Sunday, October 31, 2010

Hamas warns against buying cars imported from Israel

The Hamas government in the Gaza Strip is warning local politicians, government officials and faction leaders against buying cars imported from Israel for fear they may contain eavesdropping equipment or even remote-activated bombs planted by Israeli security agencies. (more)

Test your car...
If you own a late model General Motors car with OnStar, try this test. Tune your radio to 770 AM, turn up the volume and tap on the OnStar microphone near the rear view mirror. Do you hear yourself coming through the radio? No? Maybe they only bugged my car. ~Kevin

Google Bans SMS Spy App Tap

A controversial mobile phone application, which helps a cell phone user read the text messages of others secretly, has been removed from sale by Internet search engine Google.
Google said the application, called SMS Secret Replicator, violated its terms.

Once installed on a mobile phone, the Android phone application automatically creates carbon copies of incoming text messages and forwards them to a selected number - prompting fears it could be used by jealous lovers and even work colleagues to snoop on private messages. (more) (video)
Google may have dropped it from their marketplace, but doesn't mean this $9.99 app is not available elsewhere. (more
Coming soon, a way you can detect if your phone is infected with spyware. (more)

Thursday, October 28, 2010

Security Alert: iCracked

A security flaw in the iPhone allows strangers to bypass the handset’s lock screen with a few button presses.

...the quick method to circumvent an iPhone’s passcode-protected lock screen:
• tap the “Emergency Call” button,
• then enter three pound signs,
• hit the green Call button
• and immediately press the Lock button.
That simple procedure gives a snoop full access to the Phone app on the iPhone, which contains the address book, voicemail and call history. (more)

Apple:
“We’re aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November." 

"Why is this important?”
Not having password protection on a smart phone leaves you open to information theft, jail-breaking and injection of spyware.

"Why does this trick exist?"
• It is a software loophole.
• It is a programmer's shortcut they forgot to patch.
• It is a programmer's Easter egg.
• It is a law enforcement backdoor never meant to become public knowledge.
Interesting question. You decide.

FutureWatch: The ability to create passwords longer than four measly digits... which is only a pool of only 10,000 passwords. ~Kevin

Wednesday, October 27, 2010

Firesheep Makes Stealing Your Wi-Fi Secrets Easy

via Steven J. Vaughan-Nichols
From all the yammering, you’d actually think there was something new about Firesheep, the Firefox extension that lets you grab login IDs, passwords, and other important information. What a joke. I, and any hacker or network administrator worth his salt, have been able to do this kind of stuff for years.

The only thing “new” about Firesheep is that how it easy makes it to do. I’m unimpressed. Anyone who was serious about grabbing your personal information has already been doing it for years. Trust me, if someone really wanted your data and you’ve been using open Wi-Fi networks, they already grabbed it.

No, the real worry isn’t about some jerk grabbing your Twitter password in a coffee house. The real worry has always been that your office Wi-Fi is easy to compromise and then someone can use a packet-sniffer to get something that really matters like your your Accounts Payable password. (more)

Need a Wi-Fi Security Audit and Compliance Inspection? (you do) Please call me. (more)

11/4/10 - UPDATE:  IBM researchers are proposing an approach to WiFi security they call Secure Open Wireless in light of the release of the Firesheep tool. (more)

11/5/10 - UPDATE: 10 Ways to Protect Yourself from Firesheep Attacks (more)

Our Spy Coin Receives the Ultimate Compliment

I give spy coins to my clients.
It is a reminder that information loss is mostly a people problem, not an electronic problem. Filing cabinets of information can walk out the door in pocket change!


Careless people often blab information, forget to secure it, toss it in the garbage can, or otherwise lose it—hundreds of laptops are lost every day. People also steal it when they become greedy, spiteful, conned, blackmailed, or caught up in a “cause.”

Investigating an information loss, however, begins with an electronic surveillance detection audit.

Here’s why...
• Serious espionage will include electronic surveillance.
• The possibility must be resolved before accusing people.
• Bugging is the easiest spy technique to discover.
• Electronic surveillance evidence helps prove your case.

Best advice...
Conduct audits on a regular basis. Uncover signs of espionage during the intelligence collection stage, before your information can be abused. (more)

A client reports back...
"I think of all of the trinket type things we’ve accumulated over the years, the spy coin is *by far* the coolest, and is made even cooler with the background story provided on the chip!!

I took mine with me to the FBI building today and had the guards there X-ray it along-side of a normal quarter to see if its secret contents could be seen on an “airport quality” X ray machine.  They printed out a copy of the scan image, I’ve attached it to this email for your amusement as well. 

Several agents commented on how well it was made, and how hard it would be to detect such a thing."

Tuesday, October 26, 2010

Sunday, October 24, 2010

Why Wiretap When You Can buy the Phone Company?

