Wednesday, March 31, 2010

Poll Results - Would you sell your employer's secret information? (assume you would not be caught)

Apparently, our readership is pretty honest. Not surprising, you're not the typical employee. You have an interest in security.

However... considering the makeup of the group, the dishonest results are alarming — 29% admit they do, or might, commit espionage! 

Numbers lie. I suspect many who answered "Heck, I do that now" have a sense of humor like mine.

But what about that 8%? And, would that number be higher in the general (non-security minded) population? 

Thought... If your organization doesn't have a counterespionage strategy yet, you had better visit your local strategy shop.

GPS Tracker (with audio eavesdropping) Update

About 3 years ago the Security Scrapbook alerted you to a tracking device with eavesdropping capabilities

The folks at GoPass Technology Corp. have been really busy since then...

Their latest real time GPS trackers – with eavesdropping capabilities – can now...
  • Store data when out of cell range, and burst it back when it comes back in range.
  • Can send to two different computers. (Convenient home and office surveillance.)
  • Automatically snitch when the vehicle is moved.
  • Locate with assisted GPS. (Garage parking won't save you.)
  • Remotely immobilize the vehicle. (By killing the ignition... or the oil pump, which they suggest, but "don't recommend" in an Eddie Izzard sort of way.)
  • Send back data based on the preset time internal or based on the distance driven.
  • Read the voltage data by SMS message inquiry.
  • Get position data via a phone call. 
  • Set a timetable to send back data automatically. 
  • Snitch mode. (Teens will hate this.) Only sends data when a preset speed limit is exceeded.
  • And, a remote Sleep Mode. 
Need a "personal" tracker (with eavesdropping capabilities)? GoPass has you covered. "Don't leave home without it."

Why do I mention these things?
So you will know what you are up against.
P.S. Suspect you have something like this on your corporate vehicle (car, plane or boat)? Give me a call. I can help.

Saturday, March 27, 2010

Contest - You vs. the Swiss Army (USB)

Carl Elsener Jr, the current president of the Swiss army knife maker Victorinox and grandson of the company's founder, was in London this morning to promote the company's latest product: a secure USB flash drive.

And when he says secure, he doesn't appear to be mucking around. Victorinox is so confident of the combination of encryption and fingerprint security built into the drive that it has offered a reward to anyone who can crack it.

Think you've got what it takes to crack the Victorinox code? If you succeed, be prepared to walk away $100,000 richer. It's that simple.
Click here to to send us your registration by email!
View Rules and Regulations (PDF)

PS - If you screw it up, the data self-destructs!

Print Center Blues

Want to know what expenses your boss claimed last month? How much your colleague makes? What the co-worker down the hall is really working on? 

Forget about hacking their computers – you might want to hit the nearest photocopier instead... copy machines in your office keep a wealth of copied data on a hard drive that anyone can hack. 

In the age of everything digital, the photocopier is probably the one workplace item you never thought to worry about. It's just making a copy of a document, right? How risky could that be?

Very risky, as it turns out. (more)

Most print center manufacturers have add-on security software; one option worth opting for.

FutureWatch - "It's just our new 'know yer customer' policy, mate."

Australia - Somewhere in Perth's central business district is a building containing the names, ages, addresses, photographs and unique fingerprint codes of thousands of revellers who danced and drank at Sydney's Home nightclub last year.
 
Home, in Darling Harbour, began trialling a biometric ID scanning entry system nine months ago. Patrons lined up before six large terminals to have their photo taken, and their driver's licence and right index fingerprint scanned. The information was copied and sent to Western Australia, where it is stored on a secured central database by the system developers.

While Home is the only NSW venue to use fingerprint technology at present - there are 13 nationwide - various forms of ID scanning are being quietly rolled out at other nightspots. (more)

"Sheila, if we didn't do this you might get carried off by an alien. It's for your own good, you know, not to mention limiting our liability."  

It may take a decade or so, but once this generation has been privacy desensitized the concept of a business 'knowing the customer' as they enter the establishment will become more commonplace. 

