Thursday, April 30, 2009

Reflect on this... Visual Eavesdropping

I began warning my city clients about visual eavesdropping back in the 1970's. I still do today. My concern then was not computer screens; clients didn't have them.

My concern was lip reading, and it wasn't theoretical. We had a case where this was the method of eavesdropping. The president had a corner office on Park Avenue. Big glass windows. Scores of vantage point offices across the street. We caught them in the act.

The visual eavesdropping info-target is bigger these days. Lip reading concerns have expanded to concerns about: whiteboard / projection / computer screen reading and now... reading the reflections off of shiny objects in the room. ~ Kevin

via Scientific American...
"Through the eyepiece of Michael Backes’s small Celestron telescope, the 18-point letters on the laptop screen at the end of the hall look nearly as clear as if the notebook computer were on my lap.

I do a double take.

Not only is the laptop 10 meters (33 feet) down the corridor, it faces away from the telescope. The image that seems so legible is a reflection off a glass teapot on a nearby table.

In experiments here at his laboratory at Saarland University in Germany, Backes has discovered that an alarmingly wide range of objects can bounce secrets right off our screens and into an eavesdropper’s camera. Spectacles work just fine, as do coffee cups, plastic bottles, metal jewelry—even, in his most recent work, the eyeballs of the computer user. The mere act of viewing information can give it away." (

Monday, April 27, 2009

"Dude, let's go for a drive!"

"There are going to be thousands of victims." Anthony Muzichenko, the owner of L.A. Management, who lost 25 computers.

CA - In a bold, systematic hit on a landmark Ventura Boulevard office building,
burglars stole scores of computers from at least 60 of the 80 businesses there, taking machines containing sensitive legal documents, credit card numbers and the tax information of thousands of people, police said Saturday.

The overnight theft at the Chateau Office Building in Woodland Hills
left accountants, a talent agent, property management companies, attorneys and other businesses in the three-story structure scrambling to assess their losses as police scoured the premises... Several concluded that the thieves' target must have been the information contained on their hard drives, not property.

In one office, a pile of hard drives had been stacked in a corner, ready to be hauled out... thieves left a backup drive, positioned atop the server, leading him to believe that the theft was aimed at "the information, definitely. The computers by themselves are not worth much."

One businessman said the credit card numbers of 7,000 clients were stolen. Accountant Richard Levy said his stolen computer held the tax documents of 800 clients. Attorney Marshall Bitkower said only three computers were taken from his office, but "they had all kinds of stuff. Everything: people's names, credit cards, clients, e-mails back and forth -- who knows what."

Muzichenko, a talent manager, said that when he heard the news he was "very hysterical. I was crying. I have to restore my business." (

Moral: Backup and Encrypt.

History of U.S. Privacy - Ben Franklin's Web Site

Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet
This book explores the hidden niches of American history to discover the tug between Americans' yearning for privacy and their insatiable curiosity.

The book describes
Puritan monitoring in Colonial New England, then shows how the attitudes of the founders placed the concept of privacy in the Constitution. This panoramic view continues with the coming of tabloid journalism in the Nineteenth Century, and the reaction to it in the form of a new right - the right to privacy.

The book includes
histories of wiretapping, of credit reporting, of sexual practices, of Social Security numbers and ID cards, of modern principles of privacy protection, and of the coming of the Internet and the new challenges to personal privacy it brings. (more)

22 Fired During Illegal Eavesdropping Purge

Colombia’s DAS security service fired 22 detectives, apparently in connection with an investigation into the illegal wiretapping of leading public figures... “When questioned about the reason for the dismissals, spokespeople for the agency said Muñoz affected them making use of the discretionary authority the law gives him, and that there will another purge this Friday.” (more)

UPDATE - Colombia's domestic intelligence agency has fired another 11 people in a scandal over illegal eavesdropping of judges, journalists and politicians.

That brings to 33 the total number of people dismissed from the Department of Administrative Security since the scandal broke in February. (more)

Saturday, April 25, 2009

Staying Safe Abroad - The Blog, Edward L. Lee II

Last year, I gave all my clients a free copy of Edward L. Lee's book: Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World Yes, it was that good!

The feedback I received spanned from: "Thank you so much..." to one security director saying, "I am buying copies for all our key executives who travel."

If you travel, or know someone who does, buy the book and get FREE updates by following Staying Safe Abroad - The Blog.

"What makes Ed Lee the big expert?"
Ed Lee retired from the US State Department in April 2006, after a career as a special agent, Regional Security Officer, director of training, chief investigator of the Cyprus Missing Persons Program, director of security of the U.S. Agency for International Development and as a senior advisor in the Office of Anti-Terrorism Assistance.

