Friday, November 30, 2007

Spybuster's Tip #107 - SpyWare - Instant Education

The Top Ten articles for getting up-to-speed on SpyWare issues
- as picked by the Editor's of TechRepublic

The Anatomy of Spyware
Spyware: Know Your Enemy
Spyware: Securing gateway and endpoint against data theft
Spyware: Determine Your Threat Level ... Enterprise Spy Audit
Best of Breed vs. Suite Anti-Spyware: What's Best for You?
10 things to look for in an anti-spyware application
Have we moved beyond anti-virus and spyware protection software?
Protecting Organizations from Spyware
Spyware Is Everywhere: A Multi-Layered Solution ... Best Defense
Windows Defender in Vista offers built-in spyware protection
Behavior-Based Spyware Detection
Spyware - The Unseen Enemy

Spyware tops list of threats in CompTIA survey

Spyware has become the biggest security threat to organizations, a survey from the Computer Technology Industry Association (CompTIA) has discovered. That's a big change from a few years ago, when spyware was barely even considered a threat. (more)

SpyCam Story #410 - 21st Century O. Henry

India - The International Film Festival found its gravitas with the The Voyeur (which) delved into the current ogre of spycams and surveillance that leaves no room for individual privacy...

Prasanjeet, a computer mechanic ... finds succour from his nondescript life by fantasising about Madhubala, the perfect woman. Soon his fantasy finds a real form as a pretty neighbor moves in next door and seeks his help in settling down.

The electronics geek uses a spycam to fuel his desire and shares the spoils of voyeurism with his friend who happens to be a Muslim. No prizes for guessing where the story heads.

The brutal State steps in and the Muslim is labeled as terrorist while the Voyeur is arrested for something the state excels in: surveillance. (more)

Ex-CIA officer explores morality of spying, Dec. 6

Princeton University - "The Morality of Spying: How Dirty Are We Willing to Get Our Hands?" is the title of a lecture by former CIA official James Olson set for 4:30 p.m. Thursday, Dec. 6, in Dodds Auditorium, Robertson Hall.

Olson served for more than 25 years in the CIA, mostly in clandestine operations overseas. He also was chief of counterintelligence at the agency's headquarters in Langley, Va. (more)

"Calling all Bonds. Calling all Bonds."

Britain's spy masters have come out of the shadows and onto the airwaves as they hunt for new members, sending real-life 007s out on a recruiting drive. ... Voices were disguised on the BBC's Radio 1, one of the most listened to stations in Britain. (more) (audio)

Neat K.I.T.T.

New Zealand - A roving spycam you can access and drive from your cellphone has emerged from a Palmerston North student's honors project.

Massey University engineering student Tom Yu Guan completed his university studies with the Smart Eyes robot - a remote controlled car with a video phone that can be accessed by a second phone anywhere in the world.

Mr Guan said there was nothing on the market with this range or flexibility. The car could be driven and video accessed as long as there was cellphone coverage.

Wellington private investigator Tony Lowe had been involved in surveillance for more than 20 years and said it was a brilliant idea. (more) (more)

"How To Spy On People"

from Forbes Magazine...
...the most pervasive form of electronic surveillance nowadays comes from people you know--your boss, your business competitor, someone on a journalist’s beat, and even your spouse. ... (more) (In Pictures: How They're Watching You) (more)

Spybuster's Tip #106 - Spot Cisco Eavesdroppers

Someone eavesdropping on your Cisco VoIP phone using the previous attack?

Look for these warning signs...
• Speakerphone light is on.
• Display shows off-hook icon.
• Phone makes static noises.

Best practices for securely setting up your Cisco Unified IP Phones may be found here. ~Kevin

Cisco confirms ability to eavesdrop on remote calls using its VoIP phones

Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones.

In its security response, Cisco says: "an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream."


Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that "any Extension Mobility account configured on an IP phone's Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack." (more)

Thursday, November 29, 2007

Ditch the Grid - Black Hole Your Cell - $12.00

If you are concerned about people or governments covertly turning your cell phone 'on' and listening to you behind your back, this is for you!

Smother your mobile in The Black Hole. No one will be able to eavesdrop or know you location. Your phone will become deaf, dumb and blind.

Or, you could just turn your phone off. Ok, pluck out the battery, too. Heck, go all out, a la Unibomber or Clifford Stoll (buy one of his Klein Steins, too). Shun technology altogether! (more)

SpyCam Story #409 - "Dumkoff..."

German police have arrested a 60-year-old landlord after discovering he used cameras and microphones to spy on his tenants for a decade while they bathed and slept.

The man had installed surveillance in the bedrooms, bathrooms and living areas of two flats 10 years ago ... one of his tenants discovered the bugging last week while she was cleaning the flat.

Police suspect he had sexual motives... "Why do you think someone would put a camera in the bathroom -- to see if it was being cleaned correctly?" asked Bavarian police spokesman Ulrich Poepsel. (more)

Wiretapping Just The Start of VoIP's Security Woes

Security experts are once more urging businesses and consumers be wary of wiretapped Voice over IP (VoIP) calls -- as well as the vast number of potentially worse IP telephony vulnerabilities to which they may be exposed.

