Friday, February 29, 2008

SpyCam Story #437 - Pinhole PIN Bandits

UK - Police investigating a bank card cloning scam at a petrol station found a small, drilled hole in the ceiling above a chip-and-pin machine.

It is thought the hole, at a BP garage in Lincoln, was used to conceal a covert camera to record the pin numbers of unsuspecting motorists.

Lincolnshire Police said on Friday they had received more than 200 reports of fraudulent transactions from people who filled up at the petrol station, on the A46 at Damons Roundabout.
Victims' cards were used as far away as India and Dubai in what the force said was a national scam, not unique to the county. (more)

Basic Email Security Tips

Chad Perrin at TechRepublic has some excellent tips...
There is a lot of information out there about securing your email. Much of it is advanced, and doesn’t apply to the typical end user. The following is a short list of some important security tips that apply to all email users...

1. Never allow an email client to fully render HTML or XHTML emails without careful thought.
2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve email. This means avoiding the use of Web based email services such as GMail, Hotmail, and Yahoo! Mail for email you wish to keep private for any reason.
3. It is always a good idea to ensure that your email authentication process is encrypted, even if the email itself is not. (lazy man's email encryption)
4. Digitally sign your emails. As long as you observe good security practices with email in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of email, but it is still a possibility. (What is a digital signature?)
5. If, for some reason, you absolutely positively must access an email account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.

Be aware of both your virtual and physical surroundings when communicating via email. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.

Your email security does not just affect you; it affects others, as well, if your email account is compromised. (full article with greater tip detail)

Thursday, February 28, 2008

TSCM Technology - Keeping Pace

The tools of the trade change fast in the world of TSCM.
Blink, and you're sweep business is history.
Here are three examples of the latest tools...

Recently
Too many digital radio signals.
Some of them flash on/off, quickly. Some frequency hop, quickly. Some hide within other signals. This year, a new instrument came out of the R&D labs called RSA6114A . It never blinks. It catches it all.

NOW
Too many digital radio signals. How can one identify them all? This week, a new instrument came out of the R&D labs called H600 RFhawk Signal Hunter. It knows all. It tells all... at a reasonable price.


The Future
Having Superman x-ray vision would be a big help in finding eavesdropping devices. A new instrument is in the R&D labs called LEXID. Handheld x-ray vision. Just point, and see!

TSCM challenges do not become easier with time. You can, however, count on us to keep pace and slightly ahead.

Unsecured Wi-Fi Could Compromise Your Identity

CBS3.com - Special Report...
The wireless internet signal you rely on for convenience could be making things easier for internet intruders. Police said hackers could be using your computer to download illegal music, child porn, or even your bank information.


Using a simple can antenna from his car, George Sandford can burglarize homes from hundreds of yards away out in the open and without wearing a mask.

"You can open bank accounts. You get drivers licenses, you can get practically anything you want," Sandford said.

All by using relatively low tech equipment, just about anyone with knowledge can hack into computers using unsecured wireless internet or Wi-Fi signals of unsuspecting people...

"I can build a body of information about you, your back accounts," Sandford said.

Jamie Smith spoke to one unsuspecting resident, "We were able to get onto your internet just a few seconds ago," and Rebecca Hansen of Swarthmore responded, "No."

Rebecca is a client of Tech Guides Incorporated and George Sandford is far from a thief. He is actually Tech Guides' security expert. He sat down and showed Rebecca how to secure her Wi-Fi something everyone should do.

"Not securing your wireless networking is pretty much putting a sign on your house saying 'Hey, we're open,'" Sanford said. Only about half of homes with Wi-Fi are locked. If you don't your computer's connection could be slowed down by others accidentally using your Wi-Fi. (complete story with video)

Directions for securing your Wi-Fi

Global Info Survey - CIO's Get Smart

A growing number of organizations recognize information security can provide more than just protection of corporate assets, with the delivery of IT and operational efficiencies and improving overall business performance emerging as critical objectives. That is the word from Ernst & Young's 10th annual global information security survey. The survey canvassed nearly 1,300 senior executives in more than 50 countries. (more)

Abusive Teacher Caught On Tape

A Houston mother, who said her daughter was well-behaved at home, was worried about what was going on in her child's classroom because the girl had been suspended four times for bad behavior.

Teacher: 'Y'all Are Just Stupid Kids'
So, Diana Mijares decided to secretly bug her daughter's backpack and was shocked to hear what was on the tape.

"It made us concerned," Mijares said on "Good Morning America" today. "It was enough and we needed answers."

Megan Mijares' digital tape recorded mostly mundane moments at Memorial Elementary School's prekindergarten class, but then it captured the teacher yelling at the group of 4- and 5-year-olds. All of it happened without Megan's or her teacher's knowledge.

"You're just a bad kid," the teacher says on the six-hour tape. "You're mean to me, so I get to be mean to you."

The teacher, who was not identified, continues to harshly scold the children.

"You are all just stupid kids. I swear to God," the teacher says. "You are just all stupid kids." (more) (video)

"Grab the binoculars. The girls are headed for the Blue Lagoon!"

Regime revives Fiji spy agency
The interim Cabinet will revive the National Security Council and the Fiji Intelligence Services. A statement from the interim Cabinet said this was a move to combat threats of terrorism against Fiji. (more)

Liechtenstein reveals industrial spying probe

Liechtenstein, focus of international investigations over tax fraud, said on Wednesday a man convicted after stealing data from a Liechtenstein bank was now being investigated for industrial espionage...

"The investigations concern suspicion of spying out business secrets for the benefit of a foreign party," the Office of the Public Prosecutor said in a statement. (more)

German high court conditionally approves government data spying

Germany's Constitutional Court has determined that any data stored or exchanged on PCs is private and protected by the country's constitution -- just not if you're a suspect.

