Sunday, May 31, 2009

"Do you or do you not have tattooed on your bottom the words 'Jesus is coming, look busy'? "

via Wired...
Yet another breach of sensitive, unencrypted data is making news in the United Kingdom. This time the breach puts Royal Air Force staff at serious risk of being targeted for blackmail by foreign intelligence services or others.

The breach involves audio recordings with high-ranking air force officers who were being interviewed in-depth for a security clearance. In the interviews, the officers disclosed information about extra-marital affairs, drug abuse, visits to prostitutes, medical conditions, criminal convictions and debt histories — information the military needed to determine their security risk.

The recordings were stored on three unencrypted hard drives that disappeared last year. (more) (more) (heading quote)

Can't Touch This! ~MIB

DC - This part happens all the time: A construction crew putting up an office building in the heart of Tysons Corner a few years ago hit a fiber optic cable no one knew was there.

This part doesn't:
Within moments, three black sport-utility vehicles drove up, a half-dozen men in suits jumped out and one said, "You just hit our line."

Whose line, you ma
y ask? The guys in suits didn't say, recalled Aaron Georgelas, whose company, the Georgelas Group, was developing the Greensboro Corporate Center on Spring Hill Road. But Georgelas assumed that he was dealing with the federal government and that the cable in question was "black" wire -- a secure communications line used for some of the nation's most secretive intelligence-gathering operations.

"The construction manager was shocked," Georgelas recalled. "He had never seen a line get cut and people show up within seconds. Usually you've got to figure out whose line it is. To garner that kind of response that quickly was amazing." (more) (sing-a-long)
...and then he forgot all about it.

Friday, May 29, 2009

Everything You Need to Know about Electronic Eavesdropping Detection for Business

“Should we be checking check for bugs and wiretaps, or am I just being paranoid?”

This thought would not have occurred to you if everything were fine. Trust your instincts. Something is wrong. Eavesdropping is a common practice; so are regular inspections to detect it.

You never hear about successful eavesdropping or espionage attacks. You’re not supposed to. It’s a covert act. Eavesdropping and espionage is invisible. Discovery relies heavily on the victim’s intuition and preparedness to handle the problem. Prevention—via regular inspections—is the logical and cost-effective solution.

Spying Is a Common Activity
Due to the covert nature of spying, the exact... (Full Article)

Wednesday, May 27, 2009

How do you sell end to end data encryption?

With the world's coolest data breach map!
Guaranteed to scare the dollars out of any tight-fisted CFO. ~Kevin
Voltage Data Breach Index
Round of applause to the curators of
The Museum of Bitten Bytes...

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one, and with the move to Open Security Foundation's DataLossDB.org, asks for contributions of new incidents and new data for existing incidents.

Tuesday, May 26, 2009

Police bugging incident claims another cop

MN - Another member of the Gaylord Police Department is on paid administrative leave in an alleged "bugging" scheme.

The Gaylord City Council has voted unanimously to place Officer Tom Webster on leave until further notice. The move stems from charges filed against Gaylord Police Chief Dale Roiger over allegations that he had Webster plant a recording device in the Gaylord Chamber of Commerce office two years ago. (more) (background)

Napoleon Returns to Face Eavesdropping Charge

IL - A man who ran from a sentencing hearing and spent 10 years in Missouri returned to a Illinois courtroom on Friday to face the same judge. The judge gave him three years in prison and a scolding...

Authorities say Napoleon Williams, now 54 years old, made audio tapes of two people and broadcast their words without their consent on an independent radio station.

In 1998, a jury found him guilty of felony eavesdropping. (
more)

The rest of the story...

The "broadcasts" Napoleon made were over his pirate FM radio station, "BLR" Black Liberation Radio. It only covered about a 10 block area of town. While I was there, I heard several of these broadcasts. The story of Napoleon's station and his dealings with the FCC and local law enforcement are the real story.

In 1999, just before he was about to be sentenced, Napoleon vanished. He wrote letters explaining his case. You can find them posted on the Net. He remained underground until now.

People may disagree with his views and tactics, but all should agree that he has a place in history. He is one of the founders of the U.S. microradio movement. Low-power FM radio is legal today. (
more) (more) (more)

FutureWatch - ChipCam

A MICROCHIP-sized digital camera patented by the California Institute of Technology could provide vision for the US military's insect-sized aircraft. It is light enough to be carried by these tiny surveillance drones and also uses very little power.

Caltech's Jet Propulsion Lab in Pasadena has squeezed all the components of a camera onto one low-power chip, revealed in a US patent filed last week.

