Wednesday, April 30, 2008

Wanted: Surveillance Camera Monitors

Washington - The D.C. government plans to begin centralized monitoring of about 5,000 security cameras it maintains throughout the city, giving emergency-management officials a broad look into schools, public housing and other sites.

The city says the system will save money and provide 24-hour monitoring, rather than the sporadic attention in the current patchwork of camera systems. But civil liberties advocates expressed alarm.

"Having it all together in one place brings us one step closer to the kind of scary movie scenario where they can track somebody moving across the city," said Art Spitzer, legal director of the American Civil Liberties Union for the Washington area.

D.C. police will continue to watch their 73 surveillance cameras in high-crime neighborhoods, Darrell Darnell, head of the D.C. Homeland Security and Emergency Management Agency, said yesterday. But his agency will set up a center to monitor an array of other closed-circuit TV cameras, including nearly 3,500 inside D.C. public schools, 131 used by the Department of Transportation and 720 used by the D.C. Housing Authority. (more)

The Headline Evil Word You Can Prevent

April 22, 2008 - "Sanford Hospital tightens security after baby taken"

The good news...
The child was rescued a short time later by a police officer who stopped a Chevy Blazer on Interstate 4 (more)

The bad news...
Most corporations are hedging their bets that the word "after" will not appear in a headline about their security efforts.

In the corporate world, stealing intellectual property is the real-life equivalent of a baby – the corporation's baby. The baby who is to be nurtured into the company's future.

Now is the time to tighten security;
• while it is inexpensive to do,
• while your stockholder good-will is high,
• while you still have a job.

1. Work with your Legal Department to upgrade and keep current: non-disclosure agreements, non-compete contracts, and pro-active programs to detect and deter eavesdropping and espionage.

2. Work with your IT department on: password protection, encryption, wireless LAN security audit and compliance surveys, and employee education.

3. Keep current with intellectual property threats.
Read the news.
Offer the boss proof!
You need funding to prevent eavesdropping and espionage problems.

P.S. Problems do happen...
Recent Problem #1
Recent Problem #2
Recent Problem #3
Recent Problem #4
Recent Problem #5
Recent Problem #6
Recent Problem #7
Recent Problem #8
Recent Problem #9
Recent Problem #10
And all this was just April's news!

Is it any wonder that this Hot Boardroom Topic was also in April's news?
~Kevin

Wiretap Laws Morph With Technology

Excellent article detailing how legal wiretapping in the United States was forced to grow with technology.

In the old days, everyone was linked to a lug nut... (everyone's telephone) ended up in the basement of the telephone company's switching station. There, the wire emerged, pegged to a rack by a single copper lug nut. Acres of racks lined the walls, each holding rows and columns of lug nuts and their wires, neatly stacked atop each other...

And then it all went sideways.

At the same time that the phone companies were preparing for the transition to digital, the use of cellphones -- which were inherently harder to tap because they used phone lines differently than analog devices -- mushroomed. ...Electronic surveillance, once such a dependable, relatively easy craft, was becoming inordinately difficult. (more)

Tuesday, April 29, 2008

"...thus proving they could keep a secret, for decades."

Japan - The Ministry of Internal Affairs and Communications' regional information policy office has decided to warn local governments about using analog cordless phones after it was learned that people could listen in on calls with commercially available receivers. (more)

Industrial Espionage - Battle Bot Boy Bolts

Who Stole the Plans for iRobot's Battle Bots?

Jameel Ahed was 20 years old when he joined iRobot in May 1999, a biomedical engineering student at the University of Illinois on a summer internship. In those days, the company was just 80 or so geeks in the Boston exurbs designing toys for Hasbro and doing research for Darpa. Ahed stood out. He was hardworking, flirtatious, and outgoing...

In December 2001, he bought the domain name roboticfx.com, planning to launch his own startup...

Before he left, a company staffer demanded that he sign a final confidentiality agreement. Ahed complained but signed. The next day, an email was sent at 10:18 pm from his still-active iRobot account to his new Robotic FX address detailing how the PackBot's batteries were made. Shortly thereafter, Ahed packed up and returned to Chicago...

By 2004, Ahed had a bare-bones prototype he called the Negotiator. It weighed just 20 pounds and cost less than $30,000 — half what iRobot was charging for a comparable early version of the PackBot...

...the Army announced its biggest ground robot contract ever. The so-called xBot deal would be worth up to $300 million and cover as many as 3,000 units...

In February 2007, iRobot's lawyers sent a cease-and-desist letter to Ahed, demanding that he stop making and marketing the Negotiator...

On September 14, 2007, the Army awarded the five-year xBot contract to Ahed for $279.9 million. iRobot went into battle mode.
(more) (coda)

Lessons:
• Keep all confidentiality / nondisclosure agreements current.
• Create an environment which discourages intellectual theft.
• Don't delay. If you suspect something is wrong, trust your instincts.
• Implementing a defense after loosing a $279m contract is expensive.
• Implementing a defense at the outset is cheap insurance.

"36 billion channels; still nothing worth watching!"

New anti-terrorism rules 'allow US to spy on British motorists'

UK - Routine journeys carried out by millions of British motorists can be monitored by authorities in the United States and other enforcement agencies across the world under anti-terrorism rules introduced discreetly by Jacqui Smith.

The discovery that images of cars captured on road-side cameras, and "personal data" derived from them, including number plates, can be sent overseas, has angered MPs and civil liberties groups concerned by the increasing use of "Big Brother" surveillance tactics. (more)

Sunday, April 27, 2008

"Relations... have always been based on true friendship and mutual values and interests."

Germany's foreign minister has apologized to his Afghan counterpart for officials' snooping on correspondence between a German reporter and an Afghan government minister, the Foreign Ministry said Saturday.

A spokesman at the ministry, speaking on customary condition of anonymity, said Frank-Walter Steinmeier telephoned Afghan Foreign Minister Rangeen Dadfar Spanta about the wiretapping incident and said those involved had been disciplined and three officials transferred to other duties.


