Thursday, March 31, 2011

eBlaster'ed Wife Kicks Butt

TX - An Austin man is accused of spying on the e-mails of his estranged wife and one of her friends, using the information to build a case for divorce...

Austin police investigators charged Karl Redden Dalley, 41, with unlawful interception of electronic communication -- a second-degree felony. He allegedly spied throughout much of 2010.

Investigators said Dalley used eBlaster, made by SpectorSoft , to monitor his wife's e-mails from their home computer. They also claim he used the same software to spy on a computer at an Austin karate school.

Police said Dalley's wife also claimed her estranged husband used photos from her cell phone as evidence during their divorce proceeding in November 2010.

Police first learned of the case in February 2010, when Dalley's wife told them that he had sent an e-mail to all of the brown and black belts in the Austin area karate school. Dalley's wife was an instructor there, and the e-mail accused her of having an affair with the school's president. (more)

Cell Phone Panic Button App

There's a new app being developed by the U.S. Government and it seems like everyone should want to add it to their phone for all kinds of different reasons. If a cell phone is confiscated by police or government agency, the panic button app will wipe the cell phone's address book, history, text messages and broadcast the arrest as an emergency alert to fellow activists...

 Since 2008, the U.S. has budgeted about $50 million to promote new tech to help out social activists. Secretary Hillary Clinton is behind the U.S. technology initiative to "expand Internet freedoms." (more)

Several cell phone operating systems, like iPhone's iOS, already have a similar capability built in. The emergency broadcast is a new twist... but would that identify who all the cohorts are?

Security Tip - $5 p/m Stolen Laptop Solution

Eighteen-year-old "technology entrepreneur" and Bentley College student Mark Bao had his MacBook Air stolen in February. Unlike other bright-eyed college freshmen, Bao didn't write his laptop off as gone forever (ok, maybe he did--he went out and purchased another laptop the very same night it was stolen), he set out to find the thief.

Using online backup software BackBlaze that he'd installed on his laptop, Bao was able to see the machine's browser history and track any hard drive updates.

"Woah. Thanks to @Backblaze, I think I might be able to figure out who stole my MacBook Air at college. Creeping through the Safari history!" Bao Tweeted on March 19.

Apparently the first thing the thief did was take a photo of himself using the laptop's Photo Booth program... After discovering the photo, Bao discovered a video the thief had taken of himself dancing to Tyga's "Make it Rain." Bao uploaded the video to Vimeo, managed to hunt down the guy's Facebook page using the aforementioned Safari history, and then turned everything over to the police. 

Bao told the Daily Mail that he holds no grudges against the thief, because "I don't have time nor patience to. There are more important things in life." Mark no longer has any use for his old laptop, so he's selling it and donating the proceeds to the Red Cross Japan fund. (more)

Security Tip - Free Program Protects USB Ports from Maleware Infections

Did you find a USB memory stick and are afraid to plug it in? (good)
Does your friend want to insert their (possibly infected) drive into your computer? 
Panda USB Vaccine may help...

There is an increasing amount of malware which, like the dangerous Conficker worm, spreads via removable devices and drives such as memory sticks, MP3 players, digital cameras, etc. To do this, these malicious codes modify the AutoRun file on these devices.

Panda USB Vaccine is a free antimalware solution designed to protect against this threat. It offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices:

Vaccine for computers: This is a ‘vaccine' for computers to prevent any AutoRun file from running, regardless of whether the device (memory stick, CD, etc.) is infected or not.

Vaccine for USB devices: This is a ‘vaccine' for removable USB devices, preventing the AutoRun file from becoming a source of infection. The tool disables this file so it cannot be read, modified or replaced by malicious code.

This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows. This provides users with a simple way of disabling this feature, offering a high degree of protection against infections from removable drives and devices.

You can download Panda USB Vaccine free here.

Wednesday, March 30, 2011

Samsung - Installed Keylogger on their Laptop Computers! (UPDATE)

[UPDATE: Samsung has launched an investigation into the matter and is working with Mich Kabay and Mohamed Hassan in the investigation. Samsung engineers are collaborating with the computer security expert, Mohamed Hassan, MSIA, CISSP, CISA, with faculty at the Norwich University Center for Advanced Computing and Digital Forensics, and with the antivirus vendor whose product identified a possible keylogger (or which may have issued a false positive). The company and the University will post news as fast as possible on Network World. A Samsung executive is personally delivering a randomly selected laptop purchased at a retail store to the Norwich scientists. Prof. Kabay praises Samsung for its immediate, positive and collaborative response to this situation.]

By M. E. Kabay and Mohamed Hassan Mohamed Hassan, Network World...
The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.