The gadget can be
radio-controlled via a secure frequency-hopping link from up to a kilometre away, say its inventors. (more)

Spy Needs New Home

MT - A Cold War spy plane with three tail fins and a hump on the fuselage needs a new home after being parked in Helena since 1981.

The retired EC-121, a version of which transported President Eisenhower from 1954-61, flew here 28 years ago for use in aviation maintenance classes. The military adaptation of the Lockheed Constellation taxied now and then, but mostly it has stood idle next to a hangar at the University of Montana's Helena College of Technology.

The college no longer wants the old Air Force plane... equipped to snoop on enemy aircraft during the Cold War that followed World War II. The surveillance planes carried radar in domes atop and below the fuselage. (more)

Cool SpyCam... Except, you don't smoke!

Lighter Spy Camcorder with built-in 2GB memory, recharegable Li-ion battery, light weight and easy to carry design. $66.00 (more)

Soooo, if you don't smoke, how about a nice key chain camera? (more)

Why do we mention it?
So you will know what you're up against.

Simple Clues May Indicate Cell Phone Bugging

Watch out for:
• Unexplained drops in battery power.
• Random screen flashes.
• Unusual billing activity.
• Text messages with random numbers and symbols.
Of course, lock your phone with a password and pop out the battery (if you can) for added security. (more)

Background Check Goes Undercover

Croatia - The manager of a Croatian subsidiary of Germany's Deutsche Telekom has said she will sue the parent company after a report that it spied on her sex life, Croatian media reported on Tuesday...

Deutsche Telekom said last week it did not routinely commission reports on the private lives of potential staff, although the allegations are the latest in a series of scandals to have rocked the company. (more)

Last year, authorities informed Schroeder that Deutsche Telekom had secretly combed through his cellphone records, apparently to root out the source of leaks to the news media. Schroeder, a union representative on the company's board of supervisors, was stunned. (more)

"While you're down there, check on the Constitution."

The National Archives lost a computer hard drive containing Clinton administration records, including personal data of staffers and visitors, officials said.
Archives officials say they don't know how many confidential records -- including Social Security numbers -- are on the external hard drive, CNN reported.

Congressional aides briefed on the matter said the drive had "more than 100,000" Social Security numbers, including one for a daughter of then-Vice President Al Gore, as well as Secret Service and White House operating procedures.
(more)

Acting National Archives director Adrienne Thomas is being pilloried for Tuesday's revelation that the library has misplaced a hard drive containing enough Clinton administration data—including Social Security numbers, addresses, and Secret Service operating procedures—to fill literally millions of books. But important government documents have walked out of the storied library before—and not just in a Nicolas Cage movie. Despite a security system worthy of an adventure flick, the National Archives and Records Administration has long been a prime target for pilfering. (more)

Saturday, May 23, 2009

Hobbiest Spies

In the propaganda blitz that followed North Korea's missile launch last month, the country's state media released photos of leader Kim Jong Il visiting a hydroelectric dam and power station.

Images from the report showed two large pipes descending a hillside. That was enough to allow Curtis Melvin, a doctoral candidate at George Mason University in suburban Virginia, to pinpoint the installation on his online map of North Korea.

Mr. Melvin is at the center of a dozen or so citizen snoops who have spent the past two years filling in the blanks on the map of one of the world's most secretive countries. Seeking clues in photos, news reports and eyewitness accounts, they affix labels to North Korean structures and landscapes captured by Google Earth, an online service that stitches satellite pictures into a virtual globe. The result is an annotated North Korea of rocket-launch sites, prison camps and elite palaces on white-sand beaches.

"
It's democratized intelligence," says Mr. Melvin. (more)

FutureWatch - 100% Vehicle Tracking

UK - A national network of cameras and computers automatically logging car number plates will be in place within months...

Thousands of Automatic Number Plate Recognition cameras are already operating on Britain's roads. Police forces across England, Wales and Scotland will soon be able to share the information on one central computer. Officers say it is a useful tool in fighting crime, but critics say the network is secretive and unregulated.

Kent's Chief Constable, Michael Fuller, commented: "We've seen an increase of some 40% of arrests since we've been using this technology. "I'm very confident that we're using it properly and responsibly, and that innocent people have nothing to fear from the way we use it." (more)

Remember the uproar over how RFID toll tags (E-ZPass, FasTrak, I-Pass, etc.) were a threat to privacy? No? Oh well, that was back near the top of the slope. Slippery, isn't it? Hey, what's that down there? Wow, a remote DNA reader!

Wednesday, May 20, 2009

"Social engineering has become the confidence trick of the 21st century."

