Friday, August 29, 2008

Pellicano & Christensen convicted of wiretap plot

Private investigator Anthony Pellicano and attorney Terry Christensen were convicted today of conspiring to illegally wiretap the ex-wife of billionaire Kirk Kerkorian.

Christensen, who was an attorney for investor and casino mogul Kerkorian, was accused of hiring Pellicano to listen in on the phone conversations of Lisa Bonder Kerkorian during a bitterly fought child support case. The lawyer and investigator were each charged with two felony counts relating to the alleged wiretap. The federal jury verdicts give a green light to a slew of pending civil lawsuits. (more)

Blow Your Phone's Mind...

...before you sell it!
Check out
Reset Codes and Procedures for your phone's neuralyzer.

Cell Phone Security Issues on the Rise

More small companies are allowing employees to use their personal smart phones for work. But that move could lead to big trouble, thanks to a new breed of hackers who are starting to target mobile phones.

Hackers can use spyware to keep an eye on what you type and what messages you receive, possibly gleaning company secrets. They can even can track your device's location, potentially allowing them to figure out your clients or plans by looking at where you go...


Mobile spyware,
according to experts, is readily available. Many point to FlexiSPY, a program sold by Thai software company Vervata Co. The company promotes the product as a way for
husbands and wives to catch their cheating spouses. Once installed on a person's phone, FlexiSPY tracks the device's whereabouts and monitors incoming and outgoing calls, text messages and emails. The information is then uploaded to a central server and can be viewed by the person who originally installed the software.

Nobody is accusing Vervata of stealing information, but some security experts argue that the software is ripe for abuse. It can be used by anyone to steal personal information and company secrets, they argue. A business might install the software on a rival's phone, for instance, to steal a contact list or monitor email traffic.


Phones that use the Symbian operating system, meanwhile, are vulnerable to a program that can capture the keystrokes of the device...

BlackBerrys may also be vulnerable to attack. ...Research In Motion Ltd. says that security policies built into the BlackBerry Enterprise Server software can guard against such spyware. Many small businesses, however, can't afford the BlackBerry server.


Even Apple Inc.'s iPhone may be vulnerable... While the iPhone offers password protection, it lacks other capabilities such as data encryption...
The iPhone does offer the ability to create a secure virtual-private-network connection to company headquarters... But small businesses often lack VPN capabilities. (more)

One Solution for You...
Secure Mobile Systems (SMobile), designs security applications for mobile devices. They offer a comprehensive product suite that protects users of mobile devices from viruses, data compromise, the effects of device theft, and unauthorized data access.

Thursday, August 28, 2008

R ur kiz speken nkod? Du u fee eel <- awt?

Lingo2word is devoted to demistifying the new Internet shorthand language of Text messages, Chat rooms and Emails.
Online Searchable Shorthand Dictionary.
Translate to txtmsg lingo.
Translate from Lingo to plain English.
Emoticons.
Txting words.
Acronyms.
And a searchable Text Message collection.

Interesting cellular surveillance product...

from the seller's web site...
"RADAR safeguards your child while using cell phones and immediately alerts you if he or she receives unapproved email, text messages or phone calls.


RADAR provides you complete text messages (sent and received from your child's phone) along with corresponding phone numbers and records them on the website where you can review them at home and print reports for authorities.

RADAR is not spyware...
RADAR notifies the user that they are being monitored, making it impossible to track their usage secretly." (more)

So... how soon will this come with company-supplied cell phones, or be made a requirement of parole?

Declare + "A War On..." = Business Opportunity

reprinted from CRYPTO-GRAM by Bruce Schneier
Homeland Security Cost-Benefit Analysis

"In an excellent paper by Ohio State political science professor John Mueller, "The Quixotic Quest for Invulnerability: Assessing the Costs, Benefits, and Probabilities of Protecting the Homeland," there are some common sense premises and policy implications."

The premises:
1. The number of potential terrorist targets is essentially infinite.

2. The probability that any individual target will be attacked is essentially zero.

3. If one potential target happens to enjoy a degree of protection, the agile terrorist usually can readily move on to another one.

4. Most targets are 'vulnerable' in that it is not very difficult to damage them, but invulnerable in that they can be
rebuilt in fairly short order and at tolerable expense.
5. It is essentially impossible to make a very wide variety of potential terrorist targets invulnerable except by completely closing them down."


The policy implications:

1. Any protective policy should be compared to a "null
case": do nothing, and use the money saved to rebuild and to compensate any victims.
2. Abandon any effort to imagine a terrorist target list.

3. Consider negative effects of protection measures: not only direct cost, but inconvenience, enhancement of fear, negative economic impacts, reduction of liberties.

4. Consider the opportunity costs, the tradeoffs, of protection measures."
Meanwhile... "The nation's terrorist watch list has hit one million names, according to a tally maintained by the American Civil Liberties Union based upon the government's own reported numbers for the size of the list." (more)

Update - The Case of the Blue Mocking Bird

CA - Undersheriff Steve Bolts told County Human Resources officials that he and Sheriff Pat Hedges eavesdropped on former Chief Deputy Gary Hoving because of concerns Hoving was “making fun of” Hedges behind his back and was disloyal, not because of any ongoing criminal investigation.