Last week, U.K. security researcher Peter Cox introduced a proof-of-concept that showed how easily Voice over IP phone calls could be intercepted. Cox, the former chief technology officer and co-founder of security vendor Borderware, successfully captured phone calls over a period of several months with a prototype Session Initiation Protocol (SIP) call monitoring tool.

The demonstration came as only the latest reminder that VoIP is vulnerable to monitoring. But experts warn that wiretapping is only the tip of the iceberg. (more)

SpyCam Story #408 - "Looky here, looky here!"

Sticks out like a sore thumb...
...but, would you notice it?

The buried cable pole camera system is a unique structure that conceals the camera, battery supply, and wireless video transmitter in an enclosure that can be placed in many residential and urban areas without drawing suspicion. This system comes with a Part 15 2.4 GHz transmitter, but can be upgraded to the Part 90 2.4 GHz transmitter for greater range.

Specifications:
• Buried Fiber Optic Marker Pole
• 16mm Black and White Environmental Camera
• 2.4GHz Part 15 Transmitter and Receiver
• Ground Spike for Installing the Pole
• Also available in a camouflage model.
(more)

Alert - Cisco IP Phone Eavesdropping Issue

From FrSIRT...
A vulnerability has been identified in Cisco Unified IP Phone, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error within the Extension Mobility feature, which could allow a attacker with valid Extension Mobility authentication credentials to cause a vulnerable device configured to use the Extension Mobility feature (disabled by default) while the internal web server is enabled (enabled by default) to transmit or receive a Real-Time Transport Protocol (RTP) audio stream. (more)

Translation...
This series of phone can be remotely eavesdropped upon.

Wednesday, November 28, 2007

Alert - The $7.95 Wireless Wiretap

On sale NOW at over 30 Internet shops.

Features: (from web advertising)
• Bug is only the size of a quarter.
• Transmits both sides of a telephone conversation to any FM radio.
• No battery needed.
• Complete with PC Board and Instruction Book
• Do it yourself kit form.
• Makes a great educational project.

When was the last time you had your telephones checked?

Eavesdropping on VoIP Phones Demonstrated

An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology.

Called SIPtap, the software is able to monitor multiple voice-over-IP call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need to do would be to infect a single PC inside the network with a Trojan incorporating these functions, (see our USB memory stick warnings) although the hack would work at the Internet service provider level as well.

SIPtap demonstrates that the worst-case nightmares of VoIP vulnerability are now well within the capabilities of organized crime, which could use such a program to steal confidential data from companies, governments and even the police. (more)

SpyCam Story #407 - Killer Mum Bugged

Killer mum's room bugged with spy cameras

Australia - Child protection authorities at Brisbane's Mater Children's Hospital were so concerned that a baby might be harmed by its mother they had his room bugged with hidden spy cameras, a court has heard.

But no one was watching the night eight-month-old Bray Metius was smothered to death in his cot by model mum Candaneace Lea Metius... (Two days before Bray's death, a decision was made to stop monitoring the footage.)

Metius, 24, who taught parenting classes and won an award for her volunteer work, has admitted to suffocating her son during an "out of body" experience... (more)

Mexico expands electronic surveillance

Mexico is widening its capacity for electronic surveillance, using funds from Washington to expand its ability to tap telephone calls and e-mail. The expansion comes as new President Felipe Calderon pushes to amend the Mexican Constitution to allow phone taps without a judge's approval in some cases... The new system provides extensive data storage capacity and will allow voice identification of callers... (more)

Myth - "Eavesdropping Detection is expensive."

Today's article in Forbes Magazine If Security Is Expensive, Try Getting Hacked, by Andy Greenberg, is a great cautionary tale. Andy clearly shows why your IT department's security budget is a good investment in your company's bottom line.

A sister article entitled
If Security Is Expensive, Try Getting Bugged is just as easy to document. Periodic sweeps for bugs and wiretaps (TSCM inspections) can be an even better investment in your company's bottom line. Fund both.

In a nutshell...
Intelligence collection is a leisurely process. Enemies quietly collect long before they use. Until they use what they have gathered no harm is done. Knowing this gives you the edge.

• Eavesdropping is not the goal. It is a means to an end.
• Eavesdropping is a key component of intelligence gathering.
• Eavesdropping is the one spy trick which is easily detectable.


Protection Requires Detection

Eavesdropping detection audits exploit weaknesses inherent in electronic surveillance. Knowing someone is interested in you provides time to counter - before harm is done.

Tuesday, November 27, 2007

Alert - Throw These Bums Out!

Bum One...
The FM analog wireless presenter's microphone – one of the Top 5 corporate eavesdropping threats. Why?
No secret. Radio waves travel. A quarter mile is the advertised standard. Interception of an FM analog signal is easy. Safer solutions exist. Throw these bums out. (Murray Associates - Case History)

Bum Two..
Any meeting planner who still uses FM analog wireless microphones for your sensitive presentations or meetings. Educate them. Give them a chance to change. If they don't, your sensitive meetings become Town Hall Meetings. Throw these bums out.


Bum Three...
Any security director or security consultant who does not point out the dangers of FM analog wireless microphones. They have an obligation to stand up to meeting planners and
AV crews. They have an obligation to recommend one of the several, more secure, options available. If they don't. Throw these bums out.

Bum Four...
These days, any AV production company that doesn't invest in digital, encrypted wireless microphones for their clients is stupidly cheap. For years, they hid behind excuses like "digital technology is not reliable enough," and "it lacks fidelity." Those days are over.

