Monday, September 27, 2010

FutureWatch - The Privacy Party is Over

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.

Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages. 

The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally. (more)
It will.

Corporate Espionage in India

India - Corporate espionage is on the rise in the country, with the digital medium offering an extremely fertile ground for its perpetuation.
An increasing number of companies are also hiring private detectives to keep tabs on both their employees and business partners. Detective agencies says they are flooded with strange requests from companies to plant spies in rival firms, to fish for confidential data, engineering designs, software codes or to manipulate rate contracts to favour their clients.

"An entire gamut of corporate espionage is happening around us and it is a huge industry by itself," says cyber law expert and supreme court advocate Pavan Duggal. On an average, detective agencies get 5 to 10 requests a day for such services. The fee could range from Rs 30,000 to a few lakh of rupees, depending on the complexity of the job.

"Such things are rampant and we get a lot of requests, though we do not entertain it as a matter of policy," says Ravi Kapoor, chairman of ACE Detectives. He says that usually a person is hired for the job who has access to passwords and other information. It could be a data entry operator, security personnel or even a driver.

"Hiring spies is prevalent in IT firms, especially where big tenders are underway ," confirms Manpreet Sidhu, head of Top Secret Detective Agency. (more)

Sunday, September 26, 2010

Eavesdropping Suit Settled During Secret Phone Call

CA - After meeting in closed session by teleconference with attorney Susan Trager, Bighorn-Desert View Water Agency directors announced Tuesday night that litigation had been settled in an unlawful eavesdropping case brought by former director Maryan Barkley. The amount of the settlement was not made public. (more
What most people settle for... video.

"Ruff, ruff, I'm going to get tutored!"

VA - "The Danville Area Humane Society will have more options for spying and neutering dogs and cats belonging to residents of Danville and Pittsylvania County during the week of Oct. 11-15." (more)

Laser Eavesdropping - 50 year old technology...

...still amazing the newbies.
"Here’s a surprisly (sic) simple way to build yourself a laser-based listening device. It consists of two modules, a transmitter and a receiver. The transmitter is a set of lasers, one is visible red for aiming, and the other is infrared for measuring the vibration of a surface. Point the transmitter at the window of the room you want to listen in on and the laser can be reflected back to the receiver. The receiver module has a phototransistor to pick up the infrared laser light, and an LM386 audio amplifier to generate the audio signal sent to a pair of headphone. The need to be well-aligned which is easy enough using a pair of tripods. Check out the demo." (more) (more)

Spy Story #771 - Famous Last Words

"Let's go with the low bid on this sweep thing." 
(Corporate takeover victim. Not a member of the Murray Associates client family.)

Saturday, September 25, 2010

OSS Memorabilia - Warning & Request

If you have been saving OSS memorabilia and would like to see it properly preserved, or you have inherited OSS items and don't know what to do with them, please consider the following message from The OSS Society in Washington, DC.

"OSS Artifacts — It has come to our attention that private collectors of OSS artifacts may have been identifying themselves as 'official' historians. The OSS Society does not have an official historian. If anyone identifies themselves as such to you or has done so previously, please contact us immediately.

The same collectors may be inducing OSS veterans and others to part with their OSS memorabilia by promising not to sell items donated to them or promising to return them and not doing so. It is also our understanding that collectors have not been properly documenting these gifts. Without such documentation, anyone to whom you donate OSS items is free to do with them as they choose, including selling them.

If you have OSS artifacts in your possession, The OSS Society would be honored to receive them. We respectfully ask that you consider donating them to The OSS Society and not to private collectors so that your donations can be properly documented and preserved. You can also rest assured that your donated items will never be sold or donated to a third party by The OSS Society."

If you have items that you wish to donate, please contact:
6723 Whittier Ave. 200
McLean, VA 22101
703-356-6667
oss ( at ) osssociety.org

Wednesday, September 22, 2010

The "Thousand Grains of Sand" Approach to Business Espionage

American counter-intelligence efforts are snagging more Chinese spies. This may be more because of increased spying effort by China, than more success by the FBI and CIA...

For over two decades, China has been attempting to do what the Soviet Union never accomplished; steal Western technology, then use it to move ahead of the West...

China gets around this by making it profitable for Western firms to set up factories in China, where Chinese managers and workers can be taught how to make things right. At the same time. China allows thousands of their best students to go to the United States to study. While most of these students will stay in America, where there are better jobs and more opportunities, some will come back to China, and bring American business and technical skills with them. Finally, China energetically uses the "thousand grains of sand" approach to espionage. This involves China trying to get all Chinese going overseas, and those of Chinese ancestry living outside the motherland, to spy for China, if only a tiny bit. (more)

In many societies, this activity is considered normal and patriotic. This highly organized info-harvesting for the sake of the tribe is not the norm in Western society. We have a difficult time fathoming this mentality. Our natural reaction is to treat the threat as unreal. Crime victims often mention this phenomena when describing their experience. 