Eavesdropping is considered illegal except in limited circumstances, such as a police officer conducting an investigation. That’s how Hedges has publicly described what he was doing, saying that he was investigating allegations evidence was mishandled in a narcotics division. The transcripts, however, give a different account. (more)

007's in "License to Bill"

Private contractors account for more than one-quarter of the core workforce at U.S. intelligence agencies, according to newly released government figures that underscore how much of the nation's spying work has been outsourced since the Sept. 11 attacks.

The CIA and other spy agencies employ about 36,000 contractors in espionage-related jobs,
in addition to approximately 100,000 full-time government workers, said Ronald Sanders, head of personnel for the U.S. intelligence community...

The total budget for the nation's spy agencies is roughly $43 billion. (more)

But, you can still take notes. Odd logic. Tough law.

PA - Five months ago, Linda Majer-Davis portrayed herself as a crusading public employee to the Bethlehem Area School Board. She told directors she had secretly recorded a department meeting with the superintendent because she was concerned about waste and mismanagement.

On Wednesday, police called her a criminal.

Pennsylvania's wiretap law prohibits recording a meeting or interview without the permission of all parties. The charge, intercept communications, is a third-degree felony. If convicted, Majer-Davis could face one to seven years in prison. (more)

Interesting...
"she used her laptop to record the meeting"
"...Majer-Davis is still employed by the district as a computer technician"
Observation...
People use the electronic surveillance tools they have handy and know best.

Wednesday, August 27, 2008

Internet Privacy - It's all over but the shouting.

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

"It's a huge issue. It's at least as big an issue as the DNS issue, if not bigger," said Peiter "Mudge" Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. "I went around screaming my head about this about ten or twelve years ago.... We described this to intelligence agencies and to the National Security Council, in detail." (more)
Comeon, Shout, Shout, knock yourself out
Comeon, yell, yell, loud and swell
You gotta Scream, scream, you know what I mean,
Put another dime in the spying machine... (sing-a-long)

...thus, giving the word "secret" a new definition.

UK - RAF top brass have secretly bought two spy-in-the-sky planes to snoop on terrorists worldwide — from three miles up. Security officials said the Twin Star aircraft will be a global asset as they can fly for 18 hours a time.

An RAF source said: “With the right sensor array, they can see if a suspected terrorist is at home, listen in to and record his mobile calls and tell you if his car engine is hot, warm or cold. “They can also help others put a surprise package through his window.” (
more)

Steganography for the Masses!

...from their website...
The SpyMessage is easy-to-use, reliable and powerful tool for protecting important information that you don't want others to see.

With SpyMessage you can encrypt and hide your text message into image without any changes in its resolution or size.
• You can view the image with any conventional image viewer program
• Exchange messages without any fear from others spying on you.
• No one can know if your image contain messages or not.
• SpyMessage uses two encryption algorithms to protect your data.
• No un-encrypted temporary files are ever created.
• No password saved within your file
• Set a special Password to retrieve your encrypted data.
Just remember, "there is no free lunch."
You don't know what else this "free" software might do.
D
ownload at your own risk.

One in three Aussies spies on text messages

900,000 Australians have admitted to checking their partner's phones according to new research conducted by Virgin Mobile. The research has revealed that Australia is a nation of paranoid text checkers with over one in three young Australians admitting to checking their partner's text messages, and more than 280,000 having been being involved in a text-checking related break-up.

The research reveals:
• 10% of young Australians have been involved in a breakup as a result of text-checking
• 59% of text checkers check their partner's phone when they shower
• Women (38%) are more likely than men (28%) to check their partner's texts

• 76% of text checkers do so in secret
73% of text checkers found out things they later wished they hadn't
44% of sneaky text checkers have discovered flirtatious or sexual texts, ranging from harmless flirtation (32%) to full blown sexual texts from someone else (19%)
The most common places text checkers operate is while their partner is showering (59%), in the same room (41%) or on the toilet (35%)

With the aim of squashing the nation's obsession with text checking, Virgin Mobile introduces a new service for those customers concerned about their partner's snoopy tendencies. Customers can simply text the word 'snoop' to 1978 99 99 to have a text from 'SEXY' sent to their phone. When the text message is opened by a paranoid partner, the message will remind the checker to have trust in their loved one.

Author, relationship expert and text-checking guru, Samantha Brett says that text checking is rampant in relationships across the world... (press release)
...and for the very, very paranoid...
TextSpy (the deleted text message reader)

The seemingly endless case of PI Pellicano seems to be ending... we hope.

CA - A federal prosecutor claimed Tuesday that taped phone calls between Hollywood private eye Anthony Pellicano and a high-powered lawyer showed they were conducting illegal wiretaps, even though the alleged wiretapped recordings have never been found.

