Friday, July 31, 2009

iPhone Text Vulnerability

A pair of security experts have found a vulnerability in the iPhone that allows a hacker to take control of an iPhone through a text-message attack.

Cybersecurity researchers Charlie Miller and Collin Mulliner explained the security hole at the Black Hat cybersecurity conference in Las Vegas on Thursday. They said they informed Apple of the problem a month ago but the problem has not been patched, according to Forbes, which said Apple has declined to comment on the issue.


The iPhone, Miller and Mulliner said, can be controlled by an outside hacker through a series of mostly invisible SMS - short message service - bursts. That would give someone control over an iPhone user's phone, text messaging, Web browsing, microphone and camera functions. There is a similar flaw in Windows Mobile phones.


Should You Worry?
MyMobiSafe founder Eric Everson said it's highly unlikely they will be targeted. He said the attack would require hundreds of SMS texts (512 to be exact) to any phone. He said if any of the SMS messages are deleted before the attack is complete, then the hack will not be effective.


To be on the safe side, if you receive a text message with a square in it, turn off your iPhone or switch the device into airplane mode. (
more)
◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊...
(just kidding :)

UPDATE - "Less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone." - Apple spokesman, Tom Neumayr. (more)

Wednesday, July 29, 2009

"Is that your thumb, or are you just glad to see me?"

from the seller's Web site...
"Do personal Investigations Do Secret Surveillance Gather Evidence"

Thumbcorder
(AJ-024TC) is the smallest real USB Flash Drive Spy Cam hands free Camcorder in the world with Built in 8Gb USB Flash Disk, Use it as a normal flash drive, spy pen camera in your pocket

Record with single switch
Just slide the Switch to Rec. will start recording, just slide switch to off to stop recording that's all... it will record sound and video. Really very easy to use.

View Recorded files
Simply connect the Thumbcorder to any USB port of your computer and view or copy the files to view. No need for any cable or extension.
Also, you can use it as USB disk drive. (more)

BTW, they plan to advertise this on television (USA Network).
Why do I mention it?
So you will know it when you see it.

Tuesday, July 28, 2009

The Badge is Not The Bullet-Proof Vest

A data breach at Internet domain administrator and host Network Solutions has compromised personal and financial data for more than 573,000 credit and debit cardholders. To add more pain to the breach, Network Solutions says it was PCI compliant at the time of the breach.

The PCI Security Council Weighs In...
Just because a company has passed its compliance validation, it doesn't mean that the need for vigilance of security measures should stop, says PCI Security Standards Council General Manager Bob Russo. As for whether Network Solutions was PCI-compliant at the time of the breach, Russo notes, "Until a forensics investigation is completed, an organization can not comment accurately on its compliance status."(more)

Effectiveness of any security measure is directly dependent upon the other security measures in place. Imagine your "wall of protection" as building blocks. One block is ineffective without the other blocks. Each block has its purpose and place... and you need every type of block to build a strong and effective wall.

The relationship is both symbiotic and synergistic.

According to the results of our recent poll (below), TSCM sweeps are a totally overlooked 'block' more than 80% of the time. Learn from the mistakes of others. Look at your wall, plug the holes.

Monday, July 27, 2009

Poll: Workplace Bug Sweeps

In our latest poll, we asked our readership - mainly people with organizational security interests - "How often does your workplace conduct... "Bug Sweeps?"

17% responded that TSCM inspections are being conducted.
The frequency of these inspections are:
8% Monthly
3% Quarterly
3% Biannually
3% Yearly

3% "Don't know how often."

81% said, "They don't check."

No one indicated, "When problems arise," or "Other."

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

The first phone-spy software seller arrested

Vietnam - Software that allows people to bug private phone calls or text messages is now offered for sale on many websites. A man who sold the software has been recently arrested in HCM City.

Where does the spy software come from?
According to IT experts, the software orginated in western countries. It is said that there are more than 200 companies trading spy phone software online, called Spy Mobile and Mobile Phone Spy, at a price of US$50-300. The service has become popular and for sale online like any other product...

Nguyen Thanh Trung, representative of the Nam Truong Son Company, which supplies anti-virus software in Vietnam, said the company’s software Kaspersky Mobile Security was considered the most effective protection against spy software. “When this anti-tap software is installed, it will prevent unwanted software from being installed in mobile phones.” (more)

Saturday, July 25, 2009

"It's outdated because... uh, they know."

The New Hampshire Attorney General's office is planning to review a county investigation report regarding the wiretapping of civilian employees working in the Portsmouth Police Department's records office.

