each other and produce a sound that's just low enough to be audible.

The scientists tested their hypothesis by replicating the "chirping" from an AP video using two ultrasonic emitters that combined tones, one at 25kHz and another at 180Hz. That produced a similar-sounding 7kHz frequency with ripples of sound at an even 180Hz spacing. The team even built a device that would simulate eavesdropping by playing a song instead of the 180Hz tone. more

Security Scrapbook fans knew this might be a botched spying attempt, and how it worked, last August. ~Kevin

Wednesday, February 28, 2018

Invention: Simple Device Allows Fast Lockdowns in Schools

As school carpenter Cory Webster replaced dozens of deteriorating rubber door stoppers that were installed to help keep Palos Verdes Peninsula classrooms safe in the event of a lockdown, he thought there must be a better way...

The 123 Lock-down Latch works much like a hotel door bumper: a teacher simply slides the metal lever to prevent a locked door from closing. When a lockdown happens, anyone inside the classroom can slide the lever back and the door closes and locks...

Because most classroom doors can only be locked from the outside with a key, the teacher can leave the door locked but with the latch engaged during passing period to allow students in and out easily. In the event of an active shooter, it’s not always safe for a teacher to step outside to lock the door. With the latch, there’s no need to fumble for keys or leave the classroom to secure the door. more