In his closing argument, Assistant U.S. Attorney Daniel Saunders played a phone conversation for jurors in which Pellicano told attorney Terry Christensen that all the information he would be gathering would be kept between them. Christensen agreed...

While old-fashioned private eyes pounded the pavement for information, Pellicano "sat in his office and listened to wiretaps," Saunders said. (more)

Art Imitates Strife - Living the Spylife

Spooks: Code 9 a 'Spy Babies' Spin-off for BBC (more) (preview)

Fifty Dead Men Walking - Film about British spy brings controversy to TIFF (more)

Traitor is unusually thoughtful spy thriller (more) (trailer)

Terrence Howard tells the New York Times that a song on his debut album, "Shine Through It," is about the ways in which he stalked his ex-wife immediately following their split. "I wrote that song ("No. 1 Fan") as a stalker," said the actor. (more)

Tuesday, August 26, 2008

August - Spies Dropping Like Flys - RIP

A Soviet spy codenamed "Zephyr" who worked undercover with his wife in Europe and the United States for more than a quarter of a century has died aged 101, Russia's foreign intelligence agency (SVR) said... The agency issued a glowing tribute to spy Mikhail Mukasei... (more)

Former Israeli spy chief Binyamin Gibli dies... A former Israeli intelligence chief who tried to stop Britain abandoning its military presence on the Suez canal by staging bomb attacks there has died aged 89. (more)

Wolfgang Vogel, East German spy swapper, dies at 82 (more)

Soviet dissident author Alexander Solzhenitsyn dies at 89 - a former prisoner of war caught by the Germans during World War II, then returned home only to face charges of being a spy... (more)

Grayston L. Lynch, a hero of the anti-Castro movement for his leadership in the Bay of Pigs invasion, where fired the first shot of the battle, died at 85... (more)

Television and stage actor Terence Rigby has died at his home aged 71 - featured in shows including Tinker, Tailor, Soldier, Spy. (more)

Come gather 'round people, Wherever you roam

Mobile phones, BlackBerrys, emails, social networking... Never before has it been so easy to cheat on a partner.
And admit that the waters, Around you have grown

But has technology made it simply too difficult for philanderers to cover their tracks?
And accept it that soon, You'll be drenched to the bone.

Day-to-day actions, such as taking the bus to work and buying a magazine on the way, used to be ephemeral. But today, every journey, every communication, every penny spent, is logged and stored.
If your time to you, Is worth savin'

As we move through life, we leave millions of specks of electronic evidence. Stored on hard drives and mainframes, this data acts like specks of DNA sprayed across the bedsheet of cyberspace. It's all there waiting to incriminate us.
Then you better start swimmin', Or you'll sink like a stone

As science drags us forward, it's a safe prediction that within the next decade, traditional affairs – the ones with longevity, the ones that take planning, scheming and logistics – will have vanished altogether. (more)
For the times they are a-changin'.

Cooking up Espionage, with Julia Child

Before she mastered the secrets of French cooking, Julia Child was enrolled in the school of espionage.

The famous chef let slip the story of her war-era spying in a 2002 autobiography, but the release of thousands of documents from the U.S. national archives on Thursday confirms her participation in a secret organization formed by President Franklin Roosevelt during the Second World War.


Hidden among the 750,000 classified pages released Thursday is a picture of the vast spy network of military and civilian operatives called the Office of Strategic Services (OSS). (more) (more) (audio) (OSS Society)

Trivia...
She helped develop shark repellent, critical in protecting explosives used to sink German U-boats during World War II. It kept sharks out of the way of the torpedoes. Later, she put people in the way of Tournedos and other epicurean delights.

"What could possibly go wrong, Herr HAL?"

German electronics company Siemens has gone a step further, developing a complete “surveillance in a box” system called the Intelligence Platform, designed for security services in Europe and Asia.

It has already sold the system to 60 countries.

The system integrates tasks typically done by separate surveillance teams or machines, pooling data from sources such as telephone calls, email and Internet activity, bank transactions and insurance records. It then sorts through this mountain of information using software that Siemens dubs “intelligence modules”. (more) (more)

Quote of the Day - Cindy Sounds Bugged

Cindy Sheehan, American activist, running for Congress.

"
So I walked into my room and bigger than life, there was a man standing by my desk holding the room phone with a screwdriver in his hand!

I immediately said; "What the hell are you doing? Are you putting a bug on my phone?" He looked like he got caught with his hand in the cookie jar and stammered out: "N--no, we are having problems with the phone." I told him to get out of my room because my phone was fine and I called the front desk and the person at the front desk stammered something out about "problems" with some of the phones." (more)

Obviously, this was not handled well. No follow through, no credibility. Next time, get to the bottom of it. Call hotel security. Demand proof of identity. Not satisfied? Think a crime is being committed? Call the police. Press charges.

If you think you have found a bug, wiretap, spycam or other form of electronic surveillance, follow this advice.