A proposed deal between Sprint Nextel, Cricket and two Chinese telecom companies has raised a few eyebrows, with some U.S. senators concerned about security.

The Hill reports a bipartisan group of legislators wrote a letter seeking reassurance about the deal from Federal Communications Commission Chairman Julius Genachowski.

The letter, signed by Susan Collins (R-Maine), Jon Kyl (R-Ariz.) and Joe Lieberman (I-Conn.), contends the two Chinese companies, ZTE Corporation and Huawei, have ties to the Chinese military and are financed by the Chinese government.

The letter raised the specter of the Chinese government or military using the companies to spy on American communications. (more)

How to Solve a TSCM vs, CCTV Mystery

Chicago, IL - It may sound like cloak and dagger fiction, but FOX Chicago News has learned something very odd happened Wednesday night on the fifth floor of the Cook County building. The latest bizarre twist in the ongoing corruption scandal in Stroger's office involves high-tech surveillance experts caught leaving the office of Cook County Board President's office.

A deputy sheriff patrolling the building stopped a group of five men leaving Todd Stroger's office around 9:30 p.m. Wednesday.

One of the men identified himself as the county's Homeland Security Director David Ramos. The other four men were asked to provide identification.

They did, and at least three of them have experience in surveillance and counter-surveillance... (One of the men) would not comment on what they were doing in Stroger's office, but there is rampant speculation at the County building they were sweeping the offices for electronic bugs.

Cook County Inspector General Pat Blanchard said his staff visited Stroger's office Thursday afternoon and removed some evidence related to the ongoing investigation into sham contracts...
 
David Ramos, the county's Homeland Security Director who escorted the men into the office, said through a spokesman they were simply scouting locations for placement of security cameras in the President's office. (more)

Solution: Ask the Deputy if the "visitors" were leaving empty-handed. A sweep requires several cases of instrumentation. Conducting a CCTV design layout does not.

Friday, October 22, 2010

CSI - Who Poo'ed

What can property managers do when dog owners don’t pick up after their dogs? Under normal circumstances, not much, because there is no way of knowing who the violators might be. But now, with a new program called PooPrints that uses DNA to identify the dog in question, managers can catch the culprit (dog owner) in a matter of days.

PooPrints is a dog DNA identification program from BioPet Vet Lab built on a scientific foundation, providing communities with a means to enforce community regulations for pet waste clean-up. “The problem of pet owners not picking up after their pets is tearing apart communities,” says BioPet Vet Lab CEO Tom Boyd. Consumer Reports lists ‘dog poop’ as one of the nation’s top ten personal gripes. So BioPet Vet Lab used its research in animal DNA identification systems to help provide community leaders with a tool to bring peace back to the neighborhood. (more)

Thursday, October 21, 2010

Ex-Chief Legal Counsel Pleads Guilty

OH - The former state lawyer behind an electronic eavesdropping scheme agreed yesterday to plead guilty to three misdemeanor charges and cooperate in other investigations, including one into an aborted operation at the Governor's Residence.

Joshua Engel, the former chief legal counsel for the Ohio Department of Public Safety, faces three misdemeanor counts of intercepting and disclosing sensitive, confidential information from investigations by the state inspector general, the Ohio Ethics Commission and federal authorities. (more)

Wednesday, October 20, 2010

Weird Wiretap Story of the Week

How does watching a football game land you in court facing wiretapping charges?
You're a former police detective. Your accuser is a former judge.
Care to judge this one yourself? 
If you have the time... (more)
P.S. Wiretapping is a McGuffin.

In the Land of the Lords, no tenant skips

Australia - Tenants' groups say they are outraged by a service that enables real estate agents to find out when a tenant is considering moving house. The service is offered by the database company TICA and involves the company sending an email alert to an agent if a tenant submits an application for another property. (more)

Tuesday, October 19, 2010

U.S. Pushes to Ease Technical Obstacles to Wiretapping

Law enforcement and counterterrorism officials, citing lapses in compliance with surveillance orders, are pushing to overhaul a federal law that requires phone and broadband carriers to ensure that their networks can be wiretapped, federal officials say.

The officials say tougher legislation is needed because some telecommunications companies in recent years have begun new services and made system upgrades that create technical obstacles to surveillance. They want to increase legal incentives and penalties aimed at pushing carriers like Verizon, AT&T, and Comcast to ensure that any network changes will not disrupt their ability to conduct wiretaps. (more) (sing-a-long)

Monday, October 18, 2010

Business Espionage - The Feds are Warning You

via The New York Times...
Huang Kexue, federal authorities say, is a new kind of spy.