Afghan Foreign Ministry spokesman Sultan Ahmad Baheen confirmed the call had taken place. He said Spanta accepted Steinmeier's apology "and both foreign ministers emphasized the good relations of both countries and both mentioned that this will not affect bilateral relations." (more)

“A half-truth is a whole lie” - Yiddish Proverb

Israel on Wednesday assured the United States that it had not spied on its key ally since 1985, after the arrest in New York of an US Army veteran (Ben-Ami Kadish) charged with passing defense secrets to the Jewish state nearly 30 years ago...

The case has been linked to the 1980s Jonathan Pollard spy scandal which rocked US-Israeli relations... The government publicly admitted in 1998 that Pollard had been an agent acting on its behalf and awarded him Israeli citizenship.

"Relations between the United States and Israel have always been based on true friendship and mutual values and interests," foreign ministry spokesman Arye Mekel said. (more)

Answer: "Mission Creep"

Question: What happens when tiny towns are given big £'s to watch for terrorists who never come?

UK - Campaigners have called for a "root and branch review" of spy laws after it emerged local councils were using them to track dog-foulers and litter bugs.

The Press Association contacted 97 councils to find out how they were using the powers, originally designed to combat crime and terrorism. It followed the controversy surrounding the case of a family in Poole, Dorset, who were tracked covertly for nearly three weeks to check they lived in a school catchment area...

...the research found the law was also used to find out about people who let their dog foul, a breach of planning law, an animal welfare case and an instance of littering.

Surveillance was also used to investigate alleged misuse of a disabled parking badge. (more)
Once surveillance is part of the civil infrastructure justifying usage moves from difficult to easy.

What happens in Vegas...

Las Vegas, NV - Clark County police and prosecutors say they have intercepted more than 29,000 incriminating conversations in 11 years, yet the wiretap recordings usually are hidden -- even years later -- because they are rarely used in open court to prosecute murderers, drug dealers and others.

Now a prominent Las Vegas defense attorney, Dominic Gentile, suggests they are being used, instead, to improperly gather intelligence about alleged crimes for which no wiretap was authorized. Failing to reveal the search results is cheating, he said, because when those other crimes are prosecuted, it denies defense lawyers any chance to examine the wiretap affidavit and question the tap's legality. (more)

Saturday, April 26, 2008

Eavesdropping Attempt Made on Porsche Chief

German police have launched a probe after an attempt was made to eavesdrop on Porsche boss Wendelin Wiedeking while he was staying in a luxury hotel.

Security staff from the the Ritz-Carlton hotel in Wolfsburg found a "babyphone" concealed under a sofa in his room, the media reports said, which had been turned on and was transmitting.

Porsche has filed a complaint with the prosecutors' office in Braunschweig, a company spokesperson told the AP news agency on Saturday, April 26.

The news magazines Der Spiegel and Focus said an investigation (a different investigation) is underway after a monitoring device was found in Wiedeking's room at the Ritz-Carlton in Wolfsburg in November. The reports said there was suspicion that the spying attempt took place one day before a meeting on Nov. 16.


Left behind?

The online news site Spiegel Online has reported that hotel security ruled out that a family with a child could have stayed in the s
uite previously and simply forgotten the device. For several weeks, there was no record of a family having spent an evening in the room.

Porsche told AP that other company officials had also been spied upon, including works council head Uwe Hueck, but did not supply any details. Focus has reported that his telephone conversations at Porsche headquarters in Stuttgart were allegedly wiretapped. It is not known who was behind the action but the company has reportedly notified prosecutors.

Porsche owns 31 percent of shares in Volkswagen, the biggest European automobile manufacturer, and wants to take full control of the firm.
Volkswagen has denied any role in espionage, Focus reported. (more)

Update...
Focus reports that the offices of Porsche workers’ organization head Uwe Hück are to be made bug proof after it was discovered that his phone was being tapped. And Der Spiegel says that a bug was found planted in the private flat of former VW chief Wolfgang Bernhard. (more)

16 Extra Eyes in the Florida Eye Institute

SpyCam Story #441
The mysterious tale of 16 SpyCams, 16 Microphones, and a recorder!


FL - A 45-year-old Vero Beach woman has been arrested on eight felony charges that allege illegal electronic eavesdropping on doctors, copying hard drives from their computers and the theft of a laptop.

But the seven-page complaint filed by the State Attorney's Office against Brenda Doan-Johnson, of the 3400 block of Atlantic Boulevard, does not explain why she supposedly paid a Melbourne man to place cameras and microphones in the private offices of three doctors at the Florida Eye Institute in Vero Beach.

Both a Jan. 24 Vero Beach Police report and a Jan. 28 civil lawsuit filed by three of Dr. Paul V. Minotty's business partners, say Minotty, founder of the institute, had hired a private investigator and the police report identified her as Doan-Johnson.

According to the state attorney's complaint affidavit, Doan-Johnson paid Mark Lynch, of Spy Source Warehouse in Melbourne, with a $6,000 personal check as deposit on $13,000 to install 16 video cameras, 16 microphones and a digital recorder at various places in the Florida Eye Institute — including the offices of doctors Karen Todd, Mark Gambee and Val Zudan.

Lynch worked after business hours for six days, starting Jan. 11, to install the equipment, the affidavit states, noting that audio recording apparently did not function.

Investigators reported that Doan-Johnson introduced Lynch to two other people who also were working in the building, identifying them as computer forensic specialists who were copying the hard drives from the desk computers of doctors Gambee, Todd, Zudan and Thomas Baudo.

According to investigators, Lynch phoned Gambee (!?!?!) Jan. 24 and told him about installing the electronics in Florida Eye Institute offices — including Gambee's office. The Vero Beach police were called to Florida Eye Institute the same day.