Monday, August 25, 2008

Wi-Fi Eavesdropping Breakthrough

The growth of shared Wi-Fi and other wireless computer networks has increased the risk of eavesdropping on Internet communications, but researchers at Carnegie Mellon University's School of Computer Science and College of Engineering have devised a low-cost system that can thwart these "Man-in-the-Middle" (MitM) attacks.

The system, called Perspectives, also can protect against attacks related to a recently disclosed software flaw in the Domain Name System (DNS), the Internet phone book used to route messages between computers. (more)

When was your last Wi-Fi Security Audit conducted?
Did it include a Compliance Report?
Did you know which laws require you to be Wi-Fi compliant?
Find out... here.

In the meantime...
Download a FREE copy of Perspectives for Foxfire v3.

Sunday, August 24, 2008

GSM Bug Roundup

15 new GSM bugs - eavesdropping devices which can be listened to from anywhere in the world by simply dialing their cell phone number - are featured here, and on ebay here.

Why do we mention it?
So you know your vulnerabilities.

P.S. Murray Associates developed a unique inspection method to find them.

Quote of the Day - A New Yorker Ponders... Surveillance

"Oh, there’s also a poster in a window across the street that reads: If you can see this, you’re spying on me. It makes me think about how many people could be spying on me right now, what with my blinds open and desk light on, while I awkwardly blow my nose and type this entry. Then again, I’m sure I’d be watching my neighbors if I were staring out my window and someone’s light happened to be on. Voyeurism: every New Yorker’s favorite pastime - it’s like live reality TV!" ~ Nina Yiamsamatha (August 24, 2008)

Saturday, August 23, 2008

NSA Wiretap Rooms Cartoons

Cartoon - what went on in the NSA's wiretapping room at AT&T
Frontier Foundation designer Hugh D'Andrade sez, "I did a 'live-painting' last Friday at a gallery -- a mural-sized cartoon depicting the goings-on inside the "secret room" at AT&T's Folsom Street facility. My EFF co-workers created a time-lapse video with an awesome ska soundtrack!"
If you like this, you'll LOVE this...
>NSA<

Friday, August 22, 2008

Steganography - Look at secrets, but not see them.

Altered with the proper steganography algorithm, this innocuous picture of a cat could be a carrier for corporate espionage.

Earlier this year, someone at the United States Department of Justice smuggled sensitive financial data out of the agency by embedding the data in several image files. Defeating this exfiltration method, called steganography, has proved particularly tricky, but one engineering student has come up with a way to make espionage work against itself.


Keith Bertolino, founder of digital forensics start-up E.R. Forensics, based in West Nyack, N.Y., developed a new way of disrupting steganography last year while finishing his electrical engineering degree at Northeastern University, in Boston.

FutureWatch...
Steganography is a moving target. Now exfiltrators are beginning to make use of streaming data technologies like voice over Internet Protocol (VoIP). Disrupting or even detecting hidden transmissions inside real-time phone calls is the next hurdle for digital forensics companies, and Hosmer says it poses a significantly more challenging problem.
(more)

Thursday, August 21, 2008

Anatomy of a Sports Spy

Tom Keegan writes...
"I know a guy who knows a guy who got his start in the college football coaching business as a spy.
This is how the spy didn’t do his job: He didn’t wear a big red “S” on his forehead. He didn’t wear a Groucho Marx nose, glasses and mustache set. He didn’t carry a briefcase.


This is how the spy did his job: He peeled back a few bills from the huge wad of cash one of the coaches paid him, purchased a round-trip airline ticket, and arrived in town mid-week, late enough that if he were spotted, the enemy couldn’t redo its entire game plan. He immediately stopped at the bookstore to load up on gear, so that he could wear it around campus and blend in...

Spies don’t announce their arrivals and departures." (more)

SpyCam Story #461 - Fly Boy

NY - An airport employee, Jeremy Martin, apparently put a hidden camera in the women's bathroom. His female co-workers at Mattituck Airport are upset, not just about the camera, but how the company reacted when it was discovered.

Police say the airport employee confessed to setting up a camera in the bathroom, and he says he realizes he has issues to deal with...

Police say Martin hid the camera from July to mid August in a potted plant in the bathroom of the facility. They say anyone who used the bathroom could have been caught on camera.

Authorities discovered the bathroom spying when one of 32 employees at the airport saw a device sticking out of a plant. (more)

Watch Spy Watch You Watch Two

Spy Micro Camera Watch
Product Code: GGSPY004100
US$236.00
Features:
Built-in Camera, Rechargeable Battery and 2GB Memory
Resolutions: 352 x 288 pixels
Video Format: AVI
Battery Capacity: 270mhA
Charging Interface: USB cable with adaptor

The lens is in the two.

Wednesday, August 20, 2008

Girls Gone Lazy - The Surveillance Video

...and Men Gone Lazy, too!
A growing number of employers are hiring private investigators to spy on employees
suspected of taking leave dishonestly under the Family Medical Leave Act.