The court determined that data collection directly encroaches on citizens' rights, but that authorities will be allowed to spy on suspicious individuals with high court approval. (more)

2007 Electronic Monitoring & Surveillance Survey:

Over Half of All Employers Combined Fire Workers for E-Mail & Internet Abuse

From e-mail monitoring and Website blocking to phone tapping and GPS tracking, employers increasingly combine technology with policy to manage productivity and minimize litigation, security, and other risks. To motivate compliance with rules and policies, more than one fourth of employers have fired workers for misusing e-mail and nearly one third have fired employees for misusing the Internet, according to the 2007 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and The ePolicy Institute. (more)

PartnerSpy vs. PartnerSpy

In Scotland, where punches are not pulled, a daily newspaper instructs its readers, "How To Spy On Your Partner." For us, of course, it is a cautionary tale. These tactics may be employed by anyone, against anyone.

Partner vs. Partner is only one of many snoop scenarios. Here are some others:
- Employees vs. Management
- Ambitious Executive vs. Unsuspecting Executive
- Competitor vs. You
- Defendant vs. Plaintiff
- News Media / Protest Groups vs. Your Company

Being aware of 'everyman' spy technology is the first step toward protection. The second step is actively looking. Which, by the way, is what we do best for businesses and governments worldwide.

How To Spy On Your Partner

Feb 27 2008 By Craig McQueen

Lipstick on collars or smelling of a strange perfume used to be how cheating husbands got caught out. But in these days of big divorce settlements, spurned partners are gathering evidence the hi-tech way.

One US firm has produced a SIM card reader that opens text messages AFTER they've been deleted - and that's just the tip of the iceberg. Other surveillance gadgets used today would look at home in spy films. They're legal and freely available from websites spystoreuk.com, spycatcheronline.co.uk and brickhousesecurity.com

Here are a few of the best: (described in detail here)
- HIDDEN CAMERAS
- MOBILE PHONE TRACKING
- WIRELESS BUGS
- PHONE RECORDERS
- GPS TRACKING
- COMPUTER KEY LOGGING
- THE TEDDY CAM
- INTERCEPTOR SOFTWARE
- VEHICLE TRACKING

Wednesday, February 27, 2008

SpyCam Story #436 - SpyCam Goes to School

from "blammocamo"...
"I 'hid' my camera and caught some clips of what people were doing during spare period." (boring video) (many many more boring videos)

We've come a long way from the days of Alan Funt. SpyCam'ing is an acknowledged worldwide pass-time. One second you are anonymous, the next second your are a star on youtube.com. Laws are always about 10-years behind the technology. Look for spycams to make some creative legislation.

In the meantime, at least take some steps to protect your workplace and the intellectual property kept there.

Ideas...
- Establish security policy which includes videography.
- Conduct periodic sweeps for video bugging devices.
- Learn to recognize the spycamer's tricks. (1) (2) (3), for example.

FREE Password Cracker

Here is how it works in geek-speak...
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

Bottom line...
Your cat's name never was a good password anyway. Change it. (help)

National Lottery operator employee spied on rivals

UK - A manager at Camelot, the national lottery operator, used false identities to gather intelligence on rival companies, according to an official investigation.

Alexia Latham, a media relations manager, used three aliases to glean information over a 10-month period as Camelot fought off competitors to win a lucrative 10-year licence...

Camelot, which has run the UK lottery since it started in 1994, was awarded a new 10-year licence by the NLC last August.

Following a close competition, the company beat off a rival bid from Sugal & Damani, which runs state lotteries in India. The new licence will begin in February next year. (more)

Turn your iPhone sideways, and "Open Channel D"

The Incredible World of SPY-Fi: Wild and Crazy Spy Gadgets, Props, and Artifacts from TV and the Movies
by Danny Biederman


from Publishers weekly...
Even people who aren’t big spy movie fans know that James Bond gets to play with some great gadgets. The same goes for the casts of Mission: Impossible, The Man from U.N.C.L.E. and I Spy.

Biederman has been immersed in the spy world, at least as Hollywood depicts it, from the time of his youth in the 1960s, when he was introduced to a world of "spies, gadgets, adventure, and beautiful women—everything that a ten-year-old boy could possibly want."

Since then he has collected over 4,000 props from various sets, amassing such an impressive trove that in 2000 the CIA asked him to exhibit it at its headquarters.

This book tells the story of each TV series and movie through Biederman’s props, which range from the coat hook used in U.N.C.L.E. to open a secret passageway, to the gold sofa that adorned James West’s private railroad car in The Wild Wild West.

Executive Briefing - "Wiretapping Made Easy"

from forbes.com...
Silently tapping into a private cellphone conversation is no longer a high-tech trick reserved for spies and the FBI. Thanks to the work of two young cyber-security researchers, cellular snooping may soon be affordable enough for your next-door neighbor.


In a presentation Wednesday at the Black Hat security conference in Washington, D.C., David Hulton and Steve Muller demonstrated a new technique for cracking the encryption used to prevent eavesdropping on global system for mobile communications (GSM) cellular signals, the type of radio frequency coding used by major cellular service providers including AT&T (nyse: T - news - people ), Cingular and T-Mobile. Combined with a radio receiver, the pair say their technique allows an eavesdropper to record a conversation on these networks from miles away and decode it in about half an hour with just $1,000 in computer storage and processing equipment...

Who will be the customers for their innovative espionage technique?
Hulton and Muller say they aren't sure yet. (more)

SpyCam Story #435 - Bottoms Up

UK - A council worker has been arrested on suspicion of spying on women in the toilets at Coventry's historic Council House. The arrest came after police were called in following a complaint by a victim. There are fears that a man may have somehow concealed himself underneath the floorboards of the toilets and filmed unsuspecting victims on his mobile phone. (more)

Industrial Espionage in Brazil

Brazil - Brazilian police said on Tuesday they were treating the theft of strategic data from Brazil's state-run energy giant Petrobras as a case of industrial espionage.

Petrobras confirmed last Thursday that four laptops and two RAM memory chips were stolen in late January from a transport container owned by the U.S. oil-field service company Halliburton, a longtime Petrobras business partner.