Gambee told Vero Beach officers his computer was missing. Doan-Johnson returned it, saying it was thought to be company property... (more) ...and, more to come as this case unfolds.

Wednesday, April 23, 2008

Cautionary Tale: Prevention = Cost-Effective

Hannaford spending millions to upgrade after security breach.
Background...
Yet Another Corporate Info-Loss Confession
"But, IT said our data was secure."

Hannaford Bros. Co. said it is spending millions of dollars to enhance the security of its data network following a massive security breach that exposed up to 4.2 million credit and debit card numbers to fraud...

Hannaford President and CEO Ron Hodge apologized again Tuesday to customers for concerns and inconvenience they experienced because of the breach...

In a conference call with reporters, Hodge and Bill Homa, senior vice president and chief information officer, declined to address the cause, scope and nature of the breach, citing the ongoing criminal investigation and pending litigation.

The Hannaford case is among the largest security breaches on record but is much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains. (more)

The "millions" figure is likely just a system fix number. The final cost, which will include: public embarrassment, loss of customer good-will and
customer ill-will lawsuit losses, can not be tallied just yet.

Recommendation:
Be smart.
Be frugal.
Be a corporate hero.
Spend the bucks to protect your company's communications privacy (voice and data)
. There is a good chance you will save money in the long run... a lot of money! ~Kevin

Tuesday, April 22, 2008

Baby's First SpyCam

Anticipated Mission Creep Arrives

UK - Anti-terrorism surveillance is being used to spy on kids

Councils are using anti-terrorism surveillance laws to spy on children trying to buy alcohol, it has emerged. One authority alone has run 70 snooping operations, including tracking youngsters and covertly filming people selling counterfeit DVDs. It also admitted using the laws to obtain phone records and e-mails of those suspected of what it described as 'petty' offences. (more)

Putting the squeeze on Blackberry to get the juice

Talks between Indian officials and Canada's Research In Motion (RIM, the BlackBerry Bunch) would seem not to have gone very smoothly...

The backstory here is that the top brass at India's burgeoning and powerful state security services are concerned that Blackberry's advanced communications technology cannot be breached by their operatives and thus the "authorities" are currently unable to eavesdrop Blackberry users.

They have asked RIM to provide them with the capability to conduct covert surveillance on Blackberry users by requiring the company to install local servers and provide secret back door access to services, but the Canadian vendor has so far refused to comply. (more)

Get the PR team some O2, stat!

UK - O2’s PR team mistakenly connected a journalist of tech website The Register to a call earlier this month, allowing him to eavesdrop on their conversation about his news enquiry.

Turns out, O2 (a UK cellular service provider) reckons The Register’s readers are “techie nerds” and “Muppets” for wanting to move to 3. O2 duly apologised on the website, and said to Mobile News: “Hey, we’re techie nerds ourselves.” (more)

Friday, April 18, 2008

"...This DVD will self-destruct in..."

Germany - The branded 'Einmal' (Deutsch for 'once') discs employ a chemical coating that starts breaking the disc down once the vacuum seal is breached. On average, users get 48 hours of use from a €3.99 ($6.44) disc. Once the disc has run its course, it'll show up as non-readable when popped into a player (no explosion). (more)
Proposition Impossible, unless a good security application comes along.

FutureWatch - Cell Phone Crackdowns

Austria - Taking a cue from France's national railway, which offers phone-free «zen zones» on high-speed trains, Austria's second-largest city this week began ordering public transit commuters to keep their phones on silent mode.

The crackdown in the southern city of Graz has triggered a loud debate between advocates of free speech and people who say they're simply fed up with having to listen to annoying ring tones and intrusive cell phone chatter while riding a public bus or tram. (more) (etiquette) (how other are dispensing justice) (Divine justice)

Extra Credit...
''No matter the excitement in the industry he had created, Bell forever refused to have a telephone in his study. He resented its persistent jangle.'' - from ''Once Upon a Telephone: An Illustrated Social History'' (Harcourt Brace & Company, 1994) by Ellen Stern and Emily Gwathmey

FutureWatch - Eavesdropping on GSM Cell Phones

A web service that will make it easy and inexpensive to crack the GSM A5/1 encryption protocol, quickly enough for a call that is still in progress, is slated to launch at the end of April. Living right at the intersection of open hardware, open source software, software as a service, and cryptography, the service will reduce the cost and effort of cracking GSM call encryption by at least an order of magnitude.

The service is being developed by members of the GSM Software Project and demonstrates just how much things have changed in the world since the GSM system was designed. Various approaches to cracking both A5/1 (the European standard) and A5/2 (the weaker US standard) have been available for some time but this one is unique in that it should be available to researchers and hackers at the end of April in hosted api form instead of pdf.

Back in 1997, this overview of the GSM system declared that "Enciphering is an option for the fairly paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers." After all, such a radio encoding scheme made the signals invisible to typical radio band scanners.

Today, however, the availability of the Universal Software Radio Peripheral (USRP), an open hardware software defined radio that sells for about $700, combined with work being done at GNU Radio project to codify the GSM waveform (also targeted for the end of this month), makes this once reasonable point of view seem quaint. Good encryption is now a must and it appears that A5 no longer qualifies. (more)

Wannabea Spy?

The Shin Bet website now features recruitment blogs by four high-tech spies.

Israel’s domestic intelligence agency shed some of its shadowy mystique three years ago when it went online to draw new applicants. Recently, the site launched a new page, on which four Shin Bet computing experts discuss what they like about their jobs.

The Hebrew-language texts are sparing on details, with only silhouette portraits of the authors, whose names are withheld. Security sources said the Shin Bet hopes the blogs will help win over recruits from the private high-tech industry. (
more) (What does a Spy look like?)