Personal security won't be the only reason. Think about the counter-shoplifting possibilities. When businesses network their customer knowledge, mobile shoplifting gangs will find it harder to operate. 

The marketing mantra... "This enhances and customizes your experience with us."

Friday, March 26, 2010

I Spied (We'll miss you.)

Robert Culp, the veteran actor best known for starring with Bill Cosby in the classic 1960s espionage-adventure series "I Spy" and for playing Bob in the 1969 movie "Bob & Carol & Ted & Alice," died Wednesday morning. He was 79.

Culp fell and hit his head while taking a walk outside his Hollywood Hills home. He was found by a jogger who called 911 and was pronounced dead at Hollywood Presbyterian Medical Center in Los Angeles, said Lt. Bob Binder of the Los Angeles Police Department. An autopsy is pending.

"My mind wants to flow into sadness, but I want to stay above that," Cosby told The Times on Wednesday. (more)

Wednesday, March 24, 2010

Australia Week at KSS continues...

The Queensland government has tipped $14 million into wiretapping capabilities to support new phone interception powers handed to police last year. (more)

Tuesday, March 23, 2010

Plant a bug, grow a business? You decide.

Australia - A Sunshine Coast jury will decide the fate today of two women and a son who placed a fake bug in the home of a Nambour woman with mental health issues.

In each of their recorded police interviews, which were shown during a Maroochydore District Court trial over the past two days, they said they thought planting the bug would “help” the woman, who believed someone was monitoring her.

They took $100 from the woman’s daughter for removing the bug, which was a circuit board and wiring they obtained from a Mooloolaba surveillance store.

Kathleen Joan Kitchner, 54, and Corinne Martell, 47, from Private Eyes007, and Ms Martell’s son, Shane Robert Martell, 26, have pleaded not guilty to attempted fraud.

Their defence barrister has told the jury that “the reason the bug was placed there” should be the issue in their deliberations.

He said while the Crown argued the women planted the fake listening device with a view to getting further business through installation of a surveillance system and possibly security patrols, they had other motives.

The women were hired after Cheryl Metcalf called them to sweep her mother’s home for cameras and bugs in June, 2008. (more)

Bug Found on Activist's Phone Line

Australia - The former fashion designer Prue Acton, who is campaigning to save a koala colony from logging in a south-east forest, has discovered a bugging device in her phone.

The MP3 recorder was found by chance three weeks ago when Ms Acton, pictured, and her partner, the artist Merv Moriarty, received a delivery of water on their property at Wallagoot near Bega.

When the truck arrived, it ran over the Telstra pit (an underground phone junction box) on the track leading to their home.

The couple noticed their email had stopped working so Mr Moriarty went to check the pit. "He and the tanker driver pulled off the broken top and saw some strange devices attach to the phone lines but didn't realise they were listening devices," Ms Acton said.

Telstra fixed the line hours later, but the next day a detective from Bega police arrived.

"She came out to ask us first whether either of us were having an affair and bugging the phone. Hilarious! She next said a recording device, not a broadcasting device, had been found on the line."

The device was sent to Sydney for forensic examination, but Ms Acton said that because she had not been threatened directly, police were not giving the matter high priority.

She had no idea who might have installed the bug, but said it would not stop her from battling Forests NSW over logging in the Mumbulla and Murrah state forests near Bermagui.

Insight 
• Most bugging devices are found by accident. 
Imagine how many would be found if high-risk individuals and businesses hired a professional counterespionage consultant to look of them.

Monday, March 22, 2010

China Holds 4 Australians for Espionage Trial

Australia - Australian mining executive Stern Hu admitted to receiving bribes of up to 6 million yuan ($960,000) during a sensational opening day of the trial of four Rio Tinto executives in China yesterday... The four Rio executives were arrested on July 5 last year and charged with bribery and stealing state secrets, a charge that was later downgraded to stealing business secrets... The charges of stealing business secrets could add up to seven years to any bribery sentences, if they are found guilty. (more)

"Fair dinkum, money's no object!"