In June, Rockingham County Attorney Jim Reams sent a letter to Police Chief Michael Magnant indicating his office didn't find sufficient evidence to bring charges against any police employee responsible for installing a microphone recording device. At least one police department employee complained upon learning they were being recorded.

The chief noted the device allowing a supervisor to monitor conversations from their computers in other parts of the police headquarters was outdated, and the department has since changed policies to prevent such concerns. (more)

Cheche Lazaro - Update

Philippines - Broadcast journalist Cheche Lazaro entered a “not guilty” plea on the wiretapping charges filed against her by a ranking official of the Government Service Insurance System. (more) (background)

Men In Black Kick Bu... ...gs?

It seems the line between paranoia, spying and diplomacy is blurry in New Zealand.

According to Sir Clive Woodward, spying is a fact of rugby life (and he would know) and few understand this better than New Zealand.

Hardly a tour goes by without the Kiwi camp escalating tensions with claims of spying - and this year's Tri-Nations seems no exception.

New Zealand take their 'game secrets' so seriously that they've a constant security protocol, they have food and nutrition specialists and a truckload of personal security specialists.

Ahead of their Bloemfontein game, the All Blacks have allegedly again demanded exclusive use of facilities in Pretoria, where they have set up a 'bug-free' training camp. (more)

World's Dorkiest SpyCams

NUMBER THREE
(from the seller's Web site...)
"Sunglasses can be used as part of a disguise or to build an identity. In some old school spy and detective type movies, sunglasses are used as a way to hide a character's identity and try to blend in and not look obvious. Other times, sunglasses are used by a character to display that he is a bonafide badass and not someone to be messed with.

The Spycam Video Sunglasses are not intended to be part of any disguise - they are the disguise - concealing a tiny video camera in the center of the glasses. (Click photo to see big "bonafide" hole.) Capable of capturing excellent quality video and audio, these Spycam Video Sunglasses can be comfortably worn nearly anywhere to help you get the footage. Video is stored in AVI format on a Micro SD card. These glasses also feature easy-to-use controls which are located on the glasses frame. The built-in battery is rechargeable via USB connection and has a battery operating life of about 3-4 hours." (more)

NUMBER TWO
(from the seller's Web site...)
"Digital Binocular Sports and Spy Camera with a telescopic lens that is great for outdoor surveillance. The Avatar comes with a 2.5 inch display screen for viewing comfort and multimedia functions, including music and video player. This single lens video and photo camera is often called a "Monocular Telescopic Sports Camera".

The Avatar digital camera lets you can take snap shots from one building looking out on to another building, balcony or apartment, and works best in full daylight conditions." (more)

NUMBER ONE
(from the seller's Web site...)
"No One Will Suspect That This Clock Radio Is Recording Their Every Move
(Because it is too ugly to look at?)
Standard Clock Radio Doubles As Hidden Spy Camera - This fully functional SONY digital clock doubles as a completely covert hidden camera. The SONY Dream Machine Hidden Camera records high quality real-time video day or night with an automatic switching nightvision camera that activates the moment it gets dark for nightvision up to 30 ft. away. Record real-time motion-activated video or high resolution still shots onto a tiny SD card, housed in a hidden compartment for easy transfer and viewing." (more)

Just for fun. When you have time. Frtiz Lang.

Fritz Lang's Metropolis,
with Blade Runner background score,
scores a 10.

Friday, July 24, 2009

FutureWatch - FiberCam

T-shirts that can snap photos or carpets that are able to report a buildup of dust may one day be possible, thanks to the creation of a fiber that can detect images. Researchers at the Massachusetts Institute of Technology have created a polymer fiber that can detect the angle, intensity, phase, and wavelength of light hitting it, information that can be used to re-create a picture of an object without a lens.

”Once you have the phase and amplitude of a wave, you can then figure out what the object was that the wave emanated from,” says Yoel Fink, director of MIT’s Photonic Bandgap Fibers and Devices Group. (more) (more) (video profile of Yoel Fink)

Eavesdropping on Bus-ted

Maryland's acting transportation chief, citing concerns about privacy, has pulled back an internal proposal to use listening devices on its buses and trains for recording conversations of passengers and employees.

The Maryland Transit Administration had been considering adopting a system that would allow it to conduct audio surveillance similar to that in several other large U.S. cities (San Francisco, for one.)...

The MTA asked the attorney general to clarify whether Maryland's Wiretapping and Electronic Surveillance Act would require the MTA to obtain the consent of passengers before recording their conversations.

If consent is required, the MTA asked whether posting a sign informing riders they were under audio surveillance would be sufficient notice. (
more) (video)

Thursday, July 23, 2009

Mighty Mouse, Atom Ant, Secret Squirrel...