Thursday, April 17, 2008

CNN Report - Chinese spies in the US

Night Flight

Two men attempting to board a plane to China with nearly a dozen sensitive infrared cameras in their luggage were arrested... Yong Guo Zhi, a Chinese national, and Tah Wei Chao, a naturalized U.S. citizen, were arrested for investigation of trying to take thermal imaging cameras with potential military use to China without the proper export licenses... Ten of the cameras, which measure about 2 inches square and cost about $5,000 each, were found in the men's checked luggage... (more) (related video) (the other Night Flight)

Corporate Espionage - Contractor Pleads Guilty

A U.S. Department of Defense (DOD) contractor from Baltimore pleaded guilty today to conspiring to steal competitive information concerning contracts to supply fuel to DOD aircraft at locations worldwide, the Department of Justice announced.

Matthew W. Bittenbender has entered into a plea agreement, filed in U.S. District Court in Baltimore, where he was originally charged on January 7, 2008. According to the terms of the plea agreement, which is subject to court approval, Bittenbender has agreed to cooperate in the government's investigation...

...Bittenbender conspired to steal trade secrets from his employer Avcard, a division of Kropp Holdings LLC, and sell that information to his competitors, FERAS, and Aerocontrol. In return, Bittenbender received cash and a percentage of the profit earned on the resulting fuel supply contracts. According to the plea agreement, Cartwright, Wilkinson, FERAS and Aerocontrol, in turn, used that information to underbid Avcard at every location where the companies were bidding against each other. Avcard ultimately lost each of the contested bids. (more)

Wednesday, April 16, 2008

"...and she went to the hospital to have it removed! Blahaaaaaa..."

Australia - Attorney-General Robert McClelland says the proposal to let some employers access workers' emails without consent is only being considered as a way to stop cyber terrorist attacks.

He says it would not be targeted at personal communications.

"What you would be looking and permitting access to is information that would reveal an attempted infiltration," he said.

But deputy Opposition leader Julie Bishop says...
"Employers should not be burdened with the responsibility of intercepting emails involving staff suspected of behaviour that threatens Australia's national security."

"This places an unfair surveillance responsibility upon employers and effectively requires them to undertake what is a potential criminal investigation." (more)

Seriously bad idea...
- Pay IT guy to do a government intelligence agents' work?
- Pay twice!?!? Salary for IT guy and (via taxes)
government intelligence agents'.
- Conflict of interest? Employees spying on friends and colleagues?
- Entrust national security to an army of untrained private employees...
- ...whose work product might equal less than educated guesswork?
- ...who may be tempted to use the snoop power for personal gain?
- Not to mention: loss of regular business productivity, opening new avenues of corporate espionage, data vulnerabilities, etc.
Outsourcing your job responsibilities should not be an option; especially when you have been entrusted with national security.

Tuesday, April 15, 2008

Data Land Mines

1. A slip of the finger reveals the company secret.
- Turn off that auto-fill feature.
2. People give away passwords and other secrets without thinking.
- Engage brain. Shut mouth.
3. A trusted partner ends up not being so trustworthy with your data.
- Share sparingly.
4. Web-based apps can be portals to leaks and thieves.
- VPN it instead.
5. Hoping the worse doesn’t happen only makes it worse.
- Plan for disasters.
6. Avoiding or diluting response leadership makes breaches worse.
- Designate a buck-stopper.
7. Handling breach details sloppily tips off the perp.
- Practice 'need-to-know'.
8. Trusting "silver bullet" technology hides real threats.
- There ain't no Lone Ranger.
9. Spending unthinkingly wastes resources you might need for important threats.
- Gauge threats.
10. Don't save the wrong data.
- Only store what you need.
(more)

"Afghanistan banana-stand!"

Police in Italy have issued footage of a man who is suspected of hypnotising supermarket checkout staff to hand over money from their cash registers.

In every case, the last thing staff reportedly remember is the thief leaning over and saying: "Look into my eyes", before finding the till empty. (more) (video)
('SNAP' of fingers)
Wake up!

Sunday, April 13, 2008

...and, 85% declined to answer.

"Me, My Spouse and the Internet"
Oxford Internet Institute, University of Oxford,
Survey Results...

• 20% of married Internet users admitted to reading their partner’s emails and text messages; and
• 13% to having checked their partner’s browser history.
More than 6,000 married people were invited to take part in the study. The final sample involved 929 couples, with both partners completing a questionnaire. (more) (Project website.)

Surveillance Desensitization Continues

Hal Niedzviecki writes...
I ask (Ursula) Lebana how things have changed since she opened Canada’s first spy store back in 1991.

“People who came into the store at that time were quite shocked,” she tells me. “They never realized cameras were that small. They said, ‘Oh my God, that’s scary. And isn’t it terrible to monitor the nanny? Where’s the trust?’”

Sixteen years later, business is booming. “Now people say, ‘Oh, I want a hidden camera,’” says Lebana, who has since opened SpyTech locations in Ottawa and London, Ontario. “They are more willing to use them now. They’re more familiar with it. I’m even getting repeat customers... (
more)

"Youz gotta problem with dat?!?!"

from The Bay City Times Opinion page...
MI - When The Times looked into the money that road commissioners lavished on themselves, we found a board besotted with inflated retirement benefits and fancy junkets.

We also found that one commissioner, now retired, had used a Road Commission credit card to give himself quick loans at casinos. In another instance, the commission's former finance director was caught using a tape recorder to eavesdrop on employees.

In the lives of private citizens, both incidents might have resulted in felony charges. But in the buddy-buddy world of government, no charges stuck. (more)

Saturday, April 12, 2008

Wireless Color SpyCam Pen

from the seller's web site...
"Our covert Wireless Spy Cam Pen is ideal for undercover assignments, wear it innocently on your shirt pocket, place it on a desk, attach it to an organizer, or just start writing with it like you would a normal pen — all while transmitting live high-quality color video images. It’s the size of a regular pen, so you can bring it with you anywhere.

The Pen Camera cleverly conceals a quality color video camera inside a working pen. Minimal illumination makes it difficult to detect that you’re using it for anything more than writing.