TSCM is an acronym for Technical Surveillance Countermeasures; inspecting for bugs, wiretaps, etc.. It is a standard tool used to protect an organization's information.

Thwarting human trickery (social engineering) is also defense tool. Good information security consultants take both into account when designing information protection programs.

The BBC recently reported...
Have you ever wondered whether that unfamiliar face in the office is actually an intruder about to steal your data? Probably not, but maybe it is time to think again.

At one FTSE-listed financial institution the managing director himself opened the door to a stranger who, within 20 minutes of gaining entry to the building, had found a highly sensitive document outlining a half a billion pound merger lying on a desk.

Luckily, on this occasion, the data was not used for nefarious purposes because the intruder was Colin Greenlees, a consultant of Siemens Enterprise Communications.

He was there at the request of the firm's IT director to test the resilience of the company to social engineering attacks.

In a similar experiment conducted at the BBC, Mr Greenlees targeted five BBC employees. Pretending to be an IT engineer - with the prior permission of BBC bosses - he managed to obtain all of their usernames and passwords with a simple phone call. (more)

Tuesday, May 19, 2009

Cautionary Tale - Tapped Out

You are never more vulnerable to information abuse and theft than during a recession. Put your independent information security consultant into overdrive. Skimp on something else to save money.

A cautionary tale...
An insider at the California Water Service Company in San Jose broke into the company's computer system and transferred $9 million into offshore bank accounts and fled the country.


Abdirahman Ismail Abdi, 32, was an auditor for the water company, which delivers drinking water throughout the state and is located in San Jose, Calif. Abdi resigned from his position on April 27. Allegedly, that night he went back to work and made three wire transfers totaling more than $9 million from the company's accounts to an account in Qatar.

Abdi is not a U.S. citizen and was ordered deported to Somalia in 2005, the Mercury News reported. (Don't skimp on background checks either.)

The downturn in the economy is raising the internal security threat levels dramatically, as more and more disgruntled ex-employees take advantage of the fact that their ex-employer did not decommission their access credentials,” Torsten George, vice president, worldwide marketing, ActivIdentity, told SCMagazineUS.com on Friday in an email.

According to a survey of more than 200 organizations globally conducted by Deloitte Touche Tohmatsu, the number one security problem reported by IT security auditors was “excessive access rights.”

The buzz...
In addition, only 28 percent of respondents rated themselves as “very confident” or “extremely confident” with regard to internal threats, which is down from 51 percent in 2008.

Companies can protect sensitive data by limiting information access to only those employees who must have it, the survey said. (more)

Monday, May 18, 2009

Business Espionage - Spying on the Board

French car-parts maker Valeo SA said it had sued an unidentified person it says secretly recorded some board-member meetings and separately said it would try to recover €3.2 million ($4.3 million) in severance from ousted Chairman and Chief Executive Thierry Morin.

The suit, filed with a Paris court, identifies the person responsible for the recordings only as "X." Under French law, a suit can be filed without publicly identifying the accused. However, a person familiar with the matter said the company believed Mr. Morin was responsible for making the recordings. Telephone calls to Mr. Morin weren't returned Monday...

French radio station RTL last month reported that Mr. Morin had installed sophisticated recording technology in the boardroom, allowing him to eavesdrop on meetings from which he was excluded and at which he was discussed. (more)

SpyCam Story #529 - "What's up Doc?"

The story you are about to read is real. Names have been dropped to protect the people involved and the city being sued. Just coincidence? You decide. (Dum-da-dum-dum...)

Charges were dropped against a ["revered for his expertise" professional] accused of spying on his patients... he was was arrested and spent a night in jail, after a patient falsely accused him of putting a hidden camera in an office bathroom.

He says a security lightbulb was used to keep an eye on his children in the backyard of his home, but the bulb was in his office because it was broken and he was ordering a new one.

His attorney said a construction worker grabbed the security bulb off the desk, and it was his account that helped drop the charges.

"The contractor went on his own volition and explained to the district attorney's office that he accidently put the non working security device in the bathroom thinking it was a lightbulb. It's really that simple, but again no one wanted to listen..."

The [city police] said they responded to a legitimate complaint.

Prosecutors dismissed the case saying in court, they had interviewed several witnesses, one of whom "offered an innocent explanation to the placement of the surveillance light bulb in the office bathroom of the defendant."

They went on to say, "[He] did not commit the crime with which he was charged."

[He] is suing the city for $[x] million.

from another report...
[He] said he used the bulb as an outdoor monitoring system to watch his kids while they played outside at home if he got called inside. The surveillance system wasn't a secret, he said.