Accepting the evidence is the first step in defending yourself from an international mugging. Put yourself in the other society's shoes for a moment. Think about it. Their strategy makes sense. Look around. Their strategy works. Accept the evidence. There is no reason for them to change tactics. There is every reason for it to continue and intensify.

They have a working strategy. You need a counter strategy, before your pockets are picked. Call us or the person who hosts Kevin's Security Scrapbook on their web site. Get a counterespionage strategy... while you can still afford one.

Eavesdrop on Cell Phones? Beware Divine Justice

A new study shows that the overheard half of cell phone dialogue can steal our attention from other tasks, with potentially dangerous outcomes.
Currently a doctoral candidate in psychology at Cornell University, Lauren Emberson and her co-authors recently published a study that helps explain why hearing only one half of a cell phone conversation is so aggravating, yet so captivating. The researchers argue that such "half-alogues," as they dub them, make for dissonant eavesdropping because they are unpredictable. The less information we glean from a conversation, the harder our brains work to make sense of what we hear and the more difficult it is to stop listening. The findings, published online September 3 in Psychological Science, further suggest that cell phone half-alogues demand more of our attention than dialogues and decrease our performance on other cognitive tasks—whether we are sitting at a computer in the lab, trying to read on the subway or driving a car. (more)

Low Tech Still Works - Bin Noc'ed Up

WI - A Racine County man is accused of spying on ATM customers with binoculars, and then using ID numbers to grab money from their bank accounts.

33-year-old Thomas Kasprovich of Mount Pleasant is charged with 27 felony counts of identity theft. 

Prosecutors said bank employees were the first to alert police that their ATM’s were being watched. Some victims told police they never closed their ATM sessions when they drove away, and Kasprovich allegedly tried to get money. Video from a convenience store was eventually used to arrest the man. (more)

What's Worse Than One 'Cash Cab'?

3,024 Spy Cabs!
Apparently not content the with the more than 2.75 million surveillance cameras they already have blanketing public spaces, Chinese security forces have decided to push a new frontier in video-assisted vigilance.

According to a recent Xinhua report, authorities in Wuhu, a city of 2.3 million in Anhui Province, are installing security cameras in all 3,024 of the city’s taxis–much to the dismay of the local cab-riding public. (more) (sing-a-long)

Hand-Powered Paper Shredder

Shredsors - 9-blade portable shredding scissors 
  • Perfect for destroying junk mail, bank statement, old credit cards, top secret memos and photos of your ex!
  • Easy grip plastic handle with 9 metal shredding blades
  • Size: 7-1/2" long x 1" thick blades (19 cm x 2.5 cm)
  • Not a toy: use only under adult supervision 
  • (more)

Tuesday, September 21, 2010

The Pit and the Password Pendulum

via Risks-Forum Digest Monday 20 September 2010 Volume 26 : Issue 17
"The discussion about overly complex password rules reminds me of sage advice that Digital once published in a VAX security manual. I'll paraphrase: The definition of security must be broad. Security aims to see that authorized users, and only authorized users, succeed in doing their jobs.

The modern definition of computer security seems much narrower. It focuses on preventing unauthorized uses, and malware. If security procedures hinder authorized users from doing their jobs, security still succeeds under the narrow definition, but fails under Digital's broader definition.

An onerous password policy is a form of denial of service attack. 

Might things improve if we made security people responsible for productivity of the good guys as well as denial of the bad guys?"

--------

Also…
An additional irony of keyloggers is that the bad guys can typically see your password better than you can, since they don't have every character replaced by a black blob. Only a very few programs (7-Zip, when asking for a password on a protected archive, springs to mind) allow you to check a box to say "I do not fear Tempest scanning, and there is nobody else in the room. Please let me see this password as I type it." 

To impose passwords like fH%JK43-oe9 and then prevent people from seeing what they're typing is just sadism. It must cost millions per year in password reset costs, even with automated delivery of new passwords to e-mail addresses. 

I've added this functionality to the Web applications which I maintain. I suggested its addition to a site which I use frequently, where I have contact with the development team, and which has no major, banking-style security issues. Their reply was, "We've decided not to do this, because it's not an industry-standard practice". 

Review your password policy. Make some innovative improvements. The easier it is for employees to use, the more effective it will be. Here is your mantra for the day, "Death to passwords on sticky notes." Come on, say it! 

