Friday, May 30, 2008

Corporate Security Directors. Make your job easier.

Get your employees to love you.
Distribute this NEW book...
"Staying Safe Abroad."

Ed Lee, a retired U.S. diplomat and
Federal agent, spent most of his years in the U.S. State Department as a Regional Security Officer (RSO) in Asia, Latin America and the Middle East, where he successfully kept diplomats, their families and U.S. interests safe from terrorism and crime.

In 2002, Ed
returned to the State Department as a senior advisor to help institute post-9/11 anti-terrorism strategies, retiring again in 2006. He then formed Sleeping Bear Risk Solutions, which provides investigative, emergency planning and staff security services. He also regularly delivers speeches on terrorism and international security to corporate and governmental audiences. (ISBN: 978-0-9815605-0-2, 360 Pages, $22.95)

Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World "is the best book yet on travel security. This book is one that should be read and kept in every traveler’s briefcase for reference.” — John L. Makowski, Director - Global Security, Briggs & Stratton Corporation

"Every person who travels, whether abroad or domestically, should own this book." — Martha Miller, Ph.D., Cross Cultural Trainer to U.S. Diplomats and Multinational Executives

P.S. - Employees... A free copy of this should accompany the plane ticket whenever your employer sends you abroad. Ask your Security / Personnel / Travel Department Director for a copy. It's the least they could do for you. If all else fails, buy it yourself.

Available from Amazon.comAmazon
or
Sleeping Bear Risk Solutions

If you are my client, I'll buy it for you!
Contact me for a
free copy. ~Kevin

Saturday, May 24, 2008

Victorian SpyCam Project - Finally Completed!

Preceded by a great rumbling, the giant auger burst the bounds of earth – New York and London were connected, as planned!

Hardly anyone knows that a secret tunnel runs deep beneath the
Atlantic Ocean.

This past week, more than a century after it was begun, the tunnel has finally been completed.

An extraordinary optical device called a Telectroscope has been installed at both ends which miraculously allows people to see right through the Earth from London to New York
and vice versa.


"...the Trans-Atlantic Telectroscope...started out as a dream project of the eccentric Victorian engineering entrepreneur Alexander Stanhope St. George.

Some called it a "folly." Others said, "shear madness." Even the greatest visionary of the age, Sir Arthur Conan Doyle, blustered, "But, I was just kidding!"

The nay-sayers were correct. The spycam tunnel – a camera just a little too obscura – failed.

But now, after
all these years, the tunnel has been fitted with a giant "electronic telescope" and
state-of-the-art technology, by his great-grandson!

The present-day Mr. St. George, resurrected the project and developed the Telectroscope after discovering his great-grandfather's dusty notes and diaries in an attic.

The tunnel entrances were reopened beside Tower Bridge in London and Brooklyn Bridge in New York.

Needless to say, many are excited at the prospects of "seeing" friends and relatives across the Atlantic. Imagine standing 3,460 miles away from your loved one and peep into the telescope to see them."

Humbug or Amazing?
You decide...
On view until June 15th.

UPDATE...
06/01/08 0253HRS EST COUNTERMEASURE'S COMPOUND
SURVEILLANCE CHOPPER PHOTO - ANALYSIS: USA SIGHTING CONFIRMED

DOUBLE UPDATE...
60/01/08 0023HRS GMT WHITEROCK DEFENCE SURVEILLANCE PHOTO - ANALYSIS: UK SIGHTING CONFIRMED

Tuesday, May 20, 2008

Before you upgrade your iPhone next month...

Scary stuff in the news...
"iPhones sold as refurbished units may contain personal data from their previous owners that, with a little leg-work, is readily accessible by new owners. These data include email, images, contacts and more.
...performing a “Restore” operation on the iPhone does not delete personal data from the device. Such information remains intact on the device after a restore, making the process unsuitable as a preparatory measure for iPhone resale or service. Apparently, Apple’s refurbishing procedure also does not delete the personal data.

There currently exits no viable, publicly available method for erasing personal data on the iPhone. Erasing your content and settings has no effect on whether a subsequent owner can recover personal information." (source)

Kevin's Reality Check
1. Go into Settings > General > Reset
2. Hit "Erase all Content and Settings."

This will keep your info from most people, but not forensic types with toolkits. They can access what doesn't get erased - the application screenshots. Screenshots are taken every time the Home button is pressed. Reason: to generate the zoom effect for the next time an application is accessed.

Still paranoid?
• Make new screenshots after you erase all content.
Still paranoid?
• Search the net for info on reformatting the phone's NAND.

Spook Vault Stuff - Data Loss via Optoanalysis

Researchers have developed two new techniques for stealing data from a computer that use some unlikely hacking tools: cameras and telescopes.