For five years, Mr. Huang was a scientist at a Dow Chemical lab in Indiana, studying ways to improve insecticides. But before he was fired in 2008, Mr. Huang began sharing Dow’s secrets with Chinese researchers, authorities say, then obtained grants from a state-run foundation in China with the goal of starting a rival business there...

Law enforcement officials say the kind of spying Mr. Huang is accused of represents a new front in the battle for a global economic edge. As China and other countries broaden their efforts to obtain Western technology, American industries beyond the traditional military and high-tech targets risk having valuable secrets exposed by their own employees, court records show.

Rather than relying on dead drops and secret directions from government handlers, the new trade in business secrets seems much more opportunistic, federal prosecutors say, and occurs in loose, underground markets throughout the world.

Prosecutors say it is difficult to prove links to a foreign government, but intelligence officials say China, Russia and Iran are among the countries pushing hardest to obtain the latest technologies.

“In the new global economy, our businesses are increasingly targets for theft,” said Lanny A. Breuer, the assistant attorney general in charge of the Justice Department’s criminal division. “In order to stay a leader in innovation, we’ve got to protect these trade secrets.” (more)

If you still don't have a counterespionage strategy, or your current one isn't working, call me. ~ Kevin

WSJ Finds Sheep Are Easy to Track

The down side of social not-working...
Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people's names and, in some cases, their friends' names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook's strictest privacy settings. (more)

Sunday, October 17, 2010

Turk Taps Top 70,000 Drops

More than 70,000 telephones in Turkey are currently officially under electronic surveillance, daily Radikal reported Sunday.

Radikal said it was the first media institution to have visited the Telecommunications Directorate, or TÄ°B, in Ankara, the institution responsible for installing and maintaining telephone surveillance by court order.

Exactly 71,538 telephones have been tapped by TÄ°B through court orders, among which 65 percent have ostensibly been tapped to gather intelligence on terrorism and organized crime, Radikal reported. 

Wiretaps for the purpose of gathering intelligence can be requested by intelligence institutions to prevent crimes from being committed.

The remaining 35 percent of surveillance is being carried out because of strong suspicions that a crime has been committed and no other way to obtain evidence. (more)

RED - A spies-in-action comedy

A spies-in-action comedy (based on a graphic novel), populated by terrific actors and blessed with a consistently funny and occasionally hilarious script, however implausible. The acronym RED stands for “Retired, Extremely Dangerous” and refers to Frank Moses (Bruce Willis).

A retired CIA “black ops” agent, Frank is so bored in his suburban home that he keeps calling a Social Security clerk, Sarah (Mary-Louise Parker) in Kansas City, pretending his check didn’t come, just to chat. When masked Ninja-like assassins break into his home, Frank demolishes them, then heads to Kansas City to protect Sarah, knowing their calls have been tapped. (more) (trailer)

Local Politics - Wiretapping II

The Allegheny County Jail Oversight Board has no plans to investigate how fired Capt. Thomas R. Leicht Jr. kept his job for years despite failed internal investigations, allegations of bid rigging and a controversial wiretapping program, the board's chair said...

He also used county equipment to wiretap jail telephones from his home and sent recordings of at least six attorney-client calls to prosecutors, according to the American Civil Liberties Union. (more)

Local Politics - Wiretapping I

Editorial from local paper...
NC - Even before anyone knew for sure what was on the digital flash drive that mysteriously appeared in Hope Mills Mayor Eddie Dees' mailbox, town residents had plenty of reason for concern about their leaders.

The "thumb drive" contained recordings of conversations between Town Manager Randy Beeman and Police Chief Robert Hassell. They were all or part of five calls recorded between Feb. 25 and May 17...

It appears that the wiretap originated in the town's Police Department. The mayor says the drive contains calls made into and out of the department. If that's true, it also raises serious questions about the department and its internal security. It fairly screams for a full-blown criminal investigation.

But instead, the commissioners have chosen to wait for the town attorney to investigate, which he's been doing for months now. (more)

Friday, October 15, 2010

iLied, iSnapped.

via Cult of Mac...
"There’s no other way of saying this: Camera Camouflage is sneaky. It’s a camera app that goes out of its way to avoid looking like a camera. It disguises itself as an incoming phone call. You can even instruct it to activate your phone’s ringtone, so you can pretend to take the call and hold the phone to your ear. At which point, things get even sneakier. Camera Camouflage is activated by your voice. When you start speaking, it takes a photo. To onlookers, you’re just answering a phone call. You can keep talking, and keep snapping, for as long as you want." (more)

Thursday, October 14, 2010

Do You Know How to Protect Your Cell Phone Calls?

...So, the problem of cell phone interception is real, growing and unlikely to be eliminated in the foreseeable future.

For an organization, knowing that phone calls have been intercepted at all is difficult. There is rarely a test that can be done, other than looking at the consequences of a lost deal or secret information in the public domain. In fact, in 2010, the Ponemon Institute found that 80 percent of CIOs admitted they would not find out directly if they had been intercepted.

