Tuesday, May 31, 2011

CONTEST: The Tunny Machine Missing Diagrams Question

(WE HAVE A WINNER. DF from Canada.)

UK - The National Museum of Computing has finished restoring a Tunny machine - a key part of Allied code-cracking during World War II.

Tunny machines helped to unscramble Allied interceptions of the encrypted orders Hitler sent to his generals.

The rebuild was completed even though almost no circuit diagrams or parts of the original machines survived...

The first Tunny machine was built in 1942 by mathematician Bill Tutte. He drew up plans for it after analysing intercepted encrypted radio signals Hitler was sending to the Nazi high command. (more)

CONTEST: What happened to the original circuit diagrams?
PRIZE: First correct answer wins an autographed copy of "Is My Cell Phone Bugged? Everything you need to know to keep your mobile communications private."

Monday, May 30, 2011

CONTEST Alert

Another Security Scrapbook Contest is coming. 
(Hey, it has been a while.)
Here, Tuesday, May 31 at 12:01 PM, New York City time.
The first correct answer wins.

(This pre-contest announcement is made to give everyone who is interested 24-hours notice to get to the starting line at the same time.)

Saturday, May 28, 2011

Hold on to Your Wallet - Here Comes Google

"Your phone will be your wallet." That's what Google's promising with Google Wallet and Google Offers, which'll combine payments and deals in one neat package. And it's a pretty compelling little vision of the future of paying for stuff. (What could possibly go wrong?)

Google Wallet isn't really one thing, so much as a bundle things tied together in one package. It's an Android app. It's a way for you to pay for things with your credit or debit cards, using your phone. It's a coupon collector and loyalty card system. It's another way for merchants to let you pay and offer up deals. It hooks into other Google services, like Shopper (which shows you nearby deals) and Google Offers. And Google is planning for it to eventually store everything you'd keep in a wallet.

The core payment technology uses wireless NFC and more specifically, MasterCard's PayPass system, so you'll be able to use it anywhere that's hooked up with PayPass, which is at a lot of retailers already. (more)

FutureWatch: Your phone becomes your electronic ID and Passport. 

Hey, why are we still calling this do-it-all device a phone, anyway? 


Probably the same reason we still say "dialing the phone" when the dial is long gone, and "the phone is ringing" when a Lady Gaga singtone is belting out the request to connect.

On the plus side, "Hello, Central!" finally exited the lexicon, and "It's your nickle" rates made a come back.

Man Hacks 100+ Webcams and Makes Blackmail Videos

Many computers sold these days come with web cameras built right in. You may never use it, but hackers can spy on you and record things going on inside your home and even use it to blackmail you.

The FBI recently arrested Luis Mijangos for hacking into more than 100 homes by turning on the webcams in their home computers. "In some cases, he was able to turn on the web cameras that were on people's computers and, just by dumb luck, happen to catch them walking naked across the room," said an unidentified spokesman for the FBI.
 
Then, in a "sextortion" plot, Mijangos emailed those people and threatened to release the video unless they made more sexual videos. He also posed as the victims' boyfriend, asking women to send sexually explicit photos and videos and he told the FBI he's part of a big hacking group. (more)


Tip: Cover the camera when not in use.

And on his farm he had a cow, E-I-E-I-O With a "moo-moo" here and a... You're under arrest!

Iowa is on the verge of becoming the first state to criminalize recording sights and sounds at farms without permission from owners.

The hot-button issue surfaced in the waning days of the legislative session and pits environment and animal rights groups against farmers and agribusiness.

On one side are activists who surreptitiously record how animals are raised or slaughtered. On the other, owners who don't want what they see as interference.

The activists maintain their actions are protected under the First Amendment. Farmers counter the acts represent an invasion of privacy intentionally designed to damage their industry. (more)

Friday, May 27, 2011

Yipes Skypes! VoIP Phone Encryption - Busted.

A team of researchers and linguists have found a fatal flaw in supposedly encrypted internet phone calls that allow them to eavesdrop on conversations.

University of North Carolina scientists took a novel approach to 'listening in' on voice-over-internet-protocol (VoIP) conversations by analysing the 'encrypted' data packets used to transmit people's conversations.

VOIP services such as Skype transmit speech over the internet by encoding and the encrypting the conversation into individual data packets.

According to The New Scientist, Linguists noticed the size of each packet mirrored the composition of the original speech itself - allowing them to reconstruct words and phrases from the original voice.

By splitting the packet sequences into phonemes - the smallest sounds that make up a language - linguists were able to reconstruct the data into discernible words. (more)

Just for fun... The world's best web store display!

I love great promotion. A Dutch department store has the most clever home page I have ever seen. If you don't laugh, I'll return double the money you spent for your Security Scrapbook subscription.

What does this have to do with spying?

Tip: Humor is a great diversion and ice breaker. In this case, your resistance to buying products is eroded and your loyalty to a particular store is being reinforced. Spies use the same techniques when social engineering their marks. Be sensitive to this red flag. ~Kevin

Turkey Acknowledges Eavesdropping Concerns... and evidence.