In two separate pieces of research, teams at the University of California, Santa Barbara, and at Saarland University in Saarbrucken, Germany, describe attacks that seem ripped from the pages of spy novels. In Saarbrucken, the researchers have read computer screens from their tiny reflections on everyday objects such as glasses, teapots, and even the human eye. The UC team has worked out a way to analyze a video of hands typing on a keyboard in order to guess what was being written. (more)

Wannaknowhowitisidone?
Reflections.
Observations.

Q&A Time - Radio Frequency (RF) Blocking

From a professional colleague...
Q. "I would like to know if there is any security film that can be applied to windows to help block RF emissions. I have heard of curtains that are made for purpose? not sure though? Any ideas would be appreciated. Thanks."


A. Their are all sorts of RF shielding materials on the market: window film, speciality glass, screening, wallpaper, paint, gaskets, curtains, beanies, etc. Each item, by itself, is not a very effective solution. Used in conjunction with one another, RF may be attenuated to a point where it solves a particular problem. The attenuation will not be 100% unless one constructs a fully shielded room (Faraday cage). In government circles these specially built rooms are called Sensitive Compartmentalized Information Facility, otherwise known as a SCIF. Even then, the slightest crack or deformed door gasket will allow RF in/out.

100% shielding becomes problematic when the application is eavesdropping countermeasures. Shielded rooms are ugly and expensive, and other methods are not 100% effective. In counterespionage and TSCM, the information is either protected, or it is not protected.

Here is a review of a new window film.
Here is a review of the effectiveness of beanies.
~Kevin

Monday, May 19, 2008

Blindsided

What do you think?
• Disrepair breeds disrespect.
• Focus on the expected, and the unexpected.
• Like deer, security would do well to look up.
• Kilroy had kids.

Chlorine for stagnant security thinking...
Our roof artist might have spent their time entering the building, planting bugs or stealing documents, instead of graciously exposing a security vulnerability.

Time to shake it up. Make sure 80% of your security budget isn't protecting 20% of your company's value.

The value ratio in many companies is more like 20% physical assets, 80% intellectual assets. Many security budgets protect in the opposite direction – which is like looking in the wrong direction.
(photo courtesy of spiggycat)

Sunday, May 18, 2008

Alert - Throw These Bums Out!

Bum One...
The FM analog wireless presenter's microphone – one of the Top 5 corporate eavesdropping threats. Why?
No secret. Radio waves travel. A quarter mile is the advertised standard. Interception of an FM analog signal is easy. Safer solutions exist. Throw these bums out. (Murray Associates - Case History)

Bum Two..
Any meeting planner who still uses FM analog wireless microphones for your sensitive presentations or meetings. Educate them. Give them a chance to change. If they don't, your sensitive meetings become Town Hall Meetings. Throw these bums out.


Bum Three...
Any security director or security consultant who does not point out the dangers of FM analog wireless microphones. They have an obligation to stand up to meeting planners and
AV crews. They have an obligation to recommend one of the several, more secure, options available. If they don't. Throw these bums out.

Bum Four...
These days, any AV production company that doesn't invest in digital, encrypted wireless microphones for their clients is stupidly cheap. For years, they hid behind excuses like "digital technology is not reliable enough," and "it lacks fidelity." Those days are over.

You pay these guys hundreds of thousands each year to produce your corporate events. The least they can do is update their equipment (a one-time investment).


They KNOW they are leaking your sensitive/secret information when they continue to use FM analog wireless microphones. Not upgrading to secure communications is negligence on their part. Demand secure wireless microphones, or... throw these bums out.

Bum Five...
YOU. If you are not part of the solution, as of this moment you are now part of the problem.

The New Wireless Mics Can Make Your Meetings More Secure.
Some even have encryption capabilities!

The Newest Solution...
SpectraPulse™ Ultra Wideband (UWB) Wireless Microphone System
(White Paper)

Additional Digital Choices...
Lectrosonics (...and an Encryption White Paper)
Zaxcom
Mipro ACT-82
Telex SAFE-1000

Infrared Choices...
Glonetic Audio
PA-System
Azden

Q&A Time - GPS Trackers

This question comes from a novelist working on a plot.
We also receive similar inquiries from other folks
– corporate security directors to scared spouses!


Q. If a bad guy places a real-time GPS tracker on my hero's car, and knows my hero is a skilled investigator...

• Where might they put the tracker?
• Where might investigator not look for it, or find it?

And, is there a detector that would allow him to find it? The car is parked either outside or in a parking garage, and the bad guys have lots of access to it.

A. The best answer could come from Lo-Jack mechanics. They do this type of covert installation daily.

Real-time GPS trackers are very cool devices. They are small and may be secreted anywhere in/on a vehicle (in hollow body panels, atop gas tanks, inside bumpers, under seats, within dash panels, etc.). The real trick hiding the power connection and the two antennas properly.

For long-term tracking, a
connection has to be made to the car's 12 volt power bus, preferably where the connection can not be seen and the new power wire to the GPS device can not be seen. This part is fairly easy.

