Wednesday, December 31, 2008

Lecture - “Electronic Eavesdropping on the Presidents — and Living to Tell About It”

Vero Beach Museum of Art’s
2009 Distinguished Professor Lecture Series

Feb. 18: George H. Gilliam, University of Virginia,
Electronic Eavesdropping on the Presidents — and Living to Tell About It

Budget Booster #493 - Economic Espionage, UP

"The Cold War is not over. It has merely moved into a new arena: the global marketplace." -- The U.S. Federal Bureau of Investigation

The U.S. Federal Bureau of Investigation also notes that foreign competitors try to find economic intelligence in three ways:
1. Aggressively targeting and recruiting susceptible people, often from the same national background, working for domestic companies and research institutions.
2. Hiring or bribing people to steal information, search through dumpsters and tap telephones.
3. Setting up seemingly innocent business relationships between foreign companies and domestic enterprises to gather economic intelligence including classified information.

During a recession, expect external and internal problem to increase...

Twelve Internal Spybusting Tips...

1. Recognize the threat. Economic espionage is more likely to happen if your business isn't prepared. Once the risk is acknowledged, management must take an active role in ensuring that the company puts into place tactics to effectively combat theft. Prime example.

2. Know the criminals' methods. Confidential information is often stolen, concealed or carried away. Data can be copied, duplicated, sketched, drawn, photographed, downloaded, uploaded, altered, destroyed, replicated, transmitted, delivered, mailed, communicated, or conveyed.
(Electronic eavesdropping is also common and very effective. Fortunately, you can discover it easily.)

3. Monitor database access logs. Many fraud detection engines can be used to keep an eye on the number of times a database is accessed, as well as the number of documents that are printed by each user.

4. Encrypt electronic files so that they cannot be read or taken off the premises.

5. Mark as confidential any sensitive documents, photographs and sketches.

6. Prohibit photocopying of trade secrets and other sensitive company information. Consider forbidding cameras on the premises, including those included in cell phones.

7. Remind departing employees during exit interviews of their obligations and your company's trade secret protection policies.

8. Warn all staff to change their passwords if there is the slightest chance they may have shared them with a former employee. Colleagues often share passwords even when that practice violates an enterprise's policy.

9. Coordinate denial to both the building and computer accounts as soon as an employee leaves the business. Let colleagues know a person has left the company. Otherwise, they might unwittingly allow a former employee on the premises.

10. Maintain logs of employees in the company who have rights to access trade secrets.

11. Review technical literature, service manuals, press releases and other material distributed outside the company. Similar reviews should be made of regulatory filings and patent applications. Watch what employees disclose at industry trade shows.

12. Consult with a forensic specialist to help your business set up the appropriate infrastructure to detect, classify and protect the intellectual property. Trade secrets are the core of your company. (more)

Occam's razor & TSCM

Occam's razor - a 14th Century principle which states that the explanation of any phenomenon should make as few assumptions as possible. Good advice.

These days Occam's razor is often -
incorrectly - paraphrased as, "All things being equal, the simplest solution is the best." Wrong, because a simple phenomenon - like information loss - may be complex in structure.

Occam's razor is more correctly interpreted as, "Simplify. Consider just essential and relevant elements. Exclude assumptions."

This is the basis of Murray Associates security consulting philosophy.

Historically...
1. Most information losses are caused by people - insiders, not spies.

2. Some information losses are caused by poor security - unlocked desks, not picked locks.
3. A few information losses (the worst, and easiest to discover) are technical - bugs in rooms, not laser beams bounced off windows.


Practical prioritization...

1. Before you accuse people, eliminate the eavesdropping possibility.

2. While doing this, conduct an information security audit.

Upon completion, pin-pointing problem people and bolstering defenses is easy.


It pays to think before acting;
plan before spending money.
A successful plan.
~Kevin

NSA patents a way to spot network snoops

The U.S. National Security Agency has patented a technique for figuring out whether someone is tampering with network communication.

The NSA's software does this by measuring the amount of time the network takes to send different types of data from one computer to another and raising a red flag if something takes too long, according to the patent filing. (more)

The first thing that everyone asks is, "If this was developed with taxpayer money..."

Calm down, your two cents were taken into consideration.
If you are an American taxpayer, you own a piece of this...
Assignee: The United States of America as represented by the Director, National Security Agency (Washington, DC)

"Are there any entry-level TSCM jobs?"

Not very many,
but here is one...

PRINCIPAL DUTIES AND RESPONSIBILITIES
The Technical Security Specialist responsibilities including, but not limited to:

• Review and make recommendations for technical security upgrades design based on counter-threat plans, physical security and technical security policies.
• Providing support services for a comprehensive technical security program designed to protect facilities and employees. Assists in developing and reviewing technical security designs for facilities. Providing input/review of proposed policies.
• Working under the direction of a Sr. TSCM specialist, to advise, and assist program office personnel on matters of technical security policy, procedures, and regulations.
• Conducting technical security needs surveys for preventing unauthorized access to facilities and possible loss of life or classified information. Providing a report of findings for each survey conducted...