Most of his work now is devoted to educating global companies and governmental entities in how to be successful and keep their people safe abroad.

His career also includes 15 years as an international security consultant; for ten years he served as the security advisor to the Inter-American Development Bank. Additionally, Ed served six years in the Marines before joining the US State Department as a special agent.

"Why the plug?"
I hear you say.
Just a film noir PI's cliche,
"Dead clients don't pay."

Top Seven Emerging Threats to VoIP Services

A clear, lucid article on VoIP security (or, bad stuff that can happen to that fancy new phone on your desk that plugs into the network instead of the old phone jack). Written by one of the many vendors who offer solutions.

• VoIP DoS attacks
• Spam over Internet Telephony (SPIT)
• VoIP service theft
• SIP registration hijacking
• Eavesdropping
• VoIP directory harvesting
• Voice Phishing, or Vishing
"WatchGuard advices all businesses using VoIP systems to review their perimeter and VoIP security." (more)

Additional solution vendors:
VoIP Security Buyer's Guide

FREE VoIP security information:
Mark Collier's VoIP Security Blog
Blue Box: The VoIP Security Podcast
Security Considerations for Voice Over IP Systems

Man gets prison for recording anger-management classes

...and is he pissed!
PA - An Allentown man who secretly recorded his court-ordered anger management classes and posted them on YouTube was sentenced to state prison Friday.

Richard P. Mason III told Northampton County Judge Paula Roscioli that he wanted his daughter to see the group therapy sessions, which were ordered as part of his sentence on a terroristic threats charge, said Second Deputy District Attorney William Matz Jr.

Instead, the recordings landed Mason, 41, with a probation violation and a new sentence of 18 to 36 months in state prison on the threats case. Prosecutors are also considering bringing new charges against Mason for violating the state's wiretap law, Matz said.

The case is ''unique,'' Matz said. ''First for me; I think the first for our office.'' (more)

Friday, April 24, 2009

Lost Laptop Cost Survey

A single lost or stolen laptop costs a business an average of nearly $50,000. At least, that's the word from an Intel-sponsored study by the Ponemon Institute.

That figure is based on Ponemon's recent voluntary survey of 28 US companies reporting 138 separate cases of missing laptops.

Value of missing kit was mathmagically calculated by factoring laptop replacement, data breach cost, loss of productivity, investigation cost, and other variables.

The value of a lost lappy to a firm cost an average of $49,246, according to Ponemon. Minimum damage calculated in the survey was about $1,200, and the maximum reported value was just short of a cool $1m.

By far, the cost of a data breach was found to be the most expensive part of losing a lappy, eating up about 80 per cent of the total average cost to a company. (more) (survey)

Laser Beam-ers on the loose...

Turkey - Eleven vehicles with laser eavesdropping systems were the sources for the wiretapping records that were recently broadcast by the media, daily Hürriyet reported yesterday.

"Two of these vehicles are at the disposal of a team that is under the authority of the Prime Ministry," said CHP deputy Ahmet Ersin, who is also a member of the Parliamentary Wiretapping Subcommittee.

Laser eavesdropping technology enables conversations to be taped without the need to install bugs on targets’ communication devices.

İzmir deputy Ersin said, "I learned that the vehicles were imported from Canada and Israel in 2005, but could not get the addresses of where these vehicles were delivered." (more)

Thursday, April 23, 2009

Did you learn about wiretapping in 8th Grade?

Students seem riveted (yawn)...

TEACHER: You’re gonna look at— The words of the week for week five are wiretapping, source, suspicious, notwithstanding, which is a tough word to use in a sentence, and eliminate, okay? (

Too bad. Illegal electronic surveillance is an important topic. Teacher,
Chris Buttimer, is raising an issue that was glossed over in schools when Nixon was on the hot seat; thus history repeated.

Did Corporate Spying Doom Denizen Hotels?

via Deidre Woollard,
It looks like corporate espionage has sunk the fledgling Denizen Hotels brand. Hilton Hotel Corp. has announced that it has received a federal grand jury subpoena for documents regarding two former employees of Starwood hotels who switched camps and brought their trade secrets with them.

Starwood has sued Hilton saying that Hilton used privileged information in the development of the Denizen brand. The employees, Ross Klein and Amar Lalvani have been placed on paid administrative leave pending review. The Denizen Hotel website is down and Hilton has announced that the development of the brand has been "temporarily suspended." Will the brand be resurrected after the case sorts itself out? My guess is that Hilton will rebrand the hotels as something else. (more)

Business Espionage - Patent Theft Costs (update)

The Australian Commonwealth Scientific and Industrial Research Organisation (CSIRO) will use the money won from a Wi-Fi technology patent battle to fund further research.