The problem shows a wide geographical variation, both in the number of instances and in the public perception of risk. 

In the United States and mainland Europe, the perception of risk is relatively low. However, travel to Latin America or some parts of Asia, and the perception of an issue has reached the consumer with advertisements on mainstream television for protection equipment. 

Yet few executives traveling around the world have taken special measures to secure their cell phone conversations.

Research from ABI shows that 79 percent of companies' cell phones were routinely used to discuss information that, if intercepted, would lead to material loss to the business. Yet less than one in five had in place adequate measures to address this risk. (more)

New book coming soon...  
Stay tuned for details.

PA Spycam Suit Settled - Lawyers Win

PA - A suburban Pennsylvania school district accused of spying on students using school-issued laptops has agreed to pay $610,000 to settle litigation stemming from its controversial practice.

Under the proposed settlement, the Lower Merion School District will pay $185,000 to two high school students who had sued the district earlier this year for allegedly snooping on them. The remaining $425,000 will go to attorneys fees. (more)

Wednesday, October 13, 2010

Business Espionage - Conference Call Eavesdropping

State Republican Party staff members eavesdropped on a conference call organized by party activists to strategize ways to convince GOP candidates adopt more of the party platform, according to several people who participated in the meeting.

S.C. GOP 1st Vice Chairman Patrick Haddon organized the call with party activists including Randy Page, Chad Connelly and Justin Evans. Organizers said the call was intended as brainstorming session for fall campaigns, and not to discuss party leadership or direction.

But when the call ended, the list of participants contained an unknown number. Organizers called the number and reached a phone within Republican Party offices. State party officials declined to discuss the conference call.

No comment,” S.C. GOP executive director Joel Sawyer said. “I’m not confirming or denying anything.” (more)

To all Murray Associates clients, please re-read the Conference Call section of your reports again. This problem is real and surfaces in the news quite often. Thank you, Kevin

Tuesday, October 12, 2010

A New Suite of Phone Espionage Software

Phone Creeper V0.9 (BETA) for Windows Mobile Cell Phones - "This is a phone espionage suite. It can be silently installed by just inserting an SD card with the files below on it. The program does not show up under installed programs or running programs and allows for a useful array or features. Phones running this software can be remotely controlled by SMS text messages. All commands will be silently received and deleted immediately and results will be issued back to sender. Pre-configured settings can be added to the installer to have your own default password and phone number to receive live updates. By default, this program will silently reinstall itself even after a hard reset, if the memory card with these files is still in the device." (more)

P.S. There is even an Anti-Creeper app. Both are FREE but donations are solicited.

"Used car... or 'copter, Mr. Bond?"

Three James Bond sports cars – and one helicopter – will be auctioned Oct. 27 at RM Auctions’ Automobiles of London sale at the Battersea Evolution arena.

The highlight of the lot is a 1964 Aston Martin DB5 driven by Sean Connery in “Goldfinger”. There’s also the green 1998 Jaguar XKR driven by the villain ‘Zao’ in “Die Another Day” and the 1969 Lamborghini Islero GTS driven by Sir Roger Moore in “The Man Who Haunted Himself”.

The helicopter at stake is a 1960 Hiller UH -12 E4, which was flown by actress Honor Blackman in her role as Pussy Galore. (Its first time on film was for a 1963 movie called “The VIPs”, which starred Elizabeth Taylor and Richard Burton.) RM says the chopper will likely go for nearly £400,000. (moore, Roger Moore)

Time to Recycle the Quote of the Century

“The growing use of the electric automobile, with its many advantages of simplicity, ease of operation and noiselessness, has resulted in a demand for some means of conveniently charging the batteries.” — GE Bulletin No. 4772, September 1910.

Monday, October 11, 2010

SpyCam Story #585 - "Purely Platonic, your Honor."

GA - A man was arrested Friday for using his cell phone to take video of a woman in a dressing room.
According to a report released Saturday by the Athens-Clarke County Police Department, Vicente Bautista, 26 of Greensboro, Ga. was in the dressing area of the Plato's Closet located at 196 Alps Road shortly before noon. Police said he put his cell phone under the divider to tape a 36-year-old woman as she tried on clothes. (more)

Business Espionage - Bratz v. Barbie

Mattel Inc will answer accusations it spied on rival toymakers by infiltrating their private showrooms around the globe, after a U.S. court denied its motion to dismiss claims filed by rival MGA.

In an escalation of a long-running battle over MGA's popular "Bratz" dolls, MGA Entertainment Inc accused Mattel of gaining entry to toy fairs with false credentials to steal trade secrets. It says Mattel then concealed evidence about these activities, according to court filings.

