Wednesday, December 30, 2009

Dude, ThinkGeek.com ...$22.99 (since 2008)

Japanese researchers said Monday they had developed a "hummingbird robot" that can flutter around freely in mid-air with rapid wing movements. 

The robot, a similar size to a real hummingbird, is equipped with a micro motor and four wings that can flap 30 times per second, said Hiroshi Liu, the researcher at Chiba University east of Tokyo.

"The next step is to make it hover to stay at one point in mid-air," Liu said, adding that he also plans to equip it with a micro camera by March 2011.

The robot, whose development cost has topped 200 million yen (2.1 million dollars), may be used to help rescue people trapped in destroyed buildings, search for criminals or even operate as a probe vehicle on Mars, he said. (more)

Meanwhile, over at ThinkGeek.com...
The Black Stealth features 3-channels, allowing it to go up and down, rotate right and left and move forwards and backwards. Unlike most of the small 2-Channel copters on the market which are always moving forward with somewhat twitchy controls, the Black Stealth is a breath of fresh air. You can actually fly it where you want it to go, it's fairly rugged... and surprisingly it's probably the easiest to fly small copter we've ever taken to the office airspace. (more) (video)

FutureWatch... FleaBots!
Tiny robots the size of a flea could one day be mass-produced, churned out in swarms and programmed for a variety of applications, such as surveillance, micromanufacturing, medicine, cleaning, and more... In the future, the researchers hope to move from building academic prototypes to manufacturing the robot on a commercial basis, which is necessary for overcoming some of the technical issues.

By mass-producing swarms of robots, the loss of some robotic units will be negligible in terms of cost, functionality, and time, yet still achieve a high level of performance. Currently, the researchers hope to find funding to reach these goals. (Ask Mr. Liu how he did it.) (more) (Future flea powder.)

SpyKids... The Cell Phone

from the AT&T Web site...
"AT&T FamilyMap provides peace of mind by being able to conveniently locate a family member from your wireless phone or PC and know that your family's information is secure and private. First 30 DAYS FREE! At the end of the free 30 days, you will automatically be subscribed and charged $9.99 per month thereafter to locate up to two family members or $14.99 per month thereafter to locate up to five family members unless you cancel service." (more)



GSM Cell Phone Encryption Code Broken


A German computer scientist has cracked the encryption algorithm that secures 80% of the world's mobile phones, but it's far from a practical attack.

Researcher Karsten Nohl, a former graduate student at the University of Virginia, revealed his decryption methods this week at the Chaos Communication Conference in Berlin, the largest hackers conference in Europe. Nohl and a team of two dozen other experts worked for five months to crack the security algorithm that protects Global System for Mobile communications.

To break the code, Nohl and the other researchers used networks of computers to crunch through the trillions of mathematical possibilities. The result was the development of a code book comprising 2 TB of data that's compiled into cracking tables. The tables can be used as a kind of reverse phone book to determine the encryption key used to secure a GSM mobile phone conversation or text message.

Before the latest hack, hundreds of thousands of dollars of computer equipment was needed to break the GSM code, mostly limiting hacking to government agencies. Nohl told the conference that someone with the code book could eavesdrop on GSM communications using about $30,000 worth of computer gear, making such illegal activity possible by many more criminal organizations. (more) (a5/1 Cracking Project)

Wednesday, December 23, 2009

Vulnerable VoIP Products Almost Triple Since 2006

VoIP Vulnerabilities, a white paper issued by McAfee Labs, found almost 60 vulnerabilities in voice over internet products, compared to just under 20 vulnerabilities in 2006.

"We can credit part of this increase to better tools for finding VoIP vulnerabilities, yet this upward trend should be largely attributed to the growing number of VoIP installations", the white paper said...

Eavesdropping on VoIP conversations is possible when the default implementation of the Real Time Protocol (RTP) used to carry VoIP traffic is not encrypted, for example. Tools such as VOMIT have been published to dump unencrypted traffic between phones and turn it into playable sound. (more)

Advice from McAffee on eavesdropping attacks... For a superior solution, you should use secure RTP (SRTP), which provides both encryption and authentication. (more)

Tuesday, December 22, 2009

McDonald's... "Over 4 Million Stolen"

Australia - Two men are being extradited to Perth to face charges of stealing more than $4 million from customers at fast food outlets in what police say is Australia's biggest-ever EFTPOS card skimming operation...

Officer-in-charge of the major fraud squad, Detective Senior Sergeant Don Heise, said the skimming occurred through September after the pin pads at the drive-thru counters of more than 20 McDonald's restaurants in the Perth metropolitan area were replaced with compromised machines.

The bogus keypad would then transmit the card's information to a nearby mobile or laptop.

The accounts of 4000 victims have been hacked into after the first withdrawal took place on October 5, with one suffering a loss of about $6000 to $7000.