To start transmitting, simply click the top of the pen, yeah it’s pretty cool. Just attach the receiver to any TV or VCR for easy recording, or even a security monitor.

This little hidden camera in a pen has a transmission range of more than 300 ft." (more)
Why do I mention it?
So you will know what you are up against.

SpyCam Story #440 - The Dentist

TX - An Ennis dentist accused of videotaping his female employees in their changing room with a hidden camera pleaded guilty...

The employees went to authorities in August after finding a video camera in a room where they changed into and out of medical scrubs at Durbin's dental office. According to an affidavit, the women confronted Durbin, who admitted making video recordings.


Stephen C. Durbin, also a city commissioner in Ennis, got five years of community supervision with deferred adjudication in the plea agreement on a state jail felony charge of improper photography or video recording. (more)
"She said my boy I think someday
You'll find a way
To make your nat-u-ral tendencies pay!
Yooou'llll be a Den-tist!"


SpyCam Story #439 - Action Jackson (update)

CA - Three more victims have come forward in the Jackson spying case that began in October when a woman alerted police she saw a camera lingering above an uncovered opening of a changing room at Holiday Cleaners.

Alex Ko, a 35-year-old Pine Grove resident, allegedly recorded digital videos and photographs of women as they undressed in the cleaner's changing room from May to August 2007. Ko runs the business with his parents and siblings. (more) (original story)

Crime Does Not Pay! (No, really, it doesn't.)

According to a new study dug up by Secrecy News, modern-day spies -- at least the ones who get caught -- don't appear to be making much money.

The study (.pdf), conducted for the Defense Personnel Security Research Center based on its Espionage Database, concludes that "Two thirds of American spies since 1990 have volunteered. Since 1990, spying has not paid well: 80% of spies received no payment for espionage, and since 2000 it appears no one was paid.” (more)

Well... sometimes crime pays.

PA - A Pennsylvania state police trooper who claimed a phone conversation with a supervisor was illegally recorded without his permission has been awarded more than $500,000 in damages by a federal jury.

Mario J. Diana was awarded $262,126 in compensatory damages for invasion of privacy and unlawful seizure, and $238,878 in punitive damages against Carmen Altavilla, former commander of Troop P in Wyoming, and Lt. Willard Oliphant. The jury rendered the verdict late Thursday afternoon following a four-day trial before U.S. District Judge A. Richard Caputo in Wilkes-Barre.

Diana filed suit in 2005, alleging Altavilla ordered Oliphant to tape a phone conversation in which Oliphant advised Diana, who was off on a workers’ compensation claim, that he was being ordered to return to work. (more)

Thursday, April 10, 2008

Blackemail, Espionage or Just Coincidence?

MA - Two staff members in the school superintendent’s office spied on e-mails sent to Cambridge School Committee members over the span of one month. (more)

...administration officials did not tell the School Committee they were receiving committee e-mails from parents and others. A School Committee member only found out the two school officials were copied into School Committee e-mails after they hit “reply all” and found the duo copied in the e-mail. 14 days after it was discovered, School Committee members voted to enter contract negotiations with Superintendent Thomas Fowler-Finn. (more)

News Flash? "Covert video surveillance becomes widespread in Russian offices"

from Pravda...
"Most of you work in companies equipped with video surveillance systems. As it turns out, video surveillance affects employee’s work more significantly than other control methods (wiretapping, looking through emails and reading the most frequently visited websites)." (more)

Search Engine with Reduced Squeal

Ixquick.com deletes its users' search data (including IP addresses) within 48 hours... Furthermore Ixquick does not set any uniquely identifying cookies or share your privacy details with 3rd parties.

UPDATE - NEW URL. Startpage.com

More Animal Eavesdropping

Climate change may be predicted by fish who "eavesdrop" their way to healthy food sources using chemical cues given off by ocean organisms. This research, conducted by the University of North Carolina Wilmington assistant professor Sean Lema and collaborators, was published in the March edition of the journal Science in the article "Dimethylsulfoniopropionate as a Foraging Cue for Reef Fishes." (more)

There's something kinky going on in the world of Barbary macaques. Researchers have found the males eavesdrop on their mates having sex in order to make sure they don't miss out on the fun... (more)

"Arrivederci Roma"

"I continue to use the mobile phone with greater freedom, but if there is any news which comes out about my telephone calls being recorded I will leave this country". ~ Silvio Berlusconi, Italian politician, entrepreneur, and media proprietor.

Berlusconi said this when he explained that he had a plan to deal with the indiscriminate use of bugs. "We should only allow the bugging for crimes such as terrorism and organized crime". (more)

"Pick-up in aisle Ten."

Supermarket chain Lidl has apologised to staff after being accused of systematically spying on them.

It took out of series of newspaper adverts in Germany saying: "We regret it profoundly and apologise explicitly if co-workers feel discredited and personally hurt by the described procedures."

Earlier German magazine Stern reported that Lidl had hired detectives who installed surveillance cameras to monitor the staff's work performance, and even to find out how often they used the toilets and whether they had affairs with co-workers. (more)

But wait! There's more!
Germany was shocked to learn that Stasi-like techniques were used to spy on employees of supermarket giant Lidl. Now a report has emerged showing that the chains Plus and Edeka may have done the same... (more)

And, more!
BT has admitted that it secretly monitored customers' internet surfing activities in trials of new software in 2006 and 2007. (more)

Idea for new sitcom... Plain Stupid! - "Should you be caught, we will disavow any..."

A spy who infiltrated a direct action anti-aviation group has been exposed after making a series of elementary errors that aroused the suspicions of genuine activists.

Toby Kendall joined Plane Stupid, the group that occupied the roof of the Houses of Parliament last month, after graduating from Oxford last year. He told the activists that his name was “Ken Tobias” and said that he was deeply concerned by the impact of the aviation industry on climate change and that he wanted to help to organise protests.