You pay these guys hundreds of thousands each year to produce your corporate events. The least they can do is update their equipment (a one-time investment).


They KNOW they are leaking your sensitive/secret information when they continue to use FM analog wireless microphones. Not upgrading to secure communications is negligence on their part. Demand secure wireless microphones, or... throw these bums out.

The New Wireless Mics Can Make Your Meetings More Secure.
Some even have encryption capabilities!

The Newest Solution...
SpectraPulse™ Ultra Wideband (UWB) Wireless Microphone System

Additional Digital Choices...
Lectrosonics (...and an Encryption White Paper)
Zaxcom
Mipro ACT-82
Telex SAFE-1000

Infrared Choices...
Glonetic Audio
PA-System
Azden

SpyBuster's Tip #106 - Eye-Fi

You see someone on your property taking photos with a digital camera.

"Not allowed," you tell them.

"My mistake, I'll erase them right now and put the camera away," they say. "Watch."
faba daba zap - pooffff
Camera shows empty.

No more photos.
Case closed.
Security wins again.

Not so fast...
Those photos might have zapped their way to a web-based storage site, or a nearby computer (check their napsack), the instant they were taken - thanks to Eye-Fi, a new wireless memory card for digital cameras. (more)

Like other electronic spying tricks...
You need to know what to look for, before you know to look for them. ~ Kevin

Monday, November 26, 2007

Mall Rats - Eating Your Wireless Data

Do you think twice when typing in your credit card number online, but have no problem handing over your plastic card at a store? Well actually, you may have it backward. Your personal information may be more secure in cyberspace than at the mall down the road.

That's because it's easier for dot-coms to protect the data. And most stores in America underestimate how vulnerable they are.

As correspondent Lesley Stahl reports, it's becoming a big problem. The retail industry got a wake-up call earlier this year, when TJX, the parent company of T.J. Maxx and Marshalls, disclosed it had suffered the worst high-tech heist in shopping history. Hackers raided the company's computer system, taking off with tens of millions of records. And what we have learned is: TJX could have prevented it. (more & video)

Mom and Pop Spy Shop

In an upper-middle class suburb in the Midwest, Tom and Cindy are spying on their 16-year-old daughter Jane.

“It’s a frightening window on our daughter’s world,” Cindy told CBS News science and technology correspondent Daniel Sieberg. “And it’s the dark side.”

They asked that CBS News conceal their identities, because their daughter doesn’t know they are tapping into all her online communications.

But then the dilemma - do they confront her with their knowledge and blow their cover? (more - with video)

Professional spy agencies face the same dilemma daily. The question they don't face, however, is... "Is spying really the best parenting skill that I have?"

From the 'esoteric but important' files...

New Details Support Tor Spying Theory

"You'll recall the story about the Swedish security researcher who stumbled upon unencrypted embassy e-mail traffic that was passing through five Tor exit nodes he set up. ...

TeamFurry researchers decided to examine the configuration of a few Tor exit nodes to see what they might be up to and found some interesting results...

Of course there's no telling who the exit node owners are (bored hackers, industrial spies or intelligence agencies) or what they're doing for sure, but as TeamFurry notes, the configurations sure look suspicious." (more)


Tor is digital 'Hide and Seek'.
Carter would have loved it.

Les Vies de D'autres, or.. ISPsnitch enchfray

From the BBC...
"French web users caught pirating movies or music could soon be thrown offline.


Net firms will monitor what their customers are doing and pass on information about persistent pirates to the new independent body. Those identified will get a warning and then be threatened with either being cut off or suspended if they do not stop illegal file-sharing." (more)

From security pundit, Lauren Weinstein, who puts it a little more bluntly...

"In a breathtaking act of arrogance reminiscent of the heyday of Louis XVI (and likely to trigger similar public reactions among many Internet users, though perhaps unfortunately absent the 'equalizing' influence of la guillotine), the French government and its overseers (the entertainment industry), along with a cowering collection of gutless ISPs, have announced an agreement for ISPs to become the Internet Police Force in France." (more)

Sunday, November 25, 2007

Three 'Personal Reasons' Resignations - Just Coincidence?

Canada - Three directors of the Energy and Utilities Board are leaving the agency rocked by a spying scandal for "personal reasons."

John Nichol, Ian Douglas and Graham Lock sat on an EUB panel considering an application for a power line between Calgary and Edmonton. The agency later admitted to hiring private investigators to eavesdrop on landowners opposed to the project. (more)

From the Diana inquest...

Diana, Princess of Wales, was so convinced that her telephone calls were being monitored in the months before her death that she changed her numbers regularly, her private secretary said yesterday. (more)

Alert - Email Wiretap Scare Spreads Malware

Miscreants are trying to convince email users that their telephone conversations are being recorded in a ruse designed to scare prospective marks into buying bogus security software. Emails promoting the campaign are laced with a new Trojan horse malware.

The Dorf-AH Trojan horse appears as an attachment in emails claiming that the sender is a private detective listening into a recipient's phone calls. This "detective" claims he's prepared to switch sides and reveal who has paid for the surveillance at a later date.