Monday, September 20, 2010

Ear Mullets with Eyes

Pecker would have loved this. "Looxcie is always on, continuously videoing – there's no record button. When you experience something you want to share, just click the Instant Clip button to save a clip of the last thirty seconds." Great for cyclists who want to document harassment by other vehicles, or their last wipe out. Private investigators and corporate espionage types will find it helpful as well. Video clips are transmitted to your cell phone via Bluetooth, ready for instant transmission to your social notwork. (more)

Why do I mention it?
So you will know what your are up against.

Friday, September 17, 2010

Quote of the Week - On NSA Extroverts

"Last NSA party I was at was pretty boring, it was full of NSA extroverts, they were too busy looking at everyone else's shoes!" ~ William Knowles

Hope everyone finds a better party this weekend.

"Might as well admit it, we're addicted to bugs."

John Locke, a professor of linguistics in New York... Eavesdropping may be socially unacceptable in many quarters, but it is hardwired into us. I think of social eavesdropping, 'recreational eavesdropping' if you like, as actually irrepressible. We have an evolved appetite for information about the personal and private lives of others. Professor Locke has been studying the history of the subject for a new book - Eavesdropping, An Intimate History. (more) (sing-a-long)

Blackberry agrees to government access... Now, what are governments doing with this information?

Rows over whether several emerging countries can effectively intercept Blackberry smartphone messaging have turned attention to how state spy agencies access electronic communications. For business users, the main question is not whether messages can be read but whether that information will then be used for commercial ends. (more) A long but comprehensive look at how different countries use their electronic communications intercepts.

Thursday, September 16, 2010

SpyCam Story #582 - The Deep Six

A man who objected to a CCTV camera keeping watch on his bedroom window from the house opposite appeared before a judge – for stealing the camera and throwing it in a river. The camera had been installed in the empty house opposite Christian Lord’s home... 

He and his girlfriend didn’t like the 24-hour monitoring of their movements, so he broke in and removed it. The 35-year-old pleaded guilty at Carlisle Crown Court to a charge of burglary and the theft of the £1,500-worth of surveillance equipment. 

The judge said, "While in no way can I condone your actions, this is far removed from a typical case of burglary. It seems you did it just to stop yourself being snooped upon.” (more)

"Hey, boss. Check your office lately?"

Monster Worldwide, Inc., recently polled its U.S. visitors to gauge their feelings towards bosses... The August poll also asked Americans that if they could spy or eavesdrop on their boss without getting caught, would they? 

More than half of the 2,153 respondents (57 percent) said they want to know what their bosses are saying about them behind closed doors. Only 12 percent say they would not eavesdrop on their boss because they are afraid of what they might hear. (more)

Funny, this mirrors our eavesdropping detection findings. About half of the corporate eavesdropping cases we solve are "inside jobs." 

If you haven't checked your office lately, give a call (from somewhere other than your office) to the person who hosts Kevin's Security Scrapbook in your area. These counterespionage specialists are friendly, smart and really good at solving this type of problem. You can also contact me directly.

ID and Home Theft Made Easy

Leaving the house this weekend? Telling all your Facebook buds about it? You might want to reconsider that. Police in Nashua, New Hampshire broke up a robbery ring this week that was using Facebook to plan their heists. The gang was monitoring Facebook pages to determine when a target would be out of their home and then robbed it. (more)

The moment is special: Your kid just learned how to ride a bike without training wheels. So you fire up your iPhone's camera, snap a photograph, upload the image to TwitPic, and share the evidence of your child's triumph via Twitter. When you post the picture, a subset of the 75 million Twitter users will know the exact location of you and your child. Digital photos automatically store a wealth of information--known as EXIF data--produced by the camera. Most of the data is harmless... 
Cat burglar is also an identity thief.
however... 
Ben Jackson detailed how he found personal details about a man in a photo. Using accompanying geotagging data, Jackson located the man's house on Google Earth. Then he found a name associated with the house where the photo was taken, leading him to a Facebook account that yielded a birth date, marriage status, and friends. A second username listed on the Facebook page led to a second Twitter account, and so forth. The point here is that once you start pulling on the thread of information contained in a geotagged image, a single photo can reveal a whole trove of personal data--far more than you might think. (more)

Monday, September 13, 2010

Tree Bugs Bug MI5 Spies

British government officials in Northern Ireland have ordered 20 trees cut down outside a spying installation, after a number of surveillance cameras were discovered hidden among the tree branches. The trees are located around a multimillion-dollar spying base belonging to MI5, Britain’s primary domestic intelligence organization. (more)

Security Scrapbook Readers' Complaints & Get-It-Done Book

1. "Make the contests harder."
I am not that smart.