But his habit of wearing a Palestinian scarf with his Armani jeans and designer shirt made some members question his identity. He was also the only member to turn up early to every meeting but had no friends in the activist community...


Plane Stupid began a mole hunt
and, after feeding him false information that found its way within two days to the aviation industry, discovered his real name and employer.


Mr. Kendall, 24, works for C2i International, a counter-intelligence company run by former special forces officers. It claims that its agents are “hand-picked from Special Operations at New Scotland Yard”...

Justin King, C2i’s managing director, claimed to have been unaware of Mr. Kendall’s infiltration of Plane Stupid. He said Mr. Kendall was employed to carry out counter-surveillance such as “debugging company offices”. (D'oh!) (more)

This is a cautionary tale for corporations and protest groups alike.
1. Espionage is multifaceted - eavesdropping, wiretapping, dumpster diving, moles, etc.
2. Failed attempts end up in the newspapers. Successes go unnoticed.
3. Attacks fail when people start looking.
4. Start looking.
In this case, "...a contact at Oxford University recognised a photo we'd taken. Our spy wasn't called 'Ken Tobias', but Toby Kendall - an Oriental Studies student from Wadham College. A quick google search revealed a Bebo page with a photo. Snap! It also took us to Linked In, a high-flying corporate networking site, where 'Ken' claimed to be an analyst at C2i International, working in "Security and Investigations".
Note: Even Austin Powers had a better cover story. Don't expect your mole to be as obvious.

From Alligator Clips to Data Rips

The digitization of information has made wiretapping incredibly easy, while at the same time making legislation around warrants and civil liberties exponentially more complex, said experts during an afternoon panel at RSA yesterday.

“Two and a half years ago, me and my partners at the New York Times exposed a national wiretapping program and we still can't tell what it's all about,” said Eric Lichtblau, investigative reporter, who officiated the panel. (more)

Tuesday, April 8, 2008

"What's in your IT department?"

by Naomi Grossman, bmighty.com
Caught up in the high profile case of Anthony Pellicano -- the detective on trial for racketeering and wiretapping in a case that involves lots of big names in Hollywood -- is the manager of IT security for Conde Nast publications. How exactly did that guy get his job?...


On Gawker, Ryan Tate asks the second most obvious question: "The guy who runs tech security for Condé Nast has admitted lying to the FBI and lending his services to private detective Anthony Pellicano even though he knew Pellicano was tapping people's phones. He's also been accused, in the course of Pellicano's racketeering and wiretap trial, of leaking a pre-publication copy of Vanity Fair that Pellicano mysteriously obtained, and of bragging about bugging the office of his Condé Nast supervisor. So why does he still have a job?"...

...the lessons here go beyond the need to move decisively in hiring and firing. If Reynolds could do that stuff in a huge company like Conde Nast, imagine the damage your IT guy could do in your smaller business -- where there aren't the same resources to weather a disaster. Put the time and effort into checking your IT guys out. Each one could mean the difference between life and death for your company. (more)
Well said!
You've been warned.

Monday, April 7, 2008

India Wants to Eavesdrop on BlackBerrys

BlackBerry users, beware of the snoops. India's Telecommunications Dept. told telecom carriers, Internet service providers, and officials at Research In Motion (RIM), the Canadian company that makes BlackBerrys, that it wants to eavesdrop on transmissions from every BlackBerry phone in the country. To comply, RIM might have to route calls and e-mails through government computer servers based in India. (more)
FutureWatch... Look for other countries to jump on this bandwagon.

Hot Boardroom Topic - Counterespionage

Security is becoming a board-level issue as the number of cyber-attacks and corporate espionage incidents are growing significantly each year...

Few people would dispute the mystique that surrounds the boardroom. This allure has been around for some time, but it was recently heightened by the popular TV series "The Apprentice" with business icon Donald Trump. Boards of directors deal with sensitive issues and handle privileged information, and board meetings themselves call to mind strategy discussion, stock discussions and major contracts.

Taking advantaged of privileged information is illegal. As you can imagine, access to privileged financial and stock information could easily be used for insider trading. The sensitive information and financial data must be controlled in order to comply with Securities and Exchange Commission disclosure requirements.

What you may not think of are the discussions around information security, which has become a board-level issue. Cyber-attacks and corporate espionage are growing significantly year-over-year. In a training program developed by Spy-Ops, the company notes that corporate espionage worldwide is now more than a trillion-dollar problem annually and growing. Data breaches, theft of intellectual property, insider trading and other criminal acts now demand the attention of the board of directors.

"Enterprise risk management discussions and strategies have moved into the executive suites and boardrooms. This is due primarily to the significant implications associated with security breaches," said Paula Cordaro of Spy-Ops.
(more)

S(he) M(aybe) E(arliest) R(ussian) S(py) H(ero) - B. Badenov

Russia’s oldest counter-intelligence officer is 100 years young. And although she's long retired, Maria Lyovina is still barred from revealing sensitive details about her work in the past.

She may not look like your archetypal secret agent but Maria Lyovina was catching spies long before the world had ever heard of James Bond.


A great grandmother three times over, her Ulanovsk flat is filled with family photographs. One is a striking image of the young woman German agents came to fear.


Maria was working as a secretary in a Leningrad factory when the Soviet Union entered the Second World War.


She was recruited by Army officers looking for an experienced typist.


She joined SMERSH, a counter intelligence group dedicated to catching traitors and undercover Germans. Its name literally meant ‘death to spies’. (more) (video)

Sunday, April 6, 2008

"Blank Reg! Is that you?"

UK - Yobs wrecked CCTV cameras outside a Preston community centre just 48 hours after they were installed. But pictures of the vandals have been captured on the cameras they tried to destroy.

The community of Tanterton won government funding to put up four cameras at a notorious troublespot near the row of shops and community centre in Village Green Lane. (more) (video)

Wristwatch SpyCam

from the manufacturer's press release...
This Watch Spy Camera and Receiver is the ultimate covert operations kit, the camera in the watch is so small it's practically undetectable and looks absolutely normal.