The movie "G-Force" stars a squad of U.S. government-trained guinea pig spies on a mission to thwart an evil billionaire from taking over the world.

While the plot is pure Hollywood,
nature is full of critters great and small that humanity has harnessed for espionage, protection and moral support.
• Dolphins
• Sea Lions

• Fish
• Sharks
• Dogs

• Penguin

• Insects

• Robot Chicken (just kidding)
(more)
P.S. - Could "G-Force" be based on a real rodent spy case? (Click here.)

SpyCam Story #542 - PottyCams, BullyCams...

• In South London, the newly refurbished Stockwell Park High School has nearly 100 CCTV cameras on the premises, with another 100 due to be installed. Not only are the general areas monitored but classrooms also have cameras... the school plans to use the cameras to resolve disputes about bullying or if claims are made against teachers.

• A primary school in the UK is using closed circuit television in toilets in a bid to catch vandals... "The pupils of the school saw that there was available space on the security system operating in the school and asked whether TV cameras could be installed just to cover the sink areas in order to prevent further vandalism to the toilets," said Principal, Len Holman. (more)

The Future of TSCM - Mind Reading

... Why is it so hard to know other people's minds?
Or, better yet, why is it so easy?

MIT neuroscientist Rebecca Saxe is trying to reconcile these two questions. She is studying the part of our brain called the right temporoprietal junction that is almost entirely specialized to think about and judge other people's thoughts.

Between age 3 and 5 children learn that people can have false beliefs, but only by age 7 have they developed the ability to apply moral judgments to other people's thoughts.
It takes a while for the TPJ to develop, but by adulthood it lights up brightly in brain scanners when moral judgments run hot.

But Saxe's lab, using a machine called a transcranial magnetic stimulator, which applies an electromagnetic pulse to a targeted point in the brain, can temporarily disable the function in the TPJ and change what people think about someone else's actions.

Think of the possibilities for trial lawyers, spymasters and advertisers. The Pentagon has called Saxe, but she is not taking its calls. (
more)

Wednesday, July 22, 2009

Security Direct Alert - National Critical Infrastructure

If your job involves protecting any part of the National Critical Infrastructure you will do well to engage the services of John Sullivant, CSC, CHS-III, CPP as your consultant.
Not
quite ready for that yet?
Just want to pick his brain?
Here you go...


Strategies for Protecting National Critical Infrastructure Assets: A Focus on Problem-Solvingeases the research burden, develops investigative protocols, and pulls together data into a comprehensive and practical guide, to help the serious reader understand advanced concepts and techniques of risk assessment with an emphasis on meeting the security needs of the critical national infrastructure.

• Helps the reader to understand advanced concepts and techniques of risk assessment
• Provides a quick, reliable, and practical "briefcase" reference to use in the office as well as on the road
• Introduces the elements of the risk assessment process by defining its purpose and objectives, describing the behavioural and physical sciences, the techniques employed in the process, and the measurement and evaluation tools and standards used to perform an objective risk assessment.

Hardcover: 648 pages
Publisher: Wiley-Interscience; 1st edition (September 26, 2007)
Language: English
ISBN-10: 0471799262
ISBN-13: 978-0471799269

Contact:
John Sullivant, CSC, CHS-III, CPP - Founder Owner and President
S3E - Sisters Three Entrepreneurs Security Consultants Company
7733 Hampton Ave. Suite 1 - West Hollywood, CA 90046
W: 323-850-6920 Direct: 310-703-4317
www.S3EConsultants.com

China - Bribery is Espionage

China’s detention of Rio Tinto Group executives amid allegations of espionage and bribery should serve as a reminder to foreign companies that they may also risk prosecution by U.S. enforcement agencies...

By treating information from state-owned companies as secrets, China affirmed the broad definition of public officials under the U.S. legislation, said Shanghai-based lawyer Lesli Ligorner. (more)

SpyCam Alert - From Head to Toe

From the Omejo Web site... This is a hidden top hat, but inside built in a ultra-small digital spy camera recorder DVR, it looks like an ordinary small top hat, but it has a powerful feature that can record cover real time videos, its a normal mini top hat that most of interesting part is that it internally hides in a small ultra-shaped camera DVR, it does not need any external plug-in card, built in 4GB memory, can work up to 6-7 hours. There is time and date for the recorded video, you can get the most authentic evidence by this wonderful spy device. Ideal for CIA agents, police, detector, and spy agency. (more)

The World's the most powerful audio video 2.4 GHz wireless with Hidden Shoes camera, super crisp real time audio video recording with date time stamping. Specially designed for Law enforcement agencies for their hidden investigation. This amazing device is ideal for covert or spy operations. (more)

Why do I mention it?
So you will know what you're up against.