During October, more than $4 million was stolen from bank accounts, using ATMs in NSW, Victoria, Canada, Great Britain, the USA, India and Malaysia. (more)

The device is the Ingenico PX328 pinpad, a decade-old terminal type, which is not tamper proof. Upgrade, if you got them! (more)

"Talk is over-rated as a means of settling disputes."


Tom Cruise is being sued for allegedly hiring a private investigator to illegally wiretap a magazine editor's phone, according to documents obtained by TMZ.com.

Michael Davis Sapir claims the movie star, along with attorney Bert Fields and jailed private investigator Anthony Pellicano, conspired to spy on him. (more) (more)


Monday, December 21, 2009

The One Minute TSCM Quiz

Our corporate clients are pretty smart. They learn quite a lot when they retain us. (They can ace this quiz.)

Think you know as much about TSCM and spybusting as they do?
Find out, take The One Minute TSCM Quiz.

If our quiz leaves you feeling up a pole, without a clue, you're not alone. Everyone starts that way.  Solution: Retain us in 2010.

Saturday, December 19, 2009

FutureWatch - Video Surveillance Predictions

It is really not too hard to predict the future of CCTV. 
The future is here...

2010 - The end of the "Video Wall"
"Clean and green," is coming to the security center Situational Awareness Center. Video analytics is the brain in the box catalyst of change. 

One human. One screen. One unblinking computer, watching every video feed; analyzing everything it sees and popping it onto the "Situational Awareness Officer's" screen (or internal projection node) only when deemed necessary.

Video analytics is smart. Facial recognition with file linking, movement interpretation, psychological action profiling, letter/number/bar code reading, RFID tag sensor incorporation, intelligent threat assessment, people/vehicle counting, congestion/loitering assessment, and more.

Not impressed yet?
Look at it from management's point of view...
• Lower hardware investment.
• Lower maintenance costs.
• Lower electric bill.
• Lower payroll.
(more)

Scalable Situational Awareness
The Port of Brisbane is turning itself into a 3D video game. Brian Lovell, project surveillance leader, explains...
"You could imagine a single desktop interface that gives you all the information you need at a port, like the Port of Brisbane," he said. "The reason to go single desktop is that is the modern trend. It also means you can provide that information to emergency responders so if there is an incident at the Port of Brisbane you can provide not just the video feed but all the context information to emergency providers like the police, etc.

"What we do is have all the video feeds, which are placed [superimposed] on a 3D texture map surface – sort of like a game of Doom or a video game environment. The beauty of that is you don't need to know the camera numbers or where they are positioned because it is implicit in the display. So if you go, for example, to the oil bunkering facility on the map you just scroll along with your mouse and then zoom in and if there is any video camera present you can see, live, what is happening at that spot. It is a little like Google Street View except when you go in you are seeing a live camera feed." (more)


Slip the Mouse a Mickey
We are rapidly approaching 3D video... no, I am not talking about the kind with the goofy red/green glasses. This 3D will be extremely useful to the person monitoring the "Situational Awareness Center" of the future. No mouse in this person's hand. A tilt of the head will move them around their semi-virtual world. Apple's latest patent clued me in...

"An electronic device for displaying three-dimensional objects, comprising control circuitry, a display and a sensing mechanism, the control circuitry operative to:direct the display to display a three-dimensional object;direct the sensing mechanism to detect the current position of the user; transform the object to appear to be viewed from the detected current position; anddirect the display to display the transformed object."  (this worthwhile video will give you the idea)

Some of these things are already here and the really cool stuff is coming soon. ~Kevin

Thursday, December 17, 2009

The Great Seal Bug - Part II

"The Thing" - World's Most Famous Bugging Device
This
spybusters.com history page now has a Part II.
Here is some background from The Great Seal Bug (Part I)...


"In 1946, Soviet school children presented a two foot wooden replica of the Great Seal of the United States to Ambassador Averell Harriman. The Ambassador hung the seal in his office in Spaso House (Ambassador's residence). During George F. Kennan's ambassadorship in 1952, a routine security check discovered that the seal contained a microphone and a resonant cavity which could be stimulated from an outside radio signal."

Part I explains "The Thing" (as it was originally called), its first public display by Henry Cabot Lodge, Jr. at the United Nations General Assembly, an exploded view of the novel device, background on the inventor - Leon Theremin, and information from confidential sources.

Part II
(released 12/17/09) is about
, John W. Ford, the man who lead the TSCM team (of one) who discovered the device; Joseph Bezjian was his technician. Mr. Ford was well-regarded by diplomats and presidents and had many other exploits during his career. Some of these are included in The Great Seal Bug - Part II. Here is a quick example...
"Scott McLeod, suspecting that a certain safe in the Dept of State contained material compromising and embarrassing to a member of Congress, called in a safe expert to attempt to open the safe, after hours. Damaging the safe drawer beyond repair, and fearing an FBI or police inquiry, the damaged drawer was dumped off the 14th Street bridge into the Potomac."


Stop by, and pass the word. It is a great read.

The Great Seal Bug - Part I
The Great Seal Bug - Part II
-----------
Help document this historic bug in greater detail.
If you have any knowledge, personal recollections, photographs, or know the current whereabouts of the original Great Seal or its bug, please contact me.