Legal action in the United States between the CSIRO and a number of global computing giants came to an end today, with the last of 14 companies opting for confidential settlements with the scientific agency. (more)

Conclusion: Business espionage is a big BIG gamble. Obtaining justice after the fact is expensive, for all parties. This is a rare case. The good guys won. To add insult to injury, the bad guys are paying for research which will be used against them in the future. Sweet. Most often, however, the spies are allowed to win. Sour. Who "allows" them to win? Corporate victims who never bothered to look for evidence of spies in their midst. Not looking? Get help.

Security Alert - Adobe Acrobat Reader

via Erik Larkin,
The popular Adobe Reader is a favorite target of online crooks, according to Mikko Hypponen, chief research officer with antivirus company F-Secure. And for better security you should ditch Reader and go with a free alternative...

Poisoned PDFs are also often used as part of a customized, targeted attack, he says, when they're sent to a specifically selected recipient attached to a well-crafted e-mail. (more)

Look for FREE alternate readers at

Councilman found guilty in spying case

SC - A former South Carolina county councilman has been found guilty of using spyware to scan another county employee's computer and e-mails.

Attorneys for former Greenville County Councilman Tony Trout said he'll likely appeal the conviction. He faces up to 16 years in prison when he is sentenced later...

Federal prosecutors said Trout used monitoring software to access County Administrator Joe Kernell's computer, took private e-mails and posted them on a Web site.

Trout was convicted of illegally accessing a computer, destroying records and intentionally intercepting and disclosing electronic communications. (more)

‘Squawk Box’ Jury Finds Brokers Guilty

NY - Former Citigroup Inc., Merrill Lynch & Co. and Lehman Brothers Holdings Inc. brokers accused of selling day traders access to internal “squawk boxes” were found guilty of conspiracy in a second trial over the scheme. (more) (background)

Go Green $$$ - Recycle Your Nokia 1100 Phone

Hackers have been offering up to €25,000 (US$32,413) in undergrounds forums for Nokia 1100 phones made in the company's former factory in Bochum, Germany. The phone can allegedly be hacked so as to facilitate illegal online banking transfers, according to the Dutch company Ultrascan Advanced Global Investigations.

Nokia said on Tuesday it is not aware that resale prices for a phone that retailed for less than €100 when it debuted in 2003 have risen so high. Further, Nokia maintains the phone's software isn't flawed.

"We have not identified any phone software problem that would allow alleged use cases," the company said in an e-mailed statement.

The 1100 can apparently be reprogrammed to use someone else's phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud....

Meanwhile, a Dutch technology site,, wrote that it placed a fake advertisement for the particular Nokia 1100 on an online marketplace. People offered as much as €500, offering to immediately come pick up the device.

Nokia produced more than 200 million devices in the 1100 model family. The company said it doesn't disclosure figures such as how many 1100s were made in Bochum. (

Cell Phone Encryption for the Enterprise User

from the manufacturer...
Qtalk secure enables highly encrypted telephony. Qtalk secure uses the data channel and was designed for business customers with the highest security demands. Qtalk secure is a software solution for business customers enabling encrypted telephony (dynamic encryption, AES 256 Bit) through the data channel on mobile end devices and Windows PCs. Qtalk offers secure telephony without the need for compromises in usability or voice quality.

All conversations with Qtalk secure are initiated with a key exchange mechanism (Diffie Hellmann, 1024 Bit) and encrypted dynamically with an AES 256 Bit encryption.

Qtalk secure can be deployed independent of the network operator. It is applicable in a multitude of networks (GPRS, EDGE, UMTS, HSPA, Wi-Fi) and combines for the first time encryption with user friendly handling. The integrated user list allows instant viewing of the status of the contacts (closed user group) at all times and instant calling. (
(click to enlarge)

WorldView - Eavesdropping Concerns in Malta

Even in the tiny country of Malta electronic espionage is taken seriously by business.

"A simple covert listening device costing the perpetrator a measly €200, may end up costing the victim millions of euro in stolen information."
Alberta Director Duncan Barbaro Sant speaks to David Darmanin on the incidence of espionage and how it may be counteracted.

Q. Do you believe there is a high incidence of commercial espionage in Malta? Is there any incidence at all?

A. In today’s highly competitive market, commercial espionage is thriving. Individuals and organisations are now turning to the theft of information as a way of gaining a competitive edge. Radio Frequency Bugs can be concealed in almost anything that can be found in the office, home or car. They can be the ultimate infiltration tool to competitors, discontented or disloyal employees, business partners or private investigators. Typically, low paid employees such as cleaners, service providers or security personnel are entrusted with planting the devices in exchange for gratuities.