SpyCam Story #541 - Erin Andrews

As millions of Internet users continue scouring the Web for videos of Erin Andrews, the ESPN sportscaster who was surreptitiously filmed naked in a hotel room, amateur and professional sleuths looking for a culprit now contend that there are actually multiple clips which appear to have been filmed in at least two different locations....

The grainy images shot through what appears to be a makeshift hole in a wall, show Andrews undressing and appearing nude in an unknown hotel room, apparently unaware that she is being filmed...

The Web site TMZ.com has viewed several pieces of footage and surmised there are six separate clips circulating online, four filmed at one hotel and two from a second.

According to the site, the first set of videos was filmed through a round hole, and the second set filmed through a jagged hole. There is reportedly different furniture in each of the rooms.

TMZ speculates that the alleged peeping tom was someone -- possibly an ESPN employee -- who had knowledge of Andrews' schedule. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Missing iPhone Leads to Suicide

Police in the southern Chinese city of Shenzhen are investigating the suicide of an employee of Hon Hai Precision Industry Co., which assembles the popular iPhone for Apple Inc....

Sun Danyong, a recent engineering graduate, jumped out of the window of his apartment last Thursday. The reports said Sun, who had been tasked with sending iPhone prototypes to Apple, had been under suspicion for stealing after one of the handsets went missing. Some publications reported that, in the days prior to his suicide, Sun had been detained and beaten by a senior official in the security department of the Taiwan-based electronics manufacturing giant.

Hon Hai also said it suspended a security official who had questioned Mr. Sun before his death. The security official couldn't be reached for comment...

Apple is known for requiring suppliers to sign contracts that impose hefty financial penalties if they are found to have leaked sensitive information. (more) (more)

Tuesday, July 14, 2009

The Berry Patch

UAE - The battery-sapping "performance patch" that Etisalat sent to its BlackBerry subscribers over the last few days was designed to give the UAE operator the ability to read its customers emails and text messages, a Qatar-based software expert told CommsMEA yesterday.

Last week, Etisalat told its 100,000 BlackBerry subscribers that a "performance enhancement patch" would be sent to them to "provide the best BlackBerry service and ultimate experience". But users who downloaded the software complained of dramatically reduced battery life and slower than usual performance of their devices.

Nigel Gourlay, a Doha-based Sun-certified Java programmer who has been developing open source software for 15 years, analysed the patch after it was posted on BlackBerry’s community support forum and he said that once installed, it potentially gives Etisalat the power to view all emails and text messages sent from the BlackBerry. (more)

FutureWatch - Governments may make the manufacturer or carrier pre-load this capability as a condition of doing business in that country.

What CEOs Don't Know About Cybersecurity

A new study hints at how often cyberthreats aren't communicated to the boss.

Being the chief executive has its privileges. And one of them may be a blissful ignorance of your company's data breach risks.

According to a study to be released Tuesday by the privacy-focused Ponemon Institute, companies' chief executives tend to value cybersecurity just as--if not more--highly than their executive colleagues. But compared to lower-level execs, CEOs also tend to underestimate the frequency of cyberthreats their organization faces. (more)

Having observed the scene for over 30 years, these findings may be extended to include any technical threat to information security.

Quote of the Day -- "We don't know how much filtering of bad news happens that keeps CEOs from hearing some of the darker secrets." ~ Dr. Larry Ponemon

ESC Highlights Growing Espionage Threat

Some items from the latest issue of Employee Security Connection...
Corporate Espionage Rising: All told, U.S. businesses lose up to $250 billion in revenue as well as 750,000 jobs annually. To help your employees do their part to fight spying and insider risks, we explain the basic types of threats-both technical and non-technical.

Security Risks R Us: Think your employees know their stuff when it comes to spying? Here we offer a quick quiz for your employees to assess their security savvy.

Foreign Affairs: You'll want your employees to take note of this recent case in which a contractor lost his security clearance and went to jail for failing to report his relationship with a Chinese national.

Be Safe When Traveling Overseas: Whether your employees are packing for a pleasure trip or just hoping to do some sightseeing in conjunction with business travel, we provide some timely tips to help them prepare. (q.v. Staying Safe Abroad)

Security Directors...
Employee Security Connection is a quarterly awareness newsletter, developed by the National Security Institute to help educate employees to the risks and security responsibilities for protecting classified and proprietary information. Four quarterly issues, 8 pages each, in Adobe PDF format. Customized with your logo. One subscription allows organization-wide distribution rights (e-mail, intranet or print). They do all the work. You get all the credit. Easy!

