Monday, March 31, 2008

"But, IT said our data was secure."

Data Theft Carried Out On Network Thought Secure
Criminals involved in a massive data breach at the Hannaford Bros. and Sweetbay grocery chains stole the customer information from a part of a computer-network system that security experts had believed was secure.


As many as 4.2 million credit- and debit-card numbers were exposed in the breach.

The Hannaford data, which included customer account numbers and card expiration dates, was stolen between Dec. 7 and March 10. ...it has resulted in at least 1,800 cases of fraud.

A malicious software program, written by the thieves, intercepted the information as it went back and forth over a cable to a transaction processor in Denver. It was then transmitted to an Internet service provider somewhere outside the U.S. The software, known as malware, was planted on computer systems in every store in the two chains, the company says.

...it took a team of about 30 forensics experts and information technologists more than 10 days of round-the-clock troubleshooting to discover the malware. (more) (recent data theft list)

Investigative Techniques for the Trial Lawyer - Wiretapping: Part I

...we have probably all wondered if our conversations via phone were being taped.

There are federal and state (all 50 and DC) statutes governing the use of electronic recording equipment. The unlawful use of recording equipment may not only give authority for civil proceedings against the perpetrator of illegal taping, but may also give rise to criminal charges.

Today’s Bulletin gets right into the meat of how and where the taping of private telephone conversations is allowed...

Interesting exceptions to the rules...
In California, generally an all party consent state, one party alone can record if criminal activity (e.g. extortion) is anticipated or involved.

In Arizona, the subscriber to a telephone service can record telephone conversations with no party consent when criminal activity is involved. (more)

The Case of the Flacid Fob

Researchers from Ruhr University Bochum, Germany, presented a complete break of remote keyless entry systems based on the KeeLoq RFID technology. The shown vulnerability applies to all known car and building access control systems that rely on the KeeLoq cipher. "The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters" says Prof. Christof Paar. "Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key..."

A KeeLoq system consists of an active Radio Frequency Identification (RFID) transponders (e.g., embedded in a car key) and a receiver (e.g., embedded in the car door). Both the receiver and transponder use KeeLoq as encryption method for securing the over-the-air communication.

KeeLoq has been used for access control since the mid-1990s. By some estimates, it is the most popular of such systems in Europe and the US. Besides the frequent use of KeeLoq for garage door openers and other building access applications, it is also known that several automotive manufacturers like Toyota/Lexus (Chrysler, Daewoo, Fiat, GM, Honda, Volvo, VW, Clifford, Shurlok, Jaguar, etc.) base their anti-theft protection on assumed secure devices featuring KeeLoq.
(more)
(Hacker video explaining KeeLoq. Minutes: 36:18 - 41:35)
(How to Steal Cars - A Practical Attack on KeeLoq)

Sunday, March 30, 2008

Mama Hari

...a mother writes...
"It’s a tough call knowing when to spy and when to trust.
Though my own children, 4 and 7, are too young for me to be going through pockets looking for drugs, turning up mattresses looking for porno, etc., I plan on doing those things in their teen years.

In my own childhood, my parents were way too hands-off. Both of my brothers were doing serious drugs in high school and my parents didn’t find out until it was way too late. They wanted harmony in the house and took the path of least resistance. That meant my brothers were allowed privacy, didn’t have an enforced curfew, were given car keys before they could handle that responsibility. My parents prayed maturity would come soon.

With my own children, I’ve learned that I have to stay on top of things. On the computer, my son has tried to order things online. He even asked my mom for her credit card so he could buy a Ben 10 shirt. We’ve found that we need to set the rules for which Web sites he can look at. Anything not on the ‘Kids’ section of our Web browser’s bookmarks is off limits. Still, we walk by often while he’s online, and we remind him he needs to ask if it’s a new site." (more)

Money Talks - Cell Phones Squawk

Spying programs for mobile phones are likely to grow in sophistication and stealth as the business around selling the tools grows, according to a mobile analyst at the Black Hat conference on Friday.

Many of the spy programs on the market are powerful, but aren't very sophisticated code, said Jarno Niemela, a senior antivirus researchers for Finnish security vendor F-Secure, which makes security products for PCs and mobile phones...

One of the latest tools on the market is Mobile SpySuite, which Niemela believes is the first spy tool generator for mobiles. It sells for US$12,500 and would let a hacker custom-build a spy tool aimed at several models of Nokia phones, Niemela said. (more)

Money Talks - Spies Walk

UK - Thousands of Chinese spies are infiltrating Britain in the run-up to the Beijing Olympics.

They are hellbent on stealing scientific, military and industrial secrets in a bid to make China the world's No1 superpower. The spies are recruited from the 90,000 Chinese who visit Britain each year. Forty per cent of them are on business and a third are students.

A Whitehall source said: "They are told to hoover up everything they can get their hands on. "It can be anything from the results of university lab experiments to secret industrial technology." China's targets include banks, power and water companies, telecom firms and even Parliament.

But Foreign Secretary David Miliband fears any crackdown would upset China and jeopardise trade deals worth £20billion. (more)

Saturday, March 29, 2008

"Make a periscope" science class experiment gone horribly wrong?

Wales - A peeping Tom attached a mirror to the end of a piece of wood to spy on his next-door neighbour as she undressed, a court heard...

During the hearing, prosecutor Ian Kolvin produced the home-made spying device which consisted of a strip of wood with a broken piece of glass fastened to one end... "The defendant denied any sexual motivation," said Mr. Kolvin. (more)

"Whatever satisfies the soul is truth." W.W.

NJ/PA - The man who led police on a chase that eventually forced the closure of the Walt Whitman Bridge last Thursday was convinced that someone was bugging his phone and that his family was in danger, according to authorities. (more)

Thursday, March 27, 2008

Jury finds against Providence in wiretapping lawsuit

RI - A federal jury has returned a verdict against city of Providence authorities for illegally recording the phone calls of their employees at a public safety complex. City officials say the jury on Wednesday awarded compensatory and punitive damages of about $525,000... (more)

Wednesday, March 26, 2008

Details emerge about futuristic spy tech

The intelligence agencies have renamed their MASINT program and will now refer to the recondite spy discipline as the Advanced Technical Exploitation Program (ATEP). The name change surfaced in documents that describe a pending acquisition for contractor assistance in merging information from various types of sensors and systems to create cross-disciplinary intelligence...

