Friday, December 30, 2011

Dilbert vs. The Recycling Bin

...which can lead to some crafty employee solutions to sensitive wastepaper security. 

This blue bin was discovered recently by Murray Associates information security consultants...
It's enough to straighten Dilbert's tie.
Spybusters Security Tip # 512: Never store confidential materials awaiting shredding in an unlocked container. If there is an on-going need to shred small amounts of materials daily, buy a deskside crosscut shredder... and be sure to use it.

Make "I'm taking back my privacy!" a News Years Resolution

Suppliers of the best-known anti-tracking tools — Ghostery, Adblock Plus and TrackerBlock — all reported big jumps in usage in the second half of 2011. Ghostery, for instance, is being downloaded by 140,000 new users each month, with total downloads doubling to 4.5 million in the past 12 months, says Scott Meyer, CEO of parent company Evidon. 
Meanwhile, the goal of newcomer Abine, supplier of Do Not Track Plus, is to make anti-tracking as common as anti-virus for personal computing devices, says CEO Bill Kerrigan, who formerly headed anti-virus giant McAfee's global consumer business.

Abine projects the number of Internet users in North America using anti-tracking tools and services will be 28.1 million by the end of 2012, up from 17.2 million today. "We want to drive the next level of adoption," Kerrigan says. "No one is suggesting don't use Facebook or Google. At the same time, we are suggesting there is a better way for consumers to experience those type of products without necessarily being tracked at every step they take in their digital life." (more)

Wednesday, December 28, 2011

Hacker Justifies Exposing Wireless Security Weakness. Wait... in 1903!

A century ago, one of the world’s first hackers used Morse code insults to disrupt a public demo of Marconi's wireless telegraph

LATE one June afternoon in 1903 a hush fell across an expectant audience in the Royal Institution's celebrated lecture theatre in London. Before the crowd, the physicist John Ambrose Fleming was adjusting arcane apparatus as he prepared to demonstrate an emerging technological wonder: a long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi. The aim was to showcase publicly for the first time that Morse code messages could be sent wirelessly over long distances. Around 300 miles away, Marconi was preparing to send a signal to London from a clifftop station in Poldhu, Cornwall, UK.

Yet before the demonstration could begin, the apparatus in the lecture theatre began to tap out a message. At first, it spelled out just one word repeated over and over. Then it changed into a facetious poem accusing Marconi of "diddling the public". Their demonstration had been hacked...

The stream of invective ceased moments before Marconi's signals from Poldhu arrived. The demo continued, but the damage was done: if somebody could intrude on the wireless frequency in such a way, it was clearly nowhere near as secure as Marconi claimed. And it was likely that they could eavesdrop on supposedly private messages too. 

Fleming, fired off a fuming letter to The Times of London. He dubbed the hack "scientific hooliganism", and "an outrage against the traditions of the Royal Institution". He asked the newspaper's readers to help him find the culprit. 

He didn't have to wait long. Four days later a gleeful letter confessing to the hack was printed by The Times. The writer justified his actions on the grounds of the security holes it revealed for the public good. Its author was Nevil Maskelyne, a mustachioed 39-year-old British music hall magician. (more)

Tuesday, December 27, 2011

VoIP Phone Eavesdropping Prevention Tips

via Mike Chapple, Network Security
Every organization considering a Voice over Internet Protocol (VoIP) telephone system deployment hears the same dire warnings: “Routing voice calls over a data network exposes calls to eavesdropping.” 

While it’s certainly true that any telephone call carries a certain degree of eavesdropping risk, is it true that VoIP calls have an inherently higher degree of risk? In this tip, we explore the ins and outs of VoIP eavesdropping.

VoIP eavesdropping is possible
First, it’s important to be clear about one thing: It is absolutely possible to eavesdrop on a VoIP telephone call. It’s also possible to eavesdrop on a telephone call placed using the traditional public switched telephone network (PSTN). The difference lies in the tools and skill set needed to conduct the eavesdropping. (more)

Eavesdrop on the boss to aid promotion chances? Probably not a good idea, especially if your boss is the police commissioner.

 S. Korea - On Wednesday a Cyber investigation team at Daejeon Metropolitan Police Agency sought a warrant for the arrest of “Jeong,” a 47-year-old superintendent at the same agency, on suspicion of secretly installing a recording program on the agency commissioner’s computer and recording his conversations and telephone calls.