The data came from a drilling ship in the Santos basin, where a huge new oil reserve was recently discovered. The find could make Brazil one of the world's major oil producers...

Caetano confirmed it was not the first case of data robbery from Petrobras. The company reported similar cases to police about a year ago but said they did not involve important information.

He faulted the security in the latest case. (more)

Pellicano Wiretapping Case

The case is scheduled to resume March 5th. The Huffington Post claims they have the Witness List: "Chris Rock, Stallone, Bert Fields, Tom Cruise and hundreds more." The list of 244 people, however, has made the rounds and wound up here. Rambo says he is willing to testify, "Why not? I don't want to be left out." Stallone said he wasn't surprised to hear the allegations that such activity occurs in Hollywood. "In this town, nothing seems as it is," Stallone said. "There's so much skullduggery." (more)

Tuesday, February 26, 2008

Eavesdropping on private chats is... art!

Conversations from thousands of internet chatrooms, message boards and other public forums have been transformed into an electronic art piece.

Described as a unique portrait of the internet, the electronic art - called the Listening Post – forms a free exhibition at the Science Museum in London.

The piece samples text fragments of uncensored and unedited internet conversations over 231 small electronic screens standing approximately 4m high and 5m wide. The text is accompanied by computer-synthesized voices reading or singing the words that surge, flicker and disappear over the screens.

Listening Post is a collaboration by sound artist Ben Rubin and statistician and artist Mark Hansen, who wanted to address the question: "What would 100,000 people chatting online sound like?" (more)

Americans are not as bugged as they think

Israel - The number of wiretaps performed by the police rose 22 percent last year, from 1,128 in 2006 to 1,375, despite Knesset members' complaints that this tactic is overused. Over the last five years, the number of court-approved wiretaps has risen 42 percent.

By comparison, only 1,839 wiretaps were carried out in the entire United States in 2006.

According to Professor Yoram Shahar of the Interdisciplinary Center in Herzliya, this means that per capita, Israeli policemen use 20 times as many wiretaps as do their American counterparts, and a random Israeli is 30 times as likely to be wiretapped as a random American. (more)

FutureWatch - New technology spells end for wiretapping

It's the stuff the best spy stories are made of, the broadsheets this week had a small story in their technology sections about the Scientific and Technological Research Council of Turkey (TÃœBÄ°TAK) National Institute for Electronics and Encryption Research (UEKAE) having developed a completely original software package that allows mobile phones to be encrypted.

This makes it possible for mobiles to be safe enough to discuss national secrets without fear of interception. This type of protection is, officials at TÃœBÄ°TAK say, especially vital in the field of military communication when phone calls intercepted by foreign agencies could have potentially fatal consequences for soldiers in the field.

According to TÃœBÄ°TAK's February press statement, they have been working on the technology for 20 years and it will be offered first to Turkey's army and then to the public and private companies. This software, they say, will put Turkey in the top league of countries for protecting information and privacy. There will be many for whom the encrypted cell phone has come not a moment too soon and others who are already regretting the development. (more)

Monday, February 25, 2008

"Encryption can't save you now, Sonny Boy... Muhhahahaaaaa!"

from c|net, by Declan McCullagh...
Computer scientists have discovered a novel way to bypass the encryption
used in programs like Microsoft's BitLocker and Apple's FileVault and then view the contents of supposedly secure files.


In a paper (PDF) published Thursday that could prompt a rethinking of how to protect sensitive data, the researchers describe how they can extract the contents of a computer's memory and discover the secret encryption key used to scramble files. (I tested these claims by giving them a MacBook with FileVault; here's a slideshow.)


"There seems to be no easy remedy for these vulnerabilities," the researchers say...

Their technique doesn't attack the encryption directly. Rather, it relies on gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys. How the scan is done is one of the most clever portions of the paper. (more)

Cheap & Secure Communications - for Security ...and Eavesdroppers

from the TriSquare website – TSX300...
"
eXtreme Radio Service (eXRS) two-way radios use proprietary Frequency Hopping Spread Spectrum (FHSS) in the ISM band (900 MHz frequencies). 10 Billion channels." (more)

What does this walkie-talkie mean to you?
- "Secure Conversation – No Eavesdropping"

- Communications range of at least 1-2 miles.

- Very good communications within buildings.
- Voice Operated Transmit (VOX)

- No license required.
- Accessories include a headset.
- Cost: less than $100.00 per pair!


What else does this mean?

- A quick hack turns it into a long-range stealth bug!

- The average TSCM sweep team will likely miss it.

-
Advanced Eavesdropping Detection will find it.

Sunday, February 24, 2008

"...and, the 'Best Use of Spycam Technology' award goes to..."

Bird House Spy Cam
"Watch ‘em, but don’t touch ‘em!"

"Our Hawk Eye Nature Cam will open up undiscovered worlds of bird and wildlife behavior. Once you buy one of our wildlife monitoring cams, it probably won't be long before you buy another and another." (more)

Movies made with birdhouse spycams...
- Bats
- Baby Owls
- Flying Squirrel
- Baby Squirrels
- Hummingbirds
- Spooky Owls
- Baby birds feeding
- Squirrels

"Boss, this suspect gets a lot of email."

The FBI revealed that human error led to surveillance of an entire email network back in 2006, rather than the single email address approved by the secretive court which approves domestic wiretaps and other forms of e-surveillance...

The ISP involved allegedly misinterpreted a warrant for one email address to be a warrant for - ahem - the entire network. (more)

SpyCam Story #434 - Public Pool Perv

UK - A man who secretly filmed boys in a toilet and was caught with a camera at a children's swimming club has escaped a jail term. David Ashton (42) was arrested at Parkside Pool in Cambridge after staff were alerted to his suspicious behaviour during a parents-only training session for eight to 16-year-olds. Police found a video camera in a briefcase he was carrying. When officers searched his home, they discovered covert recordings of men and boys using a toilet cubicle, as well as other indecent images of children. (more)

Wiretap With Your Credit Card

That's right!
If you have a phone.
If you have a credit card.
You have a heavy-duty digital wiretap at your fingertips!