REQUIREMENTS
The Technical Security Specialist shall possess the following background, knowledge, and skills... (
more)

Tuesday, December 30, 2008

1957 - How To Tap A Phone

Over 50 years ago, Mechanix Illustrated magazine promised us flying cars and ways to tap phones.

Guess which one people-of-the-21st-Century are doing today...

"There are many ways to tap a phone... used to great advantage at home or in the office." (more)

Alert: DECT Hacked

Heise Security is reporting that... researchers in Europe's dedected.org group have published an article (pdf) showing how to eavesdrop on DECT transmissions, using a PC-Card costing only EUR 23. The DECT protocol is the world's most popular wireless telephony protocol. The standard is also used in baby monitors, emergency call and door opening systems, wireless debit card readers and even traffic management systems. There are hundreds of millions of terminals using the DECT standard. Also announced, the next version of the WLAN sniffer, Kismet, will support DECT, thereby rendering tricks with laptop cards superfluous. (more)

Rare: A Bugger Speaks Out About His Craft

Today, the technologies for communications monitoring and recording conversations are so advanced, practically unnoticeable, and easily available...

An electronics technician from Skopje (Macedonia) who is selling these devices has had a very unpleasant experience with the victims of his clients. He insisted that we do not publish his name.

I’m only making these devices, and I am not responsible for how people are using them. My “bug” has a range of 50 meters, and the recording can also be heard on a mobile phone. It is recording excellent on an FM-radio frequency, except when waves from the radio stations in Skopje are causing interference – he says, while showing us the small transmitter...

“A professor from a gymnasium in Skopje called me. I could feel the anger in his voice. He caught his students cheating during an exam by using my “bug”. What can I say; I am not encouraging children to do this. I also explained to him that there are also other young electronics technicians, who are manufacturing transmitters” he said.

Let me be clear, I am not selling these devices so that they could be abused. Some people are using my “bugs” to discover marital infidelities. Sometimes people are calling me, as if I had placed the device. I want these devices to be used for noble purposes, so that mothers could hear their babies crying, for instance. I am even prepared to give one of my bugs to each mother with twins, he added.

The devices of the Macedonian electronics technician are just part of the technological array of devices that can be used for eavesdropping. Almost all of the mobile phones have voice recorders. The new voice recorders are so small that they can be hidden in one’s sleeve. Online store “e-Bay” and other websites are selling mobile phones worth up to 1,000 euros that can be used to eavesdrop on other mobile phones. Hacker websites on the Internet are offering small programs for free, that can be sent via e-mail, that are afterwards sending back usernames and passwords of the email’s user to the original sender. The list is quite long. There are even so called “spy shops” in the USA. (more)

Monday, December 29, 2008

Security Budget Cuts Cost More Than They Save

• "If it were to become manifest just how routinely hugely sensitive corporate and governmental data is being hacked, I can guarantee that none of us would rest easy in our beds again."

• "Sixty percent of office workers faced with redundancy or the sack admit they will take valuable data with them, if they could get away with it! 40% are downloading sensitive company secrets right now under their bosses nose in anticipation that they could lose their job."

• "Sixty-two percent of workers admitted it was easy to sneak company information out of the office."

• "In the wake of the recession, more businesses are facing a growing financial threat: employee theft. New research shows that employers are seeing an increase in internal crimes..."

• "More than half the workers surveyed who admitted to already downloading competitive corporate data said they would use it as a negotiating tool to secure their next post because they know the information will be useful to future employers."
To read the whole story behind each of these quotes, visit: interopsgroup.com

Thus proving, if they can read, they can spy...

"Password guessing is hard work. Why not just sniff credentials off the wire as users log in to a server and then replay them to gain access? If an attacker is able to eavesdrop on Windows login exchanges, this approach can spare a lot of random guesswork. There are three flavors of eavesdropping attacks against Windows: LM, NTLM, and Kerberos.

The most capable of these programs is Cain, which seamlessly integrates password sniffing and cracking of all available Windows dialects (including LM, NTLM, and Kerberos) via brute force, dictionary, and Rainbow cracking techniques..." (more)
Excerpt from the 10th anniversary (6th edition) of Hacking Exposed, published by McGraw-Hill/Osborne, "The World's Best Selling Computer Security Book." That's a lot of spy potential.

iPhone Warning

report via the33tv.com...
It seems the Apple iPhone is everywhere. However, an iPhone can become a Spyphone allowing others to secretly monitor the user's calling, web browsing and texting. Mobile Spy is iPhone monitoring software that can now be downloaded...

An attorney has some fears about it.

Clint David said,"What it's really for is monitoring spouses and girlfriends. That's fine, there's only one problem. If you use this product improperly it's a federal and state criminal offense. It's called wiretapping. ... If that special someone gives you an iPhone you want to make sure that it's not booby trapped and if you want to want to make sure that iPhone it's really a spyphone." (
more)
Although iPhone was discussed here, the same applies to other smart cell phones as well.