The acquisition notice asked companies to describe their capabilities in working with the following types of sensors:
• Overhead non-imaging radar.
Synthetic aperture radar.
Spectral detectors.
Thermal infrared.
Ground-moving target indicator forensics.
Line-of-sight radar.
Over-the-horizon radar.
Airborne electro-optical sensors, known as Cobra Ball.
Laser intelligence.
Radio frequency MASINT.
(more)

Spybusters Selects Tektronix to Aid in Fight Against Corporate Espionage

via Microwave Journal...
Tektronix Inc., a provider of test, measurement and monitoring instrumentation, announced that Murray Associates,
registered as Spybusters LLC, has selected a Tektronix Real-Time Spectrum Analyzer (RTSA) with DPX™ live RF display technology to help the security consultancy identify wireless eavesdropping devices that may be located in clients’ facilities including boardrooms and security trading floors. The RTSA instrument enables the firm to quickly and efficiently spot sophisticated listening devices, even in challenging environments where there are many competing signals.

Corporate espionage is on the rise due to such factors as globalization, decreased employee loyalty and the increasing value of information. In some parts of the world espionage is a common business practice in competitive industries. At the same time, new technologies are making it easier and more affordable than ever to steal information by tapping into private conversations. Given the potential reward, spies are employing increasingly sophisticated technology that can be difficult to detect.

To fight back against this espionage, companies as well as government agencies are turning to firms that specialize in detecting and removing eavesdropping and other surveillance devices. One of the leaders in the segment is Murray Associates. Based in Oldwick, New Jersey, the 30-year-old company, which is registered as Spybusters LLC, is seeing heightened demand for its services. The majority of the firm’s clients schedule regular inspections or sweeps for any form of electronic surveillance technology in sensitive areas such as executive suites, boardrooms, trading floors, vehicles and aircraft as well as executive homes and off-site meeting locations. (more)

Tuesday, March 25, 2008

Make Caller ID Lie For You

Keep your phone number private whenever you make or receive calls. A new service called Vumber does it for you.

In addition to privacy you can get anonymity, too. Vumber is like Kleenex, disposable. Change numbers whenever you want. Be in any Area Code you like.

"It’s your anyphone, anytime, anywhere phone number that keeps your identity private – until you decide it not to be.

A Vumber is a number from any area code you want, linked to your home, cell, or work phone. When someone calls your Vumber, Vumber lets you control how you handle the call: you can a) answer it; b) send them to VumberMail; c) give them a busy signal; d) tell them the number is out of service; or e) play them a custom message you create.

It provides unequaled privacy protection when anyone calls your Vumber, and when you call anyone. And it’s not limited to a pre-defined one-to-one calling relationship like you sometimes see out there – it is as simple as having another phone number. Even simpler.

You can call “from” your Vumber, too..." (more)

The flip side... Your Caller ID display is no longer trustworthy. But hey, it never was anyway.

How to hack RFID-enabled credit cards for $8

...via tv.boingboing.net
A number of credit card companies now issue credit cards with embedded RFIDs (radio frequency ID tags), with promises of enhanced security and speedy transactions.

But on today's episode of Boing Boing tv, hacker and inventor Pablos Holman shows Xeni how you can use about $8 worth of gear bought on eBay to read personal data from those credit cards -- cardholder name, credit card number, and whatever else your bank embeds in this manner.

Fears over data leaks from RFID-enabled cards aren't new, and some argue they're overblown -- but this demo shows just how cheap and easy the "sniffing" can be.

Forget the tin foil hat.
Wrap it around your wallet and watch where you sit.
There may be an antenna under that chair.

"Bugging Device Found"

Ireland - "A sophisticated bugging and tracking device has been unearthed in the vehicle of a member of the Dublin 32 County Sovereignty Movement. The device was secreted internally into the dashboard of the vehicle and was equipped with its own self contained power supply. The manner by which the device was installed strongly suggests that those who planted it took considerable time to effect this and was obviously professionally done." (more)

A little research reveals that the top component is an old Ericsson radio-modem (M2050 Mobidem c.1996-97) made for the UK market (425-460 MHz). "a small low power radio modem that can be built into PC or other equipment. It has no power source of its own. It does not have its own antenna, which must be designed specifically for the host equipment. It has rated data transfer rates of 1200 to 9600 bps. It supports Mobitex MACS, AT and X.28 protocols."

According to a press release, "Ericsson has signed an order with Thorn Security Ltd., a leading provider of security services in the U.K. market, for 5,000 Mobidem M2050 radio modems to be used for the company's new Siteguard Smart Signaling alarm services. The new services will be available to Thorn's thousands of customers throughout the U.K. in mid-September.

With the announcement of its new Siteguard Smart Signaling alarm portfolio, Thorn Security has scored a first in the industry. The system uses a self-checking alarm signaling technique that provides intelligent mutual monitoring between wireless data links and landline communications at the customer site. This virtually eliminates line errors and guarantees that the alarm system is functional at all times."

The batteries are 4 "D" cells, rechargeable lead-acid type.

Given the age of the main component, identifying information was left on it (unusual for professional bugging devices) and that similar-looking auto alarm systems exist, its real purpose can be questioned. Is it a bug, or did someone buy a used car not knowing it was outfitted with an alarm system at one time?

Saturday, March 22, 2008

US State Department Warns of Chinese Bugging and Wiretapping

"Security personnel may at times place foreign visitors under surveillance. Hotel rooms, telephones, and fax machines may be monitored, and personal possessions in hotel rooms, including computers, may be searched without the consent or knowledge of the traveler. ... Foreign government officials, journalists, and business people with access to advanced proprietary technology are particularly likely to be under surveillance." (more)

Friday, March 21, 2008

Yet Another Corporate Info-Loss Confession

The Hannaford Bros. supermarket chain said Monday that a breach of its computer systems may have given criminals access to more than four million credit and debit cards issued by nearly 70 banks nationwide.