...This is a déjà vu security incident with far reaching potential consequences. In the words of the of former FTC chairman Deborah Platt Majoras, "Installations of secret software that create security risks are intrusive and unlawful." (FTC, 2007).

Samsung's conduct may be illegal; even if it is eventually ruled legal by the courts, the issue has legal, ethical, and privacy implications for both the businesses and individuals who may purchase and use Samsung laptops. Samsung could also be liable should the vast amount of information collected through StarLogger fall into the wrong hands.
We contacted three public relations officers for Samsung for comment about this issue and gave them a week to send us their comments. No one from the company replied. (more)

"You vare personally responsible for your spy equipments...

...lose zem, and ve dock your pay!" 
You’ve gotta hand it to Russian intelligence, they’ve got chutzpah. First they planted a network of sleeper agents in the United States. Now, two of the busted and deported spies are demanding that the feds fork over their impounded spy gear...

...two former members of Russia’s Foreign Intelligence Service  (SVR) who hid in the U.S. for years, have hired lawyers to demand the FBI give them their stuff back. Vladimir and Lidia Guryev (a.k.a. Richard and Cynthia Murphy) are asking the Justice Department to return their cars, money, video cameras, computers, digital photos and unnamed “other equipment.” They’d also like the data on their digital gear back, too or, failing that, copies of it. Their tech gear and files have no “material value,” the request claims; it’s just “dear to the Guryevs.”(more)

Security Director's: The IT guys are stealing your lunch...

...and, unless you take control they will also eat your budget and make you irrelevant. 

Their recipe... Take accurate "S&P 500" statistics, add a pinch of "cyber" for a taste of scary, let it cook over "1,000 IT decision makers" with vested interests, serve as "hot news" written by... oh, no one in particular.

Cybercriminals understand there is greater value in selling a corporations’ proprietary information and trade secrets which have little to no protection making intellectual capital their new currency of choice, according to McAfee and SAIC.

The cyber underground economy is making its money on the theft of corporate intellectual capital which includes trade secrets, marketing plans, research and development findings and even source code.

McAfee and SAIC surveyed more than 1,000 senior IT decision makers in the U.S., U.K., Japan, China, India, Brazil and the Middle East. Their study reveals the changes in attitudes and perceptions of intellectual property protection in the last two years. (more)

Fight back...
Tell the boss:
1. All of the information IT claims it needs money to protect (and more) is available elsewhere long before it is ever reduced to computer data.

2. "Cybercriminals" is a self-serving label invented to scare. News and entertainment media glorify this one aspect of criminal behavior. Truth: Criminals don't care how they make a buck. Foreign governments don't have preferential spy techniques. Both want your intellectual property. The fresher, the better. Reality: Cybercriminals get the table scraps.

3. You are the front line of defense. Your job is more important today than every before in history. The proof is in the S&P 500 chart.

4. "I can take the lead in designing the overall company counterespionage strategy." 

Priority One: Realign the security budget.
• Is 80% of the budget being used to protect tangible assets? (20%) If so, change it.
• Is the budget strong enough to protect the intangible assets? (80%) If not, change it.

Need help implementing a counterespionage strategy? Call us.

P.S. Be kind to the IT guys. They have a hard time keeping up with the regular demands of their job, let alone the security issues. They will be happy you took control and can advise you on what they really need to keep their data safe.

Sell Spy Plane on Ebay? To Feds? Feedback? Arrest Warrant

FL - A Philippine man was arrested and charged with illegally selling an unmanned U.S. spy plane known as the Raven, the U.S. Attorney's Office in Tampa said on Monday.

A grand jury indicted Henson Chua, 47, of Manila on March 10 on charges that he sold the Raven to undercover federal agents on Ebay...

The Raven is a four-pound plane equipped with three cameras that U.S. troops use for battlefield surveillance. It can be taken apart and carried by troops and then reassembled for use.

According to the U.S. Attorney's Office, agents with the Homeland Security Department found out last May that Chua was offering a Raven for sale on Ebay for $13,000. (more)

Tuesday, March 29, 2011

Photo Sharing App Bares All

Critics of the much-talked-about new photo-sharing app Color can add another bickering point to the pot: A simple GPS "spoof" allows for spying on any Color user's photos. 

The problems with the highly publicized new iOS and Android photo-sharing app Color continue to mount. According to Forbes, the app has an easily exploitable feature that makes it simple for tech-savvy users to view all the photos of anyone who uses the app.

That’s not to say Color is known for its tight privacy settings — in fact, the exact opposite is true. When a user takes a photo with Color, the photo is automatically uploaded to the Color servers. Then — and this is what makes the app so notable — anyone within a set perimeter of where that photo was taken can see that picture, along with the pictures of any other Color user who happens to be snapping off shots in that particular location. (more)
Another cool use... establishing and identifying dead drops for spies.