Next, get two radio-frequency signals to/from the tracking device...
• The satellite signal (to the device).
• The cellular signal (to/from the device).

A GPS antenna is required t
o receive the weak satellite signal...

(Either a standard size GPS remote antenna, or a much smaller GPS antenna)
Ideally, this antenna needs to "see" the sky. However, this doesn't mean the antenna will be visible to you.

A GPS antenna can "see" it's signal through non-metallic materials, like: back seat windows and decks, rubber material on bumpers, plastic tail-lights, etc. Make the antenna connecting cable look like the factory installed wiring and you're in!

The cellular GSM antenna is not as hard to position since it will work wherever a regular cell phone will work.

Again, hiding the cable is important. Imagine, embalming the antenna and cable in a car's undercoating; making it 100% invisible!

Caution: Do not position the GSM antenna cable near any of the car's audio wiring or you may hear the
GSM transmission noise through the car sound system... a definite tip-off that something ain't Kosher.
(small GSM antennas)
How to detect a real-time GPS/GSM tracking device?
• Physical search.
• Take car to an isolated area and use a real-time spectrum analyzer and look for the cell site registration burst transmissions.
• Keep a cell phone detector in the car. If it alerts on a regular basis, and there are no other cell phone users in the area, the problem might be a tracking and/or listening device in the car.

And, then there is the 'ol sharp stick-in-the-eye approach...
Blockers!
GPS Blocker
GSM Blocker
GPS/GSM/GPRS Blocker
(all are illegal, but available, in the U.S.)
~Kevin

The Geek Chorus Wails, "Beware VoIP. Shun GSM."

"Be careful what you say over that mobile phone or VoIP system."
The most widely used mobile phone standard, GSM, is so insecure that it is easy to track peoples' whereabouts and with some effort even listen in on calls, a security expert said late on Saturday at the LayerOne security conference.

"GSM security should become more secure or at least people should know they shouldn't be talking about (sensitive) things over GSM," said David Hulton, who has cracked the encryption algorithm the phones use. "Somebody could possibly be listening over the line."

For as little as $900, someone can buy equipment and use free software to create a fake network device to see traffic going across the network...

VoIP systems based on open standards are not encrypting the traffic, which leaves them at risk for eavesdropping, forged or intercepted calls and bogus voice messages, he said, adding that there are numerous tools for doing that, with names like "Vomit" and "Cain and Abel." (more)

Saturday, May 17, 2008

Wiretapping PI Pellicano Convicted

A Hollywood private investigator was convicted Thursday of federal racketeering and other charges for digging up dirt for his well-heeled clients to use in lawsuits, divorces and business disputes against the rich and famous.

Anthony Pellicano, 64, was accused of wiretapping stars such as Sylvester Stallone and running the names of others, such as Garry Shandling and Kevin Nealon, through law enforcement databases to help clients in legal and other disputes.

Pellicano was found guilty of all but one of the 77 counts against him. He looked at the judge with his arms crossed and didn't react when verdicts were read. (more)

Comverse - Smells like Sneakers

"Martin Bishop is the head of a group of experts who specialise in testing security systems. When he is blackmailed by Government agents into stealing a top secret black box, the team find themselves embroiled in a game of danger and intrigue. After they recover the box, they discover that it has the capability to decode all existing encryption systems around the world, and that the agents who hired them didn't work for the Government after all..."
...and now the news...

Friday, May 16, 2008

"My password is stronger than your password!"

"Oh, yea... Prove it!"
...even strong passwords can be cracked in seconds using an open source tool called Ophcrack.


Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days. (by Scott Sidel)

SpyCam Story #447 - The Neighbor

Q. "I am being overlooked by a neighbor's camera and was just wondering if there was a anything that could interrupt or jam the filming/picture of a WIRED night/day cctv. Any ideas would be much appreciated. Many thanks."

A. I love easy questions. Once you have tried all the civil things (a polite request to re-aim the camera, threat of filing a voyeurism complaint with the police, etc.) there is always the sharp stick in the eye approach.

Here is what other people are doing...
Ouch #1
Ouch #2
Ouch #3
Ouch #4
Ouch #5
Good luck!
Kevin

Wednesday, May 14, 2008

DIY Spy Tip #089 - "...with 'friends' like you..."

If you are still relying on Google to snoop on your friends, you are behind the curve.

Armed with new and established Web sites, people are uncovering surprising details about colleagues, lovers and strangers that often don't turn up in a simple Internet search. Though none of these sites can reveal anything that isn't already available publicly, they can make it much easier to find. And most of them are free.