And, a big thank you to everyone who has already contributed! ~Kevin

Why ‘In-House TSCM’ Reminds Me of Trepanation

...published this month in WhiteNews
2010 is upon us and TSCM in the United States has changed dramatically since 2000. Yet, once in a while, I still hear from a client who wants to start an in-house electronic countermeasures department!

Seems a quaint notion today. But, who can blame them? In-house efforts were once commonplace. In fact, we used to provide training, and specified instrumentation purchases.

Over these past ten years, the landscape changed and organizations phased out their in-house efforts.
In-house TSCM is pretty much a dead issue now. There are several good reasons for this...

1. These are not your father’s surveillance devices. Eavesdropping and recording devices these days may be purchased in a wide variety of excellent covert disguises. A physical inspection by an amateur (even with training) will miss all but the most obvious surveillance items. Today, an in-house search is barely adequate even for a small company with a few spartan conference rooms. At a multinational corporate headquarters, who’s executive floors are showplaces of technology, an in-house inspection is not just inadequate, it is negligent.

2. Human nature works against an in-house staff inspection. Physical searching is work. It involves bending, stooping, looking under tables. This is not to slight an otherwise excellent staff, but consider the reality...
- If you give someone more work, longer hours, they will
want more money to do it. No money, no serious search.
- If you give someone the job of finding something they can’t recognize even if they see it, they will start thinking “there is nothing to see, so why look.”

You may get them to do it a few times, but it will fizzle out.


3. Unless a technician is active several days each week, the initial training will be forgotten.
Inspecting the same, limited environment is mind-numbing as well.

A few years ago, one of our clients called us in for “advanced” training. They had purchased equipment and initial training from a manufacturer 3-4 years prior. Turned out their spectrum analyzer was working at only 30% sensitivity... and they weren’t aware they had a problem! “It always worked like this as far as I recall.”


4. Executives are sensitive about their privacy.
On one hand executives want protection against electronic surveillance. On the other hand, they would be pleased if this could be accomplished without someone poking around their office... Especially, a lower-level, company employee who has a vested interest in, and understanding of, all the paperwork in their drawers.


Engaging a professional counterespionage research team addresses these issues.

- They know how to look, and what they are looking for.
- Their instrumentation is more likely to be the most current.
- Their searches are focused. They have no interest in company politics, and won’t be there the next day to gossip with other employees.
- They are acclimated to being in executive offices, i.e. they don’t play with the shelf toys.
- Most importantly, a professional team brings with them a wealth of field experience and knowledge that no part-time, in-house “tech” can possibly possess.

An in-house TSCM effort is a mental band-aid that doesn’t adhere well. It can only make the security department look bad in the long run. ~Kevin

SkyGrabber Snags Drone Feeds

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. (more)

FutureWatch - This will be fixed, but it was fun watching the video feeds (here in the U.S.) when drones were first being developed.

Wednesday, December 16, 2009

PI claims "I didn't know" & cops a plea ...zzzzz

FL - A private investigator linked to illegal electronic surveillance of some doctors at the Florida Eye Institute in early 2008 has entered a plea that could spare her jail time. Brenda Doan Johnson, of the 3400 block of Atlantic Boulevard, pleaded no contest on Tuesday as part of a deal reached with the State Attorney’s Office, her attorney, Andrew Metcalf said... Outside Hawley’s courtroom, Johnson tearfully said she apologizes to doctors Karen Todd, Val Zudans and Mark Gambee. “I didn’t know this was illegal,” she said. (more)

Illegal Eavesdropping Indictment for Cop

NY - A suspended Schenectady police officer has been indicted on felony charges of eavesdropping, computer trespass, computer tampering, harassment and stalking in connection with a series of incidents between November 2008 and November 2009. As a result of the indictment, Officer John Lewis has been suspended from the department for a period of 30 days without pay, said Sgt. Eric Clifford. (more)

Wiretap World News

Columbia - Last week’s cover story in the leading Colombian newsweekly Semana—known for investigations that have shaken the core of the administration of President Alvaro Uribe Vélez—revealed further evidence of illegal wiretapping of journalists by the Administrative Department of Security (DAS), the country’s national intelligence service. The article, titled “A handbook for threats,” disclosed outrageous details about the intimidation techniques used by the DAS on journalists it considered dangerous. (more)

Turkey - A long-running power struggle between secular elites and the religiously conservative government in Turkey is back on the agenda, as accusations of illegal wiretappings and a controversial court decision have triggered speculations about possible new efforts by the judiciary to close down the ruling party... government critics claim that the AKP has been eavesdropping on judges and prosecutors in an effort to intimidate them. (more)

Indonesia - A meeting between the chairmen of the Corruption Eradication Commission (KPK) and Communications and Information Minister Tifatul Sembiring ends Tuesday with both sides agreeing to keep cooperating in fixing a draft on wiretapping regulation... “There were two matters discussed [in the meeting], court permission [for wiretapping] and [the establishment] of a national interception center... (more)