Q. Have you been informed or found cases
of political or diplomatic espionage in Malta? If so, without the need of mentioning names, can you elaborate on details of how this was done?

A. It is a known fact that Malta hosts several VIPs in Malta. These persons can easily be targeted especially when staying in hotels since access to hotel rooms is a minor inconvenience for the spy who is about to plant eavesdropping devices in the actual room or even one of the adjacent rooms. Just over a month ago a service was carried out for a VIP client who chose to rent out a villa rather than stay in a hotel. The company who the VIP works for lost over €15 million last year after a technology that was developed over several years was lost to their competitors by means of an eavesdropping device. Now th
ey take no chances.

Q. What other reasons could there be for espionage to be done in Malta?

A. With the increasing number of pharmaceutical companies setting up plants here in Malta, as well as online gaming companies, these all have a direct interest in protecting their data. In the case of gaming companies, the infiltration of bugging devices in their computer systems is an obvious danger, especially since they would hold credit card details of thousands of customers. For pharmaceutical companies, with research and development in this field being so cut-throat, any lost data can mean a competitor gaining the multi-million licence for a product costing years and possibly millions in medical research.

Q. Are VIPs visiting the country exposed to the risk of having paparazzi install covert cameras or bugs?

A. As regards covert cameras, these may be installed in all sorts of places, clocks, AC vents, behind mirrors and so on. It is estimated that over US$800 million of spy equipment per year is sold within and outside the US, a concern for all businesses around the world. Such devices are not always installed to gather intelligence from competitors; their use varies from collecting data for bribery, spying on colleagues when competing
for promotions, collecting evidence for separation cases and so on.

Q. How easy is it to intrude on people’s conversations or information? What devices are used? Where are they obtained from? Is it expensive to bug an edifice or a telephone?

A. Bugs come in various forms – some as innocent-looking as a pen or calculator left on someone’s desk containing an active microphone, the only drawback being that a battery will only last so long. However, one can easily buy a multiple plug with an active microphone over the internet for as little as €200. Once plugged in, it is automatically powered up and enables the perpetrator to listen in to all conversations.

Furthermore, it is also customary for people to discuss confidential matters while travelling in a vehicle, be it with another passenger or on a mobile phone. These devices may relay information on where or who is travelling in the car or being met, thu
s posing personal security threats as well as information or commercial losses. (more)

Interestingly, the subject of business espionage is not new in Malta, as this book, published in Malta, reveals...
By Louis Moreau
Gozo Press, 1977

Wednesday, April 22, 2009

Business Espionage - Aston Martin v. Rival

NY - The owners of a Long Island, New York, exotic car dealership that sells Bentleys and Aston Martins were charged with corporate espionage against a rival that sells Ferraris and Maseratis.

Giacomo Ciaccia and Leka Vuksanaj, owners of Universal Autosports LLC in Glen Cove, were arrested along with Creative Director Michael Lussos at their homes today, according to a statement by Acting U.S. Attorney Lev Dassin in Manhattan.

They are accused of illegally tapping into the e-mails of Ferrari Maserati of Fort Lauderdale-Long Island in Plainview, New York.
The defendants accessed Ferrari Maserati’s e-mail server about 2,500 times between February and September last year from their homes or Universal Autosports, according to the criminal complaint dated April 16 and unsealed today.

“In one instance a dealer associated with Universal Autosports e-mailed a customer who had been negotiating with Ferrari Maserati to buy a rare Ferrari Enzo worth more than $1.3 million,” according to the statement.

“Is there any way I can help or get in the middle,” the dealer wrote, according to the complaint. “Have they found you a car yet?” (

Car dealers.
Is anyone out there surprised?


Wireless LAN Security Survey

Note: This article may prompt you to conduct an independent, company-wide WLAN Security Survey and Legal Compliance Vulnerability Assessment.
If so, be sure to read this.


Deloitte Touche
(India) released the results of a survey titled, "Wireless Security Survey." 35860 wireless networks were surveyed.

ey findings...
• 37% appeared to be unprotected
i.e. without any encryption.

• 49% were using low level of protection
i.e. Wired Equivalent Privacy (WEP) encryption.

• Balance 14% were using the more secure Wi-Fi Protected Access (WPA/WPA2).

• This makes around
86% of the observed wireless networks vulnerable. (more)

Records from Murray Associates on-site WLAN security surveys show IT departments in the U.S. maintain better security.


More costly problems (legal and espionage) are discovered in almost every system we inspect...

PROBLEM 1: Non-compliance with applicable laws:

• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking

Just one loophole... Hackers are in. Data is out. & "You are out of compliance."


PROBLEM 2: The WiPhishing Vulnerability (in laymen's terms)
I am sure you can remember the name of every person you have loved. Laptop computers remember the names of their past connections, too. Unlike you, however, laptops keep trying to reconnect every time they are turned on.