2. "Your Security Scrapbook is really interesting, but I don't have time to read it."
Read this... Get-It-Done Guy's 9 Steps to Work Less and Do More and then come back.
The book's official release is tomorrow. 
I have the same 'time' problem, sooo... my copy is already in the mail.
from the web site...
Get-It-Done Guy's 9 Steps to Work Less and Do More is a playful, yet serious guide to working less and doing more. In other words, creating a more productive life. Yes, it's about getting more done at work. It's also about getting more done in life. It lays out nine skills that apply anywhere you want to get greater results with less work. (For the buzzword-inclined, you can think of the book as business process re-engineering applied to individual productivity. I wouldn't say that aloud, however.) (Free downloadable chapters, Steps 1 & 2: Introduction Procrastination) (more)

3. "Don't make the contests so hard. I don't know Poe from poo." 
I hope you mean Winne the Pooh, not poo as in the Shineola adage.
"What's Shineola?"
Thus, proving the old adage true. (click)

"And, the Number One reason to buy your tickets from your friendly neighborhood scalper is..."

...the personal details of some 250,000 fans who bought tickets to the 2006 World Cup in Germany through official Fédération Internationale de Football Association (FIFA) ticket outlets have been stolen and then sold off for some £500,000. The information not only contains financial information on ticket holders, but their passport details. A criminal investigation has been launched... (more)

Quantum Cryptography's Day Off

LAST MONTH 
A team of 15 Chinese researchers from Tsinghua University in Beijing and the Hefei National Laboratory for Physical Sciences... quantum technologies have wide-ranging applications for the fields of cryptography, remote sensing and secure satellite communications. In the near future, the results from this experiment will be used to send encrypted messages that cannot be cracked or intercepted, and securely connect networks, even in remote areas, with no wired infrastructure, even incorporating satellites and submarines into the link. (more)

THIS MONTH 
Norwegian computer scientists have perfected a laser-based attack against quantum cryptography systems that allows them to eavesdrop on communications without revealing their presence. (more)

"Life moves pretty fast. If you don't stop and look around once in a while, you could miss it." ~ F.B.

Contest Answer

The cypher comes from Edgar Allen Poe's short story "The Gold Bug."

Set on Sullivan's Island, South Carolina, the plot follows William Legrand, who was recently bitten by a gold-colored bug. His servant Jupiter fears him to be going insane and goes to Legrand's friend, an unnamed narrator who agrees to visit his old friend. Legrand pulls the other two into an adventure after deciphering a secret message that will lead to a buried treasure.

Poe submitted "The Gold-Bug" as an entry to a writing contest sponsored by the Philadelphia Dollar Newspaper. His story won the grand prize and was published in three installments, beginning in June 1843. The prize also included $100, likely the largest single sum Poe received for any of his works. "The Gold-Bug" was an instant success and was the most popular and most widely-read of Poe's works during his lifetime. It also helped popularize cryptograms and secret writing. (more)

The coded message reads, "A good glass in the bishop's hostel in the devil's seat forty-one degrees and thirteen minutes northeast and by north main branch seventh limb east side shoot from the left eye of the death's-head a bee-line from the tree through the shot fifty feet out."

After decoding Captain Kidd's message about where the buried treasure was hidden the main character, William Legrand, explains to his companion how he figured out what the bishop's hostel was...  

"It left me also in the dark," replied Legrand, "for a few days; during which I made diligent inquiry, in the neighborhood of Sullivan's Island, for any building which went by the name of the 'Bishop's Hotel'; for, of course, I dropped the obsolete word 'hostel.' Gaining no information on the subject, I was on the point of extending my sphere of search, and proceeding in a more systematic manner, when, one morning, it entered into my head, quite suddenly, that this 'Bishop's Hostel' might have some reference to an old family, of the name of Bessop, which, time out of mind, had held possession of an ancient manor-house, about four miles to the northward of the island. I accordingly went over to the plantation, and re-instituted my inquiries among the older negroes of the place. At length one of the most aged of the women said that she had heard of such a place as Bessop's Castle, and thought that she could guide me to it, but that it was not a castle, nor a tavern, but a high rock." (more)

Sunday, September 12, 2010

Contest Clue

It could be said that this message was: written by two people (The author of the story and, by extension,  one of the characters referenced in the story.); then decoded by two people (Again, the author and the character in the story who decoded the message); that three people were involved in these endeavors (The author, Character 1 and Character 2; and, none of these people ever met each other. 

Even decoded, the message is mysterious. A place mentioned (a hostel), assumed to be a structure, turns out to be something quite different. What was it?

The answer, Monday, September 13, 2010 at noon (EDT).

Saturday, September 11, 2010

Spybusters Contest - Level: Difficult

It could be said that this message was: written by two people; then decoded by two people; that three people were involved in these endeavors; and, none of these people ever met each other. Even decoded, the message is mysterious. A place mentioned, assumed to be a structure, turns out to be something quite different. What was it?

Click here to send me your answer.
(Enter your e-mail address, the rest is optional.)
The first three correct answers win.
If necessary, a clue will be posted tomorrow.