Jeong is suspected of entering the commissioner’s office, on the seventh floor of the DMPA headquarters building, in the evening of December 14, installing recording and remote control software on a computer connected to an outside network and setting it up to automatically create recorded files, then using the computer in his own office to connect to that of the commissioner and downloading 320 files recorded up to December 17. “It appears that Jeong, who was promoted to the position of superintendent in 2006, did this in order to learn of the newly-appointed commissioner’s tendencies and personal relationships when Jeong became a candidate for promotion to senior superintendent next year.”

Police stated that, on December 16, the commissioner found it strange that his computer ran slower. He gave an order to his secretary’s office to inspect it. The main body of the computer was replaced, but Jeong entered the commissioner’s office again on the same evening and installed the remote control and other software again. (more)

Security Quote of the Day - Smartphones, the Next Target

We’ve gotten to that perfect crossing point where all of the things which have prevented criminals from leaping into the wireless space have been eroded,” —Gareth Maclachlan, COO of security firm AdaptiveMobile

The bottom line: It’s now easier than ever for spammers to make money off wireless devices. 


Why the concern?


 “If I can infect your device by getting you to download an app, or push you to a link that cracks your phone and infects your OS, I can get your phone to make extra calls to a premium rate number which I own, or send an premium SMS or short code I’m renting through a shell company, and start taking money out of your pocket,” he says.

Criminal groups release malicious apps that get devices to send out calls and texts to premium numbers without the user’s knowledge. The charges may go unnoticed or a customer may contest the fees and the operator has to eat the charge, leaving the spammers with a neat profit.
(more)

Security Tips from the book: Is My Cell Phone Bugged?
• Don't jailbreak your smartphone.
• Password protect your smartphone.
• Don't click on links sent by email spammers.
• Never loan your phone.
• Don't load an app unless you appsolutely need it, and know it is safe.

Monday, December 26, 2011

VoIP Phone Tap Taps

Tapping a VoIP phone line isn't difficult... via Janitha

Here's a quick background on what's going on. In 10/100 twisted pair ethernet networks, only two of the four pairs of wires are actually used for data transmission. From a computer's perspective, the orange pair is for RX and the green pair is for TX. The passive splice tap works by connecting a sniffer's RX to either the RX or TX of the wire being sniffed. By having two RX interfaces on the sniffer, you can capture full duplex traffic on the wire.

Recipe
Before starting, you will need the ingredients for a passive splice tap. Two punch down type 8P8C (aka RJ45) IDC connector jacks, A punch-down tool, Two regular pass-though ethernet cables, a sharp knife, clear tape, and an alibi. You also need a laptop to log the data with two ethernet interfaces (two usb to ethernet adapters will do the job). Now for the instructions.

First take the cable you want to tap and cut the casing long ways a few inches to expose the 4 pairs of wires inside. Isolate the green and the orange pair of twisted wires.



Next, take one of the jacks and find the orange and orange-white connectors (will look like two blades with a gap between). Put the jack perpendicular to the orange pair of wires. Now punch down the orange wire in to the orange connector, and the orange-white wire in to the orange-white connector. Take the another jack and repeat the process, but this time punch the green wire in to the orange connector, and the green-white in to the orange-white connector.



At this point, the tap it physically done. Yes, It's that simple. Now connect each of the jacks to the ethernet interfaces on the laptop using the two regular ethernet cables. The sniffer laptop will be like 'wtf mate' and fail at auto negotiating a link since only the RX wires are hooked up. So bring the two interfaces up manually in promiscuous mode (if in *nix, use ifconfig with the promisc switch).

Finally fire up wireshark or your favorite packet sniffer. If you are using wireshark, select capturing on the 'Any' interface as we want to capture data on both ethernet adapters at the same time. If the sniffer app does not have an 'any' interface, simply start two instances and capture the two interfaces separately. Further more, you can bond the two interfaces so you can treat the full-duplex as a single interface if you have that much free time.

Or, you can make one of these.







Why do I mention it?
Because I too often hear, "Can they really tap a digital phone?"

Sunday, December 25, 2011

A Merry Christmas, Valentine - Good Work

UK - A Norfolk animal rights campaigner is taking turkey producer Bernard Matthews to court claiming she was harassed and intimidated by the company.

Wendy Valentine of Hillside Animal Sanctuary, Frettenham, also claims her car was "bugged" by security firm Richmond Day and Wilson Limited (RDW), which was working for the firm.