Zaba Inc.'s ZabaSearch.com turns up public records such as criminal history and birthdates. Spock Networks Inc.'s Spock.com and Wink Technologies Inc.'s Wink.com are "people-search engines" that specialize in digging up personal pages, such as social-networking profiles, buried deep in the Web. Spokeo.com is a search site operated by Spokeo Inc., a startup that lets users see what their friends are doing on other Web sites. Zillow Inc.'s Zillow.com estimates the value of people's homes, while the Huffington Post's Fundrace feature tracks their campaign donations. Jigsaw Data Corp.'s Jigsaw.com, meanwhile, lets people share details with each other from business cards they've collected -- a sort of gray market for Rolodex data. (more)

Report: C-level execs more involved with security

The major data breaches that have received mass media coverage are driving so-called "C-level" executives to become actively involved in their organization's security policies, according to a new report from the (ISC)2.

There are several key "take-aways" from the report, titled "2008 (ISC)2 Global Information Security Workforce" and authored by Rob Ayoub, Frost & Sullivan's network security industry manager.

Ayoub told SCMagazineUS.com that these include the fact that C-level executives are paying attention to security...

"CEOs are asking their security professionals important questions about how they're prepared to not become another TJX," (answers) (more)

SpyCam Story #446 - The Diogenes Dilemma

NY - Matt Walsh finally had his day in front of the NFL, and as far as commissioner Roger Goodell is concerned, this chapter of the Patriots videotaping saga is closed.

Walsh, a former Patriots video assistant who last week turned over eight tapes showing the team recording opposing offensive and defensive signals, met for more than three hours with Goodell yesterday. In the commissioner’s view, he offered no new information worth reopening the league’s investigation into the Patriots’ videotaping practices.

Goodell said Walsh told him there was no tape of the Rams walkthrough prior to Super Bowl XXXVI. He said Walsh was unaware of any other violations of league policy, including the bugging of locker rooms, manipulation of communications equipment, or miking of players to pick up opposing signals...

He also told the commissioner that he had helped a small number of players scalp between eight and 12 Super Bowl tickets. (more)

Tuesday, May 13, 2008

From Spy Novels to CIA Papers

Washington, DC - Georgetown University’s newest addition to its special collections delves deep into the world of spies, espionage and secret intelligence...

Most recently, the university acquired a special collection from the family of the late Richard Helms, director of the Central Intelligence Agency from 1966 to 1973. Personal and professional papers and photographs paint a picture of a nation in turmoil from the Vietnam and Cold Wars – and how that turmoil forced U.S. intelligence gathering to adapt.

The library’s espionage and intelligence division stands as just one subset of an overall special collection that boasts 100,000 rare books and 7,000 linear feet of manuscripts in addition to art and other media. The division began in earnest 25 years ago with the Russell J. Bowen collection, comprising of thousands of nonfiction books on intelligence. Bowen had worked for the CIA as a senior foreign technology analyst in the areas of non-nuclear energy and illegal technology transfer.

Georgetown celebrated the new collection, which will be on display at Lauinger Library (Gunlocke Room) through May 31. (more)

Spycraft 101: CIA Spytechs from Communism to Al-Qaeda

Tuesday, 3 June; 6:30 pm
Rubber airplanes, messages planted inside dead rats, and subminiature cameras hidden inside ballpoint pens…

Science fiction? Q’s imaginary tools? Think again. These are just a few of the real-life devices created by the ultra-ingenious CIA Office of Technical Services (OTS).

In support of their new book Spycraft: The Secret History of the CIA’s Spytechs from Communism to Al-Qaedathe former director of OTS Bob Wallace teams up with internationally renowned espionage historian H. Keith Melton to reveal the amazing life and death operations of OTS, the CIA’s shadowy “wizards.”

Presented against a backdrop of some of America’s most critical periods of history—including the Cold War, the Cuban Missile Crisis, and the war on terror—this is a unique chance to go inside the hidden world of America’s “Q” and see many of the actual gadgets.

Rare devices including concealments, microdots, and disguises will be on display, and all attendees will have the opportunity to have their photos taken (bring your own camera please) with an authentic (and official) freeze-dried CIA rat designed for covert communications in Moscow. It will be a memento of the evening you’ll treasure forever!
Tickets: $20 • Members of The Spy Ring® (Join Today!): $16 (more)

Quote of the Day

"Anybody can be a spy now."
– Todd Myers, President, Computer Sights

As a private investigator, Jim Bender has tracked everything from straying spouses to strung-out trust-fund babies - sometimes following them for days at a time.

But thanks to an innovative GPS device the size of a matchbox, he can now stake out a cheating husband without leaving his Fort Lauderdale office. Or, as he has done the last few weeks, help a major company figure out who is draining the diesel fuel from its big rigs.

Technological advances have revolutionized the surveillance business, making devices smaller, cheaper and more effective than ever. And not just for professional snoops like Bender, but for everyday people. (more)

Sunday, May 11, 2008

"Watch the donut, not the hole."

NY - Police arrested a Kings Park Dunkin' Donuts employee at 10:26 pm last Thursday for allegedly setting up an illegal surveillance camera in the shop's women's bathroom.