Spybusters Tip #387
Keep in mind that this only for 2nd generation iPhones (3G), and it only let's the spy see a log of calls and SMS text messages. There is no eavesdropping on the call itself. Installation requires "jailbreaking" the iPhone first.

The manufacturer's spyware removal instructions.
(Not yet updated to include iPhone, but should be soon.)
~ Kevin

Travel Alert: Bugs & Wiretaps in Turkey

Turkey - Head of the Computer Engineering Department of Gazi University, Professor Şeref Sağıroğlu, warned against the high risk of being bugged in Turkey and the abundance of wiretapping programs used to this end.

"Wiretapping programs are ordered over the Internet in Turkey. They are sent to your address for $45. Anybody may find computer keyboards used for bugging purposes for YTL 800. Wiretapping earphones are only YTL 1,200. There are more than 500 wiretapping programs in Internet and can be downloaded for free," Sağıroğlu claimed while briefing a parliamentary commission established to examine allegations that a top Republican People's Party (CHP) member had been bugged. (more)

Saturday, December 27, 2008

On spying on teenagers:

via the Washington Post...
On spying on teenagers:
The sooner children learn that electronic communications are not private, the better off they will be... I tell my children that I will review their computer and cellphone communications routinely, as may school administrators, coaches, employers, potential employers, college admissions officers and law enforcement officials. If my kids don't want me to read it, then they shouldn't type it. If they don't want their grandmother to see it, then they shouldn't write it. Or, if they don't want 46 million people to see a message, they shouldn't post it on a Web site... It's not spying. It's raising your children to act responsibly in our electronic world. Teach children not to expect privacy on the computer or their cellphones. (more)

Confession: Police Admit Mistake

Police acknowledge bugging minister
UK - Police in England are accused of overstepping their bounds by detaining Member of Parliament Damian Green, a shadow immigration minister. Officers were investigating a leak from the Home Office... The Metropolitan Police confirmed that Green's interview was tape recorded without his knowledge but with the best of intentions. (more)

Confession: Police Admit Mistake II

UK - Police have admitted they acted wrongly during an operation... Officers set up spy cameras in a convenience in New Brighton last year after attendants reported concerns about the behaviour of some men using it. After a series of high-visibility patrols, police hid the two tiny cameras in the urinal area of the toilets, one at head and one at waist height. Cameras were also set up outside the Harrison Drive block to detect car registration numbers. ...chiefs said things would be done differently next time. (more)

Confessing? Don't phone it in...

Bugging fears thwart sinners' confessions
Egypt's Coptic pope has banned the faithful from confessing their sins to priests over the telephone because intelligence agents might be listening in... The leader of the Coptic minority also said confessions over the Internet were invalid because they might be read by web surfers... The Vatican does not recognise confessions by telephone or over the Internet. (more)

Thursday, December 25, 2008

Alert - Dot Com could really be a Dot Bomb

You receive an email containing interesting news.
It ends with, "Learn more. Visit our website. Link below."
The link is an attachment named, "OurGreatSite.com".
You're interested. You click it.

BOOOOOOOOOOOOMMMMMMMM

Oooops!
You forgot that ".com" is also an old MS-DOS executable file extension.
Some .com's mean business. Other .com's mean monkey business.

Thank goodness you updated your virus protection recently.
You did, didn't you?

FREE - PC Pandora Gives Away their Spyware

via AppScout...
"David Pogue at the NYTimes.com reports that Pandora Corp. is giving away PC Pandora Version 5 for a week starting on Christmas morning, until they hit 50,000 copies (or until 11:59 PM on January 1, 2009, whichever comes first). The software usually runs $70 bucks. To get it you have to use the code PCPANDORAGIVEAWAY.


The company describes the software as "an invisible TiVo" for the PC, recording every email, IM, password, and keystroke, all of which you can monitor remotely. Our own Neil J. Rubenking reviewed PC Pandora last January and gave it 3 out of 5 stars. He said the software is not going to control how your kids use the computer, but "if you want to secretly monitor every little thing they do on the computer, PC Pandora will definitely do the job."

Why limit it to kids when you can spy on any user? Give the gift of free snooping this holiday."

Satchel Paige was not always right...

"How old would you be if you didn't know how old you are?"
"Age is a question of mind over matter.
If you don’t mind, it doesn’t matter."

"Don't look back. Something might be gaining on you."

Satchel had a great philosophical outlook when it came to age. Not so great, when it came to competition. Looking back every now and then gives perspective and a sense of where one stands.

Exactfactor understands this, and plays upon your ...Google-envy.

Spy on your competitor's website ranking. Get email alerts when they pass you in rank, when your rank is zooming up or sliding down, and when you reach first-page status. Hey, you can bet they are spying on you!

Wednesday, December 24, 2008

New Security Buzzwords You May Hear in 2009

Baked-in - When security comes as an integral part of a product; as opposed to bolted-on, where a security fix may be applied to the product if desired.