Of course, so does everyone else, so watch what you say 007.

...from the service provider's web site - callrecordercard.net...
It is easy to make high quality digital recordings. We will provide you with your own personal phone number in our state of the art, secure telecom switch.

- To record an important conversation, you first dial your personal phone number (PPN), which connects you to the recording equipment and then dial the number you want to record.

- To record incoming calls, the calls will automatically be recorded as they pass through our recording switch.

Your conversation will then be recorded and stored on our secure, password protected system, for you to play back as needed. Our advanced digital processors will record every word on both sides of the conversation.

Our clients use their Call Recorder Cards for both their business and personal needs. These are some of the typical uses of the Call Recorder Card:
- Record employee's calls to review their job performance
- Record details of complicated negotiations
- Maintains recorded records of verbal agreements
- Insurance investigator interviews
- Dictate recordings to be transcribed
- Dictate memos while on the road
- Disclosed monitoring of children's conversations
- Law enforcement investigations
not to mention...
- nailing that deadbeat jerk you used to be married to
- presenting a new cell phone to that special someone
- 'changing' the home phone number
- set up a sting
- or, post a PPN (pointed to [his/her name here] on-line, and wait for the fun to begin.

No need to have bulky recorders, or phone interceptor equipment. Simply follow the user friendly instructions to automatically direct your calls through our state of the art telecommunication switch.

Your important conversations will be stored in a safe digital format that only you can access and/or retrieve with your very own PIN (Personal Identification Number).

Testimonials (!?!?)
I had my housekeeper start making her calls through my Personal Phone Number. Lo and Behold! She spent hours a day on the phone just chatting! No wonder the housework never got done. O.G. - Connecticut

I gave a new cell phone to my teenager and told her that the calls were being recorded. Now I have peace of mind! Y.P. Texas

One interesting FAQ...
Q: Can I change the number that the other person will see on their caller ID when I make an outgoing call from my PPN?
A: Yes, when placing the calls follow the prompts to change the number the other person will see on their caller ID.

Useful service? Yes.
What could possibly go wrong? (snicker)

NFL Spygate History - The Locker Room Spycams

Earlier this season (1999), a Jets defensive player went into a small room at the team's practice facility in Hempstead, N.Y., and was stunned by what he saw. Inside was a bank of video screens, he said, showing various parts of the complex. On one screen, to the player's surprise, was a view of the locker room. ...

''A lot of things around here have knocked me for a loop, but this is one of the biggest,'' said the defensive starter, who asked not to be identified for fear of repercussions. ''My first thought was, 'Has the team been spying on us?' ''

A spokesman for the Jets denied that the team uses video cameras for surveillance purposes...

A number of players, team executives and union officials believe putting hidden cameras in the locker room, the training room or other parts of the workplace is a good idea. Others believe that cameras are a violation of a player's privacy. (more)

Pop Quiz: Who was Bill Belichick working for in 1999?

FutureWatch - Pimping your ride with RFID

First Singapore, then Bermuda, then...?

Here what happened in Bermuda...
"The Bermuda Government is issuing vehicle owners with credit card sized stickers containing a RFID chip and it is expected that every vehicle in Bermuda will carry one within a year or two.
The scheme is mandatory and a $10,000 penalty applies if owners remove the chips. RFID readers are being placed in telephone poles and buildings throughout Bermuda, which enable authorities to monitor the past and present location of vehicles and record the speed at which they are traveling. The information is being sent to high speed computers that calculate everything you could possibly imagine about a travellers journey, even the route taken." (more)

The handwriting is on your windshield.
Look for government to pimp your ride, next.
Hey, they even call it something benign and acceptable.
...like EZ-Pass, Ipass or UneedaPass.

Saturday, February 23, 2008

GSM Bug Flood Continues










GSM Eavesdropping Device.

Manufacturer: Lawmate
Model: GE-40
Size: 78(L) x 51(W) x 11(H) mm (approx. 3 x 2 x .5 inches)
- Communicates via GSM cellular
- Remotely controllable
- Can be triggered to call you when it hears sound.
- Scared yet?
- Battery or AC powered.
- External microphone input.
- External alarm input.
(more)
Why do I mention it?
So, you will know what you are up against.

The Penny Dropped. Let the Lawsuits Begin.

A former St. Louis Rams player and three fans sued the New England Patriots over allegations that the Patriots cheated in the 2002 Super Bowl by taping a Rams practice before the game.

Former Rams player Willie Gary and other plaintiffs are seeking millions of dollars of damages in their federal lawsuit, filed in New Orleans. The Patriots beat the Rams, 20-17, on a last-second field goal in the 2002 Super Bowl at the Louisiana Superdome in New Orleans.


Before the game, former Patriots employee Matt Walsh allegedly taped a walkthrough practice by the Rams. Walsh told The Associated Press last week during the Pro Bowl in Hawaii that he couldn't comment on the allegations.


The lawsuit accuses the Patriots of fraud, unfair trade practices and engaging in a "pattern of racketeering."
(more) (Why is Sports Crime Different?) (other lawsuit) (more outrage) (moral)

Thursday, February 21, 2008

Smackdown - US 193 - RIP

The U.S. Navy has successfully intercepted a defunct spy satellite using a surface-to-air missile — a first-ever such demonstration by an American warship. Debris from the shattered satellite was expected to burn up during re-entry.

"The mission was a success … the missile … intercepted the decaying satellite," Pentagon spokesman Geoff Morrell said.

The interceptor missile was launched from the Navy cruiser USS Lake Erie off Hawaii at 10:30 p.m. EST. The USS Lake Erie is an Aegis guided-missile cruiser. Two other ships, USS Decatur and USS Russell, were also part of the task force. (more) (audio) (Smackdown animation)

Wednesday, February 20, 2008

Countdown to Smackdown - US 193 (update 3)

Attempt to shoot down spy satellite to cost up to $60 million

(more)

Who is happy about this?
1. Amateur radio operators who are looking forward to communicating by bouncing radio waves off the debris. DX more rare than moon-bounce or meteor scatter communications.