Japanese scientists to build robot insects

Japan - Police release a swarm of robot-moths to sniff out a distant drug stash. Rescue robot-bees dodge through earthquake rubble to find survivors.

These may sound like science-fiction scenarios, but they are the visions of Japanese scientists who hope to understand and then rebuild the brains of insects and program them for specific tasks.

Ryohei Kanzaki, a professor at Tokyo University's Research Centre for Advanced Science and Technology, has studied insect brains for three decades and become a pioneer in the field of insect-machine hybrids. (more)

"Moth smoth... let's build a brain!"


Friday, July 10, 2009

Negative feedback, buyer claims he was arrested.

A Chinese national was indicted this week for conspiring to violate U.S. export law, following a nearly three-year investigation into his alleged efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources.

Chi Tong Kuok, of Macau, told Defense Department and Customs investigators that he had been “acting at the direction of officials for the People’s Republic of China,” according to a government affidavit in the case. “Kuak indicated he and PRC officials sought the items to figure out ways to listen to or monitor U.S. government and military communications.” (more) (sing-a-long)

You know spying is a major problem when...

...Forbes Magazine is hawking spy gear on their Web site.
(Click to enlarge)

Follow-up: Murdock Phone Tap Scandal

via Politics Daily... The Guardian broke a story revealing that Rupert Murdoch's News Group Newspapers has paid out more than 1 million pounds in court costs after its journalists were accused of involvement in phone tapping.

The journalists allegedly hired private investigators to hack into the mobile phones of public figures ranging from former deputy prime minister John Prescott to supermodel Elle McPherson, as well as numerous other politicians, sports stars and actors. The investigators allegedly
gained access to all sorts of confidential information about these people, including tax records, bank statements and social security files...

...one of Murdoch's former editors at the News of the World says that
this scandal constitutes one of the major media stories of modern times.

First, it suggests that such behavior -- if shown to be true -- was not the result of a few rogue reporters but
a systemic policy in the newsroom, opening the paper up to the possibility of a class-action lawsuit.

Second, the scandal also threatens to embroil the Metropolitan police -- who apparently did not alert all those whose phones were targeted -- as well as the Crown Prosecution Service, which did not pursue all possible charges against News Group personnel. Finally, even Conservative party leader David Cameron could be tainted by this one: The party's chief of communications,
Andy Coulson, was an editor at the News of the World when the alleged wire-tapping took place. Murdoch, for his part, maintains that he knew nothing about any of this.

This morning, the Commons Culture, Media and Sports Committee of the British Parliament announced it is launching an official investigation into
the use of illegal surveillance techniques. (more)

Thursday, July 9, 2009

Does your Security Program Include TSCM?

If not, your corporate strategies are about this well protected.

Add TSCM / Eavesdropping Detection Audits to your security program.

Contact a qualified specialist, today. ~Kevin

Security Director Alert - "Get me some dirt on..."

Electronic eavesdropping and wiretapping attacks are coming at you from all angles: competitors, disgruntled employees, unions, foreign governments, activists, and the media. Here is a high-profile example of media spying...

Rupert Murdoch's News Group News papers has paid out more than £1m to settle legal cases that threatened to reveal evidence of his journalists' repeated involvement in the use of criminal methods to get stories.

The payments secured secrecy over out-of-court settlements in
three cases that threatened to expose evidence of Murdoch journalists using private investigators who illegally hacked into the mobile phone messages of numerous public figures to gain unlawful access to confidential personal data, including tax records, social security files, bank statements and itemised phone bills.

Cabinet ministers, MPs, actors and sports stars were all targets of the private investigators.


How pervasive was this snooping?

...one senior source at the Met told the Guardian that during the Goodman inquiry, officers found evidence of News Group staff using private investigators who hacked into "thousands" of mobile phones. Another source with direct knowledge of the police findings put the figure at "two or three thousand" mobiles. (more) (more)

"Passwords? We don't need no stinkin'..."

Kon-Boot for Windows enables logging in to any password protected machine profile without without any knowledge of the password. There is also a version for Linux. Sounds dangerous. Stay tuned. Freeware download.

Security Director Recommendation - One possible corporate environment solution; lock out USB ports and CD drives.

Spy Cheap... at The International Spy Museum

The International Spy Museum Store is having a great summer sale! Up to 50% Off + Free Ground Shipping on Orders Over $50.