MGA has accused Mattel employees of gaining access to private showrooms of toy makers -- including Hasbro Inc, Lego and Sony Corp -- armed with fake business cards and spy cameras, to steal price lists and other sensitive information. (more)

Legal Phone Taps Vulnerable to DOS Attacks

Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.

Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack. (more)

Business Espionage - This Zeus is no Cretan

The Zeus banking Trojan could be a useful tool in corporate espionage...

Zeus typically steals online banking credentials and then uses that information to move money out of internet accounts. In the past year, however, Gary Warner, director of research in computer forensics with the University of Alabama, who has been closely monitoring the various criminal groups that use Zeus, has seen some hackers also try to figure out what companies their victims work for...

"They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organisation."

That's worrying because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims' computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim's computer to break into corporate systems. (more)

Saturday, October 9, 2010

Espionage Life in the Fast lane

Luxury car manufacturer Porsche has banned employees from using Internet sites such as Facebook, Google Mail or Ebay during office hours, for fear of industrial spying, German media reported on Saturday. Corporate security chief Rainer Benne told business weekly Wirtschaftswoche that the company feared information could be leaked via social networking site Facebook in particular.

The magazine reported that foreign intelligence agencies systematically used Facebook to contact company insiders and win their trust in order to obtain information.

Roughly a quarter of Porsche's 13,000 global employees use Facebook and other social networking sites, Wirtschaftswoche reported. (more)

Espionage Research Institute - Day 2

Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.

This is what I heard today...

• Need to track down Cellular, Wi-Fi or Bluetooth signals?
Berkerley Varitronics RF Detection Products probably has just the little handheld instrument you need. Each instrument, with its own weird name (Yellowjacket, Swarm, Mantis, WatchHound, etc.) handles a very specific chore. You only buy what you need. That keeps the costs down. Need a special enclosure, like hiding their contraband cell phone detector in a water bottle, or secreting an antenna in a pocket pen? No problem. Very cool Jersey engineering dudes.

The rest of the day, ERI members taught what they know... 

• Protecting Your Computer Network - Dr. Gordon Mitchell
• Laser Eavesdropping Techniques - Dr. Gordon Mitchell
• Alternative Power Sources for the Eavesdropper - Mark Clayton
• Android App Vulnerabilities - Charles Patterson
• 4G LTE Cellular Network - Russ VasDias
• Covert Store and Burst Digital Stereo Bug - Vicente Garcia
• Display of most of the TSCM instrumentation designed and built by Glenn Whidden (with commentary by Glenn). Instrumentation provided by J.D. LeaSure.
• Discussions about topics for next year's meetings.

The discussions continue tomorrow.

Thank you to our client family for adjusting your schedules to allow us time to attend this important meeting in Washington, DC. Tomorrow we are back on the road again completing visits this month to Virginia, Maryland, Ohio, Philadelphia, Anchorage, Boston, New York City, New Jersey and Illinois. ~ Kevin D. Murray
Kevin's Security Scrapbook is prepared fresh almost daily for the clients and friends of Murray Associates - Eavesdropping Detection and Counterespionage Consulting for Business and Government

Snuggly the Security Bear

A few posts ago, it was noted that the FBI is echoing the desires of several countries around the world about having backdoor keys to all communications encryption schemes. BlackBerry, Skype, etc. are seeing the beginning of the end of their privacy advantage. 

Some countries threatened to outright ban encryption they can't crack, but how can this concept be sold to the U.S. Congress? 

Political cartoonist Mark Fiore thinks he knows how it should be done. Pop over to his site for a few words (and an evil giggle) from his Snuggly the Security Bear.

Friday, October 8, 2010

Espionage Research Institute - Day 1

Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.

This is what I heard today...

Need to make sure the people outside of your room can't overhear you?
Dynasound to the rescue. As they say, "These are not your father's white noise generators." Made to be un-filterable, this white noise is injected directly into construction materials (as opposed to vibrated in with old piezo-electric transducers). The benefit... walls, windows, ceilings and floors transmit the sound outward. People in the room can hardly hear it. Bonus... Need a temporary solution (as in a hotel) or need to move the permanent installation? No problem. The new transducers are easy to move.

• Want to have 24/7 monitoring of an area for certain types of bugging devices?
Global TSCM Group has an answer. Their multi-faceted monitoring system may be monitored anywhere via the Internet. It may not be the total answer, but it helps when securing Boardrooms and creating secure conference rooms.

• Need to control Wi-Fi and cell phone usage in your building?
AirPatrol can do it. Once their system is installed, you will know where every rogue laptop, unauthorized Wi-Fi appearance point and cell phone is... within six feet of its exact location, plotted on a computer map. Also, monitorable via the Internet. (PS - There is a whole lot more their system does. Visit their web site.)