"Everybody who knows me knows it didn't happen because everybody knew that I bought this thing for the backyard of my house," he said. "The kids helped me set it up."

[His] father was very ill with Parkinson's disease, and the family was in the process of moving from [the suburbs] to [the city], he said.

He brought the bulb down to the city to order a new encoder box that transmits the signal to a monitor. The original box was misplaced when the family was packing to move, he said.

from another report...
"At 5 until 12 I get a call from my secretary saying this guy thinks you're watching him pee. He called 9-11. He called the cops," [he] explained.

One of [his] patients called police when he found a light bulb with a small hidden surveillance camera in the men's bathroom.

Turns out a contractor doing work at the office accidentally installed the light.

[He] took the bulb to work that day to get it fixed.

from another report...
He said he brought it to work because he needed the code number on the camera to order a new one.

A contractor working in the office at night as part of an office expansion project told investigators he could not find a bulb when the light blew out in the bathroom, so he screwed in the broken one he found on [his] desk.

The public is generally aware of only one "lightbulb camera;" code number SVS-1. Sold on ebay and from many Web sites. It does not light. Simply a camera in lightbulb clothing, it transmits video over power lines. A decoder box is required to receive the signal. What is your verdict? (Dum-da-dum-dum-daaa...)

Unclassified Info Only About 2 in 10 Know...

"How many millions are in a trillion?"
Give up? Look here for the answer.

Password Protection - Stick it in Your Ear

You are the victim of identity theft and the fraudster calls your bank to transfer money into their own account. But instead of asking them for your personal details, the bank assistant simply presses a button that causes the phone to produce a brief series of clicks in the fraudster's ear. A message immediately alerts the bank that the person is not who they are claiming to be, and the call is ended.

Such a safeguard could one day be commonplace, if a new biometric technique designed to identify the person on the other end of a phone line proves successful. The concept relies on the fact that the ear not only senses sound but also makes noises of its own, albeit at a level only detectable by supersensitive microphones.

If those noises prove unique to each individual, it could boost the security of call-centre and telephone-banking transactions and reduce the need for people to remember numerous identification codes. Stolen cellphones could also be rendered useless by programming them to disable themselves if they detect that the user of the phone is not the legitimate owner.

Called otoacoustic emissions (OAEs), the ear-generated sounds emanate from within the spiral-shaped cochlea in the inner ear. (more)

Hotel 56 "We'll leave the bug on for you."

Tanzania - Karatu member of parliament Dr Wilbrod Slaa has criticized the police for what he described as their continuing failure to charge anyone in the case of the eavesdropping devices placed in his hotel room during the last National Assembly session in Dodoma back in February.

Two such devices were discovered in the adjacent rooms of Dr Slaa, the deputy leader of the opposition camp in parliament on a CHADEMA ticket, and that of another opposition legislator, Dr Ali Tarab Ali (CUF), at Hotel 56 in the designated capital. (more)

Next Year's Dayton Celebrities

Brazil and the U.S. have been arresting people who have been illegally using obsolete, but still functioning, U.S. Navy FLTSATCOM communications satellites...

As the navy stopped using FLTSATCOM in the late 1990s (shifting over to the more efficient UFO satellites), ham radio users in Brazil
discovered that the FLTSATCOM satellites had no security on them. If you knew the frequency and had a satellite dish, you could send a signal to the FLTSATCOM satellite, that would then automatically be rebroadcast by the satellite over a wide area below...

Brazilians found that they could simply use FLTSATCOM to communicate over a wide area (the interior of the country) that lacked telephones. (
more)

Saturday, May 16, 2009

Lebanon Displays Captured Spy Gear

Lebanon put on public display equipment an official said was used by alleged Israeli spy networks inside the country, including a water cooler equipped with a mapping device.

In addition to the water cooler the gadgets included a leather purse and keychains with secret compartments as well as a can for motor oil used to hide mini tapes, a radio and forged identification papers.

The alleged spies used the seemingly innocuous items to communicate with Israel using encrypted messages, the official said. (more)

"Get a room."

Joe Paradiso and Yasuhiro Ono of the Massachusetts Institute of Technology have just patented a system for a roving cone of silence, so that you can walk around your office building without anyone ever eavesdropping on you.

The inventors are trying to fix a common problem in open-plan offices: the sound of conversations that carry across the room, making your every phone call into fodder for other people's gossip sessions.

So they devised a sound-damping sensor, comprised of an infra-red motion-detector, a speaker and a microphone. These would be scattered around the walls of an office.