United States - Warrantless wiretapping of communications and other illegal electronic surveillance operations are continuing under the Obama administration at levels commensurate with those seen during the George W. Bush administration. WMR has learned from informed sources that the Eric Holder Justice Department is also pursuing a criminal indictment against at least one intelligence agency official for leaking details of the National Security Agency’s warrantless wiretapping program with the previous Top Secret code name of “STELLAR WIND.” (more)

The U.S. Supreme Court yesterday agreed to decide whether users of text-messaging services have a reasonable expectation of privacy in the contents of copies of messages the service provider stores on its network. In a brief order, the justices granted certiorari in City of Ontario v. Quon and USA Mobility Wireless v. Quon, 08-1332 and 08-1472. The Ninth U.S. Circuit Court of Appeals ruled last year in those cases that the Ontario Police Department violated the Fourth Amendment rights of one of its officers and three others with whom he had exchanged text messages on a department-issued pager. (more)

Kenya - A section of human rights organisations have proposed a raft of amendments to the Harmonised Draft Constitution on issues of national security, including limiting the powers of the National Security Intelligence Service (NSIS). ...said the draft should enact provisions which will bar the NSIS from tapping into people’s conversations without obtaining court orders. (more)

Guatemala - Supervisor of Presidential Security Detail Assassinated in Guatemala
The attack is the latest in a series of incidents involving the Secretariat for Administration and Security (SAAS). In September, the director of SAAS was detained on espionage charges following the discovery of covert audio and video recording equipment in the president’s offices and residence. (more)

SpyCam Story #564 - Hokey may go to Pokey

Spain - The owner of a wedding venue and disco in Cazorla (Jaén) has been arrested after police discovered spy cams he had installed in the women's toilets.

C.D.M.V. (30), a local resident of Cazorla and owner of El Clan, a popular local disco and restaurant, installed secret cameras in the stalls of the toilets in the Ladies of his establishment "with the intention of procuring indecent images", according to the police report.

The police say that images from as long ago as the 8th of December 2008 were found on the hard drive. The police operation was launched after a woman discovered one of the cameras and notified authorities.

Police are now attempting to discover if the man was working with any organised group or if any of the images have been uploaded to the internet. (more)

Tuesday, December 15, 2009

Spybusters Tip # 361 - Free Encryped Web Page

Problem: How do you easily send someone a password, confidential list of contacts, bank account information or other confidential data?

Solution:
norbt.com, a free service which creates an encrypted page on the Web for your sensitive message. All you do is send your recipient the URL.

Here is a
sample.
The
first person to report back with the secret answer wins a nice prize. Enter the answer here. (Contest over. We have a winner - BR from MS)

How it works:
Basically, the encryption is done in your Web browser, not on-line. Details here.

Make Your Own norbt:

1. Go to
norbt.com
2. Click "
create a norbt"
3. Enter a "title" for your secret message.

4. Enter a challenge "question" (something only the recipient and you would know)

5. Enter the challenge "answer"

6. Enter the "locked text" you want encrypted.

7. Enter a password so you can edit your norbt.

8. Optional... Enter an email to receive notificaltion of the URL.


Very useful.
Pretty cool.

Free; and donations are accepted by norbt.com.
~Kevin

Monday, December 14, 2009

Christmas Gift List from Weburbanist.com

"15 Cool Hi-tech Spy Gadgets,
Oh Wait…
Creepy Gifts for Stalkers?"
(more)
Nothing new. The usual spy gadgets we warn you about all year.

SpyCam Story #563 - Fed Up

PA - An FBI security officer who videotaped teenage girls as they undressed and tried on prom gowns at a charity event has been convicted of invasion of privacy.

Thirty-five-year-old Charles Brian Hommema of Buckhannon was sentenced Wednesday to six months in jail, but Marion County Magistrate Hank Middlemas suspended that and imposed a year of probation. (more)

Saturday, December 12, 2009

Wiretapping a Video Teleconference

John Kindervag discusses video teleconferencing wiretapping...
"Now while this technology has some real business value there are also inherent security flaws in video conferencing systems running across a corporate network. Because these internal networks are rarely, if ever, encrypted, it is possible to perform an eavesdropping attack on TelePresence or any other similar videoconferencing system.

Recently I was lucky enough to attend a hands-on VoIP and UC hacking class at VIPER Lab VIPER is run by my good friend and former colleague, Jason Ostrom. Jason and his team have been instrumental in developing new research and tools related to voice over IP (VoIP) and unified communications (UC) security. Their live distro VAST is available on SourceForge and contains several ground-breaking UC security tools.