Unauthorized re-connections are never a good idea, with lovers or computers.

Data hackers pretend to be an old connection. They set up a Wi-Fi station with the old flame’s name (hhonors, starbucks, boingo etc.) Laptop gets turned on; automatically connects. Hacker steals sensitive corporate data on laptop.

Wait! It get’s worse...

Your employee returns to the workplace, jacks the laptop directly to your corporate LAN and logs in. The data hacker is right in there, too!

Tuesday, April 21, 2009

Secret Recording of Confidential Meeting Exposed...

...negotiations sour.
PA - A judge wants bankrupt Philadelphia Newspapers to focus on its financial reorganization while others investigate claims
an investor illegally tape-recorded a sensitive financial meeting.

The ruling follows testimony Monday from Brian Tierney, chief executive of Philadelphia Newspapers. Tierney says a representative of New York-based CIT Group Inc. recorded a November meeting in his office. He says the pre-bankruptcy negotiations soured after he raised concerns about the taping. (more) (more) (more)

Police chief charged in bugging scheme

MN - The police chief of Gaylord... Dale Lee Roiger, 60, is charged with misconduct of a public officer and illegal interception of communications... According to charges: Roiger ordered one of his police officers to secretly place a voice-activated tape recorder in the Chamber of Commerce office... Roiger admitted to two people that he tried "bugging the Chamber office but failed. He said he got the "bugging device" from the city of Glencoe. A Glencoe police detective later confirmed loaning a digital voice-activated tape recorder to Gaylord police officer Tom Webster. (more)

Computer Spies Breach U.S. Electricity Grid

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls.

The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

Computer Spies Breach Fighter-Jet Project

Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.

Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.

The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. (more)

"Calling all White Hats. Calling all White Hats..."

"...Computer hacked at Pentagon. Electric Grid hacked..."
The Department of Homeland Security is looking to recruit white-hat hackers to help defend the US's critical internet infrastructure.

An ad by General Dynamics Information Technology on behalf of of the DHS seeks applicants who can "think like the bad guy", understand hacking tools and tactics, analyse net traffic and identify vulnerabilities in federal systems. In a budget request, Defense Secretary Robert Gates requested funds to increase the number of experts it trained each year from 80 to 250 by 2011. (more)
Might also want to put a call out to the Blue Blaze Irregulars. Just sayin'.

When Respected Business Magazines Start Running SpyCam Ads... know
the business climate is brutal

from the ad...
What happens while you're away?

Let's face it. Our vision is limited to what we can see in the moment. The Agent Camera gives you an extra pair of eyes for a new perspective on what is going on around you. Slip into your shirt pocket, and you'll have access to a whole new world of information you didn't see before.

This tiny spy cam provides you with a high quality audio and video in a package no larger than a USB stick or a pack of gum.

Easily concealable in your pocket, on a shelf, behind a picture, or wherever you need to focus your security, with the Agent Camera you'll know for certain that you won't miss a thing. The Agent Camera is an absolute cinch to use. Simply pop in a Micro SD Card (128MB to 2 GB, aim the camera, and press record. It's that simple. The camera will record continuously in real time for up to 3 hours! After you're done recording simply back up your evidence on your computer with the provided USB cable. (more)

Of course, there is no mention of how that "high quality audio" could easily put you on the wrong end of a criminal and/or civil U.S. lawsuit. As a public service, allow me fill you in... click here. ~Kevin

"Bug the bugs, then kill them!"

The Island of Guam became a living laboratory for scientists as they attached acoustic equipment to coconut trees in order to listen for rhinoceros beetles... the Guam Coconut Rhinoceros Beetle Eradication Project.

"This method of
acoustic detection allowed Guam 'rhino hunters' to quickly and efficiently locate feeding grubs in an area thought to be rhino-beetle free," says Aubrey Moore, "and as the beetle broadens its range the acoustic approach to detection may save money and the lives of many coconut trees." (more)

Oryctes rhinoceros (L.) (Coleoptera: Scarabaeidae: Dynastinae) causes economically important damage to ornamental and commercial coconut palm trees in the western Pacific region that could be mitigated significantly by early detection and treatment. Adults are difficult to detect visually because they attack the crowns of the trees and feed internally before mating and dispersing to new hosts. Visual inspection is nevertheless the most widely used detection method, augmented with pheromone traps. This species is an ideal candidate for acoustic detection because the adults are large, active borers that produce stridulations during courtship and mating. (more)

Fun to play with.
"For some weird reason, Japanese people love Rhinoceros Beetles. It is very common for a boy to have a beetle as a pet. They usually put them in little boxes and carry them around in their pockets. Used almost like a Pokemon, boys will whip out their beetles and make them fight each other. This vending machine sells Rhinoceros Beetles - Males for 300 yen, and females for 100 yen." (more)

...and, Not Your Grandfather's Beetle! Uneavesdroppable. Won't be your pet. Would probably make a great fig
hter, however. (video)

Monday, April 20, 2009

"Protect us, but..."