Bernard Matthews has confirmed its use of RDW but "emphatically denies" Ms Valentine's allegations.

Hillside Animal Sanctuary investigators went undercover at one of Bernard Matthews' turkey farms in 2006 and filmed two poultry workers using a bat to play baseball with the birds. Two people were later prosecuted...The following year, staff were again videoed abusing turkeys at Bernard Matthews, by undercover workers from Hillside.

A spokesperson for Hillside said: "We felt we had no option but to resort to legal proceedings after Hillside's founder, Wendy Valentine, had her car bugged with an electronic tracking device earlier this year." (more)

Saturday, December 24, 2011

Business Espionage: 7 Million Dollar Man Sentenced for 7 Years

IN - An ex-Dow AgroSciences LLC researcher who stole trade secrets from his former employer to benefit a Chinese university was sentenced to seven years and three months in prison, prosecutors said.

Kexue Huang, 46, was sentenced yesterday by U.S. District Judge William T. Lawrence in Indianapolis, according to an e- mailed statement from U.S. Attorney Joseph Hogsett’s office.

Huang, a Chinese national, pleaded guilty in October to economic espionage. He also admitted to stealing trade secrets from the Minneapolis-based grain distributor Cargill Inc., the U.S. Justice Department said in October. Financial losses from his conduct exceed $7 million, the U.S. said. (more)

Walkie Talkie Law

The Honduran Congress has passed bills allowing authorities to wiretap the telephone conversations, emails and bank accounts of suspected criminals, and temporarily banning motorcycles from carrying passengers. (more)

"Whaaaadt?!... Hey, why don't you go see where you gotta go."

The CIA said Friday its internal watchdog found nothing wrong with the spy agency’s close partnership with the New York Police Department.

The agency’s inspector general concluded that no laws were broken and there was “no evidence that any part of the agency’s support to the NYPD constituted ‘domestic spying’,” CIA spokesperson Preston Golson said. (more)

"Al, we hardly knew you."

Russian Spy Chief Resigns
The chief of Russia’s military intelligence (GRU), Col. Gen. Alexander Shlyakhturov, resigned from his post on Saturday, the Kommersant business daily reported... Shlyakhturov has led the GRU since April 2009. The public knows nothing about General Shlyakhturov's biography and service record. Such tight secrecy implies that he is a career intelligence operative... The name of the future chief of Russia’s military intelligence is not known yet. (more)

"So, how often do journalists hack voicemail?"

Phone hacking appeared to be a "bog-standard tool" for information gathering, a former journalist for the Daily Mirror tabloid told the UK inquiry into media ethics overnight.

James Hipwell, who was jailed in 2006 for writing stories about companies in which he owned shares, told the Leveson Inquiry that phone hacking had taken place on a daily basis during his time at the paper.

He also threw doubt on former Mirror editor Piers Morgan's claim in evidence on Tuesday that he had no knowledge that hacking went on there.

"I would go as far as to say that it happened every day and that it became apparent that a great number of the Mirror's show business stories would come from that source. That is my clear memory," Hipwell said. (more)

Friday, December 23, 2011

The Cone of Silence is Coming... no, really!

FutureWatch - The Cone of Silence...
Many of the current experimental "invisibility cloaks" are based around the same idea - light coming from behind an object is curved around it and then continues on forward to a viewer. That person is in turn only able to see what's behind the object, and not the object itself. Scientists from Germany's Karlsruhe Institute of Technology have applied that same principle to sound waves, and created what could perhaps be described as a "silence cloak."

For the experiments, Dr. Nicolas Stenger constructed a relatively small, millimeter-thin plate, made of both soft and hard microstructured polymers. Different rings of material within the plate resonated at different frequencies, over a range of 100 Hertz.

When viewed from above, it was observed that sound wave vibrations were guided around a central circular area in the plate, unable to either enter or leave that region. "Contrary to other known noise protection measures, the sound waves are neither absorbed nor reflected," said Stenger's colleague, Prof. Martin Wegener (speaking from his secret lab in the South Pacific on "Nuthing Atoll"). "It is as if nothing was there."