Ok... Lunch break.

• Need portable secure storage for cell phones and tablets when everyone enters the top secret meeting? Hey, you never know whose cell phone is infected with spyware, turning their phone into a bugging device. Vector Technologies has the answer, and if the answer doesn't suit you, talk to them. They will make whatever you need. Bonus... It won't look like an old pirate's chest. They make really nice looking stuff with pneumatic lids! Independent testing labs certify effectiveness. Call 540-872-0444.

The rest of the afternoon, ERI members taught what they know...
• "Finds in the Computer World" - Dr. Gordon Mitchell
• "Access Control / Physical Security" - Mark Clayton
• "Building and Using a UV LED Light Source" - Dr. Gordon Mitchell
• "Adventures with Software Defined Radio" - Kevin D. Murray

More tomorrow...
(MJD, DC can be fun. Make the TSCM hajj next year.)

Thus spiking battery sales for adult toys...

Back in 2007, when the Dutch government announced that all 7 million homes in the Netherlands would be equipped with smart meters by 2013, it anticipated little resistance. After all, who wouldn’t welcome a device that could save both energy and money? But consumers worried that such intelligent monitoring devices, which transmit power-usage information to the utility as frequently as every 15 minutes, would make them vulnerable to thieves, annoying marketers, and police investigations. They spoke out so strongly against these ”espionage meters” that the government made them optional...

Of more than 9000 consumers polled in 17 countries, about one-third said they would be discouraged from using energy-management programs, such as smart metering, if it gave utilities greater access to data about their personal energy use...

It all sounds less paranoid when you consider that each appliance—the refrigerator, kettle, toaster, washing machine—has its own energy fingerprint, or ”appliance load signature,” that a smart meter can read. Anyone who gets hold of this data gets a glimpse of exactly what appliances you use and how often you use them. (more)

The Dregs of the Data Mine - Reality TV?

"300" writer Michael Gordon has sold a spooky surveillance project to NBC. The idea was spawned by the controversial U.S electronic eavesdropping apparatus ECHELON, a program that supposedly captures virtually all data signals for analysis at a central hub in West Virginia.

These millions of video, audio and data files are then disseminated to various federal and local law enforcement agencies for further investigation.

Now here's the twist from the show's logline: "There is, however, less than 1% of the data that nobody wants to touch. These are the classified video files that seem to have captured the unexplainable."

The show will center on a fictional team called G.H.O.S.T. (Global Hierarchical Observation Strategy Taskforce) whose assignment it is to investigate this paranormal data. (more)

Thursday, October 7, 2010

Business Espionage - Selling Out

An Akamai Technologies Inc. employee was arrested and charged Wednesday with allegedly providing confidential business information over an 18-month period to a person he believed to be an agent of a foreign government.

Elliot Doxer, 42 years old, was charged in a complaint with one count of wire fraud, according to the Justice Department. The complaint alleges that on June 22, 2006, Mr. Doxer, of Brookline, Mass., sent an email to a foreign country's consulate in Boston stating that he was willing to provide any information that he had access to that might help the country.

It is alleged that in later communications, Mr. Doxer said his chief desire "was to help our homeland and our war against our enemies." He also allegedly asked for $3,000 in light of the risks he was taking.

The unnamed foreign government cooperated with the U.S. in the investigation. A Justice Department spokeswoman wasn't immediately available to comment. (more)

Wednesday, October 6, 2010

Business Espionage in Tasmania?

Tasmania, Australia - An overnight break-in in which burglars ransacked Aurora Energy's Hobart head office has puzzled police and company chiefs.

Only the second-floor commercial section of Aurora was targeted by the thieves, who cracked a secret safe and stole a small sum of cash.

Computers were accessed and documents strewn across the office...

Police have not ruled out corporate espionage as a possible reason for the break-in, which occurred either late on Monday night or in the early hours of yesterday...

Professor John McFarlane, from the Australian National University's Centre for Excellence in Policing and Security, said yesterday industrial espionage was not uncommon in the business world. "There have been very few prosecutions in Australia for this sort of activity, but that doesn't mean it isn't happening," Prof McFarlane said. (more)

Spy Rule-Book Update

The US Army updated its 17-year-old rule book on espionage to specifically require that troops alert authorities if they suspect classified leaks to the media.

The revision seems aimed at the service’s WikiLeaks debacle. Earlier this year, an Army intelligence analyst was charged with providing a classified video to WikiLeaks, an anti-war organisation that describes itself as a government whistleblower. (more)

Tuesday, October 5, 2010

Bugs in the Coffin

Canada - At the time of his kidnapping by the FLQ, Pierre Laporte was being monitored by the police as part of a probe into the Montreal Mafia that went as far as planting a microphone in his coffin after his murder, according to stunning revelations by a retired Sûreté du Québec wiretapping expert.