In the meantime, prospective marks are asked to listen to the supposed recording of one of their recent phone calls that comes attached to the email in the form of a password-protected RAR-archived MP3 file. In reality, however, the MP3 file is not an audio file of a telephone conversation or anything else but a malicious executable program that installs malware onto victim's computer. (more)

Wednesday, November 21, 2007

Hushmail Speaks

Hushmail, the web's leading provider of encrypted web mail, updated its explanation of its security model, confirming a THREAT LEVEL report that the company can and will eavesdrop on its users when presented with a court order, even if the targets uses the company's vaunted Java applet that does all the encryption and decryption in a browser. (more)

Police Phones Tapped

UK - Detectives involved in the cash for honours inquiry had their telephones tapped to find out whether they were leaking information to the media.

The extensive bugging was carried out amid allegations by Sir Gus O’Donnell, the cabinet secretary, that Scotland Yard was leaking information about the progress of the inquiry. (more)

Rare Spy vs. Spy Confession

A former Russian frogman has claimed that he killed a famed British diver, who vanished while spying on a Soviet warship more than 50 years ago.

Commander Lionel "Buster" Crabb disappeared after the vessel, which had brought Soviet leaders to Britain, docked in Portsmouth harbour in 1956.

Retired sailor Eduard Koltsov told a Russian documentary crew that he cut the Englishman's throat after catching him placing a mine. (more)

Football Spy Scotched - "Ooo, Behave!"

Scotland's preparations for the Hampden crunch with Italy were rocked by a sensational spying scandal.

Team boss Alex McLeish had to halt a closed door training session in Dumbarton when he spotted a mysterious onlooker on the roof of a white van using a camera to record his secret tactical workout.

McLeish had earlier been placed on alert by the Daily Record after we received a tip-off that an Italian would be trying to spy on the team at the Strathclyde Homes Stadium.

It was part of a sneaky attempt to uncover his match plan for Saturday's do-or-die European qualifier.

Daily Record photographer Phil Dye was also on the lookout for suspicious characters. "This really was a quite extraordinary set of events. It was like something out of Austin Powers. (more)

Probe of U.S. eavesdropping program on again

The Justice Department has reopened an inquiry into the Bush administration's domestic eavesdropping program after its investigators received security clearances that President Bush once blocked. (more)

Court rejects challenge to warrantless wiretaps

A federal appeals court in San Francisco today handed a major victory to the Bush administration, ruling that a lawsuit challenging the government's warrantless wiretapping program could not go forward because of the "state secrets" privilege. (more)

Things Are Tough All Over

OPEC SUMMIT Blunder lets media eavesdrop on ministers' meeting...

A blunder by organisers at an OPEC summit in Riyadh enabled journalists to watch a highly sensitive meeting of the foreign, finance and oil ministers from the 12 member countries of the cartel.


The gathering, during which the ministers discussed the agenda for a two-day summit of heads of state starting Saturday, was broadcast on close-circuit television in the media room for about 30 minutes.

It featured highly sensitive comments by the foreign ministers of Iran and US-ally Saudi Arabia, who differed sharply over whether to include an expression of concern over the falling US dollar in the summit's final declaration. (more)

Tuesday, November 20, 2007

Guest Consultant - Effective Security Management

Charles A. Sennewald, CMC, CPP, CPO, is the author of Effective Security Management. He has a genius for turning difficult into easy!

Here is his tip for disciplining subordinates...


Torture as Part of the Disciplinary Process

To discipline a subordinate is deemed by many a supervisor and manager as a personal ordeal or a form of torture. “Torture” in terms of being obliged to confront and criticize the performance, or lack of performance, of a fellow employee. We agonize over sitting down face-to-face to deal with the problem. Not a pleasant task! No one wants to do it.

BUT WAIT! We can take the torture out of the process if we understand three simple principles:
1. The word discipline is derived from the Latin discipulus which means learning. The word disciple comes from the same root, hence the disciples of Christ were students, hence discipline really means a learning process, not a punitive action.

2. This learning process, really a form of training, corrects, molds or strengthens an employee in the interests of achieving departmental or organizational goals.

3. Thus the effective disciplinary process condemns the wrongful act, not the employee, i.e. you’re okay but what you did is not okay. By focusing on the conduct and performance rather than the personality the whole process takes on a constructive dimension which is easy to handle and is acceptable by all.

Adios Torture.

Muchas gracias, Chuck!

Monday, November 19, 2007

iPhone = imBugged

The Scare... (from noheat.com)
"Its always been assumed that with some amount of hacking your simple phone can help locate you through GPS and help big brother zero in on your activities. ...watch the video and you will see a security consultant undress your iPhone so far even it blushes.

He even illustrates how a simple iPhone can record phone conversations, browsing habits, email, and even record the rooms ambient noises when it appears to be off.

Suddenly every office meeting is subject to
recording, the arguments with your wife are fair game, and every word you utter could be recorded and used against you."

The Consultant Explains the Techie Stuff...
(Rik Farrow, UNIX specialist and consultant from Sedona, AZ)

video

Back to Reality...
"...Apple (which declined to comment), in its latest patch, inoculated the iPhone against the Metasploit that Farrow used."
(more)

• 'Smart' phones intrinsically have bugging buddy capabilities.

• We're
mere keystrokes away from the next eavesdropping hack.
• Protection requires detection.

Friday, November 16, 2007

Brilliant Prevarication or Wrong Occupation?