Using one of the tools UCSniff I was able to recreate a scenario similar to the 30 Rock episode and intercept and view a live videoconference in real time. Here is a screenshot showing the UC Sniff tool intercepting a video call between Jason and me:


Anyone with access to your network can use this tool to eavesdrop on your voice or video conversations. This is why VoIP and UC security is so critical. Any unencrypted call is susceptible to this attack. Imagine that your employees can now listen in as your CEO discusses potential mergers or acquisitions. The risks are real but UC security is often overlooked." (more)

Supper Club Sale Reveals Owner's Bugs

Clarence Hartwig's Gobbler Supper Club, icon of Wisconsin, is heading for auction...
"Whoever buys the building will also get a few dozen gold-colored listening devices that were installed throughout the facility by Hartwig so he could eavesdrop on his employees..." (more)

Throw a dart at the map... Ok, Malmö, Sweden...

Cops bug wrong number. Listen for hours. (more)
Meter Maids put spycams in their caps. (more)

Friday, December 11, 2009

Just when you thought there was no place they haven't thought of for hiding a spycam...

...they present (rim shot)...
The Toilet Brush Hidden Spy Camera with Built-in Digital Video Recorder!

And now, the marvelous copy that could only have been conceived and written in a little factory, around the corner and down the block, somewhere in the Far Far East (rim shot)...
"This is a ultra-small digital spy camera that hidden in a toilet brush, it looks like an ordinary toilet brush, but it has a very powerful function, the most interest is that it internally hides a smallest camera DVR, it does not need any external plug-in card, built in memory 8GB itself, can work up to 4-5hours. there is time date stamp for the record, you can get the most authentic evidence for a variety of illegal behaviour.ideal for CIA agents, police, detector, and spy agency.this products is only developed by omejo for special offers." (more)

Why do I mention it?
So you will know what you are up against.

How to Properly Redact a PDF

When it comes to breaking into protected information, the NSA is the place to go. They know the tricks. They can also tell you how to keep your information secure. In a nutshell: Don't redact, sanitize.

Download their pdf...
Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF - Information Assurance Directorate, National Security Agency

I couldn't find anything redacted in it, but I am still suspicious about the second page.

Tuesday, December 8, 2009

TSA Document Leak - pdf Redaction Problem

Government workers preparing the release of a Transportation Security Administration manual that details airport screening procedures badly bungled their redaction of the .pdf file. Result: The full text of a document considered “sensitive security information” was inadvertently leaked.

Anyone who’s interested can read about which passengers are more likely to be targeted for secondary screening, who is exempt from screening, TSA procedures for screening foreign dignitaries and CIA-escorted passengers, and extensive instructions for calibrating Siemens walk-through metal detectors.

The 93-page document also includes sample images of DHS, CIA and congressional identification cards, with instructions on what to look for to verify an authentic pass. (more)

"The Point," for our clients - Be careful when using the redaction feature in Acrobat (especially the earlier versions). Redacted .pdf files can be hacked. Of course, keep your counterespionage strategy up-to-date to reduce leak loophole vulnerabilities.

Wi-Fi Hacker Helper...

...Time to upgrade your Wi-Fi encryption.
For $34, a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes,
its creator says.

Launched today, the WPA Cracker service bills itself as a useful tool for security auditors and penetration testers (and lazy hackers who seek easy access to your system) who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, which are used by some home and small-business users. (more)

First Came the Annoying Cell Phone'er

Then came the cell phone detector.
Then came the
cell phone jammer.
Then came the
cell phone jammer detector?!?!
"What next?"

Take Written Notes Next Time

NH - Anthony De La Pena, 37, of 668 Raymond St., Elgin, was arrested Monday on charges of felony eavesdropping and misdemeanor charges of obstructing and resisting a peace officer. De La Pena on Sunday allegedly recorded a verbal exchange between himself and an Elgin police officer without the officer consenting to be recorded, according to police reports. (more)

New Hampshire law requires all parties to a recording to consent to the recording.

Sunday, December 6, 2009

An Information Leak Can Even Make a Nobel Prize Winner Look Stupid

This is about information leaks, not about the global warming debate. Leaks can happen in any organization. The effects can be devastating, as this current event shows...

Cause
A leading climate change scientist whose private e-mails are included in thousands of documents that were stolen by hackers and posted online said Sunday the leaks may have been aimed at undermining next month's global climate summit in Denmark... About 1,000 e-mails and 3,000 documents have been posted on Web sites and seized on by climate change skeptics, who claim correspondence shows collusion between scientists to overstate the case for global warming, and evidence that some have manipulated evidence. (more)

Effect
Climate campaigner Al Gore has canceled a lecture he was supposed to deliver in Copenhagen. The former vice president and Nobel Peace Prize winner had been scheduled to speak to more than 3,000 people at a Dec. 16 event hosted by the Berlingske Tidende newspaper group. The group says Gore canceled the lecture Thursday, citing unforeseen changes in his schedule. (more)

A good counterespionage strategy will help you avoid problems.

Computer Stolen from Blagojevich's Attorney

Evidence in the Rod Blagojevich corruption case may have been stolen when burglars broke into the Chicago law firm representing the former Governor. They got away with eight computers and a safe which could have copies of those secret wiretap recordings provided by the F-B-I.... Blagojevich's attorneys don't think it will impact the June third trial date. (Stop snickering.) (more)

Street crime, or political espionage? You decide.