You can then activate your personal mute button from your computer. The system locks onto you, identifies anyone close enough to eavesdrop, and hits them with a murmur of white noise so they can't hear you.


The downside is that this system requires lots of infrastructure, not to mention the creepiness of having your moves watched by a computer that tags you as a nosey eavesdropper.
(more)

If your conversations are really that important, get a room, your own office, a conference room. Sweep your rooms regularly for bugs, of course. ~ Kevin

Spies Need a Safe Place to Eat

The Safe House is located on the hard-to-find Front Street, which is basically an alley that runs one block west of Water Street between Wells and Mason Streets. The building -- adorned with a few flags -- does not have a Safe House sign, but does have a small placard that reads "International Exports Ltd."

After trying two other locked doors, the boys finally found an unlocked door that led them into a very small room with a large book shelf.

At night, guests are greeted by a person -- playing the role of "Ms. Moneypenny" from the James Bond films -- who asks for the password. During the day, however, a voice pipes through a speaker (this is a new feature) and asks if you know the password.


The password has not changed in four decades, but if you do not say it exactly right, you are asked to take a special "spy test" proving that you are indeed a spy who deserves entry into the Safe House.
At night, the spy test can get a bit sassy, but when kids are involved, the test is G-rated, requiring those that don't know the password to like act like a monkey or hop on one foot.

Video cameras are hidden in the wall of the Safe House entry way, so unbeknownst to the new guests, diners are watching their antics on television screens inside the restaurant.


If you whisper the password correctly into the speaker, or once you pass the spy test if you didn't know the password, the faux book shelf opens like a door and allows you to walk down a hallway to the bar / restaurant.
The Safe House opened in the late '60s, and since then, very little has changed. (more)

Prove you are a worthy secret agent, man.
Figure out Safe House's home city.
Be seeing you.
~ Kevin

Would You Trade Privacy for Communications?

How much information do you think your mobile phone company has about you? Your address, your bank details... what about your religion? Or your sexuality? Does it know if you've been speeding?

Well at the moment, probably not.

But a new report (from FIDIS - Future of Identity in the Information Society) is warning that if we sign up to agreements without reading them properly, this could become a reality. (more)

Give this a few seconds of thought. The phone companies already have a pretty good idea of who you are, where you are and where you go - especially if your phone has GPS capabilities. Valuable info. They would love to sell it.

FutureWatch... They will sell it. Keep an eye on future service contracts. You will ride the slippery slope. Think you'll protest? Not if they give you "free" calls in exchange. That's how much your privacy is worth to someone else.

Thursday, May 14, 2009

Alert: In-Flight Internet... aka InfoButterfly.Net

via Netragard, LLC...
Airline passangers' personal computer information can be easily hacked while in flight.


The wireless inflight airline internet access service, GoGo Inflight Internet ("GoGo"), which enables travelers to access the internet while in flight
does not encrypt communications between users (passengers) and the Wireless
Access Points on the aircraft.

As a result of this lack of encryption it is easy to intercept and record all data sent and received by passengers. This poses significant risk to passengers and their respective businesses as sensitive information is sent over the air without encryption. This information can include, emails, email attachments, email content, usernames and
passwords,credit card information, social security numbers, methods for accessing business networks, trade secrets, etc.

This information can be intercepted and recorded by anyone on the aircraft with a WiFi capable
laptop/device. (more)

P.S. Things named GoGo seem to be really cool but don't last. Just sayin'.
(Goggo mobile) (GoGo National Airlines) (GoGo dancers) (sing-a-long) (Psycho a Go-Go) (Secret GoGo) (Beat GoGos) (Surf GoGo) (GoGo!7188-C7) (Road Runner GoGo) (88 GoGo) (Tokyo A Go Go) (Goin to a GoGo) (GoGo Brothers) (Ghoul A Go-Go) (GO GO HAPPY DAY) (Penn Gillett Rescuing a Go-Go Dancer NSFW) but I digress.

Remember... Don't do anything more sensitive on the airplane than read USA Today... no email, no accessing your corporate web site, no bidding on ebay, no buying viagra, etc., etc.

UPDATE - Gogo Inflight Internet service deserves equal time. It is, after all, providing a very useful and wanted service. The information released by Netragard, LLC applies to all public Wi-Fi hot spots, and to single out Gogo makes their motives suspect.