Smart mounting of the camera results in the image being correctly orientated when the watch is upside down, for example when naturally resting your arm on a table. With stylish brushed aluminum and black a face no one will ever suspect they're being watch by such a well dressed person. The receiver unit comes with a 2.5 inch LCD and the capability of monitoring 4 wireless cameras at a time, playing music and even MPEG 4 movies if the mood takes you. The is quite simply the most covert spy camera we have seen yet and is now available direct to you at Wholesale-Star's excellent wholesale prices. Easily sell this to your eBay customers for great profits and take advantage of Wholesale-Star's drop shipping service. (more)
Yes, the watch keeps time.
Yes, the watch transmits audio, too.

Price Drop!!! GSM Bugs now on sale - $35.00

Alert - The hottest new bugging devices are now among the least expensive. GSM SIM bugs are like cell phones, but without the keypad. Eavesdroppers call and listen from anywhere in the world.

At one time these devices sold for $250.-$500. The price has plummeted to $35.-$55. Why? The same reason their sister product (the cell phone) is often a give-away item... Economy of scale; thus proving consumer demand is fueling mass production.

Corporate Concern...
At these prices, "salting" offices with bugs becomes practical. Imagine... Buy in bulk and get custom silk screening - "Air Quality Monitor - Do Not Disturb." Even if accidentally seen, it might be accepted - "Every office has one of these."

Corporate Solution...
Periodic Eavesdropping Detection Audits are now an integral part of corporate security. Not having an eavesdropping detection program is negligence.

from a seller's web site...
"The GSM SIM Bugs are advanced audio surveillance devices. The SIM spy ear comes with compact design and embedded microphone system. This audio surveillance listening system no need software and no configuration required. Very easy to use. The only one thing you need to do is insert a pre-paid GSM SIM card into SIM card slot of the spy sim bug. Then you could hide it in an inconspicuous location and starts excellent listening surveillance." (more)
Update: The seller has stopped selling this; claiming, "Because they are incompetent." This is likely as early models did not work well, hence the big price drop. Newer models seem to be selling very well, however.

"Sunlight is the best disinfectant."

Trinidad & Tobago - Sweeping legislative changes, including a proposal to regulate the practice of wiretapping in the entire region, are among a series of recommendations agreed to by Caricom Heads of States, Bharrat Jagdeo, the Guyanese president, revealed yesterday.

Speaking to reporters outside of the Grand Ballroom of the Hilton Trinidad where a special security meeting of the Caricom Heads of Government was concluded. Jagdeo disclosed that he had personal knowledge that wiretapping is done throughout the region and revealed that it was agreed by heads of government that the practice should be regulated by legislation.

“People wiretap now,” he said, “but they can’t use it for evidence because it’s done illegally.” (more)

Bet you never heard of CARICOM.
Guess how many countries we are talking about here...
Full Members
Antigua and Barbuda
Bahamas
Barbados
Belize
Dominica
Grenada
Guyana
Haiti
Jamaica
Montserrat
Saint Kitts and Nevis
Saint Lucia
Saint Vincent and the Grenadines
Suriname
Trinidad and Tobago
Associate Members
Anguilla
Bermuda
British Virgin Islands
Cayman Islands
Turks and Caicos Islands
Observers
Aruba
Colombia
Dominican Republic
Mexico
Netherlands Antilles
Puerto Rico (U.S.)
Venezuela

That's a lot of wiretappers who will soon be able to present their evidence in court!
It may also change some old saws...
"Sunny places attract shady characters."
may now become...
"Sunlight is the best disinfectant."

Thursday, April 3, 2008

Spy Buster Locates Sophisticated Wireless Eavesdropping Devices

According to the Freedonia Group, a market research group in Cleveland, Ohio, companies spend over $95 billion annually on corporate security.


One of the fastest
growing areas for this spending is corporate espionage prevention.

Factors in this growth include everything
from globalization to decreased employee loyalty and the fact that the most valuable asset of a corporation these days is information, which can be easier to steal than a piece of machinery.

So what’s a worried executive or security professional to do?
Increasingly, companies and government agencies are turning to firms that specialize in detecting and removing eavesdropping and other surveillance devices... (more)

Wednesday, April 2, 2008

Track My Treads - The TPMS Privacy Blowout

via hexview.com
New technologies always come with privacy issues.
Tire Pressure Monitoring Systems (TPMS) is one of those technologies.


What is TPMS?

TPMS lets on-board vehicle computers measure air pressure in the tires.

How does TPMS work?
In a typical TPMS, each wheel of the vehicle contains a device (TPMS sensor) - usually attached to the inflation valve - that measures air pressure and, optionally, temperature, vehicle state (moving or not), and the health of the sensor's battery. Each sensor transmits this information (either periodically or upon request) to the on-board computer in the vehicle. To differentiate between its own wheels and wheels of the vehicle in the next lane, each TPMS sensor contains a unique id.


TPMS transmits data that uniquely identifies your car!

Here is where privacy problems become obvious: Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna.

Why is this a problem?

If you live in the United States, chances are, you have heard about the “traffic-improving” ideas where transportation authorities looked for the possibility to track all vehicles in nearly real time in order to issue speeding tickets or impose mileage-adjusted taxes...
Guess what? With minor limitations, TPMS can be used for the very purpose of tracking your vehicle in real time with no substantial investments! TPMS can also be used to measure the speed of your vehicle... (remember) car manufacturers know serial numbers of every part in your vehicle, including unique IDs of TPMS sensors.
("Your ticket is in the mail.")