Turkey - There are dead-serious problems concerning the “privacy of personal life and communication” in Ankara at the moment. Video tapes are pouring in as records of private phone conversations, obtained through wiretapping, are making the rounds. Cyber attacks targeting politicians are continuing incessantly. There are as many records that have been obtained illegally as there are records that have been obtained legally and leaked.

Video or audio tapes have both become evidence in court cases and have been used for blackmail. Some of the Nationalist Movement Party, or MHP, candidates have had to resign or withdraw due to sex tapes featuring them.

Since these are cyber attacks, everyone is trying to gain protection either through personal or corporate measures. While jammer-like equipment to stop the transfer of phone and video conversations are being used by political parties, parliamentary deputies are choosing similar equipment sold on the market.

There are concerns about being bugged even in top offices in the capital. (more)

Memorial Day Weekend in the USA

Monday is Memorial Day here in the USA. 

"Memorial Day is a United States federal holiday observed on the last Monday of May (May 30 in 2011). Formerly known as Decoration Day, it commemorates men and women who died while in military service to the United States (including its spies). First enacted to honor Union and Confederate soldiers following the American Civil War, it was extended after World War I to honor Americans who have died in all wars." (Wikipedia)

Many countries have national holidays like Memorial Day, and each takes theirs very seriously and solemnly. It is one holiday we wish we didn't have to have. 

Confucius never said this, but we all know it is true... "War does not determine who is right; it determines who is left." Maybe this is why it is also a three-day weekend of not just sad reflection and appreciation (in fact, there is never enough of this), but also a time of gathering and camaraderie. ~Kevin
 

Wednesday, May 25, 2011

Hedge Fund Head Sends Spy into Employees' Personal Life

In late November 2008, Tobin Gover, a top financial mathematician known to his friends as Sam, got a call through to his desk at work in Limassol, Cyprus.

The woman on the line – a new neighbour ... purporting to be Laura Maria van Egmond, scion of Dutch nobility convalescing in Cyprus following a motoring accident – was in fact, Mr Gover claims in a UK court case, “a security consultant involved in covert close protection and undercover investigations ... trained in Israel” and “trained in unarmed combat”...

Ms Van Egmond – who within months went from being a regular yoga-buddy of his wife to a close family friend who spent Christmas with them and would be left alone to look after their infant son – was, in fact, Laura Merts, a Dutch spy, hired by Elena Ambrosiadou, head of Ikos and one of the world’s wealthiest women.

The UK High Court has given judgment in Mr Gover’s favour.

Ms Ambrosiadou filed no defence and has agreed to pay damages.

The accusations levelled against her are now set to reverberate around the hedge fund world. (more)

ElcomSoft Breaks iPhone Encryption, Offers Forensic Access to File System Dumps

via ElcomSoft...
"Let’s make it very clear: no privacy purist should ever use an iPhone (or any other smartphone, probably). iPhone devices store or cache humungous amounts of information about how, when, and where the device has been used. 

The amount of sensitive information collected and stored in Apple smartphones is beyond what had previously been imaginable. Pictures, emails and text messages included deleted ones, calls placed and received are just a few things to mention. 

A comprehensive history of user’s locations complete with geographic coordinates and timestamps. Google maps and routes ever accessed. 

Web browsing history and browser cache, screen shots of applications being used, usernames, Web site passwords and the password to iPhone backups made with iTunes software, and just about everything typed on the iPhone is being cached by the device." (more)

Tuesday, May 24, 2011

The Most Secure Mobile Phone OS's - Ranked from Best to Worst

By Drew Turney, ZDNet.com.au
Smartphone security is fraught with peril. So few casual users realise they're carrying a complete personal computer in their pocket — one that's designed to connect to networks and transfer more data than their PC ever does.

Some commentators say that mobile vendors themselves aren't taking security seriously. Electronic Frontier Foundation technology director Chris Palmer, who was also a former Android security framework engineer, said in a January 2011 blog post that mobile systems "lag far behind the established industry standard" for security.

But some might lag farther behind than others. Today, five mobile operating systems dominate the market. We've done the heavy lifting for you by looking at the advantages and disadvantages of each OS, and then ranking the systems from best to worst. (more)

http://tinyurl.com/The-Best-iOS

World's Smallest GSM Cell Phone Eavesdropping Bug

A cousin to the ZombiePhone is the GSM micro-bug. These are miniaturized cell phones made specifically for covert eavesdropping! Like ZombiePhone bugs but without normal cell phone features, these are tiny, creepy, robotic, cell phone bugs often hidden in such everyday objects as power strips and lighting fixtures.
 
Their tiny size is possible because they do not have keypads, ringers, displays, or smart-phone features. When called from any other phone, they become eavesdropping bugs automatically.
 
Shown with wall charger and USB cable.
Groupe Spรฉcial Mobile (GSM) is the name of the world’s most popular cellular telephone standard. GSM micro-bugs work on this standard, which means they can work in almost anywhere on Earth where there is cellular telephone service. Like normal cell phones whose features are set to Auto-Answer and No Ring, GSM bugs are equally hard to detect because they sleep most of the time. The thing that awakens them is the call from the eavesdropper. 