Very Practical...
Metrosafe Anti-Theft Computer Bag
Product Facts: When you have top-secret data to deliver, there may be spies lurking around the dead drop, waiting to lift your laptop. That’s where the Metrosafe delivers. It looks like a regular laptop case, but its security features elevate it to an effective anti-theft device. It has tamper-proof, lockable zippers and a wire-reinforced, slash-proof shoulder strap with a built-in combination lock. (You can anchor the strap around a secure object like a table leg.) Its front and bottom panels are also slash-proof to protect against knife-wielding spies. Designed with a fully padded laptop compartment with two organizer pockets, a front zippered organizer pocket and two padded pockets to hold a cell phone, PDA, camera, or MP3 player. Fits most 13” laptops. Technical Data: 840-denier ballistic nylon/high-tensile steel wire. Black. 12” x 13-1/2” x 4”. 2 lbs., 3 oz. (33% off)

Tuesday, July 7, 2009

Why Business Espionage is Epidemic

Business espionage has kept me in business for over 30 years now. I help organizations uncover it and stop it - before they suffer expensive losses. Eavesdropping and wiretap detection is a key component to corporate counterespionage efforts because they are the easiest espionage red flags to spot.

This is what I have learned over the years.
Business espionage is rampant due to...
1. Low cost of entry.

2. High rate of return.
3. Low probability of detection.
4. Lower probability of prosecution.
5. Even lower probability of meaningful punishment.

Example...
David A. Goldenberg, ex vice president of AMX, was arrested following a six week investigation and was charged with Unlawful Access of a Computer System/Network, Unlawful Access of Computer Data/Theft of Data and Conducting an Illegal Wiretap. On May 11 he entered a plea of guilty to felony wiretapping.

The investigation revealed that, while an employee of AMX, Goldenberg had infiltrated the email accounts of Sapphire Marketing, a sales representative for Crestron. He was intercepting emails related to potential contracts, which afforded him advanced knowledge of Sapphire's customers and bid prices affording him an opportunity to underbid them. He then established a free email account and created an automatic forward of the victim's email to that address.

He has been sentenced to three years probation, including psychological counseling, and will have to pay an undisclosed fine. The maximum sentence for the crime is five years in prison but Goldenberg has managed to avoid any jail time. (more)

In this case, damage was done. Their information and strategies were taken and used against them. The loss was expensive.

Call me if your company would like to know how to detect espionage problems before they get to this stage. ~ Kevin

Monday, July 6, 2009

Spy Trick #325 - Lost Laptops from Airports

A new study sponsored by the Dell computer company estimates that more than 12,000 laptop computers are lost or stolen each week at U.S. airports, and only 33% of those that turn up in "lost and found" are reclaimed.

The other 67% remain in the airport awhile before being disposed of, meaning there are "potentially millions of files containing sensitive or confidential data that may be accessible to a large number of airport employees and contractors," the study reports.

More than 53% of business travelers say their laptops contain confidential or sensitive information, but 65% of these people admit they don't take steps to protect it. Yet the average business cost when confidential personal information is lost or stolen is $197 per record, according to another Ponemon study.
(more)

A full copy of the report can be found here. (pdf)


What do you think happens to laptops left at the airport?
Could they fall into the hands of professional snoops?


"The TSA turns it over to state surplus property agencies, which tend to sell it online or at retail stores."

Let's dig further. We'll pick Texas, a big state with several major airports (7 to be exact). They have several method of disposal...
• Online auctions at www.lonestarauctioneers.com and www.bandiauctions.com
• 3 live on-line auctions a year.

• eBay under seller name texasstatesurplus.
• At their walk-in stores.
(Texas Surplus Brochure)

It would not be difficult for business spies to track property disposal auctions from every airport.

Solutions... Crypt your disk. Install theft reporting software. Engrave "Reward if found and returned..." on the bottom.

The Case of the Tattle-Tell Cell

NY - Mikhail Mallayev, who was convicted in March of murdering an orthodontist whose wife wanted him killed during a bitter custody battle, stayed off his cellphone the morning of the shooting in Queens. But afterward, he chatted away, unaware that his phone was acting like a tracking device and would disprove his alibi — that he was not in New York the day of the killing.

Darryl Littlejohn, a nightclub bouncer, made call after call on his cellphone as he drove from his home in Queens to a desolate Brooklyn street to dump the body of Imette St. Guillen, the graduate student he was convicted this month of murdering.


The pivotal role that cellphone records played
in these two prominent New York murder trials this year highlights the surge in law enforcement’s use of increasingly sophisticated cellular tracking techniques to keep tabs on suspects before they are arrested and build criminal cases against them by mapping their past movements. (
more)

Sunday, July 5, 2009

Bugs Found - Georgia on my Mind

Georgia - The discovery of bugging equipment in opposition party offices indicates that the country is under a repressive regime, Georgian Public Defender Sozar Subari said on Tuesday. His statement followed claims by the Conservative Party and the Way of Georgia leaders that they found bugging equipment in their offices on Monday.