The head of the Senate Intelligence Committee said Thursday that the panel would investigate reports that the National Security Agency improperly tapped into the domestic communications of American citizens.

The Justice Department confirmed Wednesday that it had reined in the NSA's wiretapping activities in the United States after learning that the agency had improperly accessed American phone calls and e-mails while eavesdropping on foreign communications.

Senate Intelligence Committee Chairman Dianne Feinstein, D-Calif., said the committee will hold a hearing within a month to look at the NSA's surveillance activities. "We will make sure we get the facts," she said.

The Justice Department discovered the problems during a routine review of NSA wiretapping. The government's action was first divulged Wednesday by The New York Times. (more)

You Need More Than a Password to Protect You

Canada - ...a young woman was apparently killed by her laptop last month.

Heather Storey, 25, of Delta died after the small car she was driving was hit by a tow truck turning left.

When investigators looked into the incident, however, they concluded she would have survived if not for her laptop computer.

Storey was on her way out of town for work at the time of the accident and usually kept her laptop in a backpack in the backseat, according to her brother Michael Pratt.

"What we believe happened [was] that she was struck in the back of her head and neck with this laptop computer," RCMP Sgt. Roger Morrow said Wednesday morning at the Surrey detachment, east of Vancouver

"She simply didn't have it secured within the confines of her car, and ultimately it has been the instrument of her death," he said. (more)

We have too many electronic gadgets these days. We worry more about the information on them than we do about the safety risks they pose. Use common sense. Think ahead. Don't use cell phones while driving. Don't place electronic gadgets on the dashboard or rear deck. Don't wear earphones while driving, and don't wear Bluetooth earpieces while driving or making love. They give the same wrong impression either way.

"Is this a game of chance?" (update)

..."Not the way I play it, no." ~W.C. Fields
New York - A jury began deliberations on Monday in Brooklyn federal court for the retrial of six men accused in a criminal case of an alleged plan to misuse information announced over brokerage-firm "squawk" boxes.

The case concerns announcements at many Wall Street firms that disclose when customers are about to buy or sell big blocks of stock. Federal prosecutors from the U.S. attorney's office for the Eastern District of New York claim that brokers at Merrill Lynch & Co. (now a part of Bank of America Corp.), Citigroup Inc.'s Smith Barney unit and the old Lehman Brothers Holdings Inc. were paid to leave open telephone lines next to the internal speaker systems at their firms so that traders at the now-defunct A.B. Watley Inc. could secretly eavesdrop on block orders by institutional clients between 2002 and 2004.

Prosecutors say the Watley traders made nearly $1 million by trading ahead of, or front-running, the orders that were broadcast. (more) (background)

Funniest Home SpyCam Video to Date

Business Espionage - Patent Theft Costs

Australia - The Australian Commonwealth Scientific and Research Organisation (CSIRO) has had some more wins in an ongoing legal battle over the use of patented Wi-Fi technology...

Three weeks after Hewlett-Packard reached an agreement with the CSIRO, a spokesman has confirmed that Intel, Dell, Fujitsu, Microsoft and Asus have followed suit. Discussions are continuing with a range of other companies, including Nintendo and Netgear. experts say the settlements could be a windfall for the CSIRO, because of the scale of the unauthorised use of the wireless technology. (more)

UPDATE - 4/23/09 - The Australian Commonwealth Scientific and Industrial Research Organisation (CSIRO) will use the money won from a Wi-Fi technology patent battle to fund further research.

Legal action in the United States between the CSIRO and a number of global computing giants came to an end today, with the last of 14 companies opting for confidential settlements with the scientific agency. (more)

Sunday, April 19, 2009

The Cell Phone Jammer Conundrum

Commentary by Richard Roth, Chicago Technology Examiner...
Why would anyone want to “jam” or block a cellular phone?
In truth its already done by the federal government in certain areas to prevent the detonation of bombs by simply dialing a lethal number.

However, many businesses would also like to use them as well. Movie theaters and restaurants for one, prisons and financial institutions as well, but in the city of Chicago along with most other municipalities doing so is illegal. In fact, each country has unique laws. The UK and Japan allow you possess but not use jamming technology.