2. The Navy, who will get the rarest of chances to actually test their goodies ...without fear that someone will shoot back.
3. All the MIC types who build these goodies. They will make money replacing the missiles, not to mention the satellite and placement rocket. They will make more money modifying and enhancing existing weapons systems based on what is learned from this escapade.
4. And, of course, the bookies in Vegas!


Hey, taxpayer.
Are you
unhappy? Stop. Think about it. Be reasonable.
Don't you want to be prepared when the comets come?
Don't you want to be protected when the aliens try to land?
Grab a beer. Relax. Watch GoldenEye.

Worst Security Ad of the Year Award

This plopped into my mailbox this morning...
- To whom would this ad appeal?
- Is that the type of person you want carrying a gun?
- Why are the 'Super Heros' standing in a police line-up?
- What did they do wrong?
- Hey, these aren't Super Heros. Real Super Heros are big and strong!
- Are 'Crime Fighters' out there rounding up fake Super Heros!
- What a waste of tax dollars.
- I getting scared now. This is creepy. I give up.
It is only February and we have the Worst Security Ad of the Year.

Leaked Info Dampens First Amendment

Recent days have brought two federal court decisions with disputed First Amendment legitimacy.

In San Francisco, District Judge Jeffrey White acceded to a request by a Cayman Islands bank to shut access to the Web site Wikileaks.org, which "invites people to post leaked materials with the goal of discouraging 'unethical behavior' by corporations and governments," as the New York Times reports.

In this case, the bank, Julius Baer Bank and Trust, accused "a disgruntled ex-employee" of giving stolen documents to Wikileaks in violation of banking laws and a confidentiality agreement. (more)

First Amendment vs. Creeping Extortionography.
You decide. In the meantime, keep your information from leaking in the first place. Need help? Call us.

Tuesday, February 19, 2008

Countdown to Smackdown - US 193 (update 2)

The U.S. Navy is specially modifying three advanced SM3 anti-ballistic missile interceptors to shoot down an electronically dead, intelligence-gathering satellite that was launched into space for the National Reconnaissance Organization (NRO).

Communications with the satellite were lost almost immediately, which means there’s no way of guiding the
spacecraft to a predictable crash site as it returns from orbit, says Marine Corps Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff.

The extraordinary decision to shoot it down was the result of analyses that show the satellite’s 40-in.-dia. hydrazine tank—now holding a 1,000-lb. frozen sphere of maneuvering propellant—will survive the descent. It will pose a lethal danger when it strikes the Earth, cracks open, and the frozen slush turns into a toxic gas, says James Jeffrey, White House deputy national security adviser. The effect on human lungs would be similar to ammonia or chlorine gas.


The three Aegis ships involved in the intercept, from a launch site in the northern Pacific, will be “reconfigured on a one-time, reversible basis,” says Jeffrey. Even if the space defense missiles miss or misfire, the threat will be no greater, says NASA Administrator Michael Griffin. However, even if the missile only grazes the errant satellite, it will fall out of orbit faster, analysts contend. If they make a direct hit, the spacecraft is expected to fall into an unpopulated area, Cartwright says.


If the SM3 missile hits the satellite as it nears the atmosphere, more than 50% of the debris will reenter within two orbits, about 10-15 hr. Most of the remaining pieces would fall within a month, Cartwright says. It will be critical to hit the satellite before it enters the atmosphere, where its nonaerodynamic shape will cause it to tumble and be almost impossible to engage, he says. If the first SM3 misses, operators will reassess and try again with the backup missiles.

It is officially denied that debris from the payload could reveal secret new U.S. national security capabilities if satellite wreckage were recovered by another nation. (more) (follow the whole story)

Tap Copped

NY - Prosecutors announced Friday they will use wiretapped conversations against the estranged wife of slain dentist Daniel Malakov - but the Daily News learned that a tape is missing and a cop is accused of taking it. (more)

French bugs 'discovered in UK Defence Minister's office'

UK - A leading MP is to challenge the Government over claims that a Defence Minister was bugged by the French when he was responsible for the award of billions of pounds worth of contracts.

Tory MP Patrick Mercer says senior security sources have told him that bugs were placed in the offices of Lord Drayson, the then-Defence Procurement Minister, at the House of Lords and in the Ministry of Defence, so the French could eavesdrop on conversations about valuable projects.

The claim has the potential to cause a major diplomatic row between Britain and France, which regularly compete for huge defence equipment contracts all over the world. (more)

Do you handle...
• 'huge contracts',
• expensive product development,
• major marketing campaigns,
• mergers and acquisitions,
• financial investments,
• sensitive investigations,
• valuable intellectual property,
• and, things so secret only you know about them?
Imagine the effect a bug in your office would have on you and your company.
(solution)

Monday, February 18, 2008

"Let me tell you how it will be..."

UK - He already has the power to arrest, and as of today, the British taxman will also be able to intercept phone calls, emails and letters, as well as bug residential premises and private vehicles. (more)
(sing-along)

SpyCam Story #433 - Justice not Blind

Philippines - A spy camera was found in a military courtroom where former Marine commandant Maj. Gen. Renato Miranda and former Scout Ranger commander Brig. Gen. Danilo Lim and 26 of their men were being arraigned yesterday.

Faced with a motion to rule whether it approved the installation of the spy camera, Fojas, court martial chairman, said the court did not know about the camera being placed on the ceiling.

“We have not permitted anybody to install the surveillance camera,” he said. “The court is unaware of it and I am directing whoever installed it to remove it.” (
more)

Peter McCollum's Bug & Wiretap Devices of the 50's & 60's

The ST-2A Surveillance Transmitter The ST-2A is one of the earlier models in a long series of equipment. The purpose of a surveillance transmitter (ST) is to transmit the sounds (conversations) from within a room to a person or recording device monitoring a receiver nearby. For example, an ST may be hidden in a hotel room before the targeted person arrives, and the opposition can set up equipment on an adjacent floor to monitor and record any conversations that take place.