Friday, September 10, 2010

Chameleon™ & PrivateEye™ - Two Cool Security Products

Now you can blind shoulder surfers with these two very cool computer security products. Very innovative. Very clever. Very secure. 

PrivateEye™ is active display security software that responds conveniently and automatically to a user. PrivateEye presents a normal clear screen when the user is present and looking at the display, but when the user’s attention moves away from the display the software immediately blurs the screen. Similarly, if PrivateEye detects an eavesdropper it can automatically blur the screen. The solution also includes a facial recognition engine. PrivateEye requires only a standard webcam. (video). 

Chameleon™ is a software and hardware solution from Oculis Labs that addresses the unique security challenge of protecting sensitive and classified materials while it is being displayed on computer screens. The solution protects displayed information against over-the-shoulder eavesdroppers, video recorders, remote electronic surveillance, and TEMPEST style threats. Using a patent-pending, gaze contingent, secure content rendering system, the software allows a trusted user to read a screen normally, but no one else can.

If you agree that this techonolgy is too cool, take a moment and help these folks win the "Hottest Tech in Town" Award. (vote here)

Thursday, September 9, 2010

Contest Alert

I received a friendly tap on the shoulder reminding me that it has been a while since our last Security Scrapbook contest.

Previous contest winners know the prizes are worthy of the effort. The contests are also fun and sometimes educational. Be sure to give it a try. 

The next contest will be posted on Saturday, September 11 at noon (12:01 PM EDT).

The challenge level for this contest question will be Difficult.The first three correct answers received via our web site's contact form win (the URL will be posted with the contest). Good luck! ~ Kevin

William Gibson & Fashion's Industrial Espionage

Q.  You make fashion seem mysterious, even a little ominous.

A. The sinister aspect of it in the book doesn’t derive from people wanting to cloth themselves in garments they feel will make them more desirable or distinguish them socially. Part of it comes from the real, observed, war-like seriousness with which the fashion industry largely proceeds. It’s not a friendly, feminine sort of thing. It’s deadly serious. Billions of dollars ride on it. There’s a great deal of industrial espionage going on. It’s a harsh, harsh business. (more)


WIlliam Gibson being interviewed about his new book Zero History.

X-ray vans that can see through walls-and clothes-hits America's streets.

Nervous yet?

AS&E's vans can be driven past stationary vehicles to scan their contents or parked to see the innards of passing cars and trucks.

Privacy-conscious travelers may cringe to think of the full-body scanners finding their way into dozens of airport checkpoints around the country. Most likely aren't aware that the same technology, capable of seeing through walls and clothes, has also been rolling out on U.S. streets.

American Science & Engineering
, a company based in Billerica, Mass., has sold U.S. and foreign government agencies more than 500 backscatter X-ray scanners mounted in vans that can be driven past neighboring vehicles or cargo containers to snoop into their contents...

The Z Backscatter Vans, or ZBVs, as the company calls them, send a narrow stream of X-rays off and through nearby objects and read which ones bounce back. Absorbed rays indicate dense material such as steel. Scattered rays show less-dense objects that can include explosives, drugs or human bodies...


The company, which calls the ZBV its flagship product, sold 89 of the vehicles in the 15 months ending in June at $850,000 apiece... (more)

MI6 Spy uses Son of Sam Defense

Daniel Houghton, an MI6 worker who tried to sell secrets for £2 million, has been given a 12-month jail sentence for his "act of betrayal."

It was the “voices” in his head which made Daniel Houghton do it, according to his legal team.

He offered to hand over sensitive computer files containing information about intelligence collection and MI6 staff lists to agents from the Netherlands, the Old Bailey heard.

The judge said he did not know whether it was true, as Houghton claimed, that he was hearing voices that told him to do it but said he was a "strange young man." (more) (Son of Sam)

Squawk Box Eavesdropping - $500. Fine...

...what a hoot!
NY - A former Smith Barney broker was sentenced to no jail time on Wednesday after he cooperated with federal prosecutors in a probe into an alleged scheme to misuse brokerage-firm "squawk" boxes. (Also called "hoot n holler" and "shout down" boxes, these are always-on intercom systems used at financial trading firms. Sending broadcasts from these devices to unauthorized persons is illegal eavesdropping.)

He now works as a car salesman, was ordered to pay a $500 fine by U.S. District Judge I. Leo Glasser in Brooklyn, but the judge imposed no jail term.

The 48 year old pleaded guilty in 2005 to conspiracy to commit securities fraud. He didn't testify at trial, but provided information that prosecutors said led to the conviction of six people last year, including three former supervisors at defunct day-trading firm A.B. Watley Inc.