Australia - The general manager of a council in Sydney's inner-west has admitted spending council funds to employ a surveillance company to follow a man he feared was involved with his wife... It is alleged Mr Romano used council funds to pay for security expenses for personal purposes. Mr Romano has told the inquiry he spent more than $44,000 to conduct surveillance on a man he believed may have been harassing his family. The inquiry also heard Mr Romano thought the man was involved with his wife. (more)

Friday, March 19, 2010

Catch an E-Mail Snoop Yourself

via Erik Larkin, PC World...
Your Web mail account is a treasure trove of private and potentially valuable information -- and thieves know it... Normally you can't tell whether you've been hacked... Even if you cannily leave a juicy-sounding e-mail unread, a thief or snoop may read it and then return its status to unread. But with a little bit of know-how, you can create an electronic trip wire that will trigger whenever someone reads a rigged e-mail... The gist of it is to keep an e-mail message in your account that includes the code for a counter. Opening the attachment trips the counter, thereby alerting you that someone was snooping. (how-to details)

Better than a Sharp Stick in the Eye Alarm System

The Snow Queen or The Emporer's New Clothes? You decide.
From those wonderful folks who brought us Hans Christian Andersen...

“Dry” fog from PROTECT A/S obscures everything in protected areas in less than 20 seconds after a break-in. When activated, the fog generator produces dense but harmless fog and making thieves flee the way they got in. Because thieves cannot steal what they cannot see!

A PROTECT™ Fog Cannon completes the “circle of protection” when used with conventional burglar alarms, giving customers an additional sense of security. (more) (actual break-in video)

A competing product, FlashFog, also has some great surveillance and demo videos worth viewing.


Looks pretty cool. I'll go with Snow Queen.

Wednesday, March 17, 2010

World's Smallest Autofocus

LensVector Inc. has developed an autofocus technology that may make cameras again a main focal point on mobile phones.

LensVector’s autofocus device, which the company says is the smallest ever, sheers and focuses light using LCD technology. And, very importantly, it has no moving parts. LensVector has its sights set on cameras for cell phones, laptops and other mobile devices. (more)

(FutureWatch) ...like contact lenses for microbots or telephoto lenses for spycams, perhaps?

Your espionage is wildly successful. What's next?

China's relationship with foreign companies is starting to sour, as tougher government policies and intensifying domestic competition combine to make one of the world's most important markets less friendly to multinationals.

Interviews with executives, lawyers, and consultants with long experience in China point to developments they say are making it much harder for many foreign companies to succeed. They say the changes suggest Beijing is reassessing China's long-standing emphasis on opening its economy to foreign business—epitomized by the changes it made to join the World Trade Organization in 2001—and tilting toward promoting dominant state companies. (more)
There are louder voices pushing China to be more protectionist and to be more nationalist. Lester Ross, managing partner in Beijing for WilmerHale law firm
The International Monetary Fund on Wednesday lent its support to calls by the United States for China to allow its "much undervalued" currency to rise, amid EU complaints of protectionism. (more)

Monday, March 15, 2010

Murray Associates / Spybusters featured in the Tektronix March 2010 Newsletter




Case Study: 
Spybusters Tracks Down Hidden Eavesdropping Devices 
New technologies are making it easier than ever to listen in on private conversations. High-tech bugs are easy to plant and hard to detect, and are turning up in boardrooms and offices where they are not wanted. Learn how Spybusters LLC, a firm that specializes in detecting and removing surveillance devices, used Tektronix Real-Time Spectrum Analyzers to keep clients' offices bug-free. (Tektronix newsletter) (full story)

Password Whacker now a 100x Faster Cracker

Password-cracking tools optimised to work with SSDs (solid state drives) have achieved speeds up to 100 times quicker than previously possible.

After optimising its rainbow tables of password hashes to make use of SSDs Swiss security firm Objectif Sécurité was able to crack 14-digit WinXP passwords with special characters in just 5.3 seconds. Objectif Sécurité's Philippe Oechslin told Heise Security that the result was 100 times faster than possible with their old 8GB Rainbow Tables for XP hashes.