Management-side attorneys claim that FMLA abuses have gotten out of hand, and employers need a tool -- in this case surveillance -- to catch malingerers using FMLA improperly. And it's been pretty successful, they said, noting that private investigators in recent years have helped catch employees bowling, doing yard work or holding second jobs when they're supposed to be out on sick leave.

Employee-rights attorneys, meanwhile, view surveillance as harassment, intimidation and an interference with a worker's right to take FMLA leave. It also has a chilling effect on other employees who may not take the leave for fear of being spied on.

Both sides, however, note that the courts appear to be siding with employers. (more)

SpyCam Story #460 - Proudly Viewed

New Zealand - A 25-year-old man has been charged with covertly filming unsuspecting Starbucks' customers with their pants down.

Two weeks ago a staff member of Rotorua's Starbucks cafe discovered an elaborate hidden camera operation in a toilet brush holder in a unisex toilet.

Detective Warwick Webber of Rotorua police said a 25-year-old Rotorua man had been arrested on Friday. He was facing five charges of making inappropriate visual recordings.

Police also seized the man's computer and storage devices during a search of his home on Friday. They did not believe any other toilets were involved.

Webber emphasised Starbucks was the victim and hoped people would not boycott the cafe franchise giant. (more)

UPDATE - 10/9/08 - Fei Yu Zhou, 25, has been sentenced to 200 hours community service and nine months supervision at the Rotorua District Court. (more)

Understanding CALEA, FISA - how we got this way

As telephone conversations have moved to the Internet, so have those who want to listen in...

• The advent of computer-based telephone switches and the Internet has made it more difficult for the government to monitor the communications of criminals, spies and terrorists.

• Federal agencies want Internet companies to comply with the same wiretapping requirements that apply to telecommunications carriers. This proposal, though, may stifle Internet innovation.

• Furthermore, the new surveillance facilities might be misused by overzealous government officials or hijacked by terrorists or spies interested in monitoring U.S. communications.


A Brief History of Wiretapping

To understand the current controversy over wiretapping, one must understand the history of communications technology. (more) (more) (more) (more)

Tuesday, August 19, 2008

"Onya, mate!"

The Australian Council for Civil Liberties has accused Gold Coast pubs and nightclubs of going too far by fingerprinting patrons. (more)

Technology's Toll On Privacy And Security

...in Scientific American...
Looking back at the surveillance all around us – from wiretapped phones to security cameras...
over 30 articles with photos and slideshows. (more)

SpyCam Story #459 - Teddy Bears to the Rescue

If you go out in the woods today
You're sure of a big surprise.
sing-a-long

A carer suspected of stealing money from a terminally ill great-grandmother was caught by a secret camera hidden in a teddy bear.

Mrs Sampson’s family became suspicious after they noticed £40 had gone missing from her handbag after Allen visited her Walton home in July.

At the suggestion of his daughter Emma, a forensic science graduate, Mrs Sampson’s son Robert bought a small camera and hid it inside a teddy bear in his mother’s bedroom. (more) (video)

Beneath the trees, where nobody sees
They'll hide and seek as long as they please
Today's the day the teddy bears catch cleptomaaan-iac!

Monday, August 18, 2008

Someone finally asked, "Dude, you mean we weren't doing this?

The Defense Intelligence Agency's newly created Defense Counterintelligence and Human Intelligence Center is going to have an office authorized for the first time to carry out "strategic offensive counterintelligence operations," according to Mike Pick, who will direct the program.

Such covert offensive operations are carried out at home and abroad against people known or suspected to be foreign intelligence officers or connected to foreign intelligence or international terrorist activities...


These sensitive, clandestine operations are "tightly controlled departmental activities run by a small group of specially selected people"...


In strategic offensive counterintelligence operations, a foreign intelligence officer is the target, and the main goals most often are "to gather information, to make something happen... (
more)

Privacy Breacher's Privacy Breached

Britain's most senior police officer of Asian origin was illegally bugged and put under surveillance on the orders of the Metropolitan police chief, leaked Scotland Yard documents have revealed.

According to the papers, over 300 telephone calls of Assistant Commissioner Tarique Ghaffur were tapped in an elaborate operation overseen directly by Metropolitan Police Commissioner Sir Ian Blair. (more)

Sunday, August 17, 2008

"Look at me when I'm talkin' to you!"

...from the seller's web site...
"Here’s a new undercover color camera designed to fit into the proliferation of personal devices (PDA’s, cell phones, MP3s, etc.) that seem to be everywhere these days.

The camera’s pinhole lens aims out of your ear, perpendicular (90°) to your target, allowing for high angle above the neck mobility. The camera has 350 lines of resolution and a super low 0.6 Lux for evening observations.

The 3.6mm lens gives you a sharp 78° field of view. Includes a hardened case, rechargeable battery pack and charger." (more)

The Dick Van Dyke Show - All About Eavesdropping

"An eavesdropper never hears anything good about themselves."