Claude Lavallée, who pioneered wiretapping techniques in Quebec in the late 1960s, said in a book to be released Wednesday (Révélations d’un espion de la SQ / Revelations of an SQ Spy - ISBN 13: 9782761927048) that the murder of the Liberal minister in October 1970 by the Front de Libération du Québec put an end to the investigation.

The author even claims that wiretaps caught a leading organized crime figure offering the Mafia’s help in finding Mr. Laporte before he was killed. (more)

Note to D.R.: Please start your book.

Monday, October 4, 2010

More Next Week...

Hi Folks,

I am off to the Espionage Research Institute annual convention in Washington, DC this week and will be speaking on SDR (Software Defined Radio) as it applies to counterespionage and eavesdropping detection.

This is the one time each year when eavesdropping detection specialists from all over the world gather to trade knowledge and socialize. It should be fun and I will report "the latest" next week when I return.

In the meantime, entries into Kevin's Security Scrapbook may be lean. Hang in there. It should be worth the wait. Have a cup of coffee.

Be seeing you,
Kevin

Turkish Sitcom - Fact vs. Sitcom

Turkey - Erzincan’s chief public prosecutor confessed to having wiretapped, albeit accidently, the prime minister on Saturday during the “32. Gün” (32nd Day) debate program aired by private TV station Kanal D.

According to Erzincan Chief Public Prosecutor Ä°lhan Cihaner, “Had I given the telephone conversations of the prime minister [Recep Tayyip ErdoÄŸan] to the media, the political composition in Turkey would have changed, and heaven and earth would have moved here.” The program’s host, Mehmet Ali Birand, asked whether he “witnessed” the phone conversations of the prime minister. In response, Cihaner said, “Yes, you could say so.”

Cihaner was arrested earlier this year on charges of membership in a terrorist organization. (more) (Turkish Sitcom)

Turkey has more than its share of wiretapping intrigue. I have been to Turkey twice on business and love the country, its people, food and history. I have yet to understand the wiretapping intrigue. But it happens. This is just one more story. P.S. If you would like a copy of Turkish Sitcom I will sell you my copy at half price. If you want your own, click Turkish Sitcom. (Trailer) "Kiss my Kabob."

Hard Time for "Die Hard" Director

"Die Hard" director John McTiernan was sentenced to one year in prison Monday for lying about his association with a private investigator to illegally wiretap a movie producer.

In a stinging rebuke of the 59-year-old McTiernan, U.S. District Judge Dale Fischer said he should receive a harsher sentence than the year recommended by prosecutors because he didn't accept responsibility for his actions. "The defendant doesn't think the law applies to him," Fischer said.

Fischer also ordered McTiernan to pay a $100,000 fine and serve three years probation. He will remain free on bond pending an appeal.
 
McTiernan previously pleaded guilty to lying to an FBI agent in 2006 about the investigation of private investigator Anthony Pellicano. Pellicano was convicted in 2008 of wiretapping film producer Charles Roven for McTiernan and of bugging the phones of celebrities and others to get information for clients.

In April 2006, McTiernan told Fischer he hired Pellicano to wiretap Roven. (more)

"Do spy shop gadgets really work?"

Once in a while I can point to a news event which answers the question.
...A former Shirley Town Administrator Kyle Keady, 46... is alleged to have victimized an undetermined amount of people, but largely Town Hall officials and employees. Via secreted pen cameras, digital recorders and a baby monitor, Keady is charged with possessing hundreds, if not thousands, of audio, still images and video images of unwitting town officials and employees. Many images are reportedly of women in various stages of undress. 

Keady led investigators to a baby monitor in the ceiling tiles above Town Accountant Bobbi Jo Coburn's office - the extension cord running to his office where it ran down a wall covered by maps to be plugged into the wall. A Sony digital recorder was discovered in a potted plant on the desk of Administrative Assistant Kathleen Rocco. But, causing the widest-spread grief, battery operated pen cameras were apparently systematically placed in the ceiling vent, aimed downward, above the second stall in the public women's room at Town Hall capturing any number of women, intended or otherwise.

The various digital medium used to warehouse the images were allegedly given up willingly by Keady upon request by State Police while investigators executed a search warrant on the second floor at 7 Keady Way - the Town Hall address on the roadway named in honor of Keady's father Daniel, a longtime town official. Nine thumb drives were found on a single key ring in Keady's pocket that he freely emptied, according to police reports.