While the banks appear all but ready to blame Hannaford for failing to follow payment card industry standards on security, there are signs that this may be the first of many cases to surface this year wherein the affected retailer was hacked even though it appeared to be following all of the security rules laid out by the credit card associations. (more) (The List of the Zapped)

Bugging claims are difficult to prosecute... ob-la-di

Did Wife bug Husband?
"First, it is said on 25 June 2006 the wife illegally bugged the husband's telephone, in particular a call between him and his daughter Stella in which Stella made very unflattering comments about the wife. It is further said the wife subsequently leaked the intercepted material to the press so as to discredit him."


On the bugging claim:
"Both the wife and the husband accuse each other of conducting a campaign of harassment and vilification. The reality is that if I let the husband deploy a case about bugging telephones together with subsequent release of them to the press, this will open up a can of worms and the litigation may inevitably snowball with claim and counter-claim."

A summary of Mr. Justice Bennett's judgment in the Paul McCartney - Heather Mills divorce case. (more)
More fascinating than fiction, Seduced by Secrets takes the reader inside the real world of one of the most effective and feared spy agencies in history. The book reveals, for the first time, the secret technical methods and sources of the Stasi (East German Ministry for State Security) as it stole secrets from abroad and developed gadgets at home, employing universal, highly guarded techniques often used by other spy and security agencies.

Seduced by Secrets draws on secret files from the Stasi archives, including CIA-acquired material, interviews and friendships, court documents, and unusual visits to spy sites, including "breaking into" a prison, to demonstrate that the Stasi overestimated the power of secrets to solve problems and created an insular spy culture more intent on securing its power than protecting national security.

It recreates the Stasi's secret world of technology through biographies of agents, defectors, and officers and by visualizing James Bond–like techniques and gadgets.

In this highly original book, Kristie Macrakis adds a new dimension to our understanding of the East German Ministry for State Security by bringing the topic into the realm of espionage history and exiting the political domain. (more)

Thursday, March 20, 2008

17 Signs That You Are Being Wiretapped

compiled by voip-news.com
Do you hear strange noises on your phone line?
Do you feel like your secrets aren't safe?
You're not as paranoid as you might think.

Mobsters and cheating spouses aren't the only ones that get wiretapped. In fact, just about anyone who possesses confidential information is a prime target for a wiretap, so it's important that you know the warning signs. Keep an eye out for these subtle clues to avoid becoming a victim of information theft.

1. Your secrets are out.
2. You hear strange noises, like clicking, static and humming.
3. Your phone makes noise on its own.
4. Your radio has strange interference.
5. Your environment just seems different.
6. Your outside phone box has extra hardware
7. You find a recording machine.
8. You're being blackmailed.
9. Your receiver has extra hardware.
10. You notice a lot of utility trucks near the premise
11. Your TV has interference.
12. You are the victim of a burglary, but nothing was stolen.
13. Your wall plates are moved.
14. You've had a mysterious repair.
15. There are no signs.
16. Your phone company doesn't help.
17. You use a cordless phone.
(more)
(The Private Citizen's Guide to Detecting Amateur Wiretaps)

Russia Arrests Two for Industrial Espionage

Russian security officials say they have arrested and charged two brothers with links to British interests.

Ilya Zaslavsky is a manager at the TNK-BP oil joint venture, his brother Alexander head of the British Council's Moscow Alumni club.
The two, who have joint US and Russian citizenship, were gathering classified data for foreign firms, the FSB said.The Moscow offices of the British oil giant were raided by the authorities on Wednesday.

Russia's security agency, the FSB, has confirmed that the raids were related to the Zaslavsky case.


"During the raid, material proof confirming the industrial espionage was found and confiscated," it said in a statement.

This included business cards of foreign military agencies and the CIA, it said. (more)


Ilya had the other "CIA" Card

Where do Spy Shops shop?

Bulk buy scary eavesdropping, wiretapping and recording gadgets - fast, easy and cheap! Where? Global Sources, of course.

Wednesday, March 19, 2008

How To Make Your Phone Untappable

In 1991, Philip Zimmermann developed a humble-sounding electronic encryption technology known as Pretty Good Privacy. In fact, it was very good--so good that not even the federal government has been able to crack it, a fact that has made Zimmermann a folk hero to privacy advocates and a headache to law enforcement.

Now Zimmermann, the CEO of PGP Corp., has found himself back in the fiery debate between federal investigators and those who oppose their snooping--this time thanks to ZRTP, a technology for encrypting Internet telephone calls. ZRTP throws a wrench in the Bush administration's controversial warrant-free wiretapping program and its proposed legal immunity for the telecommunications companies. So far, not even teams of supercomputers and cyberspies at the National Security Agency have cracked ZRTP. That means anyone who uses Zimmermann's Zfone software, a ZRTP-enabled voice over Internet Protocol (VoIP) program available for free on his Web site, can skirt the feds' wiretapping altogether.

Forbes.com spoke with Zimmermann about how his small company has been able to produce an encryption product that not even the U.S. government can break, what ZRTP means for national security, and why cutting off the government's access to our phones is necessary to keep out the truly malicious spies. (more)

Free advice.
Free software.
An end to wiretapping woes.

Come on. What more do you want from me?
The least you could do is send me some M&M's. :)
~Kevin

Tuesday, March 18, 2008

"I said I was a Caloyer, not a Lawyer!"

Portugal - Madeleine McCann suspect Robert Murat has discovered tracking devices fitted to his cars.

British expat Murat, 33, found the GPS bug when he was fixing a fault on his VW Transporter. He checked girlfriend Michaela Walczuch's motor and found - another stuck to that.

Furious Murat believes Portuguese police bugged his cars in a desperate bid to nail him for the abduction of Madeleine, four, from Praia da Luz in May.

He is also probing whether Kate and Gerry McCann's private detective agency Metodo 3 could have done it on its own initiative.

His lawyer Francisco Pagarete said last night: "I'm not yet sure what kind of crime we're dealing with here." (more)

Monday, March 17, 2008

World Observation Machine did not a good acronym make

from newlaunches.com...
The US Army has awarded the [University of] Michigan (UM) $10m to carry out research leading to a "six-inch robotic spy plane modeled after a bat", which would "gather data from sights, sounds and smells". The university has used the Army cash to found a Centre for Objective Microelectronics and Biomimetic Advanced Technology, or COM-BAT...