UK - A newly-appointed top British intelligence advisor raised eyebrows Friday after colourful and indiscreet details of his personal life were revealed -- on his own website.

Alex Allan's website gives details including his home address and his wife's mobile phone number.

Allan was appointed Thursday as chairman of the Joint Intelligence Committee, the body which provides senior ministers with the latest assessments from Britain's security services.

...on his website 56-year-old Allan details his love for the cult US band The Grateful Dead and reveals a picture of his former self in 1969 with microphone hair, flares and Paisley-print cravate strumming on a guitar.

And like a sketch from the hit British comedy series Monthy Python's Flying Circus, he is also pictured in a pinstripe suit and bowler hat, windsailing to work on the River Thames past parliament during a train strike in the 1980s.

The Daily Telegraph quoted one unnamed senior security official as saying the personal information and photos contained on the site was "a very serious breach". (more) (update)

US congressional body hits out at industrial spying

A congressional advisory panel said yesterday mainland spying in America represents the greatest threat to US technology and recommended lawmakers consider financing counterintelligence efforts meant to stop China from stealing manufacturing expertise.

The US-China Economic and Security Review Commission also said in its annual report to Congress that small and medium-sized US companies - which represent more than half the manufacturing jobs in America - "face the full brunt of China's unfair trade practices..."

Mainland officials have reacted to past reports by warning against outside interference in Chinese affairs.

The commission said mainland spies allow the country's firms to get new technology "without the necessity of investing time or money to perform research." The espionage was said to be putting a strain on US counterintelligence resources and helping China's military modernization. (more)

Thursday, November 15, 2007

The Cautious Coachs of N.F.L. Football

The New York Times - The windows near the elevators on the 21st floor of the Sheraton Meadowlands Hotel are fit for football espionage. The Giants’ practice field sits about a mile in the distance, past the maze of highway lanes and off-ramps, past the massive parking lots.

If a coach stands on that field and looks back at the hotel, all sorts of paranoid possibilities come to mind. Visions of men in disguises renting rooms, setting up telescopes and video cameras, and gleaning valuable information from the opposition. Over the years, Giants coaches were said to have sent security personnel to the hotel to conduct sweeps.* They were never reported to have found anything or anyone...

Murray Associates, a New Jersey company that provides eavesdropping protection, has been hired by several professional sports teams to ensure secure contract negotiations, said the company’s president, Kevin Murray. Three of the teams that hired Murray were N.F.L. teams — all within the past five years.


Murray said he believed espionage in sports was more prolific now, with so much money and fame at stake. And bugging an office “is easier now than at any time in history.” For example, Murray said, someone could stick a prepaid cellphone on the ceiling of an office, turn the ringer off and set the phone to auto-answer. Then that someone could listen from anywhere in the world.

“Some people sound on the paranoid side, but they’re really just normal people, following their instincts,” Murray said. “And usually, they’re correct. Coaches would be silly not to be checking.”

So coaches will continue to look for spies behind trees, in bushes, behind the wheel of the team bus. If you are not paranoid, they say, you are not paying attention.


The view from the Sheraton Meadowlands Hotel demonstrates how spying is possible, if not far-fetched. And for N.F.L. coaches, that is enough. (more)
* These sweeps were not conducted by Murray Associates.

Year of the Spy at National Book Awards

With the United States fighting an increasingly unpopular war in Iraq, stories of espionage and critiques of foreign policy were winners at the 58th annual National Book Awards. (more)

Winners...
Denis Johnson's Tree of Smoke
Robert Hass' Time and Materials
Tim Weiner's Legacy of Ashes: The History of the CIA

Spybuster's Tip #105 - CamoSecurity

Real books - converted into boxes. (more)

Hidden Door - limited only by your imagination. (more)

List of places to hide stuff. (more)
Prevent burglars from getting your valuables by using secret hiding places. (more)
Make A "Secret Container" out of a lighter (video)

Flower Pot Safe (more)

"The Chicago Crime Commission states that a burglar spends an average of 8 minutes in the victims home. Put the odds in your favor...hide your valuables in plain sight." (more)

Eavesdropping Becomes a Game Skill

Video game review: 'Assassin's Creed' smooth but repetitive...

"Assassin's” is terrific entertainment for perhaps the first couple hours, as you free-run frolic and notice sparkling little tweaks to generic third-person action.

You eavesdrop to find your targets and rescue locals who can aid post-assassination escapes..." (more)

Wednesday, November 14, 2007

From those wonderful folks who brought you Room 641A...

AT&T plans to introduce a nationwide program today that gives owners of small and medium-size businesses some of the same tools big security companies offer for monitoring employees, customers, and operations from remote locations.

Under AT&T's Remote Monitor program, a business owner could install adjustable cameras, door sensors, and other gadgets at up to five different company locations across the country.

Using a Java-enabled mobile device or a personal computer connected to the Internet, the owner would be able to view any of the images in real time, control room lighting, and track equipment temperatures remotely. All the images are recorded on digital video, which can be viewed for up to 30 days. (more) (641A)

Landladies ordered to pay students €115,000

Ireland - Two Dublin landladies have been ordered to pay damages totalling more than €115,000 to 10 students who were tenants in their house after the Circuit Court found they had kept the students under secret electronic surveillance.