Prosecutors from the U.S. Attorney's office in Brooklyn had alleged that he placed an open telephone line next to his squawk box for lengthy periods, allowing day traders at A.B. Watley to secretly eavesdrop on block orders by institutional clients. He received cash bribes in return, prosecutors said. (more) (technical details)

Busman's Holiday

(sing-a-long) During the past decade, a New York man stole more than 150 buses from an unsecured Trailway bus depot in Hoboken New Jersey; the doors were open, the key were left in the ignition, and he just drove off the lot, using the coaches for everything from fast-food runs to jaunts to North Carolina; he was finally collared last week after he stole a bus, drove to Manhattan, and took a group of flight attendants to Kennedy Airport.
Police Commissioner Raymond Kelly wants NYPD to look into lax security at a New Jersey depot from which bus-thief Darius McCollum stole more than a hundred buses. (more)

Attention security vendors who sell password access key pads. Opportunity honking.

Wednesday, September 8, 2010

iPhone Spy Stick - DIY forensics, or worse?

The headline declares...
Recover DELETED iPhone Text Messages, Map Searches, Hidden Contacts, & More

Quickly and Easily Download Even Deleted Information from an iPhone

The iPhone Spy Data Recovery Stick is the ultimate iPhone recovery tool for anyone who wants to capture deleted information from any iPhone (running iOS to 3.x). The iPhone Spy Data Recovery Stick makes it easy to recover deleted text messages, contacts, call and web history, as well as photos, voice memos and calendar appointments -- giving you a unique look into exactly what the user has been searching for, who they’ve been talking to, and even the types of pictures they’ve taken. With features like saved map search history, web searches, and text messages, the iPhone Data Recovery Stick is the only tool you need to catch a cheating spouse, monitor your kids, iPhone recovery or backup your own iPhone data.

Features:
Get access to deleted information
Download text messages and view calls made
Recover deleted contacts and calendar items
View pictures and other multimedia
Get access to map history to see locations searched on the iPhone’s map with exact GPS coordinates
Get access to notes, voice memos, multimedia files, and dynamic text data
Downloading data is as simple as attaching the iPhone and iPhone Data Recovery Stick to a computer and pressing start
iPhone information is saved on any computer and can be moved to other drives as a regular file
Looks like an ordinary USB flash drive
iPhone recovery Stick allows you to recover data from your iPhone you thought was lost forever

Popular Uses:

Catch a cheating spouse
Monitor your kids iPhone text messaging and Internet use
Check on employees using company issues iPhones
Restore deleted files

Includes:
iPhone Spy Data Recovery Stick
USB cable for iPhone
(more)

Why do I mention it?
So you will know what you are up against.

P.S. It only works on the older versions of the software (for now).

Tuesday, September 7, 2010

Business Espionage - A Spy Comes Clean

South Africa - A corporate spy (Briel) has admitted in sensational court papers that he illegally tapped telephones at the behest, he says, of Investec bank.

"I always wore my Telkom overalls, as then no one queried what I was doing." ~ Briel

In his affidavit, Briel makes some devastating claims.

Briel worked for Associated Intelligence Networks (AIN) run by Warren Goldblatt, which has since morphed into Specialised Services Group, and says he received his instructions in the Investec case from former Recce Johann Rademeyer.

Briel says "Goldblatt told me that he had a big job to do in Cape Town. He mentioned that it was for Investec, and that there were bad people in their company that they wished to monitor."

He says he posed as a Telkom technician to install phone taps at Investec, as well as at private residences in Hout Bay, and a company premises near the Protea Hotel at the Waterfront.

In court papers, the Chaits say one of the places Briel tapped phones was the offices of their company, Fairweather Trust, which was developing the Victoria Junction Hotel in Cape Town at the time.

"Detailed information regarding the telephone tapping of (our) offices ... have enabled us to physically locate and recover equipment used in the tapping, which in due course will be provided in evidence," the Chaits say in papers.

The Chaits are furious - particularly because their property business was competing with Investec's own property business.

But Investec's Nobrega...described Briel's claim as an "overzealous expansion of the true facts in order to extort a settlement from Investec Bank." (more)

Substitute the word SPY for FRAUD

Special note to corporate security directors: This Certified Fraud Examiners survey is excellent. The findings parallel my internal corporate counterespionage experiences, another form of fraud... with much larger monetary losses. Swap a few words. Expand your thinking. Learn where to look. Become a wiser counsellor for your company.

A fraud spy suspect might not be easy to pick out of a crowd -- or from a rap sheet.

The average fraud spy perpetrator has no prior fraud spy charges or convictions, according to new research by the Association of Certified Fraud Examiners (ACFE), the world's largest provider of anti-fraud spy training and education. The offender is commonly between the age of 31-45, and somewhat more likely to be male than female.