The equipment exists to block cellular networks and also GPS tracking, and can readily be purchased over the internet regardless of the fact it is technically illegal. It is sold by two groups of people. The first are legitimate distributors who and supply the government with cellular and more sophisticated radio frequency signal blocking equipment, and the second
group, which is everybody else who imports them for resale, largely from China.

The question is “should civilians or at least business’s be allowed to use this equipment?" If the federal government can, why can’t its citizens? When federal officials make public appearances such as the president’s recent inauguration he was protected from bomb detonated cell phones. Shouldn’t everyone have the right to such protection? (more)

Monthly Poll Results - "Assuming You Wouldn't...

Assuming you wouldn't get caught,
what is the least payment
you would want
to plant an eavesdropping device at work,
just once?

(click chart to enlarge)

Saturday, April 18, 2009

Top 100 Network Security Tools

Still, the best list around. (more)

Cellcrypt Secure VoIP Heading to BlackBerry

Cellcrypt, a British vendor of software for encrypting cell phone calls, is getting a product ready for North America's beloved BlackBerry.

The company sells software to enterprises, government agencies and individuals who want to make sure their mobile phone calls are private. Its Cellcrypt Mobile product is a downloadable, phone-based application that encrypts VoIP (voice over Internet Protocol) calls all the way from one handset to the other. Unlike other cell encryption systems, it allows users to make calls pretty much as they would normally, and even to use international roaming, according to Ian Meakin, Cellcrypt's vice president of marketing...

The software doesn't come cheap: A license for one user costs about £2,500 (US$3,732) per year. (more)

Ex-Corrections Cop Cops Bugging Plea

MI - A Gladstone man, accused of illegally accessing the county jail's computer system and possessing child porn on his home computer, pleaded no contest to a lesser charge in court this week.

William James Johnson, 34, of 127 Michigan Ave., Gladstone, was charged in August with three counts of unauthorized access to a computer while working as a corrections officer at the Delta County Jail from 2004-07. He was also charged with possession of child sexually abusive material on his home computer...

The four charges were dropped after he pleaded 'no contest' Thursday to one count of attempted eavesdropping-installing/using device. The lesser charge is a one-year misdemeanor and carries a maximum $1,000 fine.

Friday, April 17, 2009

Security Director Alert - GSM Pen

Your CEO is holding sensitive negotiations, thinking the playing field is level. It isn't.

The opponent has an invisible team of advisers helping out... in real time. Your side is stymied at every move, thwarted at every turn, every advantage you thought you had, evaporated.

What happened? How did they do it?
How can YOU stop it from happening again?

Here is what you might be up against (from the seller's web site)...

"All you have to do is to connect the pen to your cell phone (via Bluetooth); make or receive calls like you do regularly. The GSM pen connects to the phone as a regular Bluetooth headset. The spy earpiece receives the signal from the phone through the GSM pen (via wireless induction).

Arrange with your partner - outside the area - who will be giving you all the necessary information, using any phone (cell, home or public phone).

Put the spy earpiece into you ear and just before you enter the room make a call to your partner.

The microphone located on the GSM pen is very sensitive. It lets your partner hear everything you say, even a whisper.

Their answer can be clearly heard by you, but nobody else. After you are done you can easily take the earpiece out from your ear with the help of the ejection cord."

This Alert also applies to:
• Educators. Final Exam time is near.
• Proctors at professional certification exams.
• Police surveilling suspects who may be secretly communicating.
How YOU can stop this from happening again...
Call me.

Business Espionage - Starwood Stung

Starwood Hotels & Resorts Worldwide Inc. sued Hilton Hotels Corp. late Thursday, accusing its rival of using stolen confidential Starwood documents to develop a new luxury hotel chain.

The lawsuit, filed in federal district court in White Plains, N.Y., alleges that Ross Klein and Amar Lalvani, two former Starwood executives who joined Hilton last summer, stole more than 100,000 electronic and paper documents containing "Starwood's most competitively sensitive information."

"This is the clearest imaginable case of corporate espionage, theft of trade secrets, unfair competition and computer fraud," the complaint alleges.

In addition to monetary damages, Starwood is seeking a court order that could, in effect, force Hilton to cancel the rollout of the Denizen Hotels chain, which it unveiled last month. (more)

Cell Phone Spying

Cell phone questions we receive...
"Can someone...
...listen in on my calls?

...listen to my voice mail messages?
...remotely steal my contacts list?
...send fake texts from my phone?
...activate my microphone 24/7?
...make my phone dial someone else?
...get a text stating the length of my call?
...get a text when I use my phone?
...send me texts using a fake number?
...get my new phone number when I switch SIM cards?
...get a text message with the numbers I call and receive?
...track where I am on a computer map using the phone's GPS?
...track where I am on a computer map even if my phone lacks GPS?
...can they do all this from anywhere in the world?
...record my calls using my phone's own internal memory?