Danish Qureshi, 25, of Huntington Station, an employee of the Dunkin' Donuts at 101 Pulaski Road in Kings Park, allegedly installed a wireless pinhole surveillance camera in the women's bathroom, according to police. Qureshi was using his wireless laptop computer to observe occupants of the bathroom while he was sitting in his nearby vehicle, police claim.

An area resident who owns similar surveillance equipment called police after he intercepted the signal and observed the bathroom on his television, Suffolk police reported. (more)

Friday, May 9, 2008

She said the man in the gabardine suit was a spy

FB-I said "Be careful his bowtie is really a wi-fi"
Next time you flip open your laptop as you wait for a flight or work at a coffee shop, beware, says the Federal Bureau of Investigation. The person next to you may be stealing your personal bank account information, address book and other files from your computer.

The agency warned earlier this week that the information on your computers may not be protected when using some of the 68,000 Wi-Fi hot spots, or local wireless Internet connections, around the country.

"Odds are there's a hacker nearby, with his own laptop, attempting to 'eavesdrop' on your computer to obtain personal data that will provide access to your money or even to your company's sensitive information," the FBI said in a advisory on its Web site.

Think that's bad, the FBI goes further to warn that if a hacker hooks into your computer, you are also connecting to his computer. That means you could be unknowingly downloading viruses and worms.

Protect yourself:
• Update the security protection on your computer with current versions of operating systems, web browsers, firewalls and antivirus and anti-spyware software.
• When tapped into a Wi-Fi network, don't conduct financial transactions or use e- mail and instant messaging.
• Change the default setting on your laptop so you have to manually select the Wi-Fi network you connect to.
• Turn off your laptop's Wi-Fi capabilities when you're not using them. (more)
Clients... Ask us to demonstrate this during our next eavesdropping detection audit.

FutureWatch - Video Vigilantes

New Zealand - A Christchurch cul-de-sac has thwarted its boy-racer problem with secret video surveillance.

Business owners and the only resident of Dalziel Place in Woolston were fed up with weekly crowds of boy racers converging on their street, doing burnouts, defacing properties and throwing bottles.


Cameras set up by a surveillance company that has its headquarters on the street captured footage of six cars and their drivers breaking the law.

The footage was passed on to police and all six drivers last week had their cars impounded for 28 days. (more)

"World's smallest" GSM bug

from the seller's web site...
The PLM-JNGSMTX08 Micro GSM Listening Device is the pinnacle of GSM listening technology packed into an incredibly small package just 43 x 34 x 17mm. Just insert any SIM card, call the number and you will hear exactly what is going on in your absence.


UK customers can track its location at any time via the internet making it a compact dual purpose surveillance device. Supplied with mains charger and protective carry case. This is the ultimate micro miniature listening device! (more)
Why do I mention it?
So you know what you are up against.

Corporate Spies Killing The CIA

The CIA is having a growing problem with their analysts and spies being recruited away by corporations. One unpleasant, for government intelligence agencies, development of the last few decades has been the growing popularity of "competitive intelligence" (corporate espionage.) It's a really big business, with most large (over a billion dollars of annual sales) corporations having separate intelligence operations. Spending on corporate intel work is over $5 billion a year, and is expected to more than double in the next four years.

The corporate recruiters have a pretty easy time of it, as they can offer higher pay, better working conditions and bonuses. (more)

Wednesday, May 7, 2008

Spy Hard II

Former Peruvian President Alberto Fujimori on Monday had a minute-long laughing fit during his trial when he heard that his former military aides used to spy on him through the keyhole. (more)

JK Rowling wins privacy case over son's photo

UK - Harry Potter author JK Rowling has won her battle to ban the further publication of a long-lens photograph of her son, in a privacy case her lawyers called a major development in British law.

In a written judgment, a panel of judges upheld the appeal, a ruling which Rowling and husband Neil Murray welcomed.

"We understand and accept that with the success of Harry Potter there will be a measure of legitimate media and public interest in Jo's (Rowling's) professional activities and appearances," the couple said in a statement.

"However, we have striven to give our children a normal family life outside the media spotlight.

"We are immensely grateful to the court for giving our children protection from covert, unauthorised photography; this ruling will make an immediate and material difference to their lives." (more)
...but, if they didn't win, there was always... >Plan B<.

Tuesday, May 6, 2008

SpyCam Story #445 - More Workplace Voyeurism

Australia - Federal police (AFP) are investigating how women at SBS' headquarters in Sydney were filmed in a changing room two years ago.

The AFP told SBS management about two weeks ago they had found photos of three women on the home computer of a man who works there. It is alleged the photos were taken by a camera installed in the room in 2006.

SBS managing director Shaun Brown says the suspect has been suspended from his job.

"Clearly the AFP had in their possessions the photograph," he said.

"They obviously had the identity of the suspect, they knew where the suspect worked and they appeared to put two and two together and concluded that the offence took place on these premises." (more)
So, why did it take 2-years for the staff to be informed?


Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."  