While the plate is a small-scale proof-of-concept, the principles at play in it could perhaps ultimately be used to shield people in a "cloaked" area from loud background noises, or to keep eavesdroppers who aren't in that area from hearing those peoples' private conversations. (more)

North American Business Espionage Warnings

US - House Intelligence Committee Chairman Mike Rogers (R-Mich.) said computer hacking aimed at stealing business secrets has "reached an intolerable level, and it's getting worse," in an interview with ABC News on Wednesday night.

Rogers made the comments after The Wall Street Journal reported that Chinese hackers had gained access to the computers of the U.S. Chamber of Commerce.

He introduced a bill last month that would make it easier for companies to share information with the government about threats and cyberattacks. (more)


Canada - Corporate espionage - ranging from Dumpster diving for industrial secrets to plying vulnerable employees of competitors with booze, drugs and sex in exchange for information - is a common tactic in Canada for companies to get ahead, says a former CSIS spy and private investigator.

Tuesday, at the Canadian Industrial Security Conference, Ron Myles said Canadian companies often perceive corporate spying and infiltration as something out of Hollywood and insists the number of cases that are exposed is but a mere fraction of the problem in this country.

"I don't think even the tip of the iceberg is showing. (Corporate espionage) is more prevalent in small-and medium-sized companies because they're often just starting up and don't have massive (security) budgets." (more) (video)

Workers Warned to Keep Smartphones Safe at Christmas Parties

A new survey conducted by STS Digital has found that staff are risking data breaches by not taking care of their smartphones and tablet computers. 

The poll found that Christmas parties are particularly dangerous for staff as they are leaving themselves open to corporate espionage. 

A massive 98% of workers admitted to taking their smartphone devices to a bar and when asked about access to corporate data and sensitive information, 98% of respondents were able to access corporate information using a mobile device.

An alarming 91% of respondents revealed it was possible to access all corporate data including documents, contracts, emails and sensitive information regardless of location using the mobile device. (more)

Spybusters Tip # 645: Never loan your smartphone. It only takes a short time for a co-worker to load spyware onto it for their own evil purposes.

When Spy Worlds Collide - It's a Paranoia Ride - Hackers Stop to Shop

The intelligence operative sits in a leather club chair, laptop open, one floor below the Hilton Kuala Lumpur’s convention rooms, scanning the airwaves for spies.

In the salons above him, merchants of electronic interception demonstrate their gear to government agents who have descended on the Malaysian capital in early December for the Wiretapper’s Ball, as this surveillance industry trade show is called.

As he tries to detect hacker threats lurking in the wireless networks, the man who helps manage a Southeast Asian country’s Internet security says there’s reason for paranoia. The wares on offer include products that secretly access your Web cam, turn your cell phone into a location-tracking device, recognize your voice, mine your e-mail for anti-government sentiment and listen to supposedly secure Skype calls.

He isn’t alone watching his back at this cyber-arms bazaar, whose real name is ISS World.

For three days, attendees digging into dim sum fret about losing trade secrets to hackers, or falling prey to phone interception by rival spies. They also get a tiny taste of what they’ve unleashed on the outside world, where their products have become weapons in the hands of regimes that use the gear to track and torture dissidents. (more)

Thursday, December 22, 2011

Did You Get Your Favorite Spy a Gift Yet? (Hint: International Spy Museum Store)

It's not too late. 
How about a nice set of books?

Secret Code: 17568

Product Facts: The perfect gift book set for curious, experimental, creative masterminds - - think cool science experiments, multi-function gadgets, computer science and other high- and low-tech inventions. In total you’ll be equipped with 250+ solutions, bonus applications, and resources at your disposal and be ready for almost any situation. Detailed step-by-step instructions and diagrams enable you to complete projects in just minutes.
 
A sample by volume of what you’ll be able to make amaze your friends with; Volume 1 (Sneaky): Craft a Compass and Make a Sneak Detector, Door Opener, and Power Ring/Room, Volume 2 (Sneakier): Make Invisible Ink, Sneaky Pockets, and a Metal Detector, Volume 3 (Sneakiest): Learn Scroll Message Encryption and Make Robots, Sneakbots, and Electrical Motors. This 3-volume book collection is a fun and valuable resource for transforming ordinary objects into the extraordinary. And as a bonus, you’ll be seen as a super-hero by your friends with the new and amazing, sneaky things that you can do!
 
Technical Data: Books are soft cover with B/W illustrations. Resource, recommended reading lists, and websites included, 157, 141, and 170 pages respectively, 5”W x 7”H. (more)

Seasons Greetings spies, where ever your are.