Privileging - Authentication opens the main door, but no longer will you have the keys to the kingdom. It is Privileging which will keep you where you belong once granted entry. No more poking your nose where it doesn't belong.

Autocrypt - The concept of automatic encryption of all data, stored in any system or media.

Privylaws - New laws designed to protect your private data from taking a dump in the wrong place.

Reprivatize - Periodically renewing a high level of privacy. Quarterly eavesdropping detection audits of executive offices, conference rooms and vehicles is one example.

SpyCam Story #504 - Not Licensed to Shoot

A Grand Island photographer, Dennis L. Beins, has been charged with 11 counts of visual depiction of sexually explicit conduct and five counts of unlawful intrusion...

The warrant listed numerous items seized from that address, including a Sony AM-FM clock radio with a hidden camera that was removed from a dressing room. (more) (video)

Surprise! Chinese Art Form to Become Illegal

China is cracking down on hackers, making penalties a lot tougher. New laws mean that hackers could face up to seven years in jail, according to those unbiased watchdogs of the People, the State media.

The current law only allows punishment for hacking into government, defence or science computers. Private companies are fair game, which has made corporate spying an art form.
(more)

Tuesday, December 23, 2008

TIme to break out a Tabua

Fiji's interim government has expelled New Zealand's acting high commissioner, Caroline McDonald. Ms McDonald was summonsed to Fiji's Foreign Ministry on Tuesday afternoon and was told she has been declared "persona non-grata", and has been given one week to leave the country...

The expulsion comes a day after Fiji accused Australia and New Zealand of tapping telephones.
He also accused the two nations of using Fijian staff in their high commissions to spy. (more)

Monday, December 22, 2008

Sunday, December 21, 2008

SpyCam Story #503 - WatchCam

"Nothing like a spycam that screams, 'Look at me! I'm dorkey!'"

No, no, no... Give it a chance.
Think Transformer!
The seller says so...

MP4 Player + Music Player + Video/Voice Recorder + Digital Camera + Digital Watch + Photo Album + E-book reader + PC Camera!!!

"MP4 Watch + Video Camera is a novel and fashionable design Portable Media Player (PMP) device. Just plug and play into USB port to transfer music files and data. Save all your media files on your wrist, you can listen to music, watch movies, take photos, record voices and videos wherever you go.

With Internal Speaker, you can share your lovely videos with your friends!

Moreover, you can plug it into your PC as a Web camera, convenient to use. Enjoy the high-tech life on the go!"

1.8" TFT screen, 160*128 pixel image
MP4 Player + Music Player + Video/Voice Recorder +Digital Camera + Digital Watch + Photo Album + E-book reader + PC Camera, all in one featured product
Built-in 8GB flash memory
Built-in Video Camera - Photo resolution: 640 x 480, Video Resolution: 352 x 288
Built-in speaker
PC Web Camera feature
MP4 watch, support MP4(AVI/3GP) video
Shows time/date and watch design is outstanding
Supports MP3, WMA and MP4(AVI) format, up to 8 hours of music playback
Supports JPEG format, also displays lyrics and picture
High-quality digital record, song circulation function and support several languages
5-equalizer modes: common, popular, rock classic, jazz
E-book browse function
USB 2.0 High Speed transfer
Auto Power Off Function
Package Contents:
MP4 Watch + Video Camera
USB Cable
Earphone
Driver CD
AC adapter
User's Manual
$129.00 (seller)

Laugha while you can, monkeyboy. Some day this will be super camp, and worth much more. Seriously. Remember the first TV wristwatch? (Seiko, 1982) Occasionally these turn up on ebay and sell for more than they originally cost.

Spy-Fridge - Coming soon to a steet near you.

Philadelphia - "In case you haven't been wandering around the east side of Broad Street in Center City recently, the neighborhood has been sprouting refrigerator size boxes at every signalized intersection.

They're part of a Streets Department project to digitize the traffic signals throughout the city, but thanks to the Department of Homeland Security the new system is three times the size of the old pole-mounted controls, requiring a 67-inch free-standing box.

The reason? The boxes were made bigger so they could hold the computer equipment for a future surveillance network."
Inga Saffron - architecture critic for the Philadelphia Inquirer.

Saturday, December 20, 2008

FutureWatch Update - Stolen Cell Phone Alarm

Reportedly, coming soon.
Now in Beta - Available upon request.
From the inventor's web site...

Maverick Secure Mobile (MSM) is a security application.

Secure mobile helps you protect your data, track your stolen device, retrieve your phonebook & disable the stolen device remotely. The application works in hidden mode and cannot be viewed in the device...

1. Protects Your Data In case of theft/loss, the moment SIM change is detected, Secure mobile will encrypt all the data on the device like the phonebook, images, messages etc.

2. Track Device In case of loss/theft the application will send the phone number, device id, country code, operator name and area code(location) to the reporting device through sms. Secure Mobile will also report about activities performed on the stolen device via SMS; like Outgoing Calls made, etc.