More UC Warnings

...from The Financial Express...
"Virtually, every company seems to be in a rush to merge email, fax and voice communications. IT, BPO, media, telecom, banking and retail enterprises are embracing Unified Communications (UC).


However, the risks associated with UC security are now beginning to surface as companies start merging their various channels of communications.

Eavesdropping, unauthorised access of messages, unauthorised handsets connecting to the network and disruption of phone network are some of the threats, faced by enterprises.

"According to Jayesh Kotak, vice-president, product management, D-Link India, denial of service, spoofing, eavesdropping, signaling and media manipulation are few security threats to the UC. (more)

Ebay Your Plasma. Laser Is Coming!

Laser televisions have an image produced by three lasers that are each less than one cubic centimeter in size and that are a million times brighter than current state-of-the-art light-emitting diodes (LEDs). They provide sharper, crisper, more brilliant pictures than you have ever seen. And this new television costs less to produce than the television you own now.

Novalux of Sunnyvale, CA has developed the Novalux extended-cavity surface-emitting laser (NECSEL™) for use in high-definition (HD) rear-projection televisions (RPTVs).

Laser televisions will provide speckle-free images that have more contrast and better color coverage than their unwieldy, expensive counterparts. They also use 60% less power and have a lifespan more than 10 times as long as lamp televisions. And unlike LED televisions, laser televisions have incredible longevity without giving way to distracting color shifts over time.
Projection and illumination optics for laser televisions will cost less than those of either lamps or LEDs, resulting in a lower price for the entire system. Novalux estimates that a 50" laser television will cost significantly less than $1,000. (more) (follow the action)

Saturday, August 16, 2008

SpyCam Story #458 - CCTV Tee

From artist Ross Robinson...
"Your government is watching you. All. The. Time."

...now buy my tee-shirt.

Water Manager's Wiretap Leaked

TX - Bexar County District Attorney Susan Reed announced Friday that Gilbert Olivares, General Manager of Bexar Metropolitan Water District, has been indicted for wiretapping, misapplication of funds, and sexual harassment.

The indictment includes 12 counts of Illegally Intercepting Oral Communications, 1 count of Misapplication of Fiduciary Property, 1 count Abuse of Official Capacity, and two counts of Official Oppression.

...the indictment alleges Olivares ordered the monitoring and recording of phone conversations of four Bexar Met employees' who were viewed as critics of his leadership. The recordings allegedly took place over a 8-month period and without the knowledge or consent of any of the parties to the conversations. (more) (video)

Confessions of a Corporate Spy

Ira Winkler offers chilling accounts of espionage...
A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars.

Ira Winkler, global security strategist at CSC Consulting, spoke at Computerworld's Premier 100 IT Leaders Conference here and punctured several popular misconceptions about information security...

At one large company, for example, he persuaded a guard to admit him by saying he had lost
his badge and presenting a business card as a substitute. He'd stolen the card -- which belonged to an employee who worked at the plant -- from a local restaurant that collected business cards in a jar for prize awards. Winkler went on to exploit a number of security weaknesses, from doors he found unlocked to using forged signatures to using simple computer hacks. The result: Designs for nuclear reactors and other technologies were compromised, possibly with national security implications.

"Never measure security budgets by IT," said Winkler, author of Spies Among Us: How to Stop the Spies, Terrorists, Hackers and Criminals You Don't Even Know You Encounter Every Day. (more)

Someone finally asked, "Dude, doesn't spying precede attacking?"

Homeland Security setting up counterspy unit...
Concerns about foreign spies and terrorists have prompted the Homeland Security Department to set up its own counterintelligence division and require strict reporting from employees about foreign travel, according to a memo obtained by The Associated Press. (more)

SpyCam Story #457 - Kite Flight Sight

...from the seller's web site...
"Now here's a nifty way of popping your head over the fence to ogle the chapess next door without being spotted or otherwise denounced as a pervy interloper. Instead of popping your head over the fence from a height of 1.8 metres, pop it over the fence in the virtual sense, from a height of up to 25 metres.

Permit us to explain and expound. In all our years of deconstructing fiendishly complex gadgetry here in the lab, deep underground at gadgetshop HQ, we've never before come across a fusion of technologies so inspired as a high performance kite with a remotely-controlled digital camera slung underneath it." (more)

SpyCam Story #456 - "Save Money. Live Better"

FL - A mysterious box with an antenna found hidden inside a Wal-Mart was a planted spy camera set up to beam customer credit card numbers to thieves in the parking lot, police said. (more) (video)

Friday, August 15, 2008

Industrial Espionage, Reverse Engineering or Just A Crappy Cheap Knockoff? You decide.