The unit will have the ability to tiny cameras for stereo vision, an array of mini microphones that could home in on sounds from different directions, and small detectors for nuclear radiation and poisonous gases. Low-power miniaturized radar and a very sensitive navigation system would help the bat find its way at night. Energy scavenging from solar, wind, vibration and other sources like hanging upside down from power cables would recharge the bat's lithium battery. The aircraft would use radio to send signals back to troops.

And that's not all. It seems "the bat" might "perch at a street corner or building for longer assignments and send back reports of activity" - a capability which might be referred to, we suggest, as "gargoyle mode".
(more)

Sunday, March 16, 2008

13 Fired For Spying

At least 13 hospital employees are being fired, and 6 suspended, after an investigator concluded that they broke the rules by accessing (Britney) Spears' medical records without any particular reason (except their own curiosity).

Not only would Britney's medical files give them the answers to some closely guarded secrets, but a photocopied page could sell to the tabloids for thousands. (more) Hip, HIPPA, Hooray

Are Your Floor Plans Serialized and Accounted For?


UK - Detailed top-secret plans of MI5's fortress HQ have been sensationally handed to News of the World.

The lost 66-page dossier of floor layouts—once used by trusted contractors at the high-security Central London base—would be gold dust to terrorists.


The plans were given to us by a worried member of the public, who got them from a friend who worked at the building and never handed them back.


Our source said: "It's shocking that such high-level paperwork is out of MI5's control. These are many possibilities once a terrorist has detailed information like this."


The drawings, which we have blurred to protect national security [and are no longer shown], detail 11 of the 13 floors at Thames House—the real-life HQ well-known on the outside to viewers of TV's Spooks.


They reveal lift shafts, ventilation pipes and other places perfect for hiding BOMBS and spy TRANSMITTERS. They also show where the fibre optic cables are that transfer electronic data— a godsend for COMPUTER HACKERS. (more)

Wiretapping's true danger (LA Times - Political Opinion)

History says we should worry less about privacy and more about political spying.
By Julian Sanchez

As the battle over reforms to the Foreign Intelligence Surveillance Act rages in Congress, civil libertarians warn that legislation sought by the White House could enable spying on "ordinary Americans." Others, like Sen. Orrin Hatch (R-Utah), counter that only those with an "irrational fear of government" believe that "our country's intelligence analysts are more concerned with random innocent Americans than foreign terrorists overseas."

But focusing on the privacy of the average Joe in this way obscures the deeper threat that warrantless wiretaps poses to a democratic society. Without meaningful oversight, presidents and intelligence agencies can -- and repeatedly have -- abused their surveillance authority to spy on political enemies and dissenters.

...for decades, intelligence analysts -- and the presidents they served -- had spied on the letters and phone conversations of union chiefs, civil rights leaders, journalists, antiwar activists, lobbyists, members of Congress, Supreme Court justices -- even Eleanor Roosevelt...

...Political abuse of electronic surveillance goes back at least as far as the Teapot Dome scandal that roiled the Warren G. Harding administration in the early 1920s. ...

In 1945, Harry Truman had the FBI wiretap Thomas Corcoran...

...John F. Kennedy's attorney general, brother Bobby, authorized wiretaps on lobbyists, Agriculture Department officials and even a congressman's secretary...

...Lyndon Johnson found the tactic useful when he wanted to know what promises then-candidate Richard Nixon might be making to our allies in South Vietnam...

...Johnson famously heard recordings of King's conversations and personal liaisons with various women. Less well known is that he received wiretap reports on King's strategy conferences with other civil rights leaders...

...Few presidents were quite as brazen as Nixon, whom the Church Committee found had "authorized a program of wiretaps which produced for the White House purely political or personal information unrelated to national security."...

...It's probably true that ordinary citizens uninvolved in political activism have little reason to fear being spied on, just as most Americans seldom need to invoke their 1st Amendment right to freedom of speech. But...

...
if you think an executive branch unchecked by courts won't turn its "national security" surveillance powers to political ends -- well, it would be a first.

Julian Sanchez is a Washington writer who studies privacy and surveillance. (more)

Saturday, March 15, 2008

Cell Phone Spying Victim? Tell Your Story.

Have you ever been a victim of cell phone spying?

If your significant other or family member has ever plotted to listen in on your calls, even check your records or download spying software on your phone, we want to hear from you.

GMA is looking for guests who can talk about their experience with cell phone spying.
Fill out the info below and you might just end up on GMA. (more)

On the Road to Thought Eavesdropping

FOP Bug By Cop?

TN - A former Nashville police officer/union organizer has been indicted on federal charges in connection with the break-in and illegal surveillance of a Fraternal Order of Police youth camp.

Calvin Edward Hullett was indicted on bribery, misappropriation of union funds and other charges.

Investigators have alleged the hidden cameras were placed at the Wilson County camp in an effort to discredit the FOP by catching officers engaged in some type of misconduct.

Hullett, a national organizer for the Teamsters, is accused of using union funds to purchase the surveillance and recording equipment. (more with video)

Industrial Espionage in South Korea

Prosecutors were investigating a former LG Electronics technician Thursday for allegedly spying and providing a Chinese firm with South Korea's leading plasma display technology. (more)

7 Security Rules Employees Love to Break

Research from the Ponemon Institute finds that either companies are not setting, or employees are not following, data security procedures in several high-risk areas.

“Data Security Policies Are Not Enforced,” a survey of 893 corporate IT workers, examined the risks associated with storing and transporting sensitive information and looked at how well companies are implementing and enforcing policies to protect against this risk.

1. Copying confidential information onto a USB memory stick.
2. Accessing web-based e-mail accounts from a workplace computer.
3. Losing a portable data-bearing device.
4. Downloading personal software onto a company computer.
5. Sending workplace documents as an attachment in e-mail.
6. Disabling security and firewall settings.
7. Sharing passwords with co-workers.
(more)
122 Federal Aviation Administration safety inspector badges have been stolen or lost in the past five years. The credentials are one of the few forms of identification that give complete and unfettered access to airport facilities, including the cockpits of planes in flight.

"The FAA badge is probably of all the badges just as dangerous if not more so than any other," aviation expert Denny Kelly said.


Kelly, a former commercial pilot and a private investigator, said the badge can give a person free access to nearly every secure area of an airport.