High School Hacking Nets Great Grades... for a while

CA - Omar Khan worked the school like it was a movie, installing spyware, stealing passwords and breaking into administrator offices.

A former Tesoro High School senior was convicted Monday of breaking into his high school on multiple occasions to steal advanced placement (AP) tests from classrooms, alter test scores and change official college transcript grades.

Omar Shahid Khan, 21, of Coto de Caza, pleaded guilty to two felony counts of commercial burglary and one felony count each of altering public records, stealing or removing public records, and attempting to steal or remove public records. He is expected to be sentenced Aug. 26 to 30 days in jail, three years of probation, 500 hours of community service and more than $14,900 in restitution. 

A subsequent search by the Orange County Sheriff’s Department revealed that Khan had installed spyware devices on the computers of several teachers and school administrators throughout his senior year, according to the D.A. The devices were used to obtain passwords to access teacher computers in classrooms and school administrative offices. (more)

Oh, one more thing...

One security feature I would like to see on my future cell phone is the option of not using a password.

Think of this... all business-level cell phones have camera capability; all have (or could easily be designed to have) touch screen capability; and of course a microphone. The next logical step is adding facial, fingerprint or voice recognition to replace the access PIN code. 

In addition to the security benefit, it would sure make using the phone while driving safer. (Just kidding. I would never do that. Well... not often, anyway.) ~Kevin

Your Next Cell Phone May Seem Like a James Bond Gadget

10 Things Your Phone Will Soon Do 

Aston Martin teams with Mobiado for transparent touchscreen concept phone
British car maker Aston Martin is looking to leverage its luxury brand into the world of consumer electronics by teaming up with Canadian mobile phone manufacturer Mobiado to produce a line of high-end handsets to be launched in May of this year. Until then, the company has provided a tantalizing peek at possible future designs with the CPT002 Aston Martin Concept Phone that takes the 'slab of glass' design of many current smartphones to the next level. With a solid sapphire crystal capacitive touchscreen, the CPT002 is completely transparent. (more)

How to Put Out an Electrical Fire, or... Fight Fire With Fire?

It's certainly an established fact that electricity can cause fires, but today a group of Harvard scientists presented their research on the use of electricity for fighting fires. In a presentation at the 241st National Meeting & Exposition of the American Chemical Society, Dr. Ludovico Cademartiri told of how they used a unique device to shoot beams of electricity at an open flame over one foot tall. Almost immediately, he said, the flame was extinguished... Apparently, it has been known for over 200 years that electricity affects fire – it can cause flames to change in character, or even stop burning altogether. 

It turns out that soot particles within flames can easily become charged, and therefore can cause flames to lose stability when the local electrical fields are altered.

The Harvard device consists of a 600-watt amplifier hooked up to a wand-like probe, which is what delivers the electrical beams. The researchers believe that a much lower-powered amplifier should deliver similar results, which could allow the system to be worn as a backpack, by firefighters. It could also be mounted on ceilings, like current sprinkler systems, or be remotely-controlled. (more)
Bill, don't cross the beams. ~Kevin

Monday, March 28, 2011

"Have you ever been the victim of..." poll results.

Click to enlarge.
Kevin's Security Scrapbook has been running this poll for several months now. It is a follow-up to a similar poll we ran a few years ago. Time to look at the results.

Not much has changed. No one surveillance tactic is more popular than another. People will use any tool or tactic that does the job.
This parallels our corporate counterespionage field experience.

Thanks to all who shared their experience with us. ~Kevin

Export, eh... or, The PC is Smokin'

Dumpster diving isn't something Saskatchewan's privacy commissioner makes a habit of, but this time Gary Dickson says he was left with little choice.

Dickson and two assistants had to wade through a massive recycling dumpster this week to recover medical files. They sorted through paper more than 1 1/2 metres deep after getting a tip directing them to the container behind the Golden Mile Shopping Centre in Regina... "So we seized all of this stuff immediately and the only way we could do that was getting into the recycling bin."

It took a couple of hours to go through the dumpster. Dickson estimates they found more than 1,000 files that should have been shredded.

Whoever tossed the files had to know what they were, he said.

The commissioner said doctors, regional health authorities and other health professionals have long been told to follow Saskatchewan's Health Information Protection Act. The act says trustees have to safeguard personal health information in their custody.

There are fines of $50,000 for individuals and $500,000 for organizations for breaching the act. (more)

A shredder is beginning to look like a bargain, Doc.