The problem of public Wi-Fi spying is why I mentioned Hotspot Shield
, a FREE VPN, a while back. (more)

Gogo would like you to know...
"To date, Aircell and its carrier partners have not identified any network security vulnerabilities in the Gogo Inflight Internet service that are threats to our customers. Credit card transactions to access Gogo are encrypted and fully secure. Other Internet traffic on the Gogo network is as secure as any public Wi-Fi hotspot in a hotel, airport or coffee house. For users who wish a higher level of information security, Gogo supports virtually all VPN clients. Aircell is committed to our customers' safety and security both in the air and online and will do all we can to ensure our customers' information remains secure and private."
Go with Gogo and be as cautious as you would at any public Wi-Fi hotspot. VPN it. ~ Kevin

Business Espionage - Crestron vs AMX

Security Directors - A $10 million dollar loss is being attributed to poor password practices.

Suggest a password management program which forces new and effective password creation regularly. Use this article to back-up your brilliant suggestion. ~ Kevin


NJ -
A Long Island man has pleaded guilty to illegal wiretapping in a corporate espionage case that targeted two Bergen County companies.

David A. Goldenberg of Oceanside, N.Y., admitted to accessing internal e-mail at Sapphire Marketing LLC in Woodcliff Lake, a regional sales representative for Crestron Electronics in Rockleigh, which makes audiovisual equipment. He worked for Crestron's rival, Texas-based AMX Corp., at the time.


"He was able to figure out what their default passwords were, which they never changed," said Brian Lynch, chief of the white-collar crime unit in the Bergen County Prosecutor's Office.


Goldenberg was arrested in March 2008, accused of stealing e-mail and information over a nine-month period, allowing AMX to underbid Crestron on competitive contracts. Crestron has said it lost more than $10 million in business as a result. (
more)

DOD official charged with espionage

DC - A civilian employee of the Defense Department was arrested Wednesday on espionage charges that he sold classified information and passed other sensitive documents to a spy for the Chinese government who has been convicted of compromising another Pentagon employee.

James Wilbur Fondren Jr., 62, was charged in federal court in Virginia with conspiracy to communicate classified information to an agent of a foreign government. He faces up to five years in prison if convicted.

Mr. Fondren, who has been suspended since February 2008 from his job as deputy director of the U.S. Pacific Command's Washington liaison office, turned himself in to federal agents Wednesday morning and was released without having to post bond, but will be on GPS monitoring. (more) (more)

Business Espionage - Power from The Peoples

Russia - A Moscow court convicted two brothers with dual Russian-U.S. citizenship of industrial espionage Thursday and gave them one-year suspended sentences, according Russia's top domestic security agency.

The Federal Security Service said Ilya and Alexander Zaslavsky were convicted of attempting to acquire classified commercial data from state-owned Russian energy company Gazprom. (more)

Business Espionage - America's Cup

A suspect has been arrested in the south of France for allegedly conducting industrial espionage against the America's Cup holders, Alinghi.

The Swiss-backed team felt that their jealously guarded secrets in sailing's equivalent of formula one were under threat. Police sources in the south of France confirmed that a team of officers had travelled down from Paris to conduct a surveillance operation around the Alinghi base.


It is understood that at least one individual was arrested in the French town of Villeneuve. The suspect is believed to be under interrogation by specialist officers in Paris but the operation is so secret that police sources refused to provide any details, instead referring inquiries to the central information office of the French legal system.


Intriguingly, a 3D model of the "Alinghi vehicle assembly building – interpolated from spy photos" appeared on the YouTube website a fortnight ago. It is not known if the two incidents are linked. (more) (YouTube video)

Wednesday, May 13, 2009

Today's Buzz - Palm-sized SpyCam Helicopter

Norway - PD-100 Black Hornet is a small video camera equipped helicopter not more than 100 mm long, weighing less than 20 grams.

It can be carried in your pocket and launched within seconds to give immediate situational awareness. This new ultra small aircraft is a valuable tool in situations where a closer look at a hostile area or inside a contaminated building is crucial.


Operational Concept

Deployment
• Complete PD-100 System Carried by One Man
• Ready to Fly – In the Air Within One Minute
• Requires No Prepared Surface

• Stealth – Small and Quiet
• Reusable with Fly Home Capability

• Low Cost
• Easy to Fly, Requires Little Training

Missions
• Look Behind Objects
• Birds Eye View of Areas of Interest
• Visual Information in Urban Operations

• Reconnaissance Inside Buildings

• Hover and Stare
• O
bject Identification
• Target and Damage Assessment

• Deployment of Special Payload

• and sneaking into offices to read paperwork (see video)
(more) (more video) (TV report)

Think Geek - Build Your Own BUG

from our
"Wow, this is cool!"
files...