The Future of GSM Digital Cell Phone Taps

If you're still using a cellphone based on early digital standards, you better be careful what you say. The encryption technology used to prevent eavesdropping in GSM (Global System for Mobile communications), the world's most widely used cellphone system, has more security holes than Swiss cheese, according to an expert who plans to poke a big hole of his own.

Karsten Nohl, chief research scientist with H4RDW4RE, a Sunnyvale, Calif.-based security research firm, is mounting what could be the most ambitious attempt yet to compromise the GSM phone system, which is used by over 3 billion people around the world. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. However, Nohl, who earned a Ph.D. in computer science at the University of Virginia and is a member of Germany's Chaos Computer Club (CCC), intends to go one big step further: By the end of the year, he plans to make the keys available to everyone on the Internet. (more) (video - search HAR2009 GSM)

"Go to the Principal's office."

MI - Court papers filed in a federal lawsuit against the Bullock Creek School District allege eavesdropping and violations of constitutional rights... The case was filed by Michael Wittbrodt...

Superintendent John Hill and employee Jeffrey Taylor began to intercept and read e-mails... sent by Wittbrodt to a secretary.


The suit accuses the defendants of eavesdropping on private e-mail communications of others and divulging the contents in violation on the Electronic Communications Privacy Act of 1986, the Federal Wiretapping Act, the due process clause of 14th Amendment of the U.S. Constitution and invasion of privacy. (more)

A "Move on" turns into an Eavesdropping Arrest

IL - A Rogers Park neighborhood man was charged with felony eavesdropping after allegedly taping conversations -- including the voices of officers who arrested him -- without permission while selling art for a $1 Wednesday afternoon in the Loop. (more)

Learn how to make real Dollar Art!

Tuesday, December 1, 2009

New Communications Bunghole Opens Today...

...Tap arrives later.
Sweden - The highly discussed and controversial wiretap law takes effect today. But the signal intelligence agency FRA is far from ready with the technical implementation.


The “FRA law” last year was accepted by the Parliament and gives ‘Försvarets radioanstalt’, FRA ( the National Defence Radio Establishment) legal permission to tap communication cables passing the Swedish national borders, this despite protests by a large public opinion and many experts. (more)

More Powerful than a Santa Claus GPS

USA - One phone company "provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009."

How did they do it?

Automation... "a new, special web portal for law enforcement officers."


How did this leak out?

A company employee "who described it during a panel discussion at a wiretapping and interception
industry conference, held in Washington DC in October of 2009. " (more) (video)

FutureWatch...
This will become commonplace.

UN in Geneva Reportedly Bugged

(via Al-Manar TV - unverified)
"A Swiss newspaper said that a number of UN employees in Geneva have concluded that Israel is eavesdropping on UN court sessions. The Neue Zuericher Zeitung (NZZ) added that bugging devices have been found in the organization’s deliberations room in the Swiss capital.

The newspaper pointed that during regular maintenance procedures on the electrical network, three years ago, two bugging devices were found in a room set for the UN Disarmament Committee meetings. It added that ‘secret’ meetings were also held in the room over the Second Gulf War and the assassination of former Lebanese PM Rafik Hariri.

NZZ revealed that other spying devices have also been found in other parts of the building, including courtrooms...

UN security experts estimate that the planting process might have taken at least two days with the collaboration of UN employees...

The Israeli newspaper, Yedioth Aharonoth, quoted Israeli diplomats as denying any connection to the issue." (more)

Sunday, November 29, 2009

The Big House Family Taps Each Other

CO - Felony eavesdropping charges have been filed against three Arapahoe County Jail employees accused of listening in on conversations on the jail's phone system.

Two other employees have been placed on administrative leave and another resigned after jail administrators said they would investigate eavesdropping by jail employees on other employees.

Lt. Chris Manos and civilian employees Sue White and Jaella Rangel were all charged with class six felonies. All are set to appear in court next month. (more)

Just the thing for a Black Friday gift list...

The Official CIA Manual of Trickery and Deception

From Publishers Weekly
...
Intelligence historian Melton and retired CIA officer Wallace (coauthors of Spycraft: The Secret History of the CIA's Spytechs, from Communism to al-Qaeda) reunite for this unremarkable reproduction of a long-lost cold war–era relic.

In 1953, the fledgling CIA hired professional magician John Mulholland to adapt his techniques of stealth and misdirection to the craft of espionage. Mulholland produced two illustrated manuals featuring a range of tricks from placing pills into drinks to stealing documents and avoiding detection.

The classified manuals were believed to have been destroyed in 1973, but the authors discovered a copy in 2007 among recently declassified CIA archives.

Like Grand Theft Auto?

Some Twin Falls teenagers are promising to pay attention to the road. And if the preservation of life isn’t enough of an incentive, they can also win video games...