Sunday, March 27, 2011

The Case of the Bugging Barrister

South Africa - A PIETERMARITZBURG advocate (attorney) who is already under investigation in connection with the alleged theft of a hard drive from the CCTV surveillance system at the Pietermaritzburg advocates’ chambers last year, is now being investigated by police in connection with a bugging device alleged to have been planted in chambers.

The Witness (newspaper) has reliably learnt that a listening device was discovered in a ceiling in the office of the bar administrator at the advocates’ chambers on Monday this week, after police obtained a warrant to search the premises.

It is believed police also seized the computer hard drive of the computer belonging to the advocate in question.

It was alleged that she instructed an employee of a local surveillance systems company to remove the hard drive and replace it with a new one on a pretext that he had been authorised to do so by another advocate. The motive for the alleged theft is not known. (Three guesses, the first two don't count.) (more)

It’s Tracking Your Every Move

As a German Green party politician, Malte Spitz, recently learned, we are already continually being tracked whether we volunteer to be or not. Cellphone companies do not typically divulge how much information they collect, so Mr. Spitz went to court to find out exactly what his cellphone company, Deutsche Telekom, knew about his whereabouts.

The results were astounding. In a six-month period — from Aug 31, 2009, to Feb. 28, 2010, Deutsche Telekom had recorded and saved his longitude and latitude coordinates more than 35,000 times. It traced him from a train on the way to Erlangen at the start through to that last night, when he was home in Berlin.

Mr. Spitz has provided a rare glimpse — an unprecedented one, privacy experts say — of what is being collected as we walk around with our phones. Unlike many online services and Web sites that must send “cookies” to a user’s computer to try to link its traffic to a specific person, cellphone companies simply have to sit back and hit “record.” (more)

Saturday, March 26, 2011

Let's hope it's also blue under the hotel carpeting...

via the BBC...
A rare photo, released by the White House, shows Barack Obama fielding calls from a tent in Brazil, to keep up with events in Libya. The tent is a mobile secure area known as a Sensitive Compartmented Information Facility, designed to allow officials to have top secret discussions on the move.

They are one of the safest places in the world to have a conversation.

Designed to withstand eavesdropping, phone tapping and computer hacking, Sensitive Compartmented Information Facilities - also known as SCIFs - are protected areas where classified conversations can be held...

A photo released by the White House showed the president and advisers gathered around a video phone, inside what looked like a standard blue tent, erected on the hotel's floral carpets. (more)

SMS-CB - A Cell Phone Feature that Could Save Your Life

The Brilliant Cell Phone Security Feature That We Still Don't Have.
via TechnologyReview.Com...
"Cell broadcast" technology is a largely dormant part of many cell-phone network standards.

Japanese who carry phones serviced by NTT Docomo, Japan's dominant cell phone carrier, can opt to have alerts about earthquakes pushed directly to their phones. The technology that makes this possible, the Area Mail Disaster Information Service, is designed to deliver detailed alerts as quickly as possible.

This service is uniquely enabled by a little-known technology known as Cell Broadcast, or SMS-CB. It's totally unlike traditional, point-to-point SMS, in that it can be broadcast directly from cell towers to every phone in range and does not use more bandwidth when sent to more users. In this way it's just like a over-the-air television or radio, where bandwidth requirements do not increase as more users receive a signal.

This is extremely important in the event of a disaster: According to Israeli SMS-CB company eViglio, cell broadcast has the potential to reach millions of users in seconds in an inherently geo-targeted fashion, whereas trying to reach the same number of users via traditional SMS would swamp the network, slowing the delivery of messages to a crawl.

Tsunami Alerts Not Yet Implemented

It appears that Japan's Area Mail Disaster Information Service has not yet been equipped to warn of tsunamis. The abstract of an eerily prescient paper from 2009, "A Proposal of Tsunami Warning System Using Area Mail Disaster Information Service on Mobile Phones" opens with the line:

The earthquake with the seismic center around the coast of Miyagi prefecture and the oceanic trench of southern Sanriku is expected to occur with high probability. [...] Consequently, a system is required that prefectures, cities, towns and villages collect swiftly and accurately the tsunami monitoring information that is necessary for evacuation behavior, relief and recovery activities, and deliver and share to the local residents.

Sendai, the city most profoundly devastated by last week's tsunami, is in Miyagi prefecture -- the same one mentioned in the abstract... (more)

So why don't we have it in the United States yet?
Tom Fahey of a company called CellCast Technologies... tells us that the United States is moving toward this capability with the system scheduled to go live in April of next year. This is after President Bush approved the plan in 2006. Fahey says that it has taken that long for wireless carriers to agree upon and implement a set of standards to make this happen. (more) (FCC Fact Sheet)

All right, who muttered "negligence".