...trick me into installing spyware by making it look like a game?

Isn't this illegal to do in the United States?"

investigative video news report)
more stories about cell phone spying)

Cell Phone Eavesdropping in India

India - Is your mobile under 'unofficial' surveillance? The Intelligence Bureau (IB) has recently sent a report to the Centre about mobile phone companies sharing unauthorised information about clients with influential police officers.

The report says that sensitive and personal information about mobile phone users in Gujarat is being passed on illegally to police officials, without following legal procedures.

The report also hints that duplicate numbers are being made available to cops, allowing them to eavesdrop on conversations real time. (more)

Town Clerk Recall - Illegal Eavesdropping Cited

MI - A former Hamburg Township official has started the process to recall current township Clerk Matt Skiba, a person he says is the most objectionable politician he's ever seen.

Mike Bitondo, a former township trustee, filed recall petition language with the Livingston County Clerk's office on April 9...

Bitondo claims Skiba treats the public and township employees and officials with "disrespectful, accusatory and condescending behavior," that he's demanded employees sign pledges of loyalty to him, that he secretly records conversations he has with employees and the public and that he's used a remote listening device to eavesdrop on other people's conversations. (more)

Lost your clerk's job? Have I got a job for "Q".

Britain's domestic spy agency — MI5 — is hunting for "Q".
MI6's sister organization, which carries out surveillance on terror suspects inside Britain and gives security advice to the government, is searching for someone to lead its scientific work.

"Looking for a chief scientific adviser to lead and coordinate the scientific work of the security service so that the service continues to be supported by excellent science and technology advice," MI5's Web site ad reads....

Mobile phones equipped with sensors for detecting chemical, biological or radioactive agents are already in the works. Others, such as supersensitive eavesdropping devices, will likely be rolled out for the 2012 Olympics in London. (more) (application)

SniffJoke - A Grass Roots Net Protection Effort

SniffJoke is a software you run on your computer that injects randomly generated traffic in your normal one. While it does not affect the normal communication and the content exchanged with a remote host, it has a noisy effect on the operation of a third element eavesdropping on your conversation (be it a sniffer, a passive interceptor or a Chinese trojan).

The data it injects makes the reconstruction of TCP streams very arduous (eg: wireshark, xplico). As in any concealment technique, an expert professional can understand the general flow of the transaction by reading one packet at a time, but this analysis cannot be automated, so: if they’re after you they will get you, but with this software you could consider yourself safe against mass-targeted attacks. (more)

Thursday, April 16, 2009

Anatomy of a TSCM PR Fiasco

Chapter 1 - The Disgruntled Turn TSCM Into a Four Letter Word

Canada - Embattled Vaughan Mayor Linda Jackson used taxpayers' money to have her city hall office swept for listening devices last year, a practice borrowed from her predecessor and archrival, Michael Di Biase.

Through a Freedom of Information request, residents Gino and Mary Ruffolo, former supporters turned Jackson critics, uncovered an invoice showing the mayor's office paid Protech Consult Services $2,730 for equipment and labour for "manual and electronic counter surveillance."

"It appears the taxpayer is paying for Jackson's office to be swept for bugs," Mary Ruffolo said yesterday. "What is going on? Why is the poor taxpayer paying for this?" (more)

"What is going on?"
Yellow journalism. Scandal-mongering. Sensationalism. This is not news.

"Why is the poor taxpayer paying for this?"
Inspections for illegal electronic surveillance (TSCM sweeps) are a generally-accepted security practice. Both governments and businesses routinely conduct inspections for electronic surveillance.

In local government, for example, inspections can prevent fraud in negotiations and bidding; saving taxpayers money.

Not ferreting out illegal electronic surveillance is just negligence.

Chapter 2 - The Opportunistic Smell Blood

Ursula Lebana has a $50 solution to Vaughan Mayor Linda Jackson's political problems – and 2 cents worth of advice.

"People never believe it, but 90 per cent of the time, it's the person you trust the most," says Lebana, who opened Canada's first "spy shop" back in 1991 and can attest to the fact that Cold Wars are still being waged in offices, marriages and even babies' bedrooms around the world.

And for $50, the embattled Jackson, who spent $3,000 in taxpayers' money last year to have her office swept for listening devices, could have rented one of Lebana's do-it-yourself bug detectors.

Lebana has armed everyone from entrepreneurs to parents with electronic surveillance gadgets since she hung a few Bond posters on the walls of her Yonge St. Spy Tech store and created the first Teddy cam to help parents keep an eye on their child's nanny. (more)

If you even remotely think that "one of Lebana's do-it-yourself bug detectors" can help you, then you will definitely be interested in buying this book to go along with it.