More insights gleaned from the study help fill out the profile, however. Behavioral red flags, tenure at an organization, position and educational background are all criteria examined in the ACFE's 2010 Report to the Nations on Occupational Fraud & Abuse. The Report is drawn from a survey of Certified Fraud Examiners (CFEs) who investigated fraud cases between January 2008 and December 2009.

Here are some of the key findings
about fraud perpetrators
in the 84-page Report:

High-level perpetrators cause the greatest damage to their organizations. Frauds Spying committed by owners/executives were more than three times as costly as frauds spying committed by managers, and more than nine times as costly as employee frauds spying. Executive-level frauds spying also took much longer to detect.

Fraud offenders Spies were likely to be found in one of six departments. More than 80% of the frauds spying in the study were committed by individuals in accounting, operations, sales, executive/upper management, customer service or purchasing.

More than half of all cases in the study were committed by individuals between the ages of 31 and 45. Generally speaking, median losses tended to rise with the age of the perpetrator.

Most of the fraudsters spies in the study had never been previously charged or convicted for a fraud-related spying-related offense. Only seven percent of the perpetrators had been previously convicted of a fraud spying offense. This finding is consistent with prior ACFE studies.

Fraud perpetrators Spies often display warning signs that they are engaging in illicit activity. The most common behavioral red flags displayed by the perpetrators in our study were living beyond their means (43% of cases) and experiencing financial difficulties (36% of cases). (more)

Security Alert - HP Printer / Scanners

Security Alert: Low (But you should be aware of it.)
Certain models of HP combination printer and scanner devices contain a feature that could allow for corporate espionage, according to researchers at web security firm Zscaler. 

The feature, called WebScan, allows a user to remotely trigger the scanning functionality and retrieve scanned images via a web browser. This capability could allow anyone on the local area network (LAN) to remotely connect to the scanner and retrieve documents that have been left behind on the scanner, Michael Sutton, vice president of security research at Zscaler, told SCMagazineUS.com on Thursday. 

The feature generally is turned on by default and, in many cases, is not password protected.(more)

Friday, September 3, 2010

TSCM Sweep Finds Cop Bugged

IN - Eavesdropping devices have been found in the office of an Indianapolis deputy police chief believed to be under investigation by the FBI.

Members of the department's Criminal Intelligence Unit were asked Thursday night to conduct an electronics sweep of the office of Deputy Chief of Investigations William Benjamin and found a pinhole camera and a listening device inside a desk drawer...

After the bugging devices were found, Chief Paul Ciesielski issued a statement saying he was going to launch an internal investigation."I did not put it there, did not have anyone put it there, nor did the director," the statement read. "I have opened an internal investigation to find out who did." (more)

UPDATE - The bug found in an IMPD leader's office was not used to eavesdrop on him, police said today.

The device did not work, and it had been left by a previous occupant of the office, according to an e-mail from Indianapolis Metropolitan Police Department Chief Paul Ciesielski...

The listening device was found in Deputy Chief William Benjamin's office during a sweep he requested this week... It was unclear what prompted Benjamin to request the sweep of his third-floor office; he did not return a phone call from The Indianapolis Star on Friday. (more)

Soooo... Who was the previous occupant? Why did they have the room bugged? Will that be investigated? And, why did Benjamin request a bug sweep in the first place?

Spybuster Tip #582 - Keystroke Logger Killer

KeyScrambler Personal is a free plug-in for your Web browser that protects everything you type from keyloggers. It defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the encrypted keys, which are completely indecipherable. (more)

RIM Shot... and you're next Skype

International Telecommunications Union (ITU) secretary-general Hamadoun Toure said BlackBerry maker Research in Motion (RIM) should supply customer data to law enforcement agencies around the world, characterizing the governments’ needs as “genuine” concerns that cannot be ignored.

The ITU is primarily concerned with regulating global radio spectrum usage, supervising telecommunications standards processes, and helping regulate communication satellite orbits and transmission... the agency has no formal regulatory.. however, Toure’s comments certainly reflect the general sentiments of the ITU’s 192 members.

Canada’s RIM has recently faced regulatory issues in a number of countries over encrypted communications handled by its BlackBerry services, with governments like Saudi Arabia, the United Arab Emirates, India, Indonesia, and Lebanon all insisting that their governments be permitted access to BlackBerry users’ communications. (more)

Thursday, September 2, 2010

Tabloid's Royal Eavesdrop Keeps Making News

UK - In November 2005, three senior aides to Britain’s royal family noticed odd things happening on their mobile phones. Messages they had never listened to were somehow appearing in their mailboxes as if heard and saved. Equally peculiar were stories that began appearing about Prince William in one of the country’s biggest tabloids, News of the World.

The stories were banal enough (Prince William pulled a tendon in his knee, one revealed). But the royal aides were puzzled as to how News of the World had gotten the information, which was known among only a small, discreet circle. They began to suspect that someone was eavesdropping on their private conversations. 