SpyCam Story #605 - Attention K-Mart Shopper!

Police in Georgia said they arrested a man who allegedly followed a woman around a Kmart store while filming her backside.

Cobb County police said Alejandro Paniagua Pretega, 28, followed the woman around the Mableton Kmart for several minutes just after 1:30 p.m. EDT Tuesday while filming her rear...  A witness said Pretega attempted the film up the woman's skirt without her knowledge.

Pretega was arrested on a felony eavesdropping count and ordered held in the Cobb County jail without bond due to an immigration hold. (more)

Saturday, March 19, 2011

Hacker Wins on Technicality

The Netherlands - Breaking in to an encrypted router and using the WiFi connection is not an criminal offence, a Dutch court ruled. WiFi hackers can not be prosecuted for breaching router security.

A court in The Hague ruled earlier this month that it is legal to break WiFi security to use the internet connection. The court also decided that piggybacking on open WiFi networks in bars and hotels can not be prosecuted. In many countries both actions are illegal and often can be fined.

The ruling is linked to a case of a student who threatened to shoot down everyone at the Maerlant College in The Hague, a high school. He posted a threat on the internet message board using a WiFi connection that he broke into. The student was convicted for posting the message and sentenced to 20 hours of community service, but he was acquitted of the WiFi hacking charges.

The Judge reasoned that the student didn't gain access to the computer connected to the router, but only used the routers internet connection. Under Dutch law breaking in to a computer is forbidden. (more)

Spooks' secret TEMPEST-busting tech reinvented by US student

A mysterious secret technology, apparently in use by the British intelligence services in an undisclosed role, has been reinvented by a graduate student in America. Full details of the working principles are now available.

...If you had the through-metal technology now reinvented by Lawry, however, your intruder – inside mole or cleaner or pizza delivery, whatever – could stick an unobtrusive device to a suitable bit of structure inside the Faraday cage of shielding where it would be unlikely to be found. A surveillance team outside the cage could stick the other half of the kit to the same piece of metal (perhaps a structural I-beam, for instance, or the hull of a ship) and they would then have an electronic ear inside the opposition's unbreachable Faraday citadel, one which would need no battery changes and could potentially stay in operation for years.

Spooks might use such techniques even where there was no Faraday cage, simply to avoid the need for battery changes and detectable/jammable radio transmissions in ordinary audio or video bugs.

Naturally, if you knew how such equipment worked you might be able to detect or block it – hence the understandable plea from the British spooks to BAE to keep the details under wraps.

Unfortunately for the spooks, Lawry has now blown the gaff: his equipment works using ultrasound. His piezo-electric transducers send data at no less than 12 megabytes a second, plus 50 watts of power, through 2.5 inches of steel – and Lawry is confident that this could easily be improved upon. It seems certain that performance could be traded for range, to deal with the circumstances faced by surveillance operatives rather than submarine designers. (more) (video 1) (video 2)

Alert - APT Strikes EMC

The RSA Security division of the EMC Corporation said Thursday that it had suffered a sophisticated data breach, potentially compromising computer security products widely used by corporations and governments...

RSA, which is based in Bedford, Mass., posted an urgent message on its Web site on Thursday referring to an open letter from its chairman, Art Coviello. The letter acknowledged that the company had suffered from an intrusion Mr. Coviello described as an “advanced persistent threat.” (more)

The breach is serious, but more interesting is use of the term “advanced persistent threat.” Sounds like a genetically altered mosquito. Good analogy. gives us their definition... 
"Intruders engaging in APT-style attacks represent well-organized, well-funded groups -- often located in a "safe harbor" country -- and they're out to steal a company's intellectual property. They aren't out for quick financial gain like cyber criminals; they're in it for the long haul. Their dream assignment is to essentially duplicate their victim's best ideas and products in their own homeland, or to sell the information they've purloined to the highest bidder."

In other words, foreign governments.

Computer hacking is only one technique in their bag of spy tricks. If you spot this type of hacker probing your defenses, better give us a call.

Friday, March 18, 2011

Security Director Alert - E-data Disposal

Stories like this one pop up with unusual regularity, but this one hits close to home...
There was a story today in the New York Times about New Jersey State Comptroller Matthew Boxer's discovery during an audit of surplus state computers slated for auction that 79% of them still had readily accessible information on their hard drives.

Information was found on 46 of the 58 computers scheduled to be sold, and on 32 of those 46, the information found was highly personal in nature that should have never been made public.