This device, marked “F-371 IndCoil”, is an audio wire tap, most likely intended for telephone lines. It is an inductive pickup, so does not require any direct connection to the signal wire. This makes it much more difficult to detect, and does not interfere with telephone operation in any way.

When clipped over the red wire on a traditional telephone line, and connected to a suitable preamp, it can efficiently monitor a conversation. Note that it is necessary to tap only one of the two signal wires – if both wires pass through the device, the signal is canceled. The tap includes a square, closed armature that is opened by pushing a spring-loaded button. Two sides of the square have fine wire coils wound on them, connected in series.

Pushing the black button on the right side causes the armature to open so that it can be clipped over a wire. The oblong aluminum portion is a separate impedance matching transformer, marked “3.2” (ohms) on the input, and “1200” on the output. It has a 1/8” plug on the input side, and a matching jack on the output side.

(many more fine examples and photos)

Cape Town mayor Helen Zille says she is the victim of an illegal spying operation.

South Africa - Security around the opposition and Democratic Alliance leader Helen Zille has been stepped up and President Thabo Mbeki has ordered an investigation after Zille was tipped off that she is the victim of an illegal spying operation. (more)

The Eavesdropping You Agreed To

c. Eavesdropping. Our facilities are used by numerous persons or entities including, without limitation, other subscribers to HSI. As a result, there is a risk that you could be subject to “eavesdropping.” This means that other persons or entities may be able to access and/or monitor your use of HSI. This risk of eavesdropping exists not only with our facilities, but also on the Internet and other services to which access is provided as a part of HSI. If you post, store, transmit, or disseminate any sensitive or confidential information, you do so at your sole risk. NEITHER COMCAST NOR ITS AFFILIATES, SUPPLIERS, OR AGENTS SHALL HAVE ANY LIABILITY WHATSOEVER FOR ANY CLAIMS, LOSSES, ACTIONS, DAMAGES, SUITS OR PROCEEDINGS ARISING OUT OF OR OTHERWISE RELATING TO SUCH ACTIONS BY YOU. You acknowledge that software programs are commercially available that claim to be capable of encryption or anonymization. We make no representation or warranty regarding the effectiveness of these programs. (more)

The Neighbor Stick

Finn Magee combined his industrial design talents with an imagination fermented within apartment walls to come up with what he calls the "Neighbour Rod".

Here, "Neighbor Stick" (as in, 'stick it to your neighbor') seemed a more appropriate moniker.

When the neighbors get noisy, bang on the wall, ceiling, floor with the big white rubber mallet end. When the neighbors get suspiciously quiet, use the stethoscope end.

By the way, that's Betty. She loves to listen.

Finn is one cool dude. More about him, here.

Queen's offices 'swept for bugs'

UK - The Queen's rooms were regularly checked for bugging devices, the inquest into the deaths of Princess Diana and Dodi Al Fayed has heard. (more)
Regular inspections to detect electronic eavesdropping devices are an essential element of quality security programs.

Electronic eyes and ears keep tabs on workers

Canada - The sudden resignation of a South Shore police chief over allegations of e-spying on the local police union is the latest controversy over electronic eavesdropping in the workplace in the greater Montreal area.

Here and elsewhere, advances in electronic technologies have given employers new tools to keep an around-the-clock eye on employees. Unions are crying foul and fighting back. (more)

Alert - Analog Cellular - Discontinued - Last Call - Check you alarm system's cellular alarm reporting back-up unit.

Going, going... GONE!
With 4G and WiMax services on the horizon, a new digital wireless era is approaching...but the era of another form of cordless communications is soon to come to a close: namely, analog cellular phone service, which will cease nationally on February 18. (That's TODAY!)
Most phones now use digital service, but home and business owners with alarm systems may miss the analog signal. (more)
...and many more will miss the fun of easy eavesdropping.
In December 2005, the Australian Institute of Criminology (AIC) was commissioned by the Australian High Tech Crime Centre (AHTCC) to conduct research into issues relating to key criminal justice issues concerning technology-enabled crime.

The report provides an instant eduction on technology enhanced crimes, and new crimes which have come into being because of advancements in technology.

Observations...
- It still takes the legal system about 10 years to catch up with technology changes.
- Technology has further cemented the need for international law enforcement cooperation.
- Technology is forcing some of the age-old crimes – that we rarely used to hear about – out of the darkness.
Very interesting document. Sign of the times.
(this report) (more reports)

Sunday, February 17, 2008

SpyCam Story #432 - Action Jackson

CA - Holiday Cleaners, a family-owned business that's operated in Jackson for the past 15 years. Since October, it's a store that has also been under the watchful eye of city police as they investigate allegations that one of its operators recorded images of women as they undressed in the changing room.

Police are hoping female customers who patronized the dry cleaning business will come forward to see if they were recorded in digital videos and photographs allegedly taken by the suspect, 35-year-old Pine Grove resident Alex Ko, who runs the business with his parents and siblings. (more)

Spies Demise - Week ending 2/16/08

US - Four people have been arrested in the United States on spying charges relating to the sale of classified information - including details of the Space Shuttle - to China. (more)

Bolivia - President Evo Morales declared a U.S. Embassy security officer to be an "undesirable person" on Monday after reports that the officer asked an American scholar and 30 Peace Corps volunteers to pass along information about Cubans and Venezuelans working in Bolivia. (more)

US - Senator Specter, a Republican of Pennsylvania, wants to know more about the New England Patriots' practice of spying on the opposition... (more)

Afghanistan - Soldiers seized two Taliban fighters spying on Nato forces after one of the militant's smart shoes gave him away... A soldier said they were suspicious as he wore expensive shoes - rare in the poor farming area. (more)

South Korea's outgoing president has accepted the resignation of his spy chief, who offered to quit over the leak of a document detailing his secret trip to North Korea in December, a spokesman said Monday. (more)

Kenya’s longest serving spy master, James Kanyotu, died in Nairobi yesterday. The shadowy and burly spy who headed the Directorate of State Intelligence, then known as the Special Branch for 27 years, died at the Nairobi Hospital where he was undergoing treatment for an undisclosed illness. (more)

US - Hewlett-Packard Co. said late Wednesday that it has settled with the New York Times and three BusinessWeek journalists who were spied on as part of the company's boardroom surveillance scheme. (more)

Friday, February 15, 2008

SpyCam Story #431 - Sticky Fingers

Security Guard Arrested For Vending Burglary
NC - A covert machine/changer camera was installed at the location to help determine the cause of these chronic unexplained shortages.