...the bugging equipment was discovered by one of the opposition leader’s security guards by using special equipment.

Later on Monday Conservative Party leaders also claimed they had found bugging devices in their office.

On Tuesday it also became known that similar devices had been found in the Alliance for Georgia’s office in Isani. One of the members of the Alliance, New Rights activist Mamuka Katsitadze, said that the New Rights is now checking its own offices. “I am also planning to examine my house...

The Interior Ministry has denied any links with the bugging devices found in opposition party offices. Spokesperson Grigol Beselia said that the Ministry’s special agencies do not use these devices any more. “A criminal case has been launched concerning the bugging equipment found in the Conservative Party and Way of Georgia offices. No special license is needed to buy these kind of devices. Anyone can buy them... (more)

"Love the giver more than the gift." - B.Y.

Psst: The super-secretive National Security Agency is about to build a huge, $1.9 billion data center at Camp Williams, Utah, to help spy on communications worldwide. (more)

SpyCam Story #540 - The Covert Cruiser

OH - Why did that police cruiser camera start recording?

That’s an unanswered question in the wake of the tape that showed Police Chief Tim Escola kissing and caressing a part-time officer under his command.

An attorney for the former chief suggested the cruiser camera may have been rigged, a claim township officials dispute.


POSSIBLE ANSWERS

Law Director Charles Hall said Escola or officer Janine England accidentally may have switched the camera system into a “covert mode,” which recorded their behavior June 2 as they drove a burglary suspect back from the Cincinnati area.

Those familiar with the equipment in Perry Township didn’t know the feature existed until Thursday after a review of the owner’s manual, Hall said. The system is less than a year old.
“If you go to turn the device off and hold the power button, the camera goes into covert mode,” Hall said. In covert mode, the camera continues to record but the display screen and all lighting turns dark, he said.

Escola abruptly retired Tuesday night. England remains on the force and faces no discipline. (more with interesting comments) (video)

"So, SIS stands for SECRET Intelligence Service?"

The wife of the new head of Britain's spy agency has posted pictures of her husband, family and friends on Internet networking site Facebook, details which could compromise security, a newspaper said on Sunday.

Sir John Sawers is due to take over as head of the Secret Intelligence Service in November. The SIS, popularly known as MI6, is Britain's global intelligence-gathering organisation.


In what the Mail on Sunday called an "extraordinary lapse", the new spy chief's wife, Lady Shelley Sawers, posted family pictures and exposed details of where the couple live and take their holidays and who their friends and relatives are. (more) (sing-along)

Saturday, July 4, 2009

Business Espionage - Frankincar

Tong Jian S11
China’s first "self-designed" hybrid sports car...

Part Prius
Part Audi R8

Part Ferrari F430


via China Car Times...
The S11 was first unveiled at the Shanghai Auto show earlier this year to an impressed crowd. The car was designed by Shanghai based TJ Innova, the S11 looks fantastic, with Audi and Ferrari design tones slipped into its sleak body, under the platform there is an AWD drivechain pushing power to each corner of the car. (more)

Just coincidence?
You decide.

Friday, July 3, 2009

IvUkenReDizUmstBeeMstrPrzadnt

For more than 200 years, buried deep within Thomas Jefferson's correspondence and papers, there lay a mysterious cipher -- a coded message that appears to have remained unsolved. Until now.

The cryptic message was sent to President Jefferson in December 1801 by his friend and frequent correspondent, Robert Patterson, a mathematics professor at the University of Pennsylvania. President Jefferson and Mr. Patterson were both officials at the American Philosophical Society -- a group that promoted scholarly research in the sciences and humanities -- and were enthusiasts of ciphers and other codes, regularly exchanging letters about them. (more)

What's in a spy suspect's bedroom?

The latest revelation in the curious case of accused Cuban spies: They kept a copy of The Spy's Bedside Book in their apartment.

A peek inside the apartment of husband-and-wife spy suspects reveals a shortwave radio, a sailing guide to Cuban waters -- and now a copy of The Spy's Bedside Book, according to new court documents in the case. (more)

Blind Justice Swats Blind Swatter

MA - A blind teenager was sentenced to 11 years in prison on Friday for hacking into the Verizon telephone network and using fake 911 calls to harass an investigator who was building a case against him...

Matthew Weigman, 19, from Revere, Mass., was part of a group of sophisticated and notorious telephone hackers who engaged in “swatting” calls. (Calls prompting police SWAT team dispatch.)

Swatters use spoofing technology to mask their real location when placing fake 911 calls. This makes it seem as though the call is legitimate, and coming from a potential victim’s home. Police are sometimes dispatched to the homes of these “victims,” allowing swatters to effectively harass their targets from a distance.