Over the years the Security Scrapbook has brought several blatant examples of industrial espionage to your attention. Take, for example, the...
• Space Shuttle (USA, Russia)
iPhone
Nokia phones
Pocket cameras (pick any of them)
Twin Magazine Covers

And remember?
• 9/30/02 - Nokia, the world's largest cell phone maker, on Thursday unveiled its first "third-generation" handset, which has a camera so users can view and edit video clips and send them to another phone or an e-mail address. ... Minutes after Nokia's announcement Thursday, rival manufacturer Motorola unveiled new details about its own equivalent handset.

• "The World's Smallest Camcorder." Sony DCR-IP1 MICROMV released. Tuesday, September 02 @ 11:15:00 PDT. Panasonic SV-AV100 camcorder debuted. Friday, September 05 @ 15:30:00 PDT

• 12/2/01 - Two major rivals announce look-alike products.
Same size ad, same magazine - 4 pages away from each other - products offered the same benefits... "drug and explosive" detection, in one instrument.

What is the difference between espionage and a rip-off? Industrial espionage products hit the market at approximately the same time. There is a time-lag with reverse engineering and knockoffs.

See more!
See more! See more!
Visit The Plagiarius Competitions and the Museum Plagiarius.

ID Theft News - 8% ?!?! (seems high, or are high)

...and this is just in the past two weeks...

Eleven people from at least five different countries are facing charges for their involvement in a wide-ranging scheme to hack into nine US companies and steal and sell more than 40 million credit and debit card numbers.
"As far as we know, this is the single largest and most complex identity theft case that's ever been charged in this country," Attorney General Michael Mukasey said. Officials said the ring had stolen hundreds of millions of dollars. (more) ...when federal prosecutors disclosed that computer hackers swiped more than 40 million credit-card numbers from nine retailers in the biggest such heist ever, it was the first time that many shoppers had heard about it. That's because only four of the chains clearly alerted their customers to breaches. (more)

• About 150,000 people in the US have been affected by the theft of laptops with personal information about current and former employees of brewing giant Anheuser-Busch. (more)

• A new report from the California Department of Public Health discovered that 127 UCLA Medical Center employees viewed celebrities' medical re
cords without permission between January 2004 and June 2006, which is nearly double the number first reported earlier this year. (more)

• UK - Data protection experts have called for hospitals to use more effective encryption techniques after a laptop containing the personal data of thousands of patients was stolen. An unnamed manager at Colchester Hospital in Essex has been sacked as a result of the theft... (more)


• Security researcher Joe Stewart has identified a Russian gang that infected 378,000 computers with malware over a 16-month period in an effort to ste
al passwords and other information. (more)

• Ireland - The loss of a laptop containing 380,000 records of social welfare and pension recipients is a wake-up call for the Government and public and private sector bodies to ensure all staff are trained properly in data protection and use of encryption. (more)


• The Transportation Security Administration suspended Verified Identity Pass from enrolling travelers in its pre-screening program after a laptop computer containing the records of 33,000 people went missing.

The company, based in New York, lost possession of the laptop at San Francisco International Airport. The laptop contai
ned unencrypted pre-enrollment records of individuals... (more) UPDATES: ...unencrypted laptop was found in the same office from which it was reported missing. (more) The U.S. Transportation Security Administration has cleared Verified Identity Pass to resume enrollments in its Registered Traveler program... (more) The laptop had been stolen, but was returned, according to the Sheriff's Department.

• The University of Michigan Credit Union in Ann Arbor confirmed that a data theft has resulted in some of its members becoming identity theft victims. The credit union said that so far, "less than 100" people have had their identities stolen -- mostly to open fraudulent credit card accounts. The theft, involving documents that were supposed to have been shredded... (more)

• Greece - Hundreds of bank clients in Greece and other E
uropean countries have turned into hostages because of actions of groups that steal data from bankcards and do uncontrolled drawings, the Greek To Bhma daily reports. (more)

UK - The BBC has apologised after a memory stick containing details of hundreds of children who applied to take part in a TV show was stolen. (more)

• Wells Fargo & Co. is notifying some 5,000 people that their personal information might have been seen by someone using a bank access code illegally. (more)

Only an average of eight percent of Americans say they are very confident in the ability of U.S. retailers, government and banks to protect their personal information, according to a national survey commissioned by CA, Inc. (more)

Tuesday, August 12, 2008

Wiretap Act - The Loco Motion Law?

"Everybody's doin' a brand-new dance, now"
A federal appeals court in California is reviewing a lower court's definition of "interception" in the digital age... The case, Bunnell v. Motion Picture Association of America, involves a hacker who broke into TorrentSpy's company server and obtained copies of company e-mails as they were being transmitted. He then e-mailed 34 pages of the documents to an MPAA executive, who paid the hacker $15,000 for the job, according to court docuWiretapments.

"I know you'll get to like it if you give it a chance now"
The issue boils down to the judicial definition of an intercept in the electronic age, in which packets of data move from server to server, alighting for milliseconds before speeding onward. The ruling applies only to the 9th District, which includes California and other Western states, but could influence other courts around the country.

"Jump up. Jump back. Well, now, I think you've got the knack."