The video revealed evidence that a security guard from the location, a federal facility, was opening a vending machine and stealing cash. This machine was used to store the account vending collections in a mother bag from all the machines. The security guard was taking the cafeteria manager's vending key from an unlocked desk drawer in the cafeteria office. Audit records indicate that this individual stole $1,000 over three months. (more)

This is a commom problem. Many of our counterespionage reports contain this obvious recommendation...
Do not leave keys behind.

The most common offense we see is: Admin locks the executive's office door at night and leaves the keys in their
unlocked desk just a few feet away.

"Would locking the desk help?"
No. Desk locks are easily pickable (or destructible)... as are filing cabinet locks.

"What could be worse?"
Those big key control cabinets which hold all the spare keys!

Most of their locks are as easily pickable as the desk locks... and, by the way, where is this key "hidden"? Can't find the key? Can't pick it? No problem. People rarely secure key-cabinets to the wall properly, anyway. Just grab it and go.

A few key control solutions for you...
FREE - Guide to Developing and Managing Key Control Policies and Procedures
Traka Key Control System
KeyTrak

"An ye, leave nae stone unturned..."

Isle of Arran, Scotland - Local police are on the look-out for a large quantity of rock that has gone missing from Hawthorn Quarry near Whiting Bay. The Forestry Commission alerted the police to the quarry theft last Friday, and are now being forced to install covert video surveillance at the quarry... (more)

SpyCam Story #430 - Spiderman Cam

Australia - A HI-TECH peeping tom rigged his house with an elaborate network of miniature hidden cameras to spy on his housemates, a court was told yesterday.

But police have been unable to view the footage Gold Coast man Rohan Wyllie is suspected to have recorded because he has refused to give them his computer password.

Mr Harris said he discovered an "amazingly small" camera hidden behind the wall and "kilometres" of cable in the roof cavity leading to Mr Wyllie's locked bedroom.

"I followed the wires - they all went from his room and fanned out across the roof trusses," he said.

Ms Chilcott said Mr Wyllie "lived in the roof and in his bedroom" and the roof was like "another home". She said there were so many hidden cameras she lost count "but I can tell you it was more than 10". (more)

Snuggly, The Security Bear speaks...

to... apparently, anyone who can be persuaded by a talking cartoon bear whose head is filled with fluff.

Let's join Snuggly now as he she it explains why a new federal wiretap law is being passed. (video)

Thursday, February 14, 2008

"And, the Number One security threat is..."

"YOU!"

When it comes to security, human threats score much higher than those posed by technology. So says a new survey by consulting firm Deloitte of more than 100 technology, media and telecommunications companies worldwide. (more)

Facing the music in Hitsville

Wall Street Journal - 2/13/08
Hit of the Day
Hezbollah today said the fugitive militant Imad Mughniyeh, who was indicted in the U.S. for the 1985 hijacking of a TWA airliner in which a Navy diver died, has been killed by Israeli agents. Israel denied involvement in his death. (more)

Wall Street Journal - 2/14/08
Quote of the Day
"This guy had it coming to him," former Mossad official Yossi Alpher tells Newsweek, in describing how "there are many intel agencies who had a score to settle with" Hezbollah's Imad Mughniyeh. (more)

Tuesday, February 12, 2008

Ultra-wideband (UWB). Now a TSCM reality.

UWB materializes on an RSA6114A Tektronix spectrum analyzer.

New Eavesdropping Threat. Bug transmissions via Ultra-wideband. Standard eavesdropping detection techniques don't 'see' it.

Research Electronics explains it nicely...
"Ultra-Wide Band (UWB) transmitters represent a new method of RF modulation, typically consisting of extremely narrow pulses (in the range of 250 picoseconds). The modulation scheme is a time division multiplexed system based on the timing of the pulses across a large frequency range. It is suspected that this new method of modulation will likely be used for short-range communications (approximately 10 meters), but other applications will certainly be developed. With a potential frequency band of 2GHz to 10GHz, the new UWB modulation represents some interesting characteristics from the technical security perspective, specifically with regard to the detection of UWB transmissions potentially used in eavesdropping devices."

Murray Associates recognized the threat early.
(from Kevin's Security Scrapbook - February, 2002)

FutureWatch
Ultra-wideband (UWB) makes it debut...
(this will be big)

Applications...
- Ground Penetrating Radar Systems
- Wall Imaging Systems
- Through-wall Imaging Systems
- Medical Systems
- Surveillance Systems
- Vehicular Radar Systems
- Communications and Measurement Systems
Not to mention, low-probability-of-intercept bugging devices.
(Shhhhhh! We told you not to mention that.)

Because of this foresight, Murray Associates can counter UWB eavesdropping threats today. Knowledge and military-level TSCM instrumentation (from REI and Tektronix) are being used now to protect their client family.

Consider the advanced TSCM services of Murray Associates if your current TSCM team can't show you what UWB looks like.

"Please, speak into my lapel."

Wireless CCTV, a UK-based provider of mobile surveillance systems, has launched its 3G body-worn services that are aimed at providing enhanced security to agents in the field.