"The FAA badge allows you not only on one airline, plus getting through security, it allows you to get on any airline, any airplane, anyplace," he said. (more) Photo is not representative of stolen ID.

Juju Security... What "badge" can give someone unfettered access to your business - to plant bugs and steal proprietary information, for example? Can you account for all of yours? Is a security amulet really the best solution? Other solutions... 1 2 3

Update: Possible motive for badge theft uncovered!
Special Offer for FAA Employees only...
Located in the Holiday Inn Airport, 2101 S. Meridian is offering FAA employees a 15% discount on their ALL-YOU CAN EAT Lunch Buffet. Just show your ID badge for discount.
Regular price is $9.95 + tax and includes: 21 item salad bar, soup, 2-3 hot entrees, veggies, rolls, dessert bar and drink. Menu selection varies from Bar-B-Q to Italian to Hors Devours.
Lunch hours are 11 a.m. to 2 p.m. on the dates indicated on the calendar.
Call the Holiday Inn at 685-4000 for more information. (more)

Romper Room Magic Mirror 2008

Tune into live surveillance cameras from around the world. Free computer screen saver turns you into Mr./Ms. Panopticon. (more)

Thursday, March 13, 2008

RFID Cards Hacked

Researchers and students of the Digital Security group of the Radboud University Nijmegen have discovered a serious security flaw in a widely used type of contactless smartcard, also called RFID tag. It concerns the "Mifare Classic" RFID card produced by NXP (formerly Philips Semiconductors). Earlier, German researchers Karsten Nohl en Henryk Plötz pointed out security weaknesses of this cards. Worldwide around 1 billion of these cards have been sold.

This type of card is used for the Dutch 'ov-chipkaart' [the RFID card for public transport throughout the Netherlands] and public transport systems in other countries (for instance the subway in London and Hong Kong). Mifare cards are also widely used as company cards to control access to buildings and facilities. All this means that the flaw has a broad impact. Because some cards can be cloned, it is in principle possible to access buildings and facilities with a stolen identity. This has been demonstrated on an actual system. (more)

"I reprogrammed a car fob, Mr. Cheney. Now I control you."

by Chris Soghoian...
A team of respected security researchers known for their work hacking RFID radio chips have turned their attention to pacemakers and implantable cardiac defibrillators.


The researchers will present their paper, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," during the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy, one of the most prestigious conferences for the computer security field...

By reading between the lines (millions of remotely implanted medical devices, able to administer electrical shocks to the heart, can be controlled remotely from distances up to 5 feet, designed by people who know nothing about security), it is easy to predict the gigantic media storm that this paper will cause when the full details (and a YouTube video of a demo, no doubt) are made public. (more)

Security and Spying With Nanotechnology as Tiny Spy Dust Chips Track Your Movements

Nox Defense has released an invisible perimeter defense technology, which combines high-resolution video pictures and radio frequency identification (RFID) tags, sometimes referred to as "spy chips", to track assets and people in real time. The system allows security officers to see a theft or intrusion as it happens, and track a stolen object even if concealed inside a briefcase, under a jacket, or stuffed inside a sock. The FBI is among early adopters of the Nox Intelligent Perimeter Defense system, though has not released details how it will use the system. (more)

"Let's see you tap your way out of this, honey."

Wiretap agent sued for bigamy...
Philippines - A military agent who claimed taping the conversations of President Arroyo and a former poll official in 2004 is facing a bigamy suit in a Quezon City court.

Arlene Sernal filed a complaint against her husband Vidal Doble, a former technical sergeant in the Intelligence Service of the Armed Forces of the Philippines before the sala of Regional Trial Court Judge Rosa Samson Tatad of Branch 105. (more)

Private Investigator Brags About His Bugging

Australia - A Melbourne-based veteran investigator, an old-fashioned human bloodhound who formerly ran the security for one of the local airlines, tells The Sunday Age: "If I wanted to bug your office, you could send 10,000 [de-]buggers in there and they'd never find out. Not unless the bug is live (activated). Otherwise you'd have to physically tear an office or boardroom apart to find it. A smart cookie will be listening across the road … and via a 10-cent capacitor can remotely deactivate the bug until there's something worth listening to."

This old-time operator is a $500-a-day man. "Plus expenses." No matter that there may be millions at stake, that's his price.


"I'm cheap," he says. (more) He is also [your thought here].

Tuesday, March 11, 2008

from EnergyBiz Magazine...
"Corporate espionage is big business. According to the FBI, such theft costs all U.S. companies between $24 billion and $100 billion annually. Interestingly, only about 20 percent of those losses are tied to cyber threats while the majority of them are associated with low-tech schemes such as unlawfully entering open offices." (more)
Eavesdropping, and low-tech espionage tricks, precede cyber-threats. They are also the easiest to spot. Discover the eavesdropping and espionage attacks and the cyber-threats die of starvation. The security secret... You have to look, to discover – on a regular basis. Start your schedule of detection audits, today.

School Board Sued for Eavesdropping on Attorney

Attorney Susan Burgess of Brockport is suing the district, the Board of Education and Kevin Ratcliffe, director of Pupil Services, for alleged eavesdropping on a private legal conversation she had Aug. 4, 2006, at a district office with her client, Carmen Coleman of Fairport, regarding Coleman’s son’s educational needs.

The suit further alleges that district officials listened in on the conversation in retaliation for Coleman’s pursuing her son’s legal rights and to gain an advantage in the negotiations. (more)

What in the World???

Every minute disaster strikes somewhere in the world.
These sites keep track of it all...
GlobalIncidentMap.com
Havari Information Service - AlertMap
Incident1.com
USDA Active Fire Map
Illegal Alien Activity Tracking System
PetFlight Airport Incident Map
Real-Time Earthquate Map
World Disasters
Disaster Resource Network

PATS 'SPY' READY TO ROLL TAPE

The former New England Patriots employee who supposedly has tapes of illegal spying by the team may be ready to give them up. (more)

Cracking GSM encryption just got easier

by Michael Kassner...
For all intents and purposes most everyone including the GSMA—an organization representing most of the mobile phone operators—considered and still considers GSM very secure. In reality A5/1, the technology used to encrypt GSM communications has been vulnerable for at least a decade. The sense of security seems to be based on the fact that the original attack venues require a great deal of computing power, time, and therefore money to accomplish the crack. So an organization would have to be particularly motivated to even want to crack GSM traffic. Care to guess who has enough motivation?