The students became concerned in late 2004 that their conversations and activities were being monitored when the McKennas referred to details the students had discussed in private in the house. When they raised the issue with the McKennas, the students were evicted.

Judge Gerard Griffin yesterday found that the evidence in the case left him "in no doubt whatsoever that the defendants had kept these plaintiffs under electronic surveillance."

The judge said he could not say whether it was audio or video surveillance or both, but he was concerned that yellow wires found in the house were of the international standard used for video recording.

The wires were found during a search on December 3rd, 2004, when Ms Hegarty's solicitor and a garda (police officer) were called to the house on the back of a court order. (more)

Meanwhile... 755,000 on Terrorist Watch List

A former FBI agent who pleaded guilty Tuesday to fraudulently obtaining U.S. citizenship and then improperly accessing sensitive computer information about Hizbollah was working until about a year ago as a CIA spy assigned to Middle East operations, Newsweek has learned.

The stunning case of Nada Nadim Prouty, a 37-year-old Lebanese native who is related to a suspected Hizbollah money launderer, appears to raise a nightmarish question for U.S. intelligence agencies: Could one of the world's most notorious terrorist groups have infiltrated the U.S. government?


"I'm beginning to think it's possible that Hizbollah put a mole in our government," said Richard Clarke, the former White House counter-terrorism chief under Presidents Clinton and, until 2002, Bush. "It's mind-blowing."

(more) (755,000 Report)

Tuesday, November 13, 2007

ALERT - Disk Drive Warning

Taiwan - Large-capacity hard disks often used by government agencies were found to contain Trojan horse viruses, Investigation Bureau officials warned.

Portable hard discs sold locally and produced by US disk-drive manufacturer Seagate Technology have been found to carry Trojan horse viruses that automatically upload to Beijing Web sites anything the computer user saves on the hard disc, the Investigation Bureau said.

Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said.

The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.org and www.we168.org, the bureau said.

The affected hard discs are Maxtor Basics 500G discs.

The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved.

Anyone who has purchased this kind of hard disc should return it to the place of purchase, the bureau said.

It said it had pulled 1,500 discs from shelves, while the remaining 300 had been sold by the stores to consumers. (more)

Telecom Italia Employees Accused of Spying

Three former Telecom Italia employees have been accused of corporate espionage targeted at Spanish giant Telefonica, Mexico's Telmex and its Brazil unit Embratel, Brazilian press reported, citing Italian weekly L'Espresso.

The employees were arrested on November 5 and accused of spying on the "enemy" after forming a team referred to as the Tiger Team. The team is thought to have started the espionage in 2005 when Telefonica began talks with Telecom about possible acquisitions or alliances, according to the reports.

The Telecom employees implicated are former Brasil Telecom chief of security Angelo Iannone, and IT technicians Roberto Rangoni and Alfredo Melloni, according to the reports.

The reports say that the accused accessed confidential information about TEF and TMX subsidiaries in Europe and Latin America. Among the subsidiaries that were hacked are Vodafone, Embratel, Telemar and Vivo. (more)

Texan sentenced for cyberspying on wife

TX - Using a computer program to spy on his estranged wife's e-mail resulted in a Texas man being sentenced to four years in prison.

Shawn Macleod was sentenced in Austin, Texas, for violating wiretap laws when he used SpyRecon software to gather information on his estranged wife's Internet activity. (more)

"I think Mr. Mellish is a traitor to this country"

The former director of Honduras' state-run telephone company has been charged with illegally wiretapping the president's phone conversations and authorities said Tuesday that he is a fugitive.

Eight taped conversations, in which a voice that sounded like President Manuel Zelaya outlined a strategy to control the nation's news media, made their way to the popular video-sharing Internet site YouTube last month. (more)

Smells like Eau de Eavesdropping to me...

from the seller's web site...
"This attractive and pleasant potpourri basket actually contains a powerful GSM bugging device. Leave it in your chosen room and dial the number of the GSM bug - the call will connect silently after two rings and you will hear whats going on in the room ...from anywhere in the world!" (more)

SpyCam Story #406 - Kid Rock Rooked?

Kid Rock gave props to the head of his security team, Little Bear, for "finding a hidden camera in the dressing room at the show at the Myth Nightclub" in Minneapolis on Thursday night.

"Little Bear, who runs SpyOps.net, discovered the device before the show and alerted the authorities, who are now investigating," Rock wrote.

TMZ obtained photos of the alleged spycam from Little Bear that appears to indicate it was set up to broadcast on the Internet,

but in a statement from the club released to the Star Tribune, the management explained, "The green-room camera in question is part of the venue's security aspect, available for viewing by head of security only ... Rock's allegation that there was some kind of Internet broadcast in progress is simply not true and without foundation." (more) (more)

The club's cameras appear networked; common practice these days. Having a 'green room' camera - probably common practice as well. Venue owners need to make sure their guests are safe, and have evidence if guests bust up the place.

Was the camera was viewable by unauthorized parties via the Internet? Instant answers (or accusations) are not possible. This will take a little investigation.


Did your security team check the software settings before making these pronouncements to the press, Kid? And, why isn't a confidentiality clause part of your security contract?
Press statements like these make clients look silly. Call us next time ...please.