Enrollment in the program provides parents with a high-tech method of conducting covert surveillance on their kids’ driving habits. A video and audio unit in the vehicle captures dangerous driving behavior and gives parents access to a “driving report card,” along with tips for improvement. (more)

Coach, is that you Duckman?

At a tense, emotional moment during Denver's crucial 26-6 victory over the New York Giants, McDaniels went nuclear, dropping a verbal bomb on his players. Thanks to an eavesdropping camera and microphone from the NFL Network, the tirade on the sideline was telecast to prime-time viewers across America in all its profane glory. (more)

Jackie Chan - The Spy Next Door

Coming January 15, 2010.
(trailers)

Saturday, November 28, 2009

New Eyes for Spies

Prototype contact lenses developed by Babak Parviz at the University of Washington, in Seattle.

Dr. Parviz’s prototype lenses can be used as biosensors to display body chemistry or as a heads up display (HUD). Powered by radio waves and 330 microwatts of power from a loop antenna that picks up power beamed from nearby radio sources, future versions will also be able to harvest power from a cell phone. (more)

Alright, knock it off with the "See I A" and "eyes buggin' out" jokes.

SpyCam Story #562 - The play is the thing.

Australia - A former drama teacher at a Melbourne girls school has been accused of installing a spy camera to capture students undressing and making child pornography. Mark Stratford, 49, was employed as director of drama at Lauriston Girls School when the alleged offences took place from early last year. He pleaded guilty today in the Melbourne Magistrates Court to possessing child pornography and installing an optical surveillance device. (more)

"Quick. Name the Top Ten Spy Agencies."

We'll give you one...

Now, name the rest.
(answer)

Monday, November 23, 2009

"Every-body wants to get into the act."

via makeuseof.com...
Make 4 Cool Spy Gadgets With Your Windows Mobile Phone...

Have you ever wanted to live like a real spy, even for just a little while? Just to help you inch just a little bit closer to that cloak and dagger lifestyle, I’d like to offer 4 Windows Mobile downloads that you can use to transform your regular mobile phone into an honest-to-goodness cool spy gadget.

• Cool Spy Gadget #1 – A Room Bug To Record Conversations
• Cool Spy Gadget #2 – See In The Dark With Sonar

• Cool Spy Gadget #3 – Disk Encryption Software
• Cool Spy Gadget #4 – Remote Video Streaming (more)
"Good night, Mrs. Calabash, wherever you are."

S.E.C. Enforcement Chief: ‘Creative Investigation Techniques’ Coming

The use of wiretaps and recordings of conversations to help underpin the insider trading case against the Galleon Group hedge fund struck legal experts as unusual, for an investigation involving the Securities and Exchange Commission.

“It is unusual,’’ said Robert S. Khuzami, the director of enforcement at the S.E.C., at a discussion of hedge fund regulation at the Practising Law Institute in New York Monday. But, a year from now, “I hope it’s more common.’’ (more)

Thursday, November 19, 2009

Need a safe place to store your surveillance video...

A new service called Motionbox may be the answer. Unlike Youtube.com, Motionbox makes it easy to share videos with a select group of viewers instead of broadcasting to the world.

There are plenty of other features, too.

You may even want to consider this for personal use. Store all those home videos (and films, once converted to digital video). Allow relatives and others access as you see fit. Even watch your library on your TV...

Motionbox is soon to be a featured Channel on the Roku digital video player. You'll be able to hook the player up to your television and enjoy instant access to all the videos you’ve uploaded to Motionbox. All you need is a TV, a high-speed Internet connection (wired or wireless), and a finger to click the remote! (Win a FREE Roku drawing.)

Like any new business, they want to build momentum quickly. Hence, this special offer aimed at business users...


"I thought that you and the readers of Kevin's Security Scrapbook would be interested. We'll waive the pro-account setup fee for you or any of your readers who sign up - it's a $50 value. There are now 3 levels of Motionbox service - Basic, Premium, and PRO." Lowell Dempsey, Motionbox (more)

For personal use, choose the free Basic package, or the Premium upgrade. ~Kevin

The Real Spy's Guide to Becoming a Spy (update - Book Signing)

Remember this book? The Real Spy's Guide to Becoming a Spy by Peter Earnest with Suzanne Harper. It was listed here last September.

Peter Earnest is former CIA and the founding executive director of the International Spy Museum, located in Washington D.C.

Get signed copies... for you, and every shady character (or future shady character) on your holiday gift list.

• Have you ever wondered what spies really do?
• What kind of training is involved?
• How do you live your “cover”?

• How does your work life affect your relationships with your friends and family?

Join the International Spy Museum's Founding Executive Director and Former CIA Operations Officer, Peter Earnest, as he discusses his new book The Real Spy's Guide to Becoming a Spy. This fascinating, fact-filled book answers these questions and more while providing a historical timeline, definitions of key terms, suggestions for further reading, an index, quizzes, and exercises to see if you have the right spy stuff. The author will be available for book signing and informal Q&A.

FREE. No registration required.