World's Smallest USB Stick, nah... Shtik

Psst... It's the thingy on the right.
Think it's hard to stop USB stick info-espionage now? Just wait. And, wait until they come as promotional give-a-ways. The urge to use them will be uncontrollable. Gee, what if they are pre-loaded with spyware? Losing them will be equally uncontrollable. What more could the spies of 2012 ask for?

The new 19.5 x 14.5 x 2.9 mm USB stick will be available in 4, 8 or 16GB capacity versions when it's launched. (more)

BTW, do you have a program to deal with USB vulnerabilities?

Wednesday, December 21, 2011

Security Director Alert: Law Enforcement Spied Upon Using Police-Level Surveillance Tactics... The Business Espionage Crowd Does It Too

Canada - Workers with the Canada Border Services Agency and Citizenship and Immigration Canada were spied on during an employee-appreciation event in June, according to a government intelligence alert issued the following month. 

Sample Room Bug
"While the true purpose of the surveillance is unknown," such spy tactics are often used by organized crime groups to "better know their adversaries, as well as to target individuals believed to be susceptible to co-option," according to the memo, issued by a CBSA intelligence officer... "It's not just a bunch of thugs trying to force their way in," he said. "They can employ tactics or equipment that match the level of sophistication that law enforcement can employ."

...The method of surveillance was not specified, nor was it clear how the government came to learn about it. (more)

What does this mean to you?
• Adversarial surveillance is very real. 
• This is a rare case of it being exposed. 
• Expect to be "sized up" before an espionage attack. 
• Expect the attack to use sophisticated techniques; including advanced electronic surveillance eavesdropping. 
• Realize that during this extended intelligence collection phase, you have an opportunity to detect and deflect, before the harm is done... if you conduct regularly scheduled TSCM inspections.

Anatomy of a Chinese Hack Attack

A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter. The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. (more

How did they do it?
Click to enlarge.

Security Director Tips: On Checking Your Electronic Privacy Rights at the Border

"Our lives are on our laptops – family photos, medical documents, banking information, details about what websites we visit, and so much more. Thanks to protections enshrined in the U.S. Constitution, the government generally can’t snoop through your laptop for no reason. But those privacy protections don’t safeguard travelers at the U.S. border, where the U.S. government can take an electronic device, search through all the files, and keep it for a while for further scrutiny – without any suspicion of wrongdoing whatsoever."

Thus begins the Electronic Frontier Foundation's new paper, Defending Privacy at the Border - A Guide for Travelers Carrying Digital Devices which is full of good tips for protecting your electronic information while traveling. Keep in mind, although the paper focuses on the United States border crossings, you will also be dealing with the country you are visiting. And, some of them are a whole lot more aggressive.

Random Tip #1 - Before your trip, mail your laptop to a trusted person at your final destination. Password protect your drive. Encrypt the data on the drive. Only have essential information on the drive. Wipe the drive before you return home.

Random Tip #2 - "On the most modern laptops, it’s possible to use an SD card like a hard drive; thus, you can choose to use an SD card in place of a conventional hard drive and keep your entire operating system and all your data on on it. (You should still use disk encryption for the data on the SD card.) Since you can keep the SD card in your pocket or wallet when it’s not in use, it’s considerably harder for someone to take it from you without your knowledge or tamper with it (although, since it’s so tiny, it’s much easier to lose)... it’s easier to send them in the mail or even easily erase or destroy a card when you no longer need it... You can even use the same SD card in a digital camera for taking photos, so that a single card serves both as your camera storage medium and your encrypted hard drive."

Safe travels. ~Kevin

Tuesday, December 20, 2011

Cautionary Tale: Sabotage by Wiretap - What if it were your phone call?

Russia - Boris Nemtsov, one of Russia's main opposition leaders has accused Kremlin agents of illegally bugging his phone after a newspaper released embarrassing recordings of his private phone calls.

The material was potentially damaging for Mr Nemtsov, one of the principal organisers of a recent spate of anti-Kremlin protests, as he can be heard insulting his fellow opposition leaders in obscene terms and belittling his own supporters as "internet hamsters" and "scared penguins." 

A deputy prime minister in the 1990s and a founder of the opposition Solidarity movement, Mr Nemtsov claimed the release of the recordings was a cynical Kremlin attempt to sabotage a big opposition protest planned for Christmas Eve by triggering internal squabbling among its organisers.