Wi-Fi FBI Spy Cry

How do hackers grab your personal data out of thin air? Supervisory Special Agent Donna Peterson of our Cyber Division said one of the most common types of attack is this: a bogus but legitimate-looking Wi-Fi network with a strong signal is strategically set up in a known hot spot...and the hacker waits for nearby laptops to connect to it. At that point, your computer—and all your sensitive information, including user ID, passwords, credit card numbers, etc.—basically belongs to the hacker. The intruder can mine your computer for valuable data, direct you to phony webpages that look like ones you frequent, and record your every keystroke.

“Another thing to remember,” said Agent Peterson, “is that the connection between your laptop and the attacker's laptop runs both ways: while he's taking info from you, you may be unknowingly downloading viruses, worms, and other malware from him.

What can you do to protect yourself?
Agent’s Peterson’s best advice is, don’t connect to an unknown Wi-Fi network. But if you have to, there are some precautions you can take to decrease the threat:
• Make sure your laptop security is up to date, with current versions of your operating system, web browser, firewalls, and antivirus and anti-spyware software.
• Don't conduct financial transactions or use applications like e-mail and instant messaging.
Change the default setting on your laptop so you have to manually select the Wi-Fi network you’re connecting to.
• Turn off your laptop's Wi-Fi capabilities when you're not using them.
(more) (How to Protect Your Computer)

SpyCam Story #444 - Workplace Voyeurism

Employer Video Monitoring of Bathrooms and Locker Rooms
by The National Workrights Institute
"Electronic monitoring is a rapidly growing phenomenon in American businesses. By recent estimates, 92% of employers were conducting some form of workplace monitoring. This rapid growth in monitoring has virtually destroyed any sense of privacy as we know it in the American workplace. As technology has proliferated in the workplace, it has become ever more penetrating and intrusive... Most invasive of all is video monitoring. Some cameras are appropriate. Security cameras in stairwells and parking garages make us all safer without intruding on privacy. But employers often install cameras in areas that are completely indefensible. Many employers have installed hidden video cameras in locker rooms and bathrooms, sometimes inside the stalls..." (more, with examples)


Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Who's Watching You at Work?

"Surveillance is now routine business practice among American employers, both large and small, as the cost and ease of introducing have dropped. You leave your rights at the office door every day you go to work. Most surveillance is conducted without any individualized suspicion, and personal as well as business-related information is routinely collected," explained Jeremy Gruber, legal director at the National Workrights Institute.

Two-thirds of the companies included in the "2007 Electronic Monitoring & Surveillance Survey" said they monitor Internet connections. (more)

Monday, May 5, 2008

The Dawn of the VoIP Bug

"...transform the existing power lines in your home or small office into a high-speed network solution. Without running wires, PLC-185S takes advantage of your existing electrical wiring to create or extend a network environment. PLC-185S is also an ideal solution for homes or small offices where concrete walls, floors in multi-storied buildings, or other architectural barriers could inhibit a wireless signal.

Just plug the PLC-185S into an electrical outlet and it can turn every electrical outlet into a possible network connection to connect to any network devices, such as wireless router, network cameras, and video servers." or VoIP bugs :) (more)

Hollywood Wiretap - Is The Pellicano Case New?

Two-bit snoops are a dime a dozen, but Hollywood wiretappers rate a four-bit litereary, literally!
Enough with the alliteration.
Blow 50 cents (not literally) and tap into some deja vu by Brad Lewis. Download Hollywood Wiretapinstantly – from Amazon.com, now.

Lessons in Wiretapping Skills

Los Angeles - The wiretapping trial of Anthony Pellicano, the accused sleuth to the stars and irrepressible eavesdropper, has offered much fodder for celebrity watchers over its two-month run... the trial, which went to the jury last week, offered arguably more for people who enjoy talk of encryption software, code-wiping booby traps or the low-tech secrets of phone company networks.

Here, through various witnesses, are a few of the disclosures:

• Wiretapping is really, really easy. And not just for the government. Anyone sitting in on the Pellicano trial (and staying awake during the telecom testimony) could walk away ready to intercept phone calls after a quick stop at Radio Shack for less than $50 in equipment... For all his wiretapping prowess, however, Mr. Pellicano could not tap cellphones.

• Phone “sweeps” offer false security. There are many companies that offer wiretap detection services. But these services are meant to pick up devices on the premises of the target. If the tap is elsewhere, they are useless...

The person who programmed Mr. Pellicano’s wiretap software was a college dropout named Kevin Kachikian... His software incorporated an encryption algorithm, Serpent, that the government’s code-breakers have not been able to crack. Serpent, can be downloaded free...

• Mr. Pellicano bragged about his wiretapping ability and vowed that no one on earth would ever learn of it — proving that a code of silence is not too useful if you never stop blabbing about it. (more)

Sunday, May 4, 2008

Eavesdropping Movie - "Monte Rouge"

Title: Monte Rouge
Writer/Director: Eduardo del Llano
Time: 15 minutes
Plot: Electronic eavesdropping.
Setting: Cuba.