3. Retrieve Phonebook The most important data on any device are the contacts. Using MSM one can retrieve phonebook from the stolen device.

4. Spy Call Spy call will switch on the loudspeaker & mic of the stolen device remotely, so that the caller can actually listen to the conversation other person is engaged in. This call will not give any notification/ ring to the stolen device.

5. Raise an alarm and disable the phone To disable stolen device remotely, send sms = hang from the Reporting device to the stolen device, and it will raise an alarm and start playing a loud Siren. MSM will also display a customized message.

6. Data Back-up Secure Mobile has a distinctive feature of incremental Data Back up. Using this feature one can back up all the data from the device to secure remote server using GPRS. So now all your data is very much secured and you can retrieve it without any hassle. All the above mentioned features can be used even if the SIM is not changed,
a. In case the device is lost by sending SMS “Activate” from the reporting device.
b. For Parental control of child’s mobile device by sending SMS “Track” from reporting device (more) (
videos)

Spybusters Tip #387 - FREE Internet Encryption

Traveling executives take note...
Public networks (both wired and wireless) are great. However, the danger to your personal data exists even if you connect to a fee based open network. Your passwords, credit card numbers, and any data you send can be seen and associated with you personally.


Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internet gateway. This impenetrable tunnel prevents snoopers and hackers from viewing your email, instant messages, credit card information or anything else you send over the network. Hotspot Shield security application is free to download, employs the latest VPN technology, and is easy to install and use.

Hotspot Shield runs on:
Windows Vista
Windows XP
Windows 2000
Mac OS X (10.5 Leopard)
Mac OS X (10.4 Tiger)
iPhone
(more)
Hotspot Shield slightly increased page loading times in my tests. Given the increased level of privacy, the trade-off is well worth it. ~ Kevin

Kids Spy Camp

UK - Give your kids the time of their lives at spy school. They will learn how to operate hidden cameras, bugging devices and radio equipment, take part in a shoot-out using state of the art laser tag guns, dodge laser beams to crack open the safe against the clock, learn how to quick draw their pistol from a holster and finally crack codes to de-activate the bomb as the clock ticks away. Can they crack it before time runs out? Only those with stealth, agility and cunning will find out! Location: Buckinghamshire (more)
Looks like my future is secure. ~ Kevin

Corporate Espionage: Husband Spy

Matthew C. Devlin, a former Lehman Brothers broker who gleaned tips about pending mergers from his wife, a partner at a high-powered public relations firm, has been charged in a wide-ranging insider trading scheme that earned $4.8 million in profits for several people including a former Playboy model and two lawyers, authorities said.

The SEC said Devlin took secrets from March 2004 through last July about more than a dozen pending mergers and acquisitions from his wife, Nina, a partner at Brunswick Group LLC, an international public relations firm.

Attorney Jim Benjamin, who represents Nina Devlin, said her husband obtained the information without her knowledge by being close to her and monitoring her travel schedule.

The SEC said Devlin gave the secrets to his clients and friends, including three who worked in the securities or legal professions. (more)

The Casanova Tour of Venice

...The route to Casanova's cell ran through the original offices of the republic's most powerful bureaucrats. One door led to the chancellor's little no-frills cubicle; it was made with special hinges to create an airtight fit in order to prevent eavesdropping. Next came the State Inquisitor's Room. Then the Torture Room, where prisoners had their... (more)

"NAL UM NFL"

Snitch Culture continues to spread...
Many of the National Football League's 32 teams have implemented a new text-messaging system that allows fans to report disruptive conduct to security. Although fans can still complain to an usher in person, the text messaging system allows fans to alert security without missing any of the game or getting physically involved in a conflict. Teams are asking fans to help identify disruptive behavior as part of a league-wide initiative to crackdown on fan misconduct. (more)

Friday, December 19, 2008

Want to spy? Offer to build their network!

Australia - National security concerns about Chinese espionage could threaten the new frontrunner for Australia's $15 billion publicly backed national broadband network.

Security agencies will closely examine the bid lodged by Singtel Optus, which is believed to propose the involvement of Chinese telecommunications equipment-maker Huawei Technologies to help build its network.

Huawei was the subject of a US congressional investigation on national security grounds this year after legislators expressed concern about its links to the Chinese military and intelligence apparatus. The concerns led Huawei to withdraw from its joint $US2.2billion ($3.3billion) bid to buy a stake in US internet router and networking giant 3Com. (more)

Employee vs. Boss = Spy vs. Spy

A cautionary tale, excerpted from...
Chained Exploits: Advanced Hacking Attacks from Start to Finish
"Phoenix knows that Mr. Minutia has been spying on him for some time now. Phoenix sees Mr. Minutia at his desk, shuffling through papers, whenever he leaves his desk to go to the copy machine. Phoenix notices Mr. Minutia walk over to his desk whenever he is on the phone to eavesdrop on his conversations. Now Mr. Minutia has taken it to the next step by reading all of Phoenix’s e-mails and reviewing the Web sites Phoenix views.