What is BUG?
BUG is a baby monitor. BUG is a security system. BUG is a GPS device. BUG can read barcodes, draw pictures, update your twitter feed, and control robots. BUG is a platfor
m for learning, rapid prototyping, and experimentation. BUG is just about whatever you want it to be. So, the BUG can be anything, but what is it?

BUG is a set of tools that lets you create personalized gadgets and devices. It's open-source and modular, letting you literally snap together the device you need. Backed by a community of enthusiastic developers, BUG development continues to grow more exciting and diverse. (more) (video) (buglabs)

Porn Name Game Sucks in Twits

A web security expert is warning people to be careful with personal information they divulge on social networking sites, after the latest suspected identity fraud quest hit Twitter. (more)

Bottom line Tweets...

• Change your passwords regularly;

Don't use the default password or a common password;
Ensure your password is long and is not a word used in dictionaries;
Never write down or store your passwords on your computer;
Don't click onto links or attachments in emails obtained from someone you don't know;
Don't provide personal or security details in response to any email;
Scan new programs or files for viruses before you open, install or use them.

Tuesday, May 12, 2009

Dump Your FM Analog Wireless Microphones

FM analog wireless presenter's microphones are a security nightmare...
and an eavesdropper's dream.
Security-wise...
You're naked!
(
background)

If you have analog wireless microphones, dump them.

If your A/V company uses them, dump them too, until they upgrade to encrypted wireless microphones.

Replace your info-leakers with one of these digital systems...

Audio-Technica - SpectraPulse™ Ultra Wideband (UWB)
Lectrosonics (...and an Encryption White Paper)
Zaxcom
Mipro ACT-82
Telex SAFE-1000

The good news...

Your old wireless system may be eligible for a trade-in!

Most wireless microphone companies are currently offering rebates and free retuning due to changes in the FCC rules. Some are even offering trade-in money.
Check here for a partial list of programs.

Black Hat is Coming

Black Hat is the leading conference series for technical security professionals.

Black Hat Briefings and Training has earned cult status among security enthusiasts and leading technical influencers. Black Hat USA 2009, July 25–30 at Caesars Palace, Las Vegas. (
more) (register)

Has Castro Blackmailed Hollywood?

Sometimes a story comes along that sounds true but needs more evidence to back it up. You decide...

"My job was to bug their hotel rooms,” says high-ranking Cuban intelligence defector Delfin Fernandez. “With both cameras and listening devices. Most people have no idea they are being watched while they are in Cuba. But their personal activities are filmed under orders from Castro himself...”


"...famous Americans are the priority objectives of Castro’s intelligence,” says Fernandez. “When word came down that models Naomi Campbell and Kate Moss were coming to Cuba, the order was a routine one: 24-hour-a-day vigilance. Then we got a PRIORITY alert,” recalls Fernandez, “because there was a rumor that they would be sharing a room with Leonardo DiCaprio. The rumor set off a flurry of activity, and we set up the most sophisticated devices we had.”

“The American actor Jack Nicholson was another celebrity who was bugged and taped THOROUGHLY during his stay in the hotel Melia Cohiba,” states Fernandez, the man in charge of the bugging.

Turns out, however, that at least one visiting dignitary foiled Castro’s intelligence. On his visit to Cuba in 1998, Pope John Paul II’s assistants discovered and removed several bugging devices from His Holiness’ hotel room.

While holding up the book ”Fidel: Hollywood's Favorite Tyrant” on his TV show, Bill O’Reilly called these celebs “Hollywood pinheads.” (
more)

Government Surveillance Hit Parade

In what may be the first assessment of its kind, a private company... is ranking the United States No. 6 in the world for having the most aggressive procedures for monitoring residents electronically.

The report, called
The Electronic Police State, assesses the status of governmental surveillance in 52 nations around the globe for 2008. The document was released Cryptohippie, Inc. (more)

Get Smart - 100+ Open Courses on Computer Information Systems and Security

Security Directors are well aware that their professional responsibilities have grown; the biggest growth area is computer forensics, security and information protection.

Problem: How may one learn these new skills?
Solution: Open University (aka Distance Learning). "Open learning means that you will be learning in your own time by reading course material, working on course activities, writing assignments and perhaps working with other students."

One basic course being offered is: Introduction to Information Security: an introduction to the reasons and methods for securing confidential information.

Many other courses are listed here and here and here.

See you around the campus. ~ Kevin

Cautionary Tale - Does this ID look funny?

Comedian Armando Iannucci got past security guards at the US State department in Washington with a pass which "could have been produced by a child", in what he described as "probably international espionage".