It appears that researchers David Hulton and Steve Miller have recently developed techniques to greatly reduce the time and required computing power needed to crack A5/1 encryption. The two researchers have even patented their work personally. The efficient modifications of the original crack open all sorts of doors making it easier for both black and white hat types to decode GSM conversations. (more)

The following is a public service announcement...

...ABOUT SHINE A LIGHT
On April 4, 2008, an Academy Award®-winning filmmaker and the world's greatest rock n' roll band will unite to bring audiences the year's most extraordinary musical film event, "Shine a Light," to theaters everywhere.

Martin Scorsese's concert documentary "Shine a Light" will show the world the Rolling Stones as they've never been seen before. Filming at the famed Beacon Theatre in New York City in fall 2006, Scorsese assembled a legendary team of cinematographers to capture the raw energy of the legendary band. (more) (review)

Monday, March 10, 2008

More Sports Spying History

According to a report in the New York Daily News, the New York Jets were aware of New England Patriots head coach Bill Belichick's videotaping shenanigans as far back as 2004.

Sources told the Daily News that Herm Edwards, then the Jets head coach, and his defensive coordinator Donnie Henderson not only noticed a camera aimed at them from the opposite sideline during a game between the Jets and Patriots, but they waved at it. (Does this constitute consent?)

The News' report also said the videotape was apparently one of six tapes Belichick turned over to the league that were subsequently destroyed by the order of NFL commissioner Roger Goodell. (more)

But spying has always existed in football and other professional sports. A marvelous book, "The Echoing Green," documents how the 1951 New York Giants utilized a telescope to steal opposing catchers' signs — and relay them to the batters.

Papa Bear George Halas, it has been claimed, paid young men to listen to and film other teams' practices. The old Kansas City Chiefs were accused of being the worst spying offenders — by Al Davis, who was accused of bugging AFL teams' locker rooms. The Broncos purportedly had two spies a long time ago at a San Diego workout, writing plays on the inside of paper cups.

A former NFL coach told me at the recent Super Bowl in Arizona that his team cheated regularly. "We did everything you can imagine to get information on the teams we were playing. The more technology, the easier you can get stuff. It's common in the league," he said.

Belichick was caught.
Now, Congress is involved. (more)
"The weed of crime bears bitter fruit..."

Sunday, March 9, 2008

Inside the Shady World of Spy Gadgets

by Mike Elgan...
The online catalogs have names like Spy World, Spy Source and even Spy Zilla. The wonderful and disturbing new world of spy gadgets offers obscure, often expensive devices -- available in most cases to anyone with a credit card.


Most spy gadgets should be and could be used for legal and ethical purposes -- but you know they probably won't be.

Hidden cameras, secret microphones, GPS tracking devices, telephone voice changers, camera and microphone detectors, computer and cell phone snooping devices, cell phone and Wi-Fi "jammers" -- spy gadgets are sold vaguely and euphemistically as "security" or "surveillance" products. But you can bet they're popular with perverts, snooping bosses, suspicious spouses, cheaters, blackmailers, criminals and terrorists.

Nobody monitors who buys this stuff or what they use it for... (much more)

Smart businesses regularly conduct eavesdropping detection inspections. If you're not looking, you're not finding. Call us.

"All right, who said, 'They're higher than a kite'?!?"

from switched.com...
The Defense Advanced Research Projects Agency (DARPA) will award contracts to design and build an unmanned spy plane they've dreamed up that will stay aloft for for an amazing five years. The pseudo satellite will circle the globe for years at between 60,000 and 90,000 feet, gathering photos, communications, and generally watching everything you do. (more)

Computer Bug Gets Upgrade

from the seller's website...
New for 2008! eBlaster 6.0

eBlaster has been the standard in remote monitoring software for parents and employers for almost a decade. It's time for a real innovative change, and we have some very exciting news.

Blaster 6.0 is now available, and we have added features we believe you're really going to like. Now, you have the ability to change options and settings remotely without having to return to the computer on which eBlaster is installed.

What Else is New in eBlaster 6.0?
NEW! Block Web Sites
-- Block inappropriate web sites by name immediately...
NEW! Block Chat/IM Contacts
-- Block all chat and instant messaging with specific people...
NEW! Online Searches
-- records searches made on Google, AOL, MSN, and Yahoo...
NEW! Screen Snapshots with Keyword Alerts
-- Now you can actually see EXACTLY what they saw...
NEW! MySpace Activity
-- All activity on the popular but potentially dangerous MySpace site...

When was the last time you checked your computer for spyware?
eBlaster detection.

Bugs - The Ultimate Bugs

The agency that the Pentagon set up to turn outlandish sci-fi concepts into reality has come closer to creating an army -- or air force -- of cybugs: cyber-moths and beetles that can spy on the enemy.

Inspired by Thomas Easton's 1990 novel, Sparrowhawk, in which animals enlarged by genetic engineering were fitted with implanted control systems, the Defence Advanced Research Projects Agency (DARPA) set out to insert microsystems into living insects as they undergo metamorphosis.

The plan is that their organs will grow around the chips and wires that make up the remote-control devices. (more)

Reel Camp for the Really Stupid



Friday, March 7, 2008

"Slime him, Danno!"

UK - Police in Nuneaton yesterday unveiled their latest technological weapon - a remote-controlled helicopter, the size of a dustbin lid.

The microdrone can film from more than 350ft away and beams back live video footage to operators on the ground.

If needed, the little helicopter can even swoop down and squirt offenders with a security marking solution called SmartWater which can be identified by police. (more)

Listening to Michael Jackson May Be Hazardous to Your Wealth

Eavesdropping on Michael Jackson and his lawyer Mark Geragos will cause the former owner of charter jet company XtraJet a total of $10 million, according to TMZ.com.

Geragos filed a lawsuit suit against XtraJet claiming the company violated Jackson's right to privacy by videotaping their Nov. 2003 flight from Las Vegas to Santa Barbara, where the King of Pop was to surrender to child molestation charges. XtraJet's former owner Jeffrey Borer tried to sell those tapes to the media.


The judge awarded Geragos and an associate lawyer $2 million in compensatory damages and $8 million in punitive damages, according to TMZ.