Spotlight on Security Consultants - Gus Dimitrelos

When retired U.S. Secret Service agent Gus Dimitrelos is called on to speak, the charismatic computer crimes expert tells of catching celebrity stalkers, serial killers and child predators using computer and cell phone data. ...

Among the top threats: theft of intellectual property, such as sealed bids or financial data; theft of personal information like credit card and Social Security numbers; and installation of malicious software including computer viruses that steal, corrupt or destroy data.

Whether a business is dealing with fraud or general theft, Dimitrelos said, "the biggest threat is going to come from the inside."

Finding who is responsible can get expensive. Dimitrelos, for example, charges $250 to $325 an hour. A security evaluation for a company with 700 to 1,000 or so employees can range from roughly $20,000 to $50,000, he said.

The good news is that businesses can take relatively inexpensive steps to guard against fraud. (more)

Arthur C. Clark Predicts - E-Bomb in 2010

"Looking back on the appalling 21st century from our vantage point, 500 years later, it sometimes seems incredible that the human race could have survived such a time of troubles. The moment of greatest danger can now be pinpointed precisely--the year 2010.

Fifty years earlier, the chief threat seemed to be from thermonuclear weapons; however, these could be manufactured only by wealthy nations possessing both vast financial resources and a high level of technology.


Then, suddenly and totally unexpectedly, the situation was transformed by the invention of the Electromagnetic Pulse Bomb. The origin of this terrifying device is unknown: Like most concepts whose time has come, it was probably invented independently in a number of places. However, the first public account appeared in the September 2001 issue of Popular Mechanics under this dramatic headline:

E-BOMB: In the blink of an eye, electromagnetic bombs could throw civilization back 200 years. And terrorists can build them for $400." (more)

Hummm... Time to buy a horses and a farm next to a river. You'll need the land for crops, horses for transportation and cultivation and water for power.

Your future neighbours are spying on you

Ireland - House buyers are employing private investigators and specialist agencies to investigate their future new neighbours to check everything from whether they have criminal records to whether they are fond of throwing late-night parties. (more)

Atomic Bomb Spy - Cover Blown

He had all-American cover: born in Iowa, college in Manhattan, Army buddies with whom he played baseball.

George Koval also had a secret. During World War II, he was a top Soviet spy, code named Delmar and trained by Stalin’s ruthless bureau of military intelligence.

Atomic spies are old stuff. But historians say Dr. Koval, who died in his 90s last year in Moscow and whose name is just coming to light publicly, was probably one of the most important spies of the 20th century.

On Nov. 2, the Kremlin startled Western scholars by announcing that President Vladimir V. Putin had posthumously given the highest Russian award to a Soviet agent who penetrated the Manhattan Project to build the atom bomb.


The announcement hailed Dr. Koval as “the only Soviet intelligence officer” to infiltrate the project’s secret plants, saying his work “helped speed up considerably the time it took for the Soviet Union to develop an atomic bomb of its own.” (more)

Beware - More Mobile Phone Spyware

From the web site...
• "Read everything on their mobile phones."
• "Read their SMS, call logs, emails and track their locations."
• "Remote listening. Listen to the phone's surroundings."
• "BUG Meeting rooms and CHECK babysitters."
• "Protect Your Children"
• "Catch Cheating Spouses"

Your first reaction might be, "Wow, this is amazingly cool!"

But, think...
FlexiSPY and other spyphone software like Neo-Call are Internet-available products which can be installed by anyone. The target could easily be you... especially if your phone was given to you.

Employers can use it too. "How?!?!"

Those wonderful folks at FlexiSPY also make FLEXIAnalyzer Enterprise - "Log EVERYTHING that happens on your employees business phones. ...a unique analytical tool for mobile device deployments that offers intelligent knowledge based analysis, in real-time, of all corporate phone activity." In other words, your boss can, "Monitor SMS, MMS, Email and other phone events..."

But wait! (Here comes the cruelest Ginsu knife cut of all...) "If required FlexiANALYZER comes bundled with FlexiSYNC enabling secure archiving and retrieval of all corporate contact lists..." Keep your little black book off your corporate cell phone.

Monday, November 12, 2007

Foreign Intelligence Services Spy on German Companies

Germany is the land of ideas and innovations. Yet it is not only business competitors who may try to gain secret access to German expertise, it is also foreign intelligence services that are spying on German companies.

Whether it's research results, strategies for development, product information, client data or budget plans -- business secrets of successful companies are increasingly becoming coveted by industrious spies.

Andreas Blume, who is responsible for protecting new scientific findings at the chemicals company Evonik-Degussa, said small and mid-sized companies that are leaders in their field are especially at risk.


...some of the tricks
the intelligence services use: supposed document shredders that are actually equipped with internal shredders and UMTS transmitters, beamers that record presentations and USB sticks with so-called Trojan Horse programs that allow hackers to spy on computers. ... A company in Thailand, for instance, offers monitoring of cell phone conversations. (more)

We hear this complaint from corporations in other countries, as well.

Enterprise Theft by Cell Phone

There are a growing number of instances in which an employee or visitor in a corporate facility, factory, research and development lab or business exposition has photographed sensitive information, prototype products or processes using a company or personal cellular phone and sent the data instantly elsewhere.