Mr Iannucci was researching his latest film, the US-British political drama 'In the Loop', when he visited the department's headquarters... He flashed the card at the guards in the main reception of the building, said he had an appointment and was waved through.

The comedian then spent an hour walking around the building taking photographs
, which were later used to help with the set designs for the film. (
more)

Friday, May 8, 2009

Hard Core Info on 34% of Diss'ed Disks

Highly sensitive details of a US military missile air defence system found on a second-hand hard drive bought on eBay... British researchers found the data while studying more than 300 hard disks bought at computer auctions, computer fairs and eBay.

The experts also uncovered other sensitive information including bank account details, medical records, confidential business plans, financial company data, personal id numbers, and job descriptions.


A spokesman for BT said they found 34 per cent of the hard disks scrutinised contained 'information of either personal data that could be identified to an individual or commercial data identifying a company or organisation.' And researchers said a 'surprisingly large range and quantity of information that could have a potentially commercially damaging impact or pose a threat to the identity and privacy of the individuals involved was recovered as a result of the survey.'

Dr Andy Jones, head of information security research at BT, who led the survey, said: 'This is the fourth time we have carried out this research and it is clear that a majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks. (
more)

Sam's Uncle Sam Wiretap Party

MI - Political consultant Sam Riddle says he's planning a party for everyone whose conversations were picked up on a federal wiretap of his cell phone.

Riddle, who worked for Detroit City Council President Monica Conyers and has political clients around the country, said today he may need to get a room big enough for 100 people "if everyone brings a guest."

To get into the party, attendees will need a letter from the Justice Department -- sent out under federal wiretap laws -- saying the attendee was intercepted having a conversation with Riddle. (more)

SpyCam Story #528 - Nothing to sneeze at...

Tissue Box Camera
Motion activated cam system

It looks like a black tissue box but is it? The Tissue Box Recluse is an all-inclusive recording device in a simple tissue box. The enclosed DVR and camera become invisible as the plain black case blends into any background. This hidden camera is a simple to use and easy to deploy advanced recording system in an elegant tissue box.

Inside this ordinary looking tissue box is actually a motion activated camera, with a recording system using a SD card for Memory, The Tissue Box Recluse can go anywhere and record everything without attracting any attention. Just Set the box in your desired location and begin recording.

The tissue box emits no wireless signals that may or may not be stable within an already RF rich environment. Your video is safely stored within the removable SD memory card unlike some wireless camera systems that may be intercepted. Captured video may be viewed on a PC using Windows Media Player. (more)

Why do I mention it?
So you will know what you are up against.

Spy School for your Munchkins

TX - This summer Dallas will become a nest of spies. At least that's the plan of the Museum of Nature & Science as it brings The Science of Spying, an international traveling exhibition from London to North Texas.

Opening Memorial Day weekend, the interactive The Science of Spying exhibit is part James Bond, part "Spy Kids" and part "Lie to Me." It gives eager spy wannabes of all ages an opportunity to experience the latest spy gadgets and techniques -- including remote-control spy planes, night-vision goggles, biometric scanning, infiltrating computer systems and the dolphin spy camera. Visitors will also learn how to detect liars, crack safes and find hidden clues.

To bring home the lessons of the mysterious and daring world of spy craft, the Museum of Nature & Science is inviting the public to join in a sprawling Spy Adventure. In cooperation with its local promotion partners, the museum has created a web of virtual and real-world espionage activities beginning May 8. Participants who crack codes, uncover clues and demonstrate superior spy skills will receive discounts to the exhibit and a chance to win prizes.

... . -.-. .-. - / -.-. - - - ..- .--. - - - -. / ..-. - - - .-. / .- / ..-. .-. .. / -.-. .... .. .-.. -.. .- - - -. ... / - .. -.-. -.- . - / .-.-.- 
Father's Day weekend. Code: SPYB1 ~ Agent K

TV Reporter Charged with Wiretapping

Philippines - Broadcast journalist Cecilia ‘Cheche’ Lazaro posted a P12,500 ($265.15) bail on Friday to avoid arrest stemming from a wiretapping case filed against her in 2008.

Lazaro was accused by Government Service Insurance System Vice President Ella E. Valencerina of violating the anti-wiretapping law after airing parts of their phone conversation on her TV program “Probe".

The veteran journalist posted bail at the Pasay Metropolitan Trial Court Branch 47 after the court issued a warrant for her arrest on Thursday. Several of Lazaro's production staff members as well as concerned teachers, accompanied her in Pasay City.

"It is mind-boggling why I am being singled out for prosecution for following the tenets of responsible journalism," Lazaro said. (more)