Humor: Dark, subtle; like Monte Rouge.


"...two plain-clothed security agents knock at the door of a young man, Nicanor O'Donell.


"Good morning, my name is Rodríguez. This is comrade Segura," they tell him. "We're here to install the microphones."

"Our mission is to install microphones in your home to listen directly to the anti-governmental comments you make," the SDE (state security) agent says.

Nicanor can't believe. To him it is a bad dream or a bad joke.

The agents explain that they run a
pilot scheme to make their work "more inclusive." No longer will the SDE break in to the houses of suspects to place microphones, they will just knock on the door and ask the house owner to let them install them. All in the name of "more openness."

In exchange they ask that Nicanor accepts the "obvious limitations" of having only two microphones placed in the house (one in the bathroom). And, to ensure that all subversive conversations are held in that place, offering to install a free mini-bar
in the bathroom to get guests to go there for these conversations.

In a mild mannered conversation (with some dark undertones), they explain they know all about him: his black market dealings (exchanging a table from a museum with a guard of
the museum for a VCR), the conversations he has had with friends in bars, ... The say he was selected for this test program because of his "excellent analysis" that goes beyond "more bitching" (and the fact that he lived close to the station while they had no access to a car).

They also ensure him that the devices are independent of the electricity grid (Cuba is known for its blackouts) as it
"hardly would make sense to make eavesdropping dependent of the electricity." The young man is also warned that it is known to them that he also makes some positive comments about Cuba, but that he is to refrain from that "crap" as doesn't interest them and is a waste of their time.


The author stresses that he did not mean to indict Cuba's state security system, he just wanted to create and describe an present absurd Kafkaesque situation. He succeeded.


In Cuba and abroad there is a lot of speculation that del Llano and the other participants in Monte Rouge, could face reprisals for the irreverent clip. Let's hope that the popularity of the clip will protect them."
(en español: video Part 1 video Part 2)

Saturday, May 3, 2008

Spy Agency’s Eavesdropping Rose Last Year

S. Korea - The Broadcasting and Communications Commission (BCC) said Thursday that the number of eavesdropping requests from the spy agency and police last year was the highest since 2004, while the number of cases of e-mail monitoring and caller identification also rose.

Telephone companies allowed the National Intelligence Service (NIS), police officials and prosecutors to tap 1,142 phone calls last year, up from 1,062 cases in 2006. Most of the requests were from the NIS, the spy agency.

The number of caller identification requests from investigation authorities also increased by more than 20 percent to 183,659 cases from 150,743, the BCC said. E-mail monitoring rose 28.9 percent to 326 cases.

Furthermore, the actual number of eavesdropping cases can be higher than the released figure since multiple requests on a single case are counted as one, the BCC said. (more)

SpyCam Story #443 - Reality YOU tube

Millions of Americans have wireless cameras in their homes and cars, purchased for security or to monitor children — but it turns out the devices could be making those they're meant to protect more vulnerable.

Reporter Tom Regan of ABC News' Atlanta station, WSB-TV, investigated how video cameras may be providing an unwelcome window into your private life.


From a baby's nursery, to a restaurant, to an office, private scenes proved shockingly easy to eavesdrop on with minimal equipment in a recent WSB-TV outing.


Regan's team bought a $100 rearview camera from a local auto parts store, installed it in an S.U.V. and simply drove around.
They were amazed by the images picked up by the wireless monitor that came with the rearview camera... (more with video report)

And so, our list of residential snitch devices grows longer...
• 1960's - AM wireless intercom systems.

• 1970's - FM wireless intercom systems.

• 1980's - Cordless telephones.

• 1990's - Wireless audio baby monitors.

• 2000's - Wireless TV baby/security monitors.

What ABC News didn't mention is that professional burglars have taken advantage of these technologies for over 50 years. Their latest tool is a sensitive, compact video scanner.

Friday, May 2, 2008

SpyCam Story #442 - Webcam Hijack Warning

Experts at SophosLabs™, are warning computer users about the importance of properly securing PCs, following news that a man who allegedly used computer malware to prey upon young women has been charged in Canada.

According to media reports, 27-year-old Daniel Lesiewicz has been charged with using spyware to take over the webcams of women as young as 14 and coerced them into posing naked for him. (more)

PIs and Bug Creators Jailed for Industrial Espionage

An Israeli firm of private investigators has been rapped for using spyware to steal sensitive information.

According to reports, four members of the Israeli Modi'in Ezrahi private investigation company have been sentenced after being found guilty of using a Trojan horse to steal commercial information.

The Trojan, which was designed and marketed by London-based couple Michael and Ruth Haephrati, was said to have been used by a number of different private investigation firms to spy on companies including the HOT cable television group and Rani Rahav PR agency.