Such actions may be illegal; some are legal; and some corporations have instituted policies and prohibitions on cell phones. This article shows how a chief security officer, working with his or her counsel, can conduct an investigation of a suspected phone. ~ Editor (more)

Salient points...
1. Contact your corporate general counsel or in-house counsel.
2. Use the proper software tools. Device Seizure from Paraben, Secure View from Susteen and the Cell-Dek from Logic Cube are commonly used tools that have been accepted by the legal system.
3. Misuse of camera phones is being addressed by enterprises.
4. An enterprise may choose to just dismiss an employee caught spying... More often visitors, contractors and others may face federal charges. Economic Espionage (18 U.S.C. § 1831)
5. There are more instances of corporate or employee cellular phones lost or stolen. Technology exists to trace missing handsets: CellTrace

Sunday, November 11, 2007

Spybusters Tip #105 - Cheap Bug Detector

We hear from one countersurveillance expert... "This little device is pretty good for the price."

"What do it do?" you ask.

Basically, it attempts to detect radio bugs and wireless video transmitters located in your immediate area.
Claims from the web site...
Privacy Safe Keychain Wireless Video and Tap RF Detector
.
• Key chain wireless detector is easy to carry with you so you can feel confident in the office, bedroom or dressing room
• Innovative high technology device keeps you safe from wireless wiretap and video cameras
• Detectable radio frequency width 30MHz - 2.4GHz with a responding distance of 10–15’
• Super-bright blue LED light for emergency or illumination use
• 0.4"Hx2.3"Wx1.2"D

As with most bug detection efforts, you will get what you pay for.
• Gadgets buy a false sense of security.
Professional sweeps buy peace of mind.
In this case, if you find anything at all, the $14.99 you paid for it is well spent. (more)

Tune Into Other Peoples' Surveillance Cameras

"SurveillanceSaver is an OS X screensaver that shows live images of over 600 network surveillance cameras worldwide - a haunting live soap opera." (more)

Be careful. This is alpha version software. Currently for Mac OS X. A Windows version is being developed.

Picking a Pickpocket's Pocket?

Renault accused of spying
Barely 24 hours after FIA experts swooped on the McLaren factory for a detailed technical check on the team's 2008 car, the rival Renault team found themselves propelled into the centre of controversy when they were summoned to appear before a hearing of the FIA World Motor Sport Council to answer charges of spying. ...

These accusations come two months after McLaren were fined $100m and lost all their 2007 constructors' world championship points after it was established that they had benefited from illicitly obtained technical data from Ferrari. (more)

(update - 11/10/07)
The Renault formula one team yesterday rejected allegations of espionage after being summoned before the FIA's world motor sport council accused of illegally using McLaren data in the design of this year's car. The French team confirmed that a former McLaren engineer, who joined them in September last year, was suspended when it became clear he had brought confidential information with him to his new job. Renault named the employee as Phil Mackereth and said they had been made aware of the problem on September 6. "None of this information was used to influence design decisions relating to the Renault car," the statement said. (more)

Former DuPont Scientist Sentenced For Trade Secret Theft

Shortly after he began working for a rival company, Gary Min uploaded some 180 DuPont documents to his new corporate laptop.

A former DuPont scientist who admitted stealing company secrets was sentenced to serve 18 months in prison, fined $30,000, and ordered to pay almost $14,500 in restitution to DuPont.
Gary Min, 44, was sentenced in Wilmington, Del., for stealing DuPont trade secrets, an act he admitted to in November 2006. The maximum sentence for his offense is 10 years in prison and a $250,000 fine.

Prior to sentencing, Min reportedly asked for leniency because incarceration would be a hardship on his family and because his actions did not result in significant financial loss to DuPont. The estimated value of the documents exceeded $400 million, according to the government. (more)

SpyToy Alert - Voice Recorders hidden in pens

Key Specifications:
• Hidden LED indicators in pen
• USB flash drive (capacity: 128MB, 256MB, 512MB, 1GB)
• MP3 / WMA player
• Digital voice recorder / player
Built-in rechargeable battery
• Play MP3 for 5+ hours
• Record voice for over 6 hours
• Standby time over 20 days
• Color: black or silver
• Size: 150 x 16mm
• Weight: 60g
• and, of course, the pen writes! (more) (more)

Be alert to the possibility of someone covertly recording you.
• Does the pen look funny?
• Watch how they handle and position their pen.
• Do they leave the pen behind when they leave the room?
• Ask to use their pen. What is its center of gravity?
• Watch their reaction.

One on-line seller actively promotes recording meetings.
1. "Bring your digital voice recorder pen to your next meeting."
2. "Start recording your conversation."
3. "Plug your pen recorder into the USB on any computer to listen and save audio recordings." (more)

Equitable Life boss finds bugging device in his flat

UK - The boss of one of the UK's largest financial institutions is at the centre of a security scare after a bugging device was found in his home.

Charles Thomson, chief executive of Equitable Life, called in police after discovering the listening equipment concealed in his luxury apartment in London.

Detectives are investigating how the device came to be in the Barbican flat, which Mr Thomson, 59, uses as a base during the working week.

A security sweep has also been carried out at his £1million family home in Ayr, in Scotland, which he returns to most weekends.

Yesterday, a source said: "The discovery has caused a lot of concern and distress."

Strathclyde Police say they have been handed a tape which is understood to contain a private conversation between Mr Thomson and his partner of five years, Verity Coutts. (more)