Wireless says that the systems, which have been developed in response to the growing demand for body-worn surveillance equipment whether overt or covert, offer evidential quality recording of suspects and enable security supervisors to coordinate and carry out tactical operations that involve multiple members. (more)

LinkedIn To Mine User Data For Corporate Espionage

(From Insider Chatter by Donna Bogatin...)
"LinkedIn’s Mike Gamson is touting an impending fee-based “Research Network” aimed at capitalizing on the reams of data LinkedIn houses on those millions of people:


The service will help hedge fund managers and investment banks find people who used to work at a company they’re interested in, or even who is working for a customer of a company they are interested in. (as cited by eWeek)

In other words, insider corporate intelligence, or espionage:

Let’s say I’m thinking about making an investment in a producer of product X. I might want to speak to people that sell that product, people that buy that product, or that used to work at that company as part of my research process to have a better understanding of how valuable that product is.

BUT, “let’s say” the “producer of product X” does NOT want current or past employees talking to hedge funds and investment banks about its proprietary, confidential, insider goings on. LinkedIn’s financial incentives to its “17 million professionals” may nevertheless be hard to resist. Gamson boasts, “If we can begin to help our members make money and help our clients find the right people, that’s when you create value on both sides and we like those situations.”

Corporations about which LinkedIn users divulge insider information to hedge funds and investment banks, however, will undoubtedly NOT “like those situations.” (more)

72% of Scots against CCTV eavesdropping

The Information Commissioner’s Office (ICO) launched its new CCTV code of practice at the Scottish Parliament today, and also released details of a survey of a thousand people in Scotland.

Seventy-two per cent of respondents to the survey were against CCTV cameras which record conversations. This supports an earlier survey in London and South East England which produced similar results (70% against). (more)

Most wall warts just look ugly. This one just looks.

But wait.
There's more...
This wall wart contains a hidden camera and a microphone!
But wait.
There's more...
It also contains a digital audio / video recorder!!
But wait.
There's more...
It can record up to 66 hours of audio and video on its internal 2GB SD memory card!!!
But wait.
There's more...
No long cords to hide.
No wireless transmissions to give it away.
(more)

Why do I mention this?
So you know what you are up against.

Perfect Passwords - GRC's Ultra High Security Password Generator

Every time you visit this page, you get (FREE) a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use.
Example...
If you decide to use these great passwords, you might also need this.

Who Are You (I really want to know... who, who)

Take the Internet Vulnerability Profiling test to see yourself as hackers and data-thieves see you. You may be surprised (and scared) by what you see. Hope you don't see anything. (music to hack by)

2136 Passwords You Should NEVER Use

Check the computer products you own against the manufacturer's default passwords database. (the list)

Think data theft is rare?

Think again.

Massive information theft occurs almost every day.
Every day, other information thefts occur massively.


One example of infotheft from the list below...
"Personal information on customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing. The missing information includes Social Security numbers for about 150,000 people." (Jan 17, 2008)

So far this year; by date, victim and records lost.
Jan. 2, 2008 Workers Compensation Fund (Salt Lake City, UT) 2,800
Jan. 3, 2008 Robotics Industries Association (Ann Arbor, MI) Unknown
Jan. 3, 2008 Dorothy Hains Ele. School (Augusta, GA) Unknown
Jan. 4, 2008 Health Net (Mountain View, CA/CT) 5,000
Jan. 4, 2008 FL Dept. of Children and Families (Osceola, FL) 1,200
Jan. 4, 2008 MD Dept. of Assessments & Tax (Baltimore, MD) 900
Jan. 5, 2008 NM State University (Las Cruces, NM) Unknown
Jan. 7, 2008 Sears/ManageMyHome.com (IL) Unknown
Jan. 7, 2008 Geeks.com (Oceanside, CA) Unknown
Jan. 8, 2008 WI Dept. of Health & Family Ser. (Madison, WI) 260,000
Jan. 8, 2008 University of Georgia (Athens, GA) 4,250
Jan. 10, 2008 Select Physical Therapy (Levelland, TX) 4,000
Jan. 11, 2008 University of Akron (Akron, OH) 800
Jan. 11, 2008 University of Iowa (Iowa City, IA) 216
Jan. 11, 2008 VA Dept. of Social Services (Richmond, VA) 1,500
Jan. 12, 2008 CA State University, Stanislaus (Turlock, CA) Unknown
Jan. 14, 2008 Tennessee Tech University (Cookeville, TN) 990
Jan. 15, 2008 Department of Revenue WI (Lakewood, WI) 5,000
Jan. 15, 2008 Naval Surface Warfare Center (MD) Unknown
Jan. 16, 2008 University of Wisconsin (Madison, WI) Unknown
Jan. 17, 2008 GE Money / Iron Mountain (Boston, MA) 150,000
Jan. 23, 2008 Baylor University (Waco, TX) Unknown
Jan. 24, 2008 Fallon Community Health Plan (Worcester, MA) 30,000
Jan. 24, 2008 OmniAmerican Bank (Fort Worth, TX) Unknown
Jan. 25, 2008 Penn State University (University Park, PA) 677
Jan. 28, 2008 T. Rowe Price Retirement Services (MD) 35,000
Jan. 29, 2008 Georgetown University (Washington, DC) 38,000
Jan. 29, 2008 Wake County Emergency Medical Services (NC) 4,642
Jan. 29, 2008 Horizon Blue Cross Blue Shield (Newark, NJ) 300,000
Jan. 30, 2008 Davidson Companies (Great Falls, MT) 226,000
Jan. 31, 2008 SC Dept. of Health & Environmental (SC) 400
Jan. 31, 2008 University of Minn. Medicine Center (MN) 3,100
Feb. 1, 2008 Marine Corps Bases Japan (Okinawa, Japan) 4,000
Feb. 2, 2008 Diocese of Providence (Providence, RI) 5,000
Feb. 7, 2008 Memorial Hospital (South Bend, IN) 4,300
Feb. 8, 2008 MLSgear.com Unknown

Attention infomasochistics!
You can see all the gory details, going back to 2005, here.

Attention smart security directors!
You can get non-IT Department infosecurity help, here.