Geragos called the taping "one of the most outrageous acts I've seen in my 20 years of practicing criminal law." (more)

Hollywood Wiretapping Case - 6-Years Running!

Anthony Pellicano masterminded a lucrative criminal enterprise aimed at discrediting and destroying the enemies of his Hollywood clients, a federal prosecutor charged Thursday in opening arguments in a long-awaited wiretapping trial.

But he bragged about it so much — and recorded himself doing so — that Mr. Pellicano “was the biggest government informant in this case,” the prosecutor, Kevin Lally, said Thursday.

Mr. Pellicano, 63, who is defending himself against wiretapping and racketeering charges, denied nothing in his opening remarks, saying that his business was “problem solving,” and that customers in the entertainment industry paid him well because they knew he would “perform” for them. He stressed only that he never intended their secrets to become public. (more)

Turn Old 78 RPM Records into MP3s and CDs

Ace sound engineer, Mike Stewart, spins advice about how to turn old 78rpm records into MP3 or CD recordings.

Sounds like it should be easy, but consider, "modern" record players won't play at 78rpm.

Now you know why Mike is the Ace.
(video tutorial)

Mainstreet.com asked, "Why do people wiretap?"

“People tap phones lines for one of three reasons—money, power, sex,” says Kevin Murray, of Murray Associates, which secures corporations against eavesdropping. Dr. Gordon Mitchell, president of the counterintelligence consultancy company, Future Focus agrees. “Oddly enough, in the private sector it isn’t usually a situation where the big powerful competitor is trying to get information, but some sort of soap opera is going on inside,” he says. “And usually you can preface the person you suspect with an ex. Ex-boyfriend, ex-husband ex-partner.” If you suspect that there is wiretap on one of your phone lines, you first want to establish a connection between the information loss and whoever you suspect is leaking it. If you can’t show a cause and effect relationship between the criminal and the crime, you can’t prosecute a case against an eavesdropper...

...big corporations are still conscious about securing the workplace against foreign ears. “Whenever you’re in competition it means someone isn’t going to play the game fairly,” says Murray. “Businesses are very proactive about detecting these types of devices.” Most corporations do inspections on a quarterly basis, “and it’s something you rarely hear about,” says Murray. After hours, a counterintelligence security team will come in and investigate the most sensitive areas of the company. According to Murray, it costs between $5,000 and $10,000 to inspect eight to ten executive offices and a boardroom. (more)

Thursday, March 6, 2008

World's Biggest Hand ...or, Smallest Gun?

Meet the pistol that fits in your pocket - and packs a hell of a punch.

The SwissMiniGun is the size of a key fob but fires tiny 270mph bullets powerful enough to kill at close range.

Officially the world's smallest working revolver, the gun is being marketed as a collector's item and measures just 2.16 inches long (5.5cm). It can fire real 4.53 bullets up to a range of 367ft (112m). (more)

...and who complained about the raincoat brigade!

Filming people secretly and without permission will be subject to big fines and prison sentences under new laws being introduced in the South Australian Parliament.

The Attorney-General, Michael Atkinson, wants to crack down on modern-day peeping toms using mobile phones to capture images of people without permission.

"We're also concerned with indecent filming, filming people going to the lavatory, filming people engaged in private acts, namely sexual acts, that occur only in private," he said.


"The Rann Government is keen to protect peoples' privacy from modern-day peeping toms, the raincoat brigade and some of the more extreme elements of the paparazzi. (more)


Hollywood private eye on trial for mass wiretapping

CA - Anthony Pellicano, the former investigator known as Hollywood's private eye to the stars, goes on trial Thursday in a case of wiretapping and skulduggery that is expected to reveal the dark side of the glitzy world of the movie industry.

Actors Sylvester Stallone, Keith Carradine and Farrah Fawcett, along with movie studio executives Brad Grey and Ron Meyer and former powerhouse talent agent Michael Ovitz, are among the 120 prosecution witnesses called to testify in a case that has kept Hollywood on tenterhooks for almost six years.

Pellicano, 63, is accused of illegally wiretapping the telephones of opponents of his powerful clients and of bribing police officers and telephone company workers to run illegal background checks on the targets of his investigation.

Pellicano is representing himself at his trial and has pleaded not guilty, along with his four co-defendants, to the 111 federal charges they face together. The trial in Los Angeles federal court is expected to last up to 10 weeks. (more)

FutureWatch - Brain Eavesdropping Progresses

Mind-reading with a brain scan
Scientists have developed a way of ‘decoding’ someone’s brain activity to determine what they are looking at.


“The problem is analogous to the classic ‘pick a card, any card’ magic trick,” says Jack Gallant, a neuroscientist at the University of California in Berkeley, who led the study. But while a magician uses a ploy to pretend to ‘read the mind’ of the subject staring at a card, now researchers can do it for real using brain-scanning instruments. “When the deck of cards, or photographs, has about 120 images, we can do better than 90% correct,” says Gallant. (more)

Wireless security foiled by new exploits

Just when you thought your wireless network was locked down, a whole new set of exploits and hacker tools hits.

Josh_Wright: "Enterprises are doing ... better. We are seeing fewer open networks and more organizations moving to WPA/WPA2 from WEP. There is still more than a fair share of WEP networks, sometimes motivated by the need to support legacy wireless clients (such as VoIP phones, or Symbol scanners). A lot of the enterprises I talk to feel comfortable with the security of their WPA/WPA2 networks, but they often fail to realize that this is only one piece of a wireless security strategy. Failure to address client configuration and security issues, rogue detection and home/mobile users leaves organizations exposed to attack. (more)

When did you last check the security of your wireless network?
Idea... Have us preform an on-site wireless LAN security survey.

Wednesday, March 5, 2008

SpyCam Story #438 - "Er's mud in yer eye"

UK - A Greenock dad who feared he was being spied on by a CCTV operator decided to take matters into his own hands — by spray painting over the lenses. (more)

Every Click You Make, Your Boss Is Watching You

Employees who regularly use company computers to surf the Web, sign on to business accounts for personal e-mail, make calls from company phones or use the corporate car to run errands run the risk of losing their jobs, according to a new survey released by The ePolicy Institute and the American Management Association (AMA).