For instance, one computer - a laptop - had been used by a judge, and "contained confidential memos the judge had written about possible misconduct by two lawyers, and the emotional problems of a third," the Times article stated. Personal financial information about the judge, including tax returns, were also found on the laptop. (more) (video about photocopier drives)

Questions to ask...
What happens to my company's old hard drives? (sold, auctioned, recycled, returner to lessor, donated)
Do I even know where all of them are? (desktops, laptops, photocopy print centers, tablets)
What about other old media? (old floppies, CDs, DVDs, smart cell phones, x-rays, videotapes, product samples, prototypes, old promotional materials)

Tip: This is not the IT department's job. It's a security issue. It's security's job. "Erasing" "degaussing" and even "smashing" is not good enough to protect the most sensitive information. Keep your hard drives. Give the leasing company the money for a new one. Then crosscut shred your e-media. (Hey, you do it for your sensitive waste paper.)

I was talking to Kevin Kane and Jason Moorhouse, two sharp guys from the Shredit company, yesterday and learned that they operate globally and have shredders that can even handle old refrigerators! 

In case you need an additional reason to shred e-media, I also learned that non-compliance with HIPPA regulations, for example, can bring heavy fines and even jail time. So, gather your junkers and clunkers and find someone (I don't care who) to shred it. ~Kevin

Spying... A dirty job, but something has to do it...

Computer translated from Korean...
"Samsung Electronics, along with cleaning and video search feature in a robot vacuum cleaner with a home video 'taenggobyu (VC-RL87W)' introduced. Tango view when the cleaning is used for localization and imaging using a camera, and external cleaning can be monitored in the interior. Using a PC or a smartphone and a PC remote control from outside the voice over the microphone is also available. Equipped with lighting in a dark room is available in an emergency, you can always respond quickly." (more)

Apparently you can play Whack-A-Dust Bunny with this from work (or any Wi-Fi hot spot). Once you've cleaned up your OK-corral you can then creep up on your kids and see if they are really doing their homework. If not, use the 'voice over microphone' feature to Ra-parent the situation. FutureWatch... Someone will stash one under their boyfriend's couch for night patrol "is he cheating on me" reconnaissance. Why there? Because no guy ever cleans under their couch.

Thursday, March 17, 2011

The Case of the Managers Who Talked Too Much

IA - Some employees at a medical clinic in Iowa claimed a supervisor used a baby monitor to eavesdrop on them. According to a labor representative for the University of Iowa medical clinic employees, workers found the monitor sitting on a shelf near the reception area...

"If that monitor was there for even one day, that's the potential for 100 HIPPA violations if that thing was being monitored the whole time, and that's pretty egregious," said union rep Jon Stellmach.

Managers of the office say the monitor was used to see if staff members were talking too much. (D'oh!)

The supervisors say the monitor was removed after workers complained, and University of Iowa officials say the case is being handled by the human resources department. (more)

Disposable Endoscope - 1 Cubic MM - World's Tinest Spycam?

Germany - Tiny video cameras mounted on the end of long thin fiber optic cables, commonly known as endoscopes, have proven invaluable to doctors and researchers wishing to peer inside the human body. Endoscopes can be rather pricey, however, and like anything else that gets put inside peoples' bodies, need to be sanitized after each use. A newly-developed type of endoscope is claimed to address those drawbacks by being so inexpensive to produce that it can be thrown away after each use. Not only that, but it also features what is likely the world's smallest complete video camera, which is just one cubic millimeter in size.
The prototype endoscope was designed at Germany's Fraunhofer Institute for Reliability and Microintegration, in collaboration with Awaiba GmbH and the Fraunhofer Institute for Applied Optics and Precision Engineering. ...They hope to bring the device to market next year. (more)

Wednesday, March 16, 2011

U.S. 'may' enact a Privacy Bill of Rights

FutureWatch - The Obama administration plans to ask Congress Wednesday to pass a "privacy bill of rights" to protect Americans from intrusive data gathering, amid growing concern about the tracking and targeting of Internet users. (more)

"...and what about the 18 second flatulence gap?"

GA - A Clayton County Grand Jury meets Wednesday to hear charges against a sheriff's deputy accused of making a recording of another employee in the restroom.

The District Attorney's Office is bringing a proposed indictment charging Sheriff's Deputy and Public Information Officer Alicia Parkes with unlawfully eavesdropping on the job. Parkes is alleged to have made a recording with her cell phone of a co-worker in the bathroom. A half-dozen witnesses are expected to testify. (more)

HBO Announces Cold War Drama with ‘80s Spy Series ‘Reds’

HBO has announced it is developing a new series tentatively titled Reds, inspired by the real-life occurrence of a KGB sleeper agent infiltrating the United States during the 1980s.

