google-site-verification=s1JKQUlQigDi_YDaf1obkHeNEXd8IOGKgKblwH93i7o Kevin's Security Scrapbook

Sunday, September 25, 2022

The CIA Renovated its Museum...

... The public still can’t go see it.

The CIA Museum covers the intelligence agency’s long history — from spying on the Soviets to the Argo mission in Iran — but the latest addition is practically ripped from the headlines: a model of Ayman al-Zawahiri’s compound in Kabul used weeks ago to plan the U.S. drone strike that killed the al-Qaeda leader.

The model is part of the newly renovated exhibition hall located deep inside CIA headquarters in Langley, Va. Like the NSA’s Wall of Spies museum in Bethesda, Md., the CIA Museum isn’t open to the public. But it’s not exactly top secret either, welcoming CIA employees, official guests, foreign partners, potential recruits — and, early on a Saturday morning, a handful of carefully observed journalists, including reporters with old-school notepads and pens (electronics are banned).

There are plenty of fun gadgets to see, like a polygraph machine in a briefcase and a communication device disguised as a tobacco pipe, used in the 1960s. When a user bit down on the pipe, sound traveled through their teeth and jawbone to the ear canal, allowing them to hear messages that no one around them could. 

But many of the items displayed — the pigeon camera, the fake dead rat used for “dead drops” — can also be found across the river at the International Spy Museum. more

Allow me to sneak you in the back door.

Here's the Thing - Wednesday - Nov. 23rd

Wednesday Addams catches Thing spying on her...

Wednesday Addams (Jenna Ortega) is not a fan of being spied on ... particularly when her parents are the ones doing the spying. 

During Netflix's TUDUM fan event on Saturday, the streamer released a new clip from the upcoming Addams family series, Wednesday, which follows a teenage Wednesday as she attends Nevermore Academy — the school where her parents once met — and discovers a supernatural mystery might be afoot. more

Fears Grow of Russian Spies Turning to Industrial Espionage

Russia acknowledged this week that parts of its technology industry are dependent on foreign knowledge and lagging competitors by more than a decade, raising concerns that the country’s cyber spies will be used for industrial espionage.

Experts told The Record that Western companies should be on “full alert” for attacks from Moscow’s intelligence services. President Vladimir Putin has suggested in recent months that the country’s Foreign Intelligence Service (SVR) should support technological development as the country deals with mounting sanctions.

The admission about the state of Russia’s microelectronics industry is contained in a new strategic policy document from the Ministry of Industry and Trade, reported Tuesday by Kommersant. It lists a number of acute problems facing Russia’s domestic technology industry, including its dependence on foreign intellectual property; its lack of production capacity; and Russia being unattractive to investors. more

Wiretapping and Eavesdropping Research Paper

EARLY RESTRICTIONS ON ELECTRONIC SURVEILLANCE

The Supreme Court first considered the constitutionality of wiretapping in the 1928 case of Olmstead v. United States, 277 U.S. 438 (1928). The Court ruled that governmental wiretapping of telephone conversations fell outside the protection of the Fourth Amendment. The Court based its conclusion upon a narrow, textual reading of the amendment. First, the Court found that words spoken into a telephone were not tangible things and thus could not be subjected to a search or seizure. Second, it reasoned that because wiretapping could be accomplished without a trespass, there was no physical invasion of property to justify invoking the Fourth Amendment. Finally, the Court assumed that one who uses the telephone ‘‘intends to project his voice to those quite outside.’’

The ruling in Olmstead was controversial. more

Covenant Eyes: God isn't the only one watching you...

Churches are using invasive phone-monitoring tech to discourage “sinful” behavior. Some software is seeing more than congregants realize.

GRACEPOINT is (an) evangelical Southern Baptist church... when Grant Hao-Wei Lin came out to a Gracepoint church leader during their weekly one-on-one session, he was surprised to learn that he wasn’t going to be kicked out. According to his church leader, Hao-Wei Lin says, God still loved him in spite of his “struggle with same-sex attraction.”

But Gracepoint did not leave the matter in God’s hands alone. At their next one-on-one the following week, Hao-Wei Lin says the church leader asked him to install an app called Covenant Eyes on his phone...