Saturday, November 21, 2009
1:00 PM - 3:00 PM

The International Spy Museum
800 F Street, NW, Washington, DC 20004, USA

Spy Tip: A good spy knows the ropes. Use the secret password "I SPY" and get a 25% discount to the museum. Also enter to win a basket of top-secret spy tools and a one-year museum membership!

Some Courts Raise Bar on Reading Employee Email

via The Wall Street Journal...
US - Companies Face Tougher Tests to Justify Monitoring Workers' Personal Accounts; Rulings Hinge on 'Expectation of Privacy'

Big Brother is watching. That is the message corporations routinely send their employees about using email.

But recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically. (more)

Wednesday, November 18, 2009

Amazing Surveillance Video

Train track inspector almost gets smooshed... twice!

Just when cell phone companies inched past used car dealers in the "who do you trust more" race.

UK - Staff at mobile phone company T-Mobile passed on millions of records from thousands of customers to third party brokers, the firm has confirmed...

Christopher Graham said brokers had sold the data to other phone firms, who then cold-called the customers as their contracts were due to expire. (more)

Suggestion... Find out who keeps the data key at you company. Review the security checks and balances. Let them know you are minding the store.

This just in!
Used car dealers take the lead...

NY - Starting next week, Verizon will double the early-termination fee for smartphones... "David, I read your posts about how the cell carriers are eating up our airtime with those 15-second 'To page this person, press 5' instructions, but I think Verizon has a bigger scam going on: charging for bogus data downloads.

"Virtually every bill I get has a couple of erroneous data charges at $1.99 each—yet we download no data.

"Here's how it works..." (more)

Tuesday, November 17, 2009

Quote of the Week

"A surprising number of otherwise smart people find themselves remarking on the phone that they hope the line isn't tapped."
~Ann Woolner, Bloomberg News, commenting on federal wiretaps investigating insider trading.
(more)

Other great quotes we hear...
"I hope the room isn't bugged."
"I hope you're not recording this."
"I hope there are no hidden cameras here."

Of course, 'hoping don't help'.
You need this.

SpyCam Story #561 - The New Miranda Warning

FL - A woman who is suing her former landlord over allegations he secretly set up a spy camera in her bedroom is asking a judge to add punitive damages to her claim.

Miranda Goldston, 26, filed her lawsuit seeking compensatory damages against Kenneth Ryals, 59, in December 2007, three months after she discovered the spy camera hidden inside a DVD player in her bedroom. (more)

Illegal Wireless Phone Tap Found

Israel - Knesset security officials are concerned over what may be a case of illegal wiretapping of phones of the Ravitz family of Beitar Illit.

It appears the concerns began with “strange noises” heard on the phone by members of the family. A routine inspection into the cause of the noise revealed a wireless eavesdropping device.

According to the Chareidim report, those involved are more than a bit curious as to who is eavesdropping on the phone of Yitzchak Ravitz, who heads Degel HaTorah in the community, or perhaps the eavesdropping is intended to listen in on the conversations of his daughter Rivke, who is Knesset Speaker Reuven Rivlin’s bureau chief. She has been an employee of Speaker Rivlin for over a decade. (more) (Update: Rivke is his wife; not his daughter.)

The Eves Drop a Dime

India - Wiretaps, hidden listening devices and binoculars may be the usual paraphernalia to maintain surveillance over Commonwealth Games delegates, participants and spectators. But there may be more. Games authorities have devised a novel method to eavesdrop: Use thousands of eves.

An estimated 5,000 trained private security girls are likely to provide intelligence cover to the 2010 Commonwealth Games, one of the biggest sporting events that India will host after the 1982 Asiad Games...

“They will comprise women from all linguistic backgrounds, and with suave and comely personalities who will be responsible for a dual preemptive and protective role,” said Singh, a former Intelligence Bureau officer who was appointed a security consultant for the 1982 Asiad by Indira Gandhi.

While CCTVs will keep a watch on the movements of people entering stadia, the security girls will play an undercover role to snoop on conversations around them. They have been instructed to pick up interesting nuggets of conversations that will help the authorities nip any mischevious activity in the bud. (more)

Monday, November 16, 2009

Compliance departments on red alert for insider trading

In the wake of the alleged insider-trading ring involving hedge fund manager Galleon Group, compliance departments at asset management firms and broker-dealers are stepping up their vigilance.

As regulators increase their scrutiny of insider trading, firms are actively reviewing their compliance policies, making sure that employees understand them and conducting more audits of their trading patterns to make certain that nothing is potentially amiss...

The main worry at firms is that employees could be sharing information and unwittingly contributing to an insider-trading scheme...

Compliance departments also are making sure employees are careful with how they use other forms of media, such as voice-over-Internet, social-networking websites such as Twitter, and blogs.

“People need to understand that the law is the law, no matter what communication medium they are using,” said Ralph “Chip” MacDonald, a partner at Jones Day. (more)

An unpublicized element of this due diligence are Eavesdropping Detection Audits (TSCM).