Now, no article is complete unless it mentions terrorists...
It is now super easy to blow up someone's car. There's no need to fix the explosive to the vehicle. No more wires and buttons. No human factor. A high-school kid with passion for electronics can assemble a device that will trigger the detonator when the right vehicle passes by. (more)

"See anything, dude?" (crash!!!) "April Fool"

17-year-old accused of trying to spy
WI - Michael Q. Ruby (17) of Omro, Wisconsin was with two others who were trying to see into a Larrabee Street apartment when Ruby pushed one of the others through the window, damaging the screen.
Ruby told police he and his friends went to the Larrabee Street residence to see if they could find an acquaintance there with underage girls... (more)

Offer of a Murder Surfaces at Wiretap Trial

A hedge fund manager and art collector from New York testified under immunity Tuesday that Anthony Pellicano, the Hollywood private detective accused of wiretapping and racketeering, had once offered to have a movie producer killed for him. (more)

Everything You Wanted to Know About the Wiretap Debate in Congress

via wired.com
If you've been having trouble tracking what the various surveillance bills are all about, don't blame yourself -- there's been plenty of misinformation going around. Here's Wired.com's definitive guide to the congressional surveillance debate.

Why is Congress expanding the government's spying authority?
After 9/11, or possibly before, President Bush instructed the nation's spies to begin a secret spying program that reportedly includes data-mining records of U.S. residents' phones, travels and purchases in order to find targets to wiretap. The administration says its warrantless eavesdropping only listened in on international phone calls and e-mails... (more)

Congressman Ordered to Pay in Wiretap Case

A federal judge has ordered Rep. Jim McDermott (D-Wash.) to pay nearly $1.2 million to House Minority Leader John A. Boehner (R-Ohio), settling a legal dispute over McDermott's actions in leaking the contents of an intercepted 1996 conference call involving Boehner and other Republican leaders.

Chief Judge Thomas F. Hogan of the U.S. District Court for the District of Columbia,... had already levied a $60,000 civil fine against McDermott in 2004 for violating federal wiretapping statutes by receiving the intercepted audiotape of the conference call and releasing its contents to several members of the media....

Boehner was speaking on a cellphone in Florida, where his conversation was illegally recorded by a couple who heard it on a radio scanner. (more)

The Case of the Telepathic Ray Gun, or...

..."Does that ringing in my ears bother you?"
via Discovery.com
I know some of you may not want to believe this, but the U.S. government may well already have the ability to beam secret commands to you through the fillings in your teeth. Well, not exactly. But close.
A recently declassified 1998 U.S. Army report, “Bioeffects of Selected Nonlethal Weapons,” describes government plans for a microwave weapon that would transmit voice communication that seems to emanate from within a human target’s own brain. (It was obtained and posted on the Web by Freedom From Covert Harassment & Surveillance, a Cincinnati-based organization that advocates on behalf of people who believe they are being stalked and subjected to “electromagnetic harassment.”)

To quote the report:

Because the frequency of the sound heard is dependent upon the pulse characteristics of the RF energy, it seems possible that this technology could be developed to the point where words could be transmitted to be heard like the spoken word, except that it could only be heard within a person’s head.


This is possible because of something called the Microwave Auditory Effect, which was first discovered during World War II, when people working in the vicinity of radar transponders complained of hearing strange clicking noises that other people nearby didn’t notice. The effect is caused by thermal expansion of the region around the cochlea. In the 1960s, neuroscientist Allan H. Frey, who was the first to publish research on the effect, was able to induce it in human subjects with pulsed microwaves from a transmitter 100 meters away.


It’s unclear just how far the government’s microwave auditory research and development efforts have progressed since 1993, when the report was written... (more)

Tuesday, April 1, 2008

Corporate Espionage Arrest - AMX Corp. V.P.

Short version: AMX Corporation's Vice President, David Goldenberg, was "arrested for allegedly participating in corporate espionage practices against a competing manufacturer's representative firm."

The following is from the Bergen County (NJ) Prosecutor's press release...
NJ - Bergen County Prosecutor John L. Molinelli announced the arrest of David A. Goldenberg, D.O.B. 05/18/1962, of 432 Golf Dr., Oceanside NY. Goldenberg was arrested on March 28, 2008, on charges of Unlawful Access of a Computer System / Network (2C:20-25b); Unlawful Access of Computer Data / Theft of Data (2C:20-25c); and Conducting an Illegal Wiretap (2A:156A-27)...


The arrest stemmed from an investigation concerning the following: The Paramus Police Department received a complaint from a Paramus based corporation known as Sapphire Marketing, who specializes in high-end audio/visual systems. Representatives of Sapphire reported that they were being suspiciously and consistently underbid for contracts by a competitor for whom David Goldenberg works. They expressed suspicion of corporate espionage. Based on anomalies that the complainant noticed within their computer network and more specifically their electronic mail (e-mail) system, they suspected that the company’s e-mail system had been compromised and that e-mail was being intercepted. The Paramus Police Department (a member of the Computer Crimes Task Force) and the Bergen County Prosecutor’s Office Computer Crimes Unit initiated an investigation.

The investigation revealed that Mr. Goldenberg had engineered the passwords protecting several of the complainant’s e-mail accounts. For a period of time, Mr. Goldenberg was intercepting and reading e-mails that related to potential contracts. Mr. Goldenberg then established a free e-mail account that he had control over, and created an automatic forward of the victim’s e-mail so that they would be sent to him directly. This afforded Mr. Goldenberg advanced knowledge of Sapphire’s customers and bid prices, thus further affording him an opportunity to underbid Sapphire. Sapphire Marketing estimates the loss in revenue from Mr. Goldenberg’s actions to exceed one-million dollars. Mr. Goldenberg was arrested without incident on this date. (more) (more - scroll down)

Goldenberg was hired by AMX June 11, 2007
...
“David has a proven track record of satisfying the needs of his customers while boosting sales and profitability. He is also an aggressive marketer focused on value creation,” said Rashid Skaf, AMX president and CEO. “David is a dynamic leader who has proven that he can successfully manage and motivate a diverse team of individuals. I am confident that he will fit well into the AMX culture and accomplish great things with our company.” (more)