The series will be drawn from an encounter writer/director Martyn Burke had while filming a documentary across the United States in the early part of the decade. Unknown to Burke, and the rest of his crew, the soundman they were all working with was actually a colonel in the KGB. Before being found out, the Soviet spy managed to successfully establish a base of operations just outside New York City, and sought to conceal his true identity further by trying to start and raise a family. (more)

Pakistan frees CIA spy charged with murder

Raymond Davis, the CIA spy charged with murder in Pakistan, has been freed after the families of two dead men agreed to drop charges in exchange for financial compensation. (more)

Tuesday, March 15, 2011

How not to handle your surly survant problems in Maryland...

More bad neighbors.
MD - A 42-year-old city woman accused of recording private conversations of employees at a Salisbury apartment complex has been charged on a warrant for wiretapping.

Cassandra Denise Baytops was arrested in connection with an alleged January wiretapping incident, according to the Salisbury Police Department. An investigation revealed that the suspect made both video and audio recordings of conversations by the victims, then presented the data to another apartment complex employee, police said. Baytops was charged with four counts of wiretapping, then jailed at the Wicomico County Detention Center. Bond was not determined. (more)

Maryland state law requires that all parties to a recording consent to being recorded.

Dom, Le Espion... or, "The guard probably did it."

France - A security agent for Renault has been charged with fraud and accused of inventing industrial espionage claims that led the French carmaker to wrongly suspect — and suspend — three executives, the state prosecutor said Monday...

Preliminary charges of "organized fraud" were filed Sunday against Dominique Gevrey, once employed by the Defense Ministry intelligence service and now a member of Renault's security service, prosecutor Jean-Claude Marin told reporters Monday.

Gevrey had been detained Friday at Paris' Charles de Gaulle airport as he prepared to board a flight for Guinea, and has since been jailed. (more)

FutureWatch - Let insurer spy on driving, get a discount

“Romper, bomper, stomper, boo.
Tell me, tell me, tell me do.
Magic Mirror, tell me today.
Did all my friends have fun today?”

More auto insurers are rolling out programs offering discounts to drivers who let the company electronically spy on their driving habits.

Progressive, one of the nation's largest auto insurers, today launches a nationwide ad campaign for its "Snapshot" program, in which drivers can elect to install a small data recorder in their cars that tracks how hard they brake, how far they drive and whether it's day or night driving. Based on the results, drivers can save up to 30 percent on their insurance. Average savings: $150 a year.

Progressive is one of a growing list of insurers with discounts for monitoring:
• Allstate. The Drive Wise program begun last year in Illinois will expand to other states.
• GMAC. Only total mileage is tracked - up to 54 percent off - drive fewer than 2,500 miles a year.
• State Farm. Mileage also is tallied via OnStar mileage for its "Drive Safe & Save" plan in California and Ohio. Texas will be added next month, Illinois later this year.

Although the programs are voluntary, they've raised the eyebrows of privacy advocates. One worry is that the insurers eventually will make the monitoring mandatory. (more)

Lyon May Put Teeth into CA Video Voyeurism Law

CA - Michael Lyon pled guilty today to what he called “criminal conduct which was selfish, impulsive and wrong.” In a deal with prosecutors, he admitted to four counts of felony electronic eavesdropping.

He was arrested last November for videotaping prostitutes in his home without their knowledge. As part of his plea deal, Lyon will have to spend a year in the custody of Sacramento County, but there is a good chance he will be placed in home detention, with an electronic monitoring device attached to his ankle. (more)

Lyon case spurs effort to tighten state's video voyeurism law
Lyons' ugly divorce battle takes a new twist

No, I'm not Mr. Rogers. I'm Mr. Rivard, your neighbor.

MI - The trial for a man who police said broke into his neighbor’s home 10 times over a four-month period continues. Paul Rivard, 36, is also accused of planting a baby monitor in the bedroom of his neighbor’s home to eavesdrop on them. Authorities said he also rearranged items in their home and torched their clothes... If Rivard is convicted, this incident will not be his first home invasion. State prison records show the 36-year-old was paroled in late 2008 after serving 10 years for second-degree home invasion. (more with video)

SpyCam Story #604 - 44 Regrets?!?!

UK - A peeping tom who hid a spy camera in a teddy bear and recorded a woman in a state of undress has walked free from court. Voyeur Paul Littlewood’s secret recordings only came to light after he sexually assaulted his victim by touching her breast over her T-shirt... Prosecutor Sue Jacobs said that was examined and found to contain 612 movie files of which 44 appeared to be taken by either a webcam or a spycam and showed a woman in various stages of undress.

The court heard that Littlewood told police that he had hidden a camera inside a teddy bear but “regretted it straight away” and subsequently destroyed the camera. (more)

Friday, March 11, 2011

From Android to spyDroid in just 299 Cents

A non-stealth mobile phone spy app...