Scotland Yard collected evidence in 2006 indicating that hundreds of celebrities, government officials, soccer stars – anyone whose personal secrets could be tabloid fodder – might have had their phone messages hacked by reporters at News of the World. Only now, more than four years later, are most of them beginning to find out. (more)

SpyCam Story #583 - Veal

A hidden-camera video that shows severe confinement and other abuses of calves has caused Bob Barker to ask consumers to stop buying veal and dairy products.

The Emmy Award-winning former host of The Price is Right and a longtime animal advocate, Barker narrated the Mercy for Animals (MFA) video and joins the group in asking Americans nationwide to boycott the products that he says sentence animals to “a life of extreme deprivation and suffering.” (more)

How to Kill Flash Zombies

Flash cookies can be used to track you across the Web without telling you. Advertisers are using it to track your movements across the Web.

Or so claims a lawsuit filed by privacy attorney Joseph Malley, one of three he's filed in the last two months against some of the biggest media heavyweights in the world -- Disney, ABC, NBC, MTV, and a host of others.

All use them employ Web ad companies like Quantcast, Specificmedia, and Clearspring to deliver Flash ads, and all of those ads store Flash cookies on your hard drive.

So what's wrong with that? For one thing, most people aren't aware Flash even stores cookies. These cookie files are ridiculously hard to find and manage: You can't get at them from your browser, and they're buried several layers deep inside your Application Data folder on Windows PCs. They can store up to 100K of data per cookie, or about 25 times what a browser cookie can store. And they can be used to recreate tracking cookies you've deleted.

In other words, if you've told an advertiser you don't want to be followed around the Web by deleting its tracking cookie, that advertiser can use Flash to 'respawn' that deleted cookie without telling you -- and continue to track you in secret. Thus Malley's lawsuits, which accuse all of those companies of breaking federal laws against computer intrusion and surveillance.

That respawning bit is why Flash cookies are also called "zombie" cookies. However, like real zombies, they can be stopped -- and you don't even have to cut off their heads (or use cricket bats and vinyl LPs, like in Shaun of the Dead ). You just need to use Adobe's Flash Player Settings Manager. (more)
Click the Adobe link above and set your preferences on the Global Settings Panel. It is easy to do and very worthwhile.

Wednesday, September 1, 2010

"Yes, you can record. Yes, you can decide not to."

Australia - Alliance Craton Explorer (a company involved in developing a uranium mine) told the Supreme Court it wanted to use recording devices in committee meetings with Quasar Resources. The companies have a joint venture agreement for the Four Mile uranium project.

Alliance claimed it wanted to protect its interests but Quasar countered that the confidentiality of the meetings could be put at risk. Quasar used its numbers at the meetings to vote against the recordings. It argued in court the use of such devices was in breach of listening and surveillance laws. 

So far, so good.

But Justice John Sulan disagreed, finding it was legitimate for Alliance to use recording devices.

However he also ruled it was acceptable for the committee to decide by a vote whether recording devices could be used. (more)

Security Scrapbook Exclusive
Possible secret recording from the meeting leaked:
"Uranium. Three Mile. Duh!" 

"No, no. Four Mile is a brilliant name. Like, mate... we go the extra mile." 

"Or, a disaster would be that much bigger, you dingo."

"I say we use kilometers instead."

The Byte of the Web Bugs

The Wall Street Journal has been running a series of very interesting - and disturbing - articles the past few days investigating Internet spying and its impact on your privacy.

For instance, did you know that the top fifty US web sites (which account for about 40% of Web pages visited by Americans) install, on average, 64 pieces of tracking technology onto the computers of their visitors? Or, that two-thirds of those tracking files were created by 131 companies, many, if not most, of which are in the business of selling the information they capture from you and me?

Of course, the companies installing the web site tracking software say it is all harmless. In fact, they argue, the information captured about us allows them to create a better on-line experience since the Web ads that we see are tailored to fit our individual interests...

As a result, tracking software on web sites has increased in sophistication to where - using so-called "Web bugs" - your cursor movements on a web page along with what you are typing are being analyzed to create profile of you (or better, your computer) that can be also tracked across web sites. (more)

SpyCam Story #582 - Don't ask, don't tell.

Australia - An army employee alleged to have put a covert filming device in change rooms at his barracks will stand trial. Nathan William Freeman, 27, is charged with indecent filming.

It will be alleged a secret camera resembling a car's key remote was put in change rooms at the Woodside barracks in the Adelaide hills. Police say the item was handed in as lost property and then discovered to be a secret camera on closer inspection. (more)

Reykjavik's Gargoyle SpyCam

Seen during my travels in Iceland this week...










Gargoyle watches the watchers.



Who says Vikings don't have a sense of humor?