The word hypocrite echoes in Phoenix’s mind. He knows his boss spends the majority of his time at work surfing the Internet. Phoenix is not sure what his boss is looking at, but Phoenix is determined to find out because he suspects it might not be work related. Then Phoenix can approach Mr. Minutia with a taste of his own medicine and expose his Internet-surfing habits. Phoenix begins to plot how he is going to spy on his boss." (more)

Make sure your employees are not spying on you.
Hey, there are textbooks writing about this.
Inspect for electronic surveillance regularly.

Amazing Stories #101 - "Chief speak with forked tongue?"

NC - The state auditor's office has more than 234 laptop computers that lack encryption software to guard against security lapses, a political newsletter reported today.

The Insider, an e-mail newsletter published by The News & Observer, cited correspondence from George Bakolia, the state's chief information officer, showing that the software has not been a high priority for the auditor's office.

Bakolia's office issued standards in December 2007 calling for state agencies to put encryption software on laptops. (more)
via Forbes magazine...
On Thursday researchers at Finnish cybersecurity firm F-Secure said they have spotted the first known instance of iPhone "spyware" called Mobile Spy, a piece of commercial software that sells for $99 a year. (more)

Watergate's 'Deep Throat' Dies

W. Mark Felt, the former FBI second-in-command who revealed himself as "Deep Throat" 30 years after he tipped off reporters to the Watergate scandal that toppled a president, has died. He was 95. (more)

Thursday, December 18, 2008

This Man Is Wanted...

...by you, if you have a computer network to protect.
His name is Gideon J. Lenkey.
This is his story...

"The job starts like any other. We park down the street so we can just barely see the target. We wait patiently to get the rhythm of the smokers popping in and out of the side door. Waiting until no one's there, we walk up, holding cigarette butts (neither of us smokes) and wait for the door to open. Crush the butt into the ash tray, nod to the person holding the door, and we're in. Now to find an empty office or conference room -- any place we can access the company network.

This time we're lucky -- there is a dark conference room not far from the smoking door, so we don't have to walk the halls for very long. We go in, close the door, there is a PC in the corner as there usually is these days. We're almost done, I think. In 15 minutes we'll be back in the car snickering about how easy it was and suggesting that stupidity should be more physically painful..."
What happens next is not what you expect. (more)

First iPhone Spy Software Hits the Market

Retina-X Studios, LLC, announced today the immediate availability of Mobile Spy for the Apple iPhone. Using this groundbreaking iPhone spy technology, users can silently monitor incoming and outgoing text messages (SMS) and call information of children or employees - even if activity logs are erased. (more)

Spybusters Tip #387
Keep in mind that this only for 2nd generation iPhones (3G), and it only let's the spy see a log of calls and SMS text messages. There is no eavesdropping on the call itself. Installation requires "jailbreaking" the iPhone first.

The manufacturer's spyware removal instructions.
(Not yet updated to include iPhone, but should be soon.)

Ring, ring, it’s Rod

Press ‘3’ for corruption
You can no longer buy a Senate seat from Illinois Gov. Rod Blagojevich, but you can buy “his” ringtones. FunMobility.com, a company based in Pleasanton, Calif., has released five new “Blagotones”... Two of the funniest ringtones are called “Wiretap” and have such quotes from an impersonator saying, “If I don’t get what I want ... I’ll just take the Senate seat myself” and “Our recommendation is to fire all the [expletive] people ... and get us some editorial support” (referring to Blagojevich’s alleged attempt to pressure the Chicago Tribune). (more)

This was my first close look at the ringtone biz.
Did you know these things cost $8.99 ...per month!?!?
Sorta takes the edge off of
Blago's alleged crimes.

Thus, the hunter becomes the hunted...

Germany - German prosecutors on Wednesday said one person has been arrested in a scandal at Deutsche Telekom AG that involved monitoring managers' call records to track possible leaks.

Media reports have identified the suspect as Klaus T., a former head of Telekom's division for internal investigations. According to the daily Sueddeutsche Zeitung, he is suspected of fraud for embezzlement and authorizing payments for business that violates company policy.
(more)

Spybusters Tip #386 - Your Possessed Computer

Is your computer acting a little freaky?
Are you seeing random mouse movements?
Is the 'caps lock' turning on and off by itself?
Is your computer typing random garbage?
Or, burping up odd phrases?
"Who you gonna call?"
In this case, not us!
Spybusters Tip #386 to the rescue...
Check your USB ports for
this.

Cheney Understands the Power of Eavesdropping

In a chilling, unapologetic interview with ABC News, the vice president did nothing to dispel his reputation as the hardest of hard-liners in the war on terror... Wiretapping? "It's worked. It's been successful," he said, brushing off constitutional quibbles. (more)

No doubt about it. Bugs and wiretaps are extremely effective... which is why businesses inspect their sensitive areas quarterly to make sure electronic surveillance is not being used against them!