Secret Spy will send you an email with your phone's location, a picture from the camera, call logs, text Messaging logs, and the visited web page history, on demand.

T-shirt extra.
Secret Spy checks your Gmail account every few minutes and waits for you to send yourself a blank email from that same account. When Secret Spy gets that email, it activates and wakes up the phone, takes a picture, and sends that picture along with the phone's logs to your Gmail email address...

Secret Spy does not try to hide itself on the phone. It DOES show up as an entry in your application list. It is only meant for legal uses such as wildlife photography, or for monitoring your house's security. (more) (T-shirt)

From iPhone to Video spyPhone in just 299 Cents

A revamped iPhone videography app from Mirage Labs is crammed so full of features that the developer is promoting it as "the Swiss Army knife of camcorders." Among those militaristic attributes: a "spy cam" setting that lets users make surreptitious recordings.

MultiCorder 2.0, formerly known as Flexicorder, debuted Wednesday in the iOS App Store. The new spy mode lets users select a picture from their photo library to display on screen while making the secret video; a finger swipe up or down the screen automatically ends the recording. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

The Giant Ants of Atlanta Meet The Big Bees of Melbourne

The recent post about Uncle Milton's ant farm colonies, complete with The Giant Ants of Atlanta, 

echoed around the world and brought us The Big Bees of Melbourne, from a reader with a sense of humor. 

Very cool! 
Thank you.

Security Director Alert: Tiny GPS Tracker with Real-Time Reporting

Keep track of top executives as they travel. Bonus: SOS button. 

TrackingTheWorld's newest portable real-time GPS tracking device is the WorldTracker Enduro Pro... offers improved GPS sensitivity, and up to 60 day battery life.

Throughout our (GPS Magazine) testing, Enduro Pro's performance was outstanding. The device provided reliable real-time tracking, even in challenging environments, and in areas of marginal cellular coverage.

The Bottom Line
• Exceptional accuracy and battery life
• Small enough to be carried by a child, powerful enough to be used by law enforcement
• Works in extreme weather conditions (-40° to 185°F), IPX-5 Water Resistant
• GeoFencing
• Speed reporting
• SOS / Panic button
• Priced under $200, plus monthly service

Once fully charged, the Enduro Pro can last up to 60 days on a single charge (that estimate is based on updates every 2 hours, and little motion. When set to update more frequently, such as every 2 minutes, battery life drops to a still-impressive 2 weeks on average). 

Location Reports
Reports are accessed via Maps can be viewed as Road view, Aerial view, or Hybrid (Road & Aerial). The map can be zoomed in or out, and panned by dragging the mouse around or using the pan/zoom control in the upper-left corner of the screen.

Tabs along the right side of the map screen allow you to view historical location data for previous days/months, as well as access driving reports, configure GeoFence alerts, and set how frequently Enduro Pro should send location updates (less frequent updates = longer battery life).
Click to enlarge.
The breadcrumbing feature allows you to see where the device has been throughout a given day, as well as the direction of travel and speed the device was traveling. (more) - License Plate Tag or Public Branding, an online start-up, is creating a way for people to ping each other using their license plates. The company’s founder, Mitch Thrower, compares the service to online coupon and location-sharing sites — with one exception. “It’s like a Groupon or Foursquare that you can’t turn off,” he says.

You can’t turn it off because the service will capture your license plate whether you like it or not. But to receive virtual fist-shaking, finger-pointing, or flirty messages from fellow motorists, or the “special offers” from merchants that Thrower hopes will pay his company for access to your in-box, you actually do have to sign up and identify yourself as the owner of your license plate.

The service works by using images of license plates snapped by other people using their cell phone cameras, or by license plate numbers people can send via telephone, a special email address, or a smartphone app. The company has already captured more than 250,000 license plates from a combination of messages sent by beta testers and publicly-available video feeds like cameras at toll booths, according to Thrower.

The site will officially launch at the SXSW festival in Austin, Texas, next week. (more)

Where Does the Government Go Shopping for Security?

GovSec - The government security conference and expo in Washington, DC., March 29-31.

"GovSec will help you identify and examine the security concerns of our nation's key assets and essential services. Learn about the critical strategies and solutions to best secure these resources, including new technologies, physical resources, and risk assessment!" 

In addition to the educational aspect of the conference, the real fun is the expo where you get to see all the latest technology!

"Thousands of cutting-edge systems, tools and technologies preventing future incidents, preparing for and responding to hazards and disasters, and ensuring public safety, showcased by top solution providers."

This is where American ingenuity really shines. Catch it if you can, especially if your company needs government-level security. (more)