In August 2007, Judge Florence-Marie Cooper, in the Central District of California, ruled that the alleged hacker, Rob Anderson, had not intercepted the e-mails in violation of the 1968 Wiretap Act because they were technically in storage, if only for a few instants, instead of in transmission.

"Now that you can do it, let's make a chain, now."
"The case is alarming because its implications will reach far beyond a single civil case," wrote Kevin Bankston, a senior attorney for the Electronic Frontier Foundation in a friend-of-the-court brief filed Friday. If upheld, the foundation argued, "law enforcement officers could engage in the contemporaneous acquisition of e-mails just as Anderson did, without having to comply with the Wiretap Act's requirements."

"Do it nice and easy, now, don't lose control"
Cooper's ruling also has implications for non-government access to e-mail, wrote Bankston and University of Colorado law professor Paul Ohm in EFF's brief. "Without the threat of liability under the Wiretap Act," they wrote, "Internet service providers could intercept and use the private communications of their customers, with no concern about liability" under the Stored Communications Act, which grants blanket immunity to communications service providers where they authorize the access.

"Move around the floor in a Loco-motion"

Individuals could monitor others' e-mail for criminal or corporate espionage "without running afoul of the Wiretap Act," they wrote.

"There's never been a dance that's so easy to do."
"It could really gut the wiretapping laws," said Orin S. Kerr, a George Washington University law professor and expert on surveillance law. "The government could go to your Internet service provider and say, 'Copy all of your e-mail, but make the copy a millisecond after the email arrives,' and it would not be a wiretap." (more)

...It even makes you legal when they're feeling screwed,
So come on, come on, do the Loco Motion with me.

"Next stop!
Voicemails, ISPs, and bucket brigading of phone calls.
All aboard!"

Monday, August 11, 2008

WiFi / WLAN / 802.11 Spying Instructions

The following information is available to the public at blackhatlibrary.com. Excerpts reprinted below highlight the need for adding WLAN Security Audits to corporate TSCM inspection programs.


"Wireless Network Hacking and Spying Made Simple"


Here’s a quick and simple guide on how to get on to so called “secure” networks as well as a few things you can do to amuse yourself after you are in. Enjoy!

Finding the network
Most wireless networks are configured to broadcast their SSID (Service Set Identifier), when looking for a network to have some fun with I like to start with these if they are available....
If you know that a network exists but you don’t see a SSID in your available networks, or are just curious to see if any are out there, there are a few tools that will get this job done for you.

For Linux users I recommend:
AirJack- A lightweight program.

Kismet- Unquestionably the most powerful wireless program.

For Windows users I recommend:
AirSnort

AirMagnet


Bypassing WEP or WPA

Let me start this section by saying that WEP encryption is a joke. The only thing turning on WEP does is add some extra information to the packets.
Aircrack is a free Windows/Linux tool that can break both WEP and WPA-PSK.

Modifying the network
It never fails to surprise me how many routers are left configured to the default admin password and username- if this is the case you can easily hijack an entire network.
If the default credentials work, you can easily change the passphrase, SSID or completely turn off the router.

Spying on Connected Users
On a wireless network, the router effectively screams out requested information from any computer to the whole broadcast radius. This means that you can use a program to eavesdrop on other users on the network. (more)

sixteen-love

LA - Tai Shen Kuo, 58, long-time restaurateur and former tennis pro who pleaded guilty three months ago to spying for China was sentenced Friday to nearly 16 years in prison by a federal judge. “We had hoped to do a little bit better,” said John Hundley, of the Washington, D.C., law firm Trout-Cacheris. (more)

The Geek Chorus Wails Again...

Hackers at the DefCon conference were demonstrating these and other novel techniques for infiltrating facilities...
Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections. (which makes our 24/7 rogue cellphone and wifi location service all the more valuable to you)
How about stealing someone's computer passwords? Forget trying to fool the person into downloading a malicious program that logs keystrokes. A tiny microphone hidden near the keyboard could do the same thing, since each keystroke emits slightly different sounds that can be used to reconstruct the words the target is typing.

As technology gets cheaper and more powerful, from cellphones that act as personal computers to minuscule digital bugging devices, it's enabling a new wave of clever attacks that, if pulled off properly, can be as effective and less risky for thieves than traditional computer-intrusion tactics. (more)

Cool Idea - Eavesdrop On Your Car Being Stolen

Morris Mbetsa, an 18 year old self-taught inventor with no formal electronics training from the coastal tourist town of Mombasa on the Indian Ocean in Kenya has invented the "Block & Track", a mobile phone-based anti-theft device and vehicle tracking system.

The real-time system uses a combination of voice, DTMF and SMS text messages over cell-based phone service that allows control of some of a vehicles' electrical systems including the ignition.

Another feature of the system is the capacity to poll the vehicle owner by mobile phone for permission to start, as well as eavesdrop on conversation in the vehicle. Mbetsa is now looking for funding to commercially develop his proof of concept and bring it to the market (video)
Good work, Morris. I hope you get your funding.