Covenant Eyes is part of a multimillion-dollar ecosystem of so-called accountability apps that are marketed to both churches and parents as tools to police online activity. For a monthly fee, some of these apps monitor everything their users see and do on their devices, even taking screenshots (at least one per minute, in the case of Covenant Eyes) and eavesdropping on web traffic, WIRED found. The apps then report a feed of all of the users’ online activity directly to a chaperone—an “accountability partner,” in the apps’ parlance. When WIRED presented its findings to Google, however, the company determined that two of the top accountability apps—Covenant Eyes and Accountable2You—violate its policies. more

Thursday, September 8, 2022

FutureWatch - Metaverse Espionage

By 2026, it is predicted that 25 per cent of people will spend at least one hour a day in the metaverse.
There, they’ll be able to participate in activities such as working and shopping, and 30 per cent of firms will have their products and services ready for the metaverse.

The metaverse — which includes blockchains and cryptocurrencies — is still in its early stages. As its possibilities expand, it’s important to consider the potential threats and dangers as the metaverse introduces risks related to legislation, property, control, fraud, privacy threats, ethics and security...

The metaverse can bring many fraud risks, such as market manipulation, cyber breaches and attacks, privacy breaches, money laundering, corporate espionage and identity theft.

Unlike traditional social media platforms, users have no guarantee that the data they share is only shared with those they choose to share it with in the metaverse. That means user identities can be tracked and revealed

As one researcher explains: “We cannot just turn off who can follow our avatars in the metaverse as we can do in the traditional social media.” more

The Flower Pot Bug Wins a Darwin Award

A 59-year-old man who was president of a condo association in the Matanzas Shores community faces four felonies for installing a video camera inside a condominium without the owner's permission, focused on the master bedroom, according to a press release from Flagler County Sheriff Rick Staly.

Robert Orr turned himself in... Orr was president of Las Brisas Condo Association within the Matanzas Shores community.



FCSO was notified on August 30 by a woman who had a weekend stay at a condo, Staly said. As she was packing up to leave, she discovered a plugged-in USB camera hidden inside of an indoor flower pot located in the master bedroom she was sleeping in.


FCSO's Major Case Unit examined the camera and found that it contained video of two people in various stages of undress inside the condo, including the female who filed the report and a male who was also staying in the condo that weekend, according to Staly. It also contained videos of Orr testing the camera inside his own condo before it was placed in the flower pot (Darwin Award). more

Sports Spying (again)

Sacramento Republic FC plays Orlando City FC in the finals of the U.S. Open Cup, but there is some controversy ahead of the match.

A Republic FC spokesperson tells CBS13 at they filed a complaint with U.S. Soccer claiming that an Orlando City FC employee was caught spying on the Republic during practice just a couple of days ago...

Republic representatives say they asked the employee to leave but he refused. He eventually left after about 45 minutes -- this after taking various notes and making phone calls.

There are no official U.S. Soccer rules against spying on teams ahead of a finals match. more

Using SDRs for Signals Intelligence (SIGINT)

One of the several technical techniques your TSCM team uses to detect illegal electronic eavesdropping...

Signals intelligence (SIGINT) is an umbrella term for collecting and analyzing information through the monitoring of radio frequency signals. In the era of remote and wireless communications, intercepting radio information is crucial in any application involving the malicious use of the RF spectrum, including military surveillance, homeland security, and monitoring of illegal RF transmissions. In this article, we discuss the basic concepts of SIGINT/COMINT, the requirements for system design, how software-defined radio (SDR) can contribute to the performance, and the various applications of SDR-based SIGINT.

By detecting strange signals in a hostile electromagnetic environment, SIGINT systems can rapidly adapt to emerging threats, locate unknown and/or illegal devices, and counteract against adversarial interference. SIGINT requires a large variety of devices, techniques, and algorithms for RF signal detection, measurement, processing, exploitation, and manipulation.

The most fundamental component in a SIGINT system is the spectrum analyzer. more

Greece Wiretap and Spyware

It has been dubbed the Greek Watergate. What began as a surveillance of a little-known journalist in Greece has evolved into an array of revelations circling around the Greek government.

The story emerged last spring, when Thanasis Koukakis found out his phone had been infected with spyware that can extract data from a device. He also discovered he had been tracked by Greece's EYP National Intelligence Service via more traditional phone-tapping.

It then emerged that an MEP had also had his phone tapped before he became leader of Greece's third-biggest party. more

Tech Aids Chess Cheating and Possibly More

James Stanley — "I have come up with a new way to win at chess: I have connected up a Raspberry Pi Zero in my pocket to some buttons and vibration motors in my shoes, so that I can surreptitiously communicate with a chess engine running on the Pi. The project is called "Sockfish" because it's a way to operate Stockfish with your socks.
The feet are ideal for this sort of thing, because they're the only part of your body that has any sensible degree of dexterity while still being invisible to casual observers."