Leaks Are Costly ($310,760.00 in this case)

UK - A police inquiry into the leaking of information, which ended with a judge clearing a Milton Keynes journalist, cost £205,000 it has been revealed. (more)
Conversely, preventing leaks is cheap.

SpyCam Story #502 - The Laws Catch Up

Ohio - The State Legislature House Concurs with the following Senate Amendment...
HB 74 SPYING -- To make spying or eavesdropping upon a minor in a state of nudity for the purpose of sexual gratification or arousal a felony of the fifth degree under all circumstances. 93-0 (more)

Wednesday, December 17, 2008

Wiretaps in the land of Nazar Boncuk

TURKEY - Embassies wiretap phone conversations, expert claim. Computer and Program Engineers Foundation head Yılmaz Sönmez has claimed that foreign embassies in Turkey frequently wiretap phone conversations.

Wiretapping is conducted quite easily in Turkey. Even a 17-year-old youngster can do it. Anyone who has YTL 500 ($327.00) can download wiretapping programs available on the Internet. It is foreign embassies that are most busy bugging phones in Turkey,” Sönmez asserted while briefing a parliamentary commission established to examine allegations that a top Republican People’s Party (CHP) member had been bugged. (more)

Tuesday, December 16, 2008

Turning a Blind Eye

UK - Once, Britain was the most watched nation in the world, with more than 4 million CCTV cameras monitoring our every move.

But now in these difficult economic times, it seems that Big Brother isn't actually watching, in fact no one is.

As cash-strapped police forces and councils around the UK are forced to tighten their belts in the recession, CCTV cameras around town centres are being left unmanned as they can't afford to pay anyone to watch out for crime as it happens. (more)

What Does Harry Caul Do On His Vacation?

You might catch him at the Dubai Marriott attending...
ISS World - Hi Tech Criminal Investigation and Intelligence Gathering Conference/Expo 24-26 February 2009

"TeleStrategies invites you and your colleagues to attend Intelligence Support Systems for Lawful Interception, Criminal Investigation and Intelligence Gathering Conference and Exhibition scheduled on 24-26 February 2009 at JW Marriott Hotel, Dubai.
This ISS World program will feature over 91 LEA/Intell Electronic Surveillance and Communications Monitoring Training sessions and over 40 vendors exhibiting the latest in High Technology Network Interception, Intelligence Gathering and Criminal Investigation products."

Five Conference Tracks...
• Lawful Interception Solutions and Products
• Organized Crime, Criminal Investigative Analysis and Intelligence Gathering
• Telecom Call Data Retention and Handoff Solutions
• Mobile Location, Surveillance and Signal Intercept
• LEA/Intell/DoD Communication Monitoring and Surveillance Training
(more)

Q. What Do Former Spies Do?

A. Freelance spying!
The recent cyber attack on the U.S. military's classified computer network has been traced to a front company run by several former Russian KGB or Federal Security Service spies... (more)

Monday, December 15, 2008

Hollywood Wiretapper Gets 15-Years

CA - Hollywood's disgraced private investigator to the stars shuffled in shackles into a federal courtroom Monday and was sentenced to 15 years in prison in a celebrity wiretapping scandal.

The sentence was close to the 16 years sought by federal prosecutors.
U.S. District Judge Dale Fischer ordered Pellicano to forfeit $2 million. The judge did not give the former sleuth credit for time served, meaning he will serve nearly all of the sentence.

Dressed in a green jailhouse jumpsuit, Anthony Pellicano, 65, blew a kiss to family members as he was led into court. (
more)

HD Spycam Truly Crushes Employee Morale

via Wired...
The PR company's email begins thus: "You've never seen a camera like this." And it's true. The Digital Window from Scallop Imaging is a rather neat mix of hack and paranoia, a device cobbled together from five cellphone camera lenses, an Ethernet powered box and software which stitches the whole lot together for a seven megapixel, 15 frames per second, 180º view.

To further increase employee paranoia, you'll never know when the camera is looking at you. Because of the 180º view and high-definition, a digital zoom combined with digital pan mean the the cameras never move when looking around. (more) (more) (manufacturer)

Sunday, December 14, 2008

World's Greenest & Cheapest Shredder

"Fast, efficient and easy to use, these 10-bladed scissors cut and shred at the same time. They slice through credit cards, destroy personal documents, paperwork, and bills so no one can see your discarded private information." (more)

Wiretap Victims Lash Out at PI

CA - Hollywood private eye Anthony Pellicano isn't the only person imprisoned as a result of his wiretaps of the rich and famous. His victims say they have never been able to free themselves from the emotional and financial fallout caused by his crimes.

A former reporter says she has nightmares about being hunted and raped. A mother copes with her daughter being mocked by other kids and their parents. An actress who once appeared in a popular television series says she has found little work since.