Weigman, known as “Little Hacker,” has been involved in telephone hacking since the age of 14. (more)

Trend - Phone Encryption

During Sweden’s EU Presidency (started July 1), Swedish government authorities and the defense forces will use Sectra’s Tiger XS personal voice encryptor for eavesdrop-secure communications. Sweden is the fifth country in Europe to use Tiger XS to protect telephone conversations from eavesdropping during its EU Presidency. (more)
from the web site...
One encryption device for all
Tiger XS is a personal encryptor that protects mobile and fixed communications. Use one encryption device to secure your voice, data, fax and SMS communications. Tiger XS is connected to your mobile phone via Bluetooth®. This enables a high level of security on communications networks such as GSM, PSTN, ISDN, IP networks as well as satellite systems. With Tiger XS you are safe to exchange classified information over GSM networks or ordinary telephone lines – from your office desk, at home or on the road. (more)

Thursday, July 2, 2009

Watergate. Bailout. They just sound right together.

According to a July 2 broadcast on National Public Radio, the famed Watergate Hotel in Washington, DC is likely to face foreclosure because the owners have defaulted on a $69.9 million loan on the property.

Watergate is well-known to many Americans because of the events of June, 17, 1972, when DC police arrested five men trying to break in and wiretap the offices of the Democratic Party located in the building. Along with two others, they were tried and convicted in January 1973.

All seven were connected with President Richard M. Nixon's reelection committee
, suggesting that what appeared to be a simple burglary/wiretap might involve high-level government officials. (
more)

FutureWatch - Watergate is purchased (bailed out) by the National Park Service. Tours daily. Most popular stop... The Frank Wills Memorial Door, with tape over the lock.

iOpener

If you own an iPhone, security researcher Charlie Miller can take control of it, and short of turning off the device, it appears there isn't much you can do to stop him. Not until Apple fixes the flaw, anyway.

Exploiting a bug in the way iPhones parse SMS messages, the principal analyst at Independent Security Evaluators has demonstrated how to send malicious commands to monitor the phone's location, turn on its microphone, or cause it to join a DDoS, or distributed denial of service attack, according to this report from IDG News.

The vulnerability is significant because there are few measures iPhone users can take to prevent an attack... (more)

Dumpster Diver Surfaces with New Identities

CA - Police have arrested a man who allegedly admitted to stealing the identities of more than 500 people by going through the trash of local banks and businesses.

The criminal complaint filed against 30-year-old suspect Jonah Nelson claims that he made more than 1,000 fake ID cards that he used to rip off people, stores and banks. Nelson also allegedly admitted to stealing the identities of more than 500 people all acro
ss Northern California, ranging from the Bay Area to the Central Valley.

Federal agents say Nelson said it was easy to find new victims: All he needed to do was visit a local bank and search their dumpsters. (
more)

My amazing bank shredder story...
I received a package cushioned with strips of shredded paper filler...
made from bank records!

Names, addresses, deposit amounts, account numbers, phone numbers, Social Security numbers. It was all there. Easily reconstructed.

This was worth looking into.

My secretary wrote to the company who sent us the box...
“Your packing material was most interesting (the recycled paper). Is there a company that supplies it? Is there a charge for it? If you have a company name I would appreciate your sharing it with me. Thanks!”

Their reply...

“Check with any local bank - they shred 6-10 bags per week - you can get it for free for the asking!”

Fortunately, this was an honest person. They could just as easily have been and investigator or spy... and, the bank could have been any business or government agency.

Were their hearts in the right place for recycling?
Probably.

Is this a good practice.
No.

Buy and use a good crosscut shredder. ~Kevin

Wednesday, July 1, 2009

The Search Engine That Didn't Snitch... and other disasters

Hey gang, it's almost Independence Day here in America. Yup, July 4th is just around the corner.

Fireworks are in America's bloodstream... but, did you know your on-line curiosity could get you in trouble with the terrorist chasers? Your fireworks search engine enquires might start popping red flags...

"Ludlow Kissel and the Dago Bomb That Struck Back"
"What is a Dago Bomb?"
"How can I build a Dago Bomb?"
"Dago Bomb ingredients"
"What was blown up by the Dago Bomb?"

(Knock, Knock)
"We're from Homeland Security..."


"Excelsior, you fathead!" Next time, don't use a search engine that captures your IP address. Search privately. Go to https://www.ixquick.com
ixquick is the only search engine which gives you anonymity.

Oh, and Ludlow... he had his 15 minutes of fame... about 2:17 into this Great American Fourth of July video. ~Kevin

UPDATE - NEW URL. Startpage.com