Now, imagine this innovative use of technology—easily combined with Wi-Fi, Bluetooth or other radio-frequency modulation—being used during business negations or advance placement testing. Unsettling, to say the least. 

If you employ a Technical Surveillance Countermeasures (TSCM) team this is another way they can help you. more

Tuesday, August 23, 2022

Poisonous Spouses — Spycams to the Rescue!

Man Jailed After Wife's Secret Camera Reveals He Was Poisoning Her Coffees...

A man in Macomb Township, Michigan, has been sentenced to 60 days in prison after his wife set up a camera to catch him poisoning her coffee.

Therese Kozlowski grew suspicious of her husband Brian Kozlowski - from whom she was going through a divorce - after she noticed she felt unwell whenever he made her a coffee.

She subsequently set up a secret camera in the kitchen which showed her husband was lacing her drink with what turned out to be an antihistamine.  more

----

California Dermatologist Accused Of Trying To Poison Husband With Drano...

A California dermatologist has been accused of trying to poison her husband with Drano, with footage allegedly captured by a covert nanny cam.

Yue “Emily” Yu, 45, was arrested Thursday by Irvine Police after her husband told authorities earlier that day that he'd begun to suspect his wife was poisoning him when he started to feel sick over the course of a month-long period this summer, according a police statement obtained by Oxygen.com.

Yu’s husband, identified in court papers as radiologist Jack Chen, provided police with “video evidence supporting his suspicion.”

In a statement written to secure a restraining order against his wife, Chen described how he set up a secret nanny cam in the family’s kitchen after beginning to feel ill. more

Pegasus Spyware Maker NSO Avoiding a TKO

Will spyware maker NSO Group's struggles reduce use of its eavesdropping tech? Critics doubt it.

Embattled Israeli spyware vendor NSO Group announced a major reorganization Sunday — replacing its longtime CEO and laying off roughly 100 of its 700 employees — but experts who track the growing trade in surveillance technology say that’s unlikely to curtail deployment of the company’s technology designed to secretly monitor its targets...

More broadly, however, NSO may serve as a cautionary tale for the myriad other spyware vendors around the world hawking their wares. “Spyware tech is a risky investment,” Scott-Railton said. “Investors don’t usually line up to get wiped out.” more

In Other Corporate Spy News...

Enterprise giant Oracle is facing a fresh privacy class action claim in the U.S.


The suit, which was filed Friday as a 66-page complaint in the Northern District of California, alleges the tech giant's "worldwide surveillance machine" has amassed detailed dossiers on some five billion people, accusing the company and its adtech and advertising subsidiaries of violating the privacy of the majority of the people on Earth. more

Demise of a Corporate Spy

Shares of Pegasystems have dropped 65% since the start of the year and are unlikely to recover.

(Spoiler Alert... Appian Awarded $2.036 Billion in Damages Against Pegasystems Inc.) 

Appian, for investors who are unfamiliar, is a fellow SaaS vendor that competes in the business process management (BPM) space and also emphasizes low-code software. Appian sued and won a corporate espionage case against Pegasystems

In a nutshell, Pegasystems was found guilty of trade secret appropriation: it hired an employee of a government contractor to provide it with access to Appian software. This contractor then passed information (including video recordings of the Appian development environment) to Pegasystems employees. Pegasystems' CEO, Alan Trefler, was also found to have participated in meetings with this contractor present... Appian won a $2.036 billion judgment in its favor. more

Does your company have a Surreptitious Recording in the Workplace policy? If not, read Surreptitious Workplace Recording — and what to do about it.

A Warning Worth Repeating — iPhone's Spying Feature

iPhone’s ‘spying’ feature lets you eavesdrop on conversations without people knowing...

The Apple iPhone is packed full of secret tools and tricks. But one feature is possibly the sneakiest of them all.

The iPhone's 'Live Listen' feature was originally intended to help people with hearing difficulties better manage conversations in noisy environments.

It lets you listen to a live audio feed through your AirPod earphones using the iPhone's microphone from a distance.

However, if used correctly, it means you could listen in on any conversation from outside a room without anybody else knowing. All you'd have to do is hide your iPhone somewhere in the room. more