"Parts of these conversations are really genuine," he wrote in his blog. (more)

Tip: Periodically check for bugs and taps. (more)

Surveillance Quote of the Day - By 2020 You Will Be Archived for 25 Cents

"...by 2015 it will cost only two cents to store all phone calls made by the average mobile phone user. Now picture this, a city with a population of 12 million which has about 500,000 video cameras, one video cam for every 24 people. By 2020, the declining costs for digital storage will make it possible to store all of that video acquired, in high resolution, for about a quarter per person. As for other types of digital communication, don't count on encryption not to be cracked." ~ Darlene Storm (more)

Monday, December 19, 2011

FutureWatch: Big Brother's Ubiquitous Surveillance Circus

As the price of digital storage drops and the technology to tap electronic communication improves, authoritarian governments will soon be able to perform retroactive surveillance on anyone within their borders, according to a Brookings Institute report.

These regimes will store every phone call, instant message, email, social media interaction, text message, movements of people and vehicles and public surveillance video and mine it at their leisure, according to "Recording Everything: Digital Storage as an Enabler of Authoritarian Government," written by John Villaseno, a senior fellow at Brookings and a professor of electrical engineering at UCLA.

That will enable shadowing people's movements and communications that took place before the individuals became suspects, he says. (more)

"We all prisoners, Chicky babe. We's all locked in."

Sunday, December 18, 2011

'Fake Sheik' appears at UK phone hacking inquiry

UK - The star undercover reporter for the now-defunct News of the World tabloid told Britain's media ethics inquiry Monday that he duped celebrities only to expose criminality, immorality or hypocrisy.

The original "Fake Sheiks"
Mazher Mahmood, who worked for the Rupert Murdoch-owned newspaper for 20 years, said he had not been aware illegal phone hacking was going on until the newspaper's royal reporter, Clive Goodman, was arrested in 2006. Goodman was later jailed for eavesdropping on the mobile phone voice mails of members of the royal family staff.

Mahmood is a controversial figure, nicknamed the "Fake Sheik" after his signature ruse of pretending to be a rich Gulf businessman to trap celebrities, politicians and suspected criminals. (more)

Why Hack a Hotel's Internet Provider?

Google and Intel were logical targets for China-based hackers, given the solid-gold intellectual property data stored in their computers. An attack by cyberspies on iBahn, a provider of Internet services to hotels, takes some explaining.

iBahn provides broadband business and entertainment access to guests of Marriott International and other hotel chains, including multinational companies that hold meetings on site. Breaking into iBahn's networks, according to a senior U.S. intelligence official familiar with the matter, may have let hackers see millions of confidential emails, even encrypted ones, as executives from Dubai to New York reported back on everything from new-product development to merger negotiations.

More worrisome, hackers might have used iBahn's system as a launchpad into corporate networks that are connected to it, using traveling employees to create a backdoor to company secrets, said Nick Percoco, head of Trustwave's SpiderLabs, a security firm...

The networks of at least 760 companies, research universities, Internet service providers and government agencies were hit over the last decade by the same group of China-based cyberspies. (more)

FBI Announces Theft of Trade Secrets Indictment

Tung Pham, 46, formerly of Conshohocken, Pennsylvania, currently residing in California, was charged today by indictment with theft of trade secrets and wire fraud, announced United States Attorney Zane David Memeger. Pham was charged with stealing trade secrets regarding pastes used in the manufacture of solar cells from his former employer. (more)

Here is how it started, back in 2009...
 
The Photovoltaic Materials Business Unit of Heraeus has selected Tung Pham to fill the position of research scientist for the organization. Reporting to Dr. Weiming Zhang, Heraeus' Global PV research and development manager, Pham will work primarily in the North American research and development lab located in West Conshohocken, Pennsylvania.

Pham has an extensive background in developing metallization pastes and thick film conductors for the microelectronics and photovoltaic industries. He has authored numerous technical presentations on materials and the construction of silicon solar cells. Pham earned his bachelor's degree in Engineering from California Polytechnic University.

According to Dr. Zhang, Pham will be working on advancements to Heraeus' current paste platforms and developing the next-generation of PV materials to meet the growing worldwide demand for solar cells. (more)

"Yes, and they have 2-way radios, too!" Dutch parliament gets clued in.