The exercise illustrated that the speed of hard discs rather than processor speeds was the main bottleneck in password cracking based on password hash lookups. (more)

If Tiger Woods' cell phone had this...

...he would be working on his putts today.

(from the manufacturer's press release...)
FlexiSHIELD is software for cell phones that effectively creates an 'invisibility' shield for your phone, protecting SMS, EMAIL, MMS, Phone Logs and actual Phone Calls from prying eyes.

For any phone number, or Contact that you specify, FlexiSHIELD will automatically hide any incoming or outgoing SMS, MMS, EMAIL, Phone Logs and actual Phone Calls in an invisible vault on the phone itself.

When installed and activated, there is no indication of the application, and all message and call notifications are suppressed, making FlexiSHIELD totally invisible in operation. (more)

No, it won't work on your iPhone or BlackBerry. Currently, it is only compatible with Windows Mobile / Nokia cell phones. Yes, these are the same people who make the cell phone spyware.

FutureWatch... It will be interesting to see how this development affects law enforcement, cell phone forensic investigations.

"How small are GSM bugs?"

A. They can be as small as a Compact Flash card.

This is a question I hear frequently, along with...
"How expensive are they?" 
($20 to $80)

"Where are people getting these?" 
(ebay and on-line spy shops)

"How do they work?" 
Plug in a SIM card and hide it. Call the listening device using any phone, from anywhere in the world. Or... some models will call, or text, you whenever it hears someone in the vicinity talking!

"How do you find them?" 
In 2009, Murray Associates developed a proprietary test - Digital Surveillance Location Analysis™ (DSLA™) - which plots the location of these normally dormant devices on a computer screen map, using triangulation.

Sunday, March 14, 2010

Ain't this a kick in the head? (again)

Erin Muller says she found a GPS tracking device attached to the undercarriage of her car two weeks ago ... and Erin tells TMZ she believes her ex Michael Lohan is the one who put it there. Muller claims her dad found the device -- which can track the whereabouts of her vehicle in real time -- while he was checking for an oil leak... According to Muller's lawyer, cops are investigating the situation as a felony eavesdropping case -- and, as a result, Erin says she's so paranoid that she's going to have her apartment swept for bugs. (more)
Leave a key under the mat, Erin...
Michael Lohan has released an audio tape exclusively to RadarOnline.com which he says proves that his ex-fiance Erin Muller broke the restraining order against her, ultimately leading to her arrest on Thursday. (more)

Saturday, March 13, 2010

And you thought TSCM was difficult in China...

China - Four private detectives from Liaoning province have been sentenced to prison terms ranging from seven to eight months in Chaoyang district court for running an illegal operation... The men registered their private detective agency in February 2009, describing it as a "business consultancy." Detective agencies are not legal in China. The men were accused of tracking, photographing and locating people between February and August 2009. (more)

If you need TSCM advice/assistance in any country, please call us, we can help you do it legally.

Friday, March 12, 2010

Out of the Box Malware

Security researchers report that malware has been discovered on a Vodafone HTC Magic smartphone running Google's Android operating system. The discover comes just days after battery producer Energizer acknowledged that the Windows software it had been distributing for its Duo USB charger was infected with a Trojan. (more)

Eavesdropping as Entertainment

You have to be sharp to keep up with the changing social mores. While "don't stare" "don't point your finger" are withstanding the changing social landscape, "don't eavesdrop" has not. Hundreds of thousands of Web sites now specialized in eavesdropping as entertainment.

One example, as reported by the Sun Sentinal... 
"Today, I was working at Publix ringing up some 70 year old woman. She says ‘Man, you're a fast cashier, I like my men fast!' and then gives me a wink. I got really nervous and didn't know how to respond, so not thinking, I quickly said, ‘Yeah, me too.' FML"

Thursday, March 11, 2010

Murdoch’s News of the World censured for bugging on an “industrial scale”

UK - A report by the Culture, Media and Sports Select Committee has exposed the contempt that the mass circulation Sunday newspaper, News of the World (NoW), part of Rupert Murdoch’s media giant News International, has for basic democratic rights, parliament and the rule of law.