More than 58 percent of the 304 companies surveyed said they'd fired workers for misusing company-provided e-mail accounts or improper use of the Internet on a company computer. A much smaller portion, 6 percent, said they had terminated an employee for inappropriate use of a company phone or voice mail. (more)

Quote of the Week - Espionage in Grenada

"In the world of espionage and counter espionage, spying does not occur as an isolated and independent event. It is usually part of a series of increasingly aggressive measures that normally escalates into planting of evident against innocent persons, acts of sabotage and even to physical harm to innocent peoples," - Allie Gill, Senior Executive Member

Commenting on...
ST. GEORGE`S, Grenada, The main opposition political party in Grenada is demanding an independent investigation by Scotland Yard into the circumstances surrounding the alleged secret recording of an executive meeting by a member of the Royal Grenada Police Force.

Party officials apprehended Officer No# 77 Kellon Noel on Tuesday evening around 7 p.m. as he allegedly video and audio taped the meeting, which was being held at the party’s headquarters in St George’s.

Dressed in plain clothes, the officer who is attached to the Special Branch Unit, was apparently in an abandoned building adjacent to the NDC headquarters when party members say they noticed a flashing red light next to a window and rushed to investigate. They claim they found Noel with the recording equipment hastily exiting from the building. They surrounded, questioned and searched him, they said, and during the probe his police identification card was among the documents found in his pocket. (more) (more)

Using Your Mobile to Spy on Your Spouse

ALK Technologies, a New Jersey-based company selling software that turns cell phones and PDAs into satellite tracking devices, asked men and women if, given the chance, they would like to use mobile phones to spy on their partner’s comings and goings 24/7. Two times as many women as men polled—some 63% vs. 29%—said they would like to track the movements of their mates. Interestingly, only 44% of women and 41% of men wanted the roles to be reversed and to be tracked by the people they are spying on.

The survey showed that the younger they are, the more jealous people tend to be: Some 56% of 18- to 29-year olds said they would seize the opportunity to snoop, compared to 45% of people aged 41 to 50. People older than that are either more secure or don’t care anymore. Only one-fifth of people 51 to 60 wanted to know where their mates were at every moment. (more)

Hedge Fund vs. Hedge Fund - Spying, Stealing

NY - Elliott Associates has accused another hedge fund of spying and stealing proprietary trading technology.

The $10 billion New York-based hedge fund, run by Paul Singer, filed suit today against Cedar Hill Capital Partners alleging it of scheming to “literally steal the software in order to use it for its own trading activities,” branding the activity “nothing short of an overt act of corporate espionage.” (more)

In-house NSA

A rapid way to spot insider threats from individuals within an organization such as a multinational company or military installation is reported in the current issue of the International Journal of Security and Networks. The technology uses data mining techniques to scour email and build up a picture of social network interactions. The technology could prevent serious security breaches, sabotage, and even terrorist activity.

Gilbert Peterson and colleagues at the Air Force Institute of Technology at Wright Patterson AFB, in Ohio are developing technology that could help any organization sniff out insider threats by analyzing email activity or find individuals among potentially tens of thousands of employees with latent interests in sensitive topics. The same technology might also be used to spot individuals who feel alienated within the organization as well as unraveling any worrying changes in their social network interactions. (more)

New Gadget Can Spy On Text Messages

Suspicious spouses can check out their husband or wife's deleted texts with a new gadget. The £76 ($149.00) device can get all the data off a mobile telephone's sim card - including messages and numbers that have been deleted. The information can then be transferred to a PC or laptop through a USB port. BrickHouse Security say it is ideal to "spy on your wife, husband, teens or colleague". (more)

UPDATE (5/28/08)
(source)
Comments from secret sources who KNOW...
"Could not read any more information than I could with SIMCon or SIM Seizure. Save your money." - S.H.

"Interesting marketing strategy, but the statement on their website that "This is the only SIM Card reader in the world that can actually see the *deleted messages*" is completely false. It is certainly not the _only_ product. You can do the same thing with any SIM/smartcard reader and a copy of Smartcard Commander (manually) or many other SIM analysis packages do it automagically (such as SIM Analyzer Pro), and it will cost you less than half of what Brickhouse is charging for this product. Deleted SMS's are very very simple to recover, as only one byte of the SMS entry changes to mark it as "deleted." Recovery of SMS from the SIM will depend on whether the phone stores SMS (and the other data this product claims to recover) on the SIM card or on the phone itself. Not all GSM phones store SMS/phonebook/etc to the SIM, and it can be a user-defined option where to store the data. Also, a typical SIM card may only hold a maximum of 30 SMS messages." - P.K.

Sunday, March 2, 2008

Alert - The Wikileaks.org ruling affects you, too.

Quick review...
(from Jan. 9, 2008)

"WikiLeaks.org is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis."

Every coin has it light side and dark side.
The flip side of this coin is extortionography.

"What is Extortionography?"
Using audio / video / photographic or other evidence for personal or monetary gain, or to force a desired result or outcome.

"Do [insert demand here] or I will send [insert audio, video or other info-leak here] to WikiLeaks!"
------------------------
First blowback...
(from Feb. 20, 2008)

Recent days have brought two federal court decisions with disputed First Amendment legitimacy.

In San Francisco, District Judge Jeffrey White acceded to a request by a Cayman Islands bank to shut access to the Web site Wikileaks.org, which "invites people to post leaked materials with the goal of discouraging 'unethical behavior' by corporations and governments," as the New York Times reports.

In this case, the bank, Julius Baer Bank and Trust, accused "a disgruntled ex-employee" of giving stolen documents to Wikileaks in violation of banking laws and a confidentiality agreement. (more)
------------------------
This weeki...
Free speech advocates immediately hailed as a victory the decision on Friday of a federal judge to withdraw a prior order turning off the Web address of the site Wikileaks.org ...

“Maybe that’s just the reality of the world that we live in,” Judge White said. “When this genie gets out of the bottle, that’s it.” (more)
------------------------
"What does this mean to me?," you ask yourself.
- The court has given extortionography the green light for now.
- Don't assume your business information is protected from leakers.
- Reassess your information security procedures, today.
- The most damning leaks are always the audio and visual leaks.
- Conduct eavesdropping and spycam detection audits frequently.
Need help? Call us.