The Netherlands - Eavesdropping software that can be installed from a distance on the computers of suspects is available to the police, justice minister Ivo Opstelten told parliament on Monday evening. (more)

Fun Fact...
The Netherlands sanctions more phone taps per head of population than any other country in the world.

Thursday, December 15, 2011

Pizza Mobster Wiretaps... Himself

MA - A city man has been charged with illegally taping two phone conversations he had with a man who wanted to arrange the robbery of a company in Lawrence, police said.

Charles "Dino" Manjounes, 48, of 94 Keeley St., was arrested Friday at 3:45 p.m. at his work place, Riverside Pizza, 181 Groveland St., and charged with extortion by threat or injury and two counts of unlawful wiretapping...

Manjounes had put an employee of Colony Foods in contact with a person identified merely as "Death," according to Schena's report. "Death'' told the employee the robbery would cost $20,000. When the employee protested, Death said the cost would be $30,000 — and that he would drag him out of his work place and kill him if he failed to pay, the report said. (more)

Nelson Mandela 'spy' cameras confiscated by police


South African police have confiscated cameras they say were illegally filming Nelson Mandela's house in his home village of Qunu in the Eastern Cape.

Police spokesman Vishnu Naidoo told the BBC that two media groups were being investigated.

The cameras were found in a neighbour's house and had been constantly filming the ex-president's residence, he said. (more)

Security Quote of the Day

"The Android platform is where the malware action is. I believe that smart phones are going to become the primary platform of attack for cybercriminals in the coming years." ~ Bruce Schneier, author of the best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish, Twofish, Threefish, Helix, Phelix, and Skein algorithms.

Industrial Espionage Gang Sends Malicious Emails

A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.

Dubbed the Nitro attacks, the gang's original industrial espionage efforts began sometime in July and lasted until September. The attackers' modus operandi involved sending emails that carried a variant of the Poison Ivy backdoor and were specifically crafted for each targeted company... 

"The same group is still active, still targeting chemical companies, and still using the same social engineering modus operandi," security researchers from Symantec said in a blog post on Monday. (more)

Monday, December 12, 2011

Cell Phone Spyware Scam Accusations

"Ever get the feeling you've been cheated? Now you can find out the truth."

That's a banner on the website for SMS Privato Spy, which advertises smartphone spyware that allows customers to secretly monitor a spouse or co-worker's phone and collect that person's calls, texts and GPS locations.

According to security experts, however, the truth is that customers have been getting nothing for the $50, $75, $100 or $125 they paid for one of Privato Spy's four packages. (more)

Electronic chip in bath soap raises huge stink

India - Expatriate Indian consumers have become suspicious of a brand of bath soap manufactured by a multinational company after consumers back home complained about an electronic chip embedded in the soap.

Reports from India suggest that a bathing soap-related survey being conducted for Britain-based organisations in Beemapalli near Thiruvananthapuram, Kerala, was called off after residents, who had earlier agreed to the survey, panicked...

The survey was being conducted for the stated purpose of finding out the health and hygiene habits of the people living in coastal areas, to which the residents of Beemapalli consented. However, once the realization of an embedded chip in the bathing soap dawned upon the locals, they feared that the soap might 'eavesdrop' on them or even film them in the shower. (more)

The chip was a motion sensor. The survey participants agreed to use the soap for five days and return it, at which point they would be paid money for being part of the survey.

Saturday, December 10, 2011

The Latest Video Enhancement Trick: De-Blurring

About a year ago I looked at work by two video enhancement specialists; Doug Carner, CPP/CHS-III of Forensic Protection and Jim Hoerricks - author of Forensic Photoshop, a comprehensive imaging workflow for forensic professionals

Today, Doug advised me of a trick that every security professional should have up their sleeve, de-blurring. He explained how he de-blurs motion this way...

"Light originates and reflects from objects in very predictable ways. As the camera and object move, they distort the captured image. These distortions can be reversed using a filter that acts like mathematical eye glasses.

For this example, we used the bent light streak seen at the far right of the license plate. The process could have just as easily been applied to the mud flaps or tires."

Wow, major difference!

This got me thinking. How good will this technology become?

Just two months ago, Adobe gave the world a sneak peek.

When you view this video, set it to HD and go full screen. The magic begins about 2 minutes into the clip and continues with several photos being blur corrected.

Unfortunately, this was only a sneak preview. It is not available to the general public in Photoshop yet.