Another alleged victim was Champion Motors, which imports Audi and Volkswagen vehicles. (more)

A married couple accused of using computer worms to conduct industrial espionage has received jail terms of four and two years after pleading guilty in an Israeli court.

Ruth Brier-Haephrati, 28, and her husband Michael Haephrati, 44, were also ordered to pay damages of two million shekels (£245,000) to their victims. (more)

The Essential Guide to VoIP Privacy

What you need to know about protecting the privacy and confidentiality of IP phone calls.

People generally assume that their private phone calls are just that: private. VoIP users, however, shouldn't take privacy for granted. (neither group should)

The problem with most VoIP calls is that they travel over the Internet, a very public network. This means that calls are vulnerable to snooping at various points throughout their journey. And even private-network VoIP calls can be tapped if access can be gained to the physical wiring.

As a result, business competitors, employees, criminal gangs, tech hobbyists and just plain snoops can all listen in to a business's outgoing and incoming VoIP calls. All that's needed is a packet-sniffing program, easily downloaded from the Internet, and perhaps a tiny piece of hardware to tap into a physical wire undetectably.

But the news isn't all bad. Methods and systems are available to safeguard VoIP traffic... (more)

CBS 46 Investigates: Cell Phone Spying

New cell phone “spyware” has made it easy for just about anyone to bug your phone and uncover details of your private life, communications experts say.

The “spyware," marketed to suspicious spouses, parents and employers, can turn just about any cell phone into a high-tech spying device.

A quick search on the Internet reveals dozens of "spy phone" programs ranging from $4 to $400. Some “spyware” works on Bluetooth technology, while others require a download onto a "smart" phone, like a Blackberry or Web-based device. CBS 46 Investigative Reporter Wendy Saltzman tested Flexispy, high-end software that experts say allows people to eavesdrop on calls, download e-mails, and even track a person's GPS location at the touch of a button. (more) (video) (similar subject, different source)

Hairdresser Makes Man Harried

Can you solve this mystery?
Police in Germany helped a man solve a mystery that had been bugging him for over two years. The phone would ring and the man did not recognize the number so he had the number blocked.


After paying to have the number blocked for a while he stopped paying for the blocking service and the mystery started all over again. (answer)

Court-Approved Wiretapping Rose 14% in '07

Last year might have been a rough year for U.S. home prices, but growth in government wiretaps remained healthy, with the eavesdropping sector posting a 14% increase in court orders compared to 2006.

In 2007, judges approved 4,578 state and federal wiretaps, as compared to 4,015 in 2006, according to two new reports on criminal and intelligence wiretaps.


State investigators are increasingly turning to wiretaps, according to newly released statistics. State police applied for 27% more wiretaps in 2007 than in 2006, with 94% of them targeting cell phones, according to figures released by the U.S. Courts' administrator.

In 2007, state judges approved 1,751 criminal wiretap applications, without turning any of them down, according to the report (.pdf). That's a near-three fold increase in state wiretaps since 1997. (more)

Thursday, May 1, 2008

Porsche CEO Eavesdropping Case (update)

The well-respected Strafor (a private strategic intelligence analysis service) today characterized the eavesdropping of Porsche CEO, Wendelin Wiedeking, this way...
"The aggressor’s tactics were amateur."


Given the target – Mr. Wiedeking – and business climate around Porsche, it is unlikely amateurs would be involved. This is a high-stakes assignment. Professionals only.

Think like a professional eavesdropper. "I know they are going to look. I'll plant something they can find fairly easily; a trophy for the sweepers, a little confusing, with no clear culprit, amateurish, but plausible.

Result...
Triumphant, the TSCM team waves their 'find' and goes for a beer.
The real bugs/taps are planted deeper – much deeper.


But wait... This half-baked story should never have hit the press. Something smells.

Porsche went from 0 to 60 in filing their police complaint.

Normally, corporate eavesdropping finds are kept quiet and investigated further. When enough evidence is gathered to actually prove something, the police might be called. Publicity undermines stockholder confidence.

Amateur? Yes. But, is it the eavesdropper who should wear that moniker? If what appeared in the press is really the truth, characterize the handling of the case as amateur.


Other possibilities...
• Porsche planted the eavesdropping device themselves. A PR stunt – thinking it would somehow enhance their business bargaining position.

• The baby monitor bug was planted by the TSCM technicians to make themselves look good. (When a TSCM team presents evidence of bugs they should also volunteer for polygraph testing. My guess is they won't.)

The rest of Strafor's Porsche bugging analysis is accurate...
"The use of a security contractor to employ technical security countermeasures (TSCMs)* was not only a smart move by Wiederking in 2007 (a previous eavesdropping problem), but a wise decision for other players in today’s corporate environment. Industrial espionage is a common occurrence in the modern business world."

Espionage is foreseeable.
When was the last time you checked for bugs? ~Kevin
* This should read, "technical surveillance countermeasures (TSCM)"