Its 167 pages, part of a wider inquiry into press standards, libel law reform, privacy and press regulation, found that the newspaper had lied about the extent to which its journalists had illegally hacked into the phones of the police, the military, royals, government ministers, celebrities and other well-known people in the top echelons of British society—in what was described by one MP as hacking on a “near industrial scale.” (more)

UK Football Team Bugged - "In the future, all rooms will be swept for such surveillance devices."

Video reports from BBC (video) and Sky News (video).

Olympic-level Surveillance Equipment Bargains

Now that the Paralympic games are wrapping up, Honeywell Building Solutions is beginning the final stage of its $30 million security contract with the Royal Canadian Mounted Police here: the removal of all the equipment that’s been installed to protect the 18 Olympic venues. But what to do with the roughly 1,300 Panasonic IP cameras, Computar lenses, 4,000 Xtralis PIRs, etc.? (more) (the list)

X-Ray Vision ?!?!

In the distant future private investigators may no longer need to peep through the cut-out holes in their newspapers, thanks to researchers at the ESPCI in Paris, who have discovered a way to see through various opaque materials. (more)

Wednesday, March 10, 2010

UK Football Team Bugged

UK - The FA have launched an investigation to uncover the culprits behind bugging the England camp last week. The Daily Mail says lawyers have already been instructed to prevent the illegal tape from being published. 

England were left facing yet more potential disruption to their World Cup plans when it emerged that a six-hour recording of team meetings was in existence. 

Last night, FA officials still had no knowledge of who committed what amounts to a serious breach of privacy laws — or the contents of the tape. 

Speculation remains that the sensitive tape includes Capello discussing tactics with his staff, as well as players talking about private matters that could cause some embarrassment to members of Capello’s first team, as well as World Cup bonuses. (more)

Sir Alex Ferguson, has spoken of his concerns about the news that one of Fabio Capello's team-talks was bugged during England's preparations for their friendly against Egypt last week.

Ferguson was speaking from personal knowledge after a device was planted in the home dressing room at Old Trafford before a game against Chelsea in 2005 and the tape was offered to newspapers.

'It happened to us once before,' Ferguson said. 'I would be concerned about it. Preparation involves discretion and secrecy. (more)

Sports is not a game. It is a business. A big money business. Electronic surveillance is as likely to occur against a professional sports team as it is at any other business.

Sports teams should seek local counterespionage help by adding their country name to this search.

And thus began the long parade of frogmen...




United Arab Emirates

Police in Dubai Wednesday ordered spies to leave the Persian Gulf...

"Those spies that are currently present in the Gulf must leave the region within one week.

If not, then we will cross that bridge when we come to it," said a lieutenant general with the Dubai police. (more)

Insider-Trading Wires & Taps

NYC - Federal prosecutors in Manhattan equipped several cooperating witnesses with recording devices to try to obtain information about targets in the Galleon insider-trading probe, people familiar with the matter say... A total of 21 individuals have been charged in the Galleon case. At least eight individuals have pleaded guilty and are cooperating against other defendants... Criminal prosecutors also are using evidence obtained from wiretapped telephone calls. (more)

Monday, March 8, 2010

Cell Phone Spying (video)


Cell Phone Privacy
Everything you need to know about protecting your privacy while using mobile and cordless phones.

Quote of the Week - Corporate Spies

“In an increasingly fragmented geopolitical environment, the balance seems to be shifting away from governments and toward corporate and even private individuals, who have access to more intelligence and information-gathering abilities than many governments in history ever had.” (more)

How Elvis Presley Got an "Ultra-Secure" Passport...

...a fascinating and unsettling story by Mark Nestmann.
Elvis died in 1977. But that didn’t prevent hackers from inserting his digital photo into a U.K. passport, and using it at a self-service passport machine at Amsterdam's Schiphol airport to gain clearance to board a plane.