Just to re-cap, here are some of the things Doug can do to enhance your crummy videos...
• High-resolution video and audio extraction or capture
• Adaptive military-grade video jitter stabilization
• Video de-interlace, de-sequence and de-multiplex
• Intelligent temporal noise and artifact suppression
• Fast-Fourier compression and camera age reversal
• Sub-pixel shift fusion over time, space and frequency
• Adjust video brightness, contrast, saturation and size
• Color channel isolation and focus/motion blur correction
• Audio noise suppression and speech amplification
• Video zoom, trim, crop and speed adjustments
• Multiplex to original with event highlight for court exhibit
• Image extraction, cropping, enlarging and printing
  
Want to conduct your own experiments with de-blurring?
Visit the Department of Computer Science and Engineering at The Chinese University of Hong Kong. Play with their GPU Blur Removal Software v2.0 just released last month. (Windows Trial Version)

Friday, December 9, 2011

Business Telephone Systems Still Vulnerable to Toll Fraud

A Compilation of Phreaking Evidence from 2004-2011 - 25 pages .pdf (download)

Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. They are often mistakenly lumped in with criminal phone hackers. It is also a mistake to think that this was only a 1970's - 1980's phenomena. 
Just in case you thought your business phone system was safe, read on...

• PABX/PBX hacking (phreaking) is common. It's organized crime and big business.

• Telephone systems everywhere are targets and telecommunications bandits know how to gain access to your phone system by reconfiguring it to route their own calls through it.

• Phreakers can hack phone systems, voicemail boxes and PINs in a few seconds to gain illegal access to your extensions.

• Most toll fraud is generated after hours and on holidays when it's least likely to be detected.

• Phreakers can gain the most by routing expensive international calls through private phone systems.

• Terrorist organisations use telecommunications fraud to generate funds by illegally gaining access to private phone systems and then re-selling the service.

• Many businesses leave their phone systems completely unprotected.

You will end up paying the bill after they've hijacked your phone system and extensions to make illegal calls anywhere they choose - often at a huge cost... (more)

Ask your counterespionage consultant to look into this for you. Specifying the correct controls, procedures and security hardware to protect your communications is their specialty. 

Don't have a counterespionage consultant?!?!  Contact me for a referral.

Thursday, December 8, 2011

"I'm Dreaming of a Spy Christmas"

Toy helicopter with a built-in 1.3Mp camera for sneaky aerial snapping.

Specifications:
• Take up to 3 minutes of video (at resolution 640 X 480) or take hundreds of photos (at resolution 1280 X 960).
• 3-Channel control allows flying up and down, forward & backward, left and right
• Stabilized by sophisticated built in gyroscope for the clearest pictures
• Use the remote transmitter button to take the pictures and video
• Plug in computer to download the video and photos
• User friendly Graphic Unit Interface on PC to adjust the photo or video setting.
• Real time capturing to see the effect on screen.
White color LED to indicate photo capturing or video recording.
• Download videos and photos through USB
Charging through transmitter or USB (more)

--------
Fei Lun Full Function Radio Control Spy Video Car

• Audio & Video (with Night Vision Transmitter)
(more)

-------

Using Spy Gadgets: The Definitive Guide to Finding Out Anything About Anyone Using Spy Tools, Spy Gear, Spy Equipment, Spy Cameras, Spy Toys, or a Spy Bug From a Spy Shop
By Dick Peplowski

Are you constantly wondering about certain people and wondering about their real past or present lives? You’ve surely thought, “That guy just seems to have something “off”” as we all have and want to know the truth. So how do you find the truth? Sadly, to find out the real dirt on someone, you’ve had to pay a fortune for a private investigator to get it for you. The good news is that is no longer the case! You can literally become your own Sherlock Holmes and find out all the dirt on people that you want. The best part is that you are going to be learning how to do this through the use of awesome spy tools that you can easily obtain. These will give you the power of Inspector Gadget when it comes to finding out the real dirt on someone. You learn about all the spy tools you could ever want to use plus many more in Dick Peplowski's "Using Spy Gadgets: The Definitive Guide to Finding Out Anything About Anyone Using Spy Tools, Spy Gear, Spy Equipment, Spy Cameras, Spy Toys, or a Spy Bug From a Spy Shop." This is all broken down in an easy to understand and easy to apply system for personal surveillance success. (more)