Keady also allegedly granted police permission to search his vehicle and home. Nothing was found in his car but loads of pornography and seven boxes of digital recording devices were found at his home, along with another pen camera, several thumb drives and lurid, clandestinely attained Town Hall photos and videos. Keady also reportedly admitted to entering Rocco's home and photographing a drawer full of her undergarments without her knowledge or permission. ...Keady remains free on $2,500 cash bail posted in June. (more)

Eavesdropping Arrest - Spouse v. Spouse

NY - State Police in Watertown arrested Sean M. Walsh, 41 years of age, Fort Drum, NY 13602 (not a soldier) Town of Leray on 1 count of Eavesdropping, a Class E Felony.

Mr. Walsh engaged in 'mechanical' overhearing of privileged conversations between his wife, her family members, and friends while at their residence on Fort Drum during the time period of August/September 2010. (more)

Make Big Bucks at Home... Spying!

A controversial new website (interneteyes.co.uk) allowing citizen spies to plug into the nation's CCTV cameras and snoop from home was launched today. A £1,000 reward will be on offer each month for the video vigilantes who spot the most crimes. But civil liberties campaigners say the scheme is "distasteful" and encourages people to spy on each other. (more)

"Tony! Missile at six o'clock!"

Raytheon engineers show Iron Man suit - The new robotic suit enables the wearer easily to lift 200lb several hundred times without tiring and repeatedly punch through three inches of wood; yet, the suit, which was developed for the U.S. Army, is also agile and graceful enough to let its wearer kick a football, punch a speed bag, or climb stairs and ramps with ease. 

They unveiled the second-generation exoskeleton called XOS 2 at the company’s research facility in Salt Lake City, Utah.

The new robotic suit is lighter, faster, and stronger than its predecessor, yet it uses 50 percent less power. Its enhanced design also means that it is more resistant to the environment. (more)

Friday, October 1, 2010

National Security Aims Risk Shooting Foot

Paul Mah has something important for the FBI, all lawmakers and the rest of us to ponder. 

 "...the implementation of (encryption) backdoors is not a technically feasible idea. ...the presence of backdoors being built into existing software will prove to be completely irresistible to cybercriminals. And we're not even talking about foreign states yet, one of which is suspected to have created the extremely advanced Stuxnet worm. So yes, these backdoors will be cracked eventually, resulting in devastating consequences to U.S. businesses and interests." (more)

FutureWatch Prediction - Not all encryption will have a back door. 

Personal communications like phone calls and e-mail, yes. Government communications, no. A diplomatic pouch, even an electronic one, will remain a diplomatic pouch. Encryption in support of critical system infrastructures (like financial) will be licensed, with the proviso that the government can have the key under due process of law. 

Some things will never change. Governments will still crack. Criminals will still hack. Terrorists will won't care - they still have codes, cyphers and stenography. Businesses which take their counterespionage strategies seriously will fare better than those who do not.

Top Cop Attorney Fired for E-Mail Spying

The Ohio Department of Public Safety's former top attorney has been fired for snooping on emails to his agency from the state inspector general's office and an Ohio newspaper. Joshua Engel, who has been at the center of several high-profile investigations pitting his department against Inspector General Tom Charles in the past year, had intercepted emails since last October, said Public Safety director Tom Stickrath. (more)

SpyCam Story #584 - Intra-Family Abuse

KS - A Saline County man has been arrested after authorities say he videotaped his family without their knowledge. The man has been arrested on two counts of felony sexual exploitation of child and nine counts of eavesdropping.

By Thursday afternoon, sheriff's office personnel had reviewed hours of VHS tape that they had seized from the suspects home in Bridgeport. This all comes after his own step-daughter found a hidden camera in the bathroom and notified officials. (more)

SpyCam Story #583 - Pushed to Suicide

NJ - Rutgers University students wore black on Friday to remember a classmate who committed suicide as a lawmaker proposed stiffer penalties for invasion of privacy - the charge levied against the roommate accused of secretly streaming online video of the victim having sex with a man. (more)

When SpyCam Story #1 was published laws against video voyeurism didn't exist. Although many states now have laws, more has to done. I hate posting tawdry SpyCam stories, but do so to raise awareness. The victims deserve the support.

BlackBerry Responds to Government Monitoring

RIM co-CEO Jim Balsillie has no objections if companies that make use of its secure BlackBerry smartphones want to hand over their encryption keys to government officials. However, RIM itself has no way of providing the unencrypted content of the emails that passes through its network operating center (NOC), since it doesn't have the keys in the first place.

This was the most direct answer to date given by RIM in response to government sanctioned wiretapping, a topic that was brought to the front even as countries such as the United Arab Emirates and India have threatened to ban the BlackBerry service unless RIM accede to their demands to a backdoor into its encryption system. Other countries such as Lebanon, Indonesia and Saudi Arabia were reportedly considering similar steps. (more)

Are governments going to accept this explanation, or say with finger poking their lips, "You will change your NOC, Mr. Berry. Un-zip it." 
Stayed tuned.