This incident occurred in September 2008. But this security vulnerability persists, as proven by the recent assassination of Mahmoud al-Mabhouh, a senior Hamas operative, in a Dubai hotel on January 20. (more)

I created the Elvis passport using Photoshop and images from the net to provide a sense of what can be done with digital manipulation. This amateur creation only took about 15 minutes to make. Professional artists at government spy agencies devote more time to their projects. Their creations are almost indistinguishable from authentic documents.

Tuesday, March 2, 2010

Supervisors order surveillance sweeps for 'bugs'

Although Eavesdropping Detection Audits are a generally accepted good business practice, they rarely make news. This report details the costs, frequency and rational behind the effort. 

CA - San Bernardino County supervisors spent $22,500 last month to sweep their offices and other parts of the government center for secret recording devices and other hidden surveillance equipment.
The first sweep of the fourth and fifth floors of the county building occurred Jan. 23, and the purchase order provides for four more sweeps at undisclosed future dates...

In all, David Wert, county spokesperson said, the county has spent $42,865 on sweeps in recent years but refused to disclose when previous sweeps occured...

In a brief statement, Board of Supervisors Chairman Gary Ovitt said that: "All surveillance measures taken by the County are to ensure integrity in the decision-making process as well as the safety of those who work at the county. We work hand-in-hand with public safety officials while developing these measures to ensure those objectives are met."

Wert said taxpayers are put at risk when sensitive information relating to official county business is leaked because it opens the doors for potential costly litigation.

"It puts the taxpayers at a disadvantage in the courtroom and at the negotiating table," he said. (more)

If you are not protecting your organization's operational integrity, please give me a call. I can help you develop a rational and effective eavesdropping detection program with a strong overall counterespionage component.

Chinese Take Out

FBI surveillance video made public reveals details of a Chinese espionage operation to obtain secrets from the Pentagon through a group of Americans who spied for China. 

The rare video footage was the high point of a multiyear investigation into Chinese espionage carried out by a ring of military intelligence agents operating from Guangzhou, China. 

The tape, made public by CBS' "60 Minutes," was recorded in 2007 with two cameras hidden in a rental car during the investigation of Pentagon analyst Gregg W. Bergersen. The video reveals Bergersen pocketing a wad of about $2,000 in cash from Kuo Tai-shen, a Taiwanese-born spy for the People's Republic of China. (more)

"Give thy thoughts no tongue."

Whatever you do, whatever you see this season, do not miss Oregon Shakespeare Festival's production of "Hamlet."
 
Director Bill Rauch and Dan Donohue have dragged Shakespeare's venerated classic into the world of 2010 and given us an edgy, topical and intimate examination of those dastardly doings in Denmark...

It is Rauch's vision to put Hamlet into current time and place. ... Rauch's Denmark is a full-blown security state. Even the ancient castle walls come equipped with security cameras, guards with assault rifles. Claudius and Polonius don't have to eavesdrop on Hamlet and Ophelia — she wears a wire. In this milieu, Hamlet's irrational acts and speech throw everyone off balance, making them that much more vulnerable. (more)

SpyCam Story #572 - A Deranged Design

Indianapolis - Metro police are investigating an unusual case of voyeurism. Police arrested 40-year-old David Delagrange for spying on women with an elaborate camera system. Investigators say Delagrange, an engineer from Fort Wayne, rigged the sophisticated system in his right shoe and operated it through a cable in his pants. Monday, police showed the wiring they reportedly found inside his jeans. They say the wires connected to a tiny camera. "It was kind of sticking out, just in front of the cuff of the pants, over the tie of the shoe," said Sgt. Mount. (more)

Monday, March 1, 2010

SpyCam Story #571 - Act Naturally

Australia - Mark Robert Stratford, 49, was employed as director of drama at Lauriston Girls' School. The former drama teacher of a Melbourne girls' school has pleaded guilty to installing a spy camera to capture students undressing. (more)