They are among the victims who submitted letters to the federal judge who is scheduled to sentence Pellicano on Monday. The former private eye is in custody after being convicted of a total of 78 counts, including wiretapping, racketeering and wire fraud, in two separate trials earlier this year. (more)

Saturday, December 13, 2008

Business Espionage: World Cup Spying

Egyptian club Al Ahly's coach Friday angrily accused Mexican side Pachuca of spying on a team training session ahead of their crucial Club World Cup clash. "Three spies from Pachuka came to inspect our practice today. It's not fair. We didn't watch their practice. It's not fair," said coach Manuel Jose after their training session on Friday. (more)

FutureWatch - Eavesdropping's Future, Mindreading

Researchers at ATR Computational Neuroscience Laboratories in Kyoto, Japan, say they've developed new analysis technology that can reconstruct the images inside a person's brain and display them on a computer screen, according to Pink Tentacle, an English-language blog that covers news from Japan. Pink Tentacle picked up the info from Japan's Chunichi Shimbun daily newspaper...

Although the technology is still in the early phases of development, it paves the way for applications that until now have only been the stuff of science fiction, such as reading minds for interrogation purposes, eavesdropping on dreams as people snooze... And researchers at the University of Sheffield in England believe that fMRI is more useful than polygraphs, which have been shown to have false positives and negatives, in determining whether someone is lying. (more)

SpyCam Story #501 - Button Your Lip

UK - Teenagers in Cheltenham and Tewkesbury are being fitted with James Bond-style spy cameras in a bid to catch out rogue shop keepers who sell alcohol to underage buyers.

Teenagers are fitted with the cameras, which match buttons on their clothes, by specialist police teams. They are then monitored as they enter off-licences and supermarkets and attempt to buy alcohol. Sounds and images are relayed back to police officers outside the premises who can then take action.


During the past three years Cheltenham and Tewkesbury Police have carried out more than 500 test purchase operations. (more)

SpyCam Story #500 - 500 Failures & Counting

Welcome to the SpyCam Story 500 milestone.
Here, we feature news stories about video spying.

This Scrapbook feature started when a security director asked me, "How can I show my boss electronic eavesdropping is real and I am not just being paranoid?" Interesting problem. There are no 'illegal eavesdropping statistics' to quote.

Keep in mind,
the media only reports spying failures; the one's who got caught. Successful spying is totally invisible. Like commercial airline stories; you never read about the successful landings.

The solution
to the security director's conundrum...
• Track sales of eavesdropping devices.
• Track eavesdropping failures as reported by the media.
• Factor in... Most spycam, bug and wiretap failures are handled privately. They never make it to the lawsuit level, and media attention.
• Factor in... Not all media stories make it to my attention.
• Fac
tor in... Many spycam stories are in such bad taste I exclude them.
Now, we see the tip of the spyberg.

Security directors use this proof to substantiate their Eavesdropping Detection Audit budgets.

And now
(drum roll)...
SpyCam Story #500
Extortionography - From Winehouse to the Big House
UK - The man who sold video footage to a London tabloid showing Amy Winehouse engaged in what appeared to be drug use was sentenced to jail on Friday... Johnny Blagrove, and his girlfriend, Cara Burton, had filmed Ms. Winehouse, without her knowledge and sold the footage to The Sun for about $75,000. Mr. Blagrove and Ms. Burton admitted that they had offered to supply drugs to Ms. Winehouse and other celebrities. The police said that the couple had kept a list of celebrities they planned to record taking drugs. A judge sentenced Mr. Blagrove to two years in prison; Ms. Burton was ordered to perform two years’ community service. (more) (extortionography under U.S. law)

SpyCams - A good reason to conduct Eavesdropping Detection Audits
Why conduct Eavesdropping Detection Audits?
(checklist of sound reasons)
Why are Eavesdropping Detection Audits a standard business practice?
Do other companies conduct routine Eavesdropping Detection Audits?
Why are our Eavesdropping Detection Audits more effective than old-style TSCM?
How often are Eavesdropping Detection Audits conducted? Why?
Describe the Eavesdropping Detection Audit process?
How do I determine what needs to be audited?
What does the media say about our Eavesdropping Detection Audits?
"I think I found a bug; what should I do?"

Friday, December 12, 2008

Putin's Mountain of Spies & Google's New Eyes

There were no tigers to catch, and it's not really the right season to be fishing shirtless, so Russian Prime Minister [ex-spymaster] Vladimir Putin renamed a mountain this week. There is a 10,788-foot peak in North Ossetia that had previously been without a name. Putin claimed naming rights, dubbing it the Peak of Russian Counterintelligence Agents, seriously, naming it after the country's spies. (more)

Meanwhile, Google ogles an eye that spies at 2,233,440 feet!
GeoEye 1, a satellite launched into polar orbit on September 6 that can "see" objects on Earth as small as 16 inches (0.41 meter) in size in black-and-white mode or 64.6 inches (1.64 meters) in color. Images from the GeoEye 1, which stands 20 feet (6.1 meters) high and weighs more than 4,300 pounds (1,950 kilograms), so impressed Google that the Internet search giant plans to add the satellite's high-resolution, digital color photos to Google Earth next month. (more) (sample photos)