Some models also awaken when they hear sound being made near them. Some awaken when they sense vibration or light. Should you awaken one, it will silently call the eavesdropper.

If you feel you are being eavesdropped on and you are sure your cell phone is free of spyware, a GSM bug may be the culprit.
 
Bug microphones are much more sensitive than most people realize. The microphones in GSM micro-bugs are very sensitive and can capture sound from large areas like bedrooms, offices, and vehicles. Ideally, bugs are placed as close to the sound source as possible, but the rule of thumb when searching is: If your ear can hear it, so can the bug.

Ever wonder where all these bugs come from? This link is the first step to solving the mystery.

Monday, May 23, 2011

"Is My Cell Phone Bugged?" interview on KZSB – AM 1290

If you are in the Santa Barbara, CA area Tuesday, tune in to  KZSB – AM 1290. You will hear Mike Williams interview me about eavesdropping spyware on smartphones and other mobile communications privacy issues. This new book, Is My Cell Phone Bugged? Everything you need to know to keep your mobile communications private is the topic of the interview.

The program starts at 10:00 AM (PST) and will be rebroadcast Tuesday evening at 9:00 PM and again on Saturday at 1:00 PM. The feed is also available at newspress.com. Once the show has been recorded I will post the link. ~Kevin

Extortionography - Turkish Tacky Video Changes the Course of a Nation

Turkey - Just weeks before general elections in Turkey, six leading members of an opposition party were forced to resign from Parliament on Saturday after sexually explicit videos of one of them were posted on the Internet.

The Web site that posted the videos had threatened to release others that it said showed the five other members who resigned.

The resignations could severely weaken the Nationalist Movement Party, the second largest opposition group in Parliament, which is struggling to win the minimum of 10 percent of the vote required to be seated in Parliament.

Four members of Parliament from the same party resigned earlier this month after similar videos were posted on the same Web site.

The Web site, farkliulkuculer.com, has cast itself as part of a breakaway ultranationalist group aiming to cleanse and reform the nationalist movement in Turkey. The site’s administrators are anonymous. (more)

Sunday, May 22, 2011

Snidley Whiplash Visits the Home Security Store... by "Bob"

I know some pretty interesting people. Very talented. Very sharp. Very imaginative. I received the following from one of them this week. We'll call him "Bob". Bob's thought process is part Carnegie Mellon University's Computer Emergency Response Team (CERT) and part Snidely Whiplash. Enjoy... (emphasis below is mine)

"For about a year now I’ve been building this new office/shop/garage at my place. Being the engineer I am at heart I prewired it for video surveillance and alarm.

I found an online reseller with good prices and I purchased all the alarm components from them. www.homesecuritystore.com I installed each switch or sensor as a separate zone so later I can use this system as a whole house monitoring platform.

I decided it is time to add the video. They had good prices and I bought close to $2000 worth of quality cameras and a 16 Channel DVR.

Last weekend I started to bench test it and get familiar before I commit the installation. I noticed the box was repackaged.

Then I noticed it is still full of video. It was installed at a restaurant and then returned. Not sure if the restaurant did it themselves or they had a security professional help. In any case they gave me their weeks’ worth of video. Moreover Homesecuritystore.com didn’t verify the contents and in turn sold it to me.

I was hoping to find some incriminating footage or something to brag about. Fortunately for them it was pretty benign stuff.

Then I started to think of the possibilities of what could have happened and decided to write to them regarding their security practices.

See attached. I was surprised they just sent me a misspelled apology and are sending me a new unit. Totally dismissing my attempt to point out to them the underlying problem here.

I’m going to do a threat assessment of the linux kernel in this unit when I get a chance. These cheap DVR boxes with Dynamic DNS and internet reachability are a whole new potential platform for a hacker. A modern day Trojan horse even.

Take the following scenario for a moment:
1. I buy one of these units (or 100 each from a different internet vendor)

2. Change the linux kernel to add a few tools and backdoor username/passwords and maybe even a phone home daemon. Phone home would need to be a secure tunnel and internet proxy aware. So spoof the proxy on port 80 with ssl traffic embedded. Also use tools like Wireshark/tshark, or one of my all-time favorites


3. Return it to the vendor for a full refund.

4. In turn they sell the units to John Q Public or better yet a customer with other units already on premise just waiting to be exploited.

5. It gets installed and finds a routed path to the internet and updates its DNS record location dynamically.

6. Meanwhile back at the black hats cave: We see the DNS entries for these devices show up and / or our phone home packets arrived at home. The latter is riskier because it gives a deterministic home location, for that we run our APP in the cloud to obfuscate our location.

7. Login and start monitoring, gather content and exploit the target. Granted step 7 here is dependent on something good happening. I would beg to guess every video surveillance installation at one point in time or another captures illicit/illegal activity or some sort of blackmail material content.

8. The black hat could now also secure shell into the DVR over the phone home tunnel and use it as a spring board to then perform vulnerability scans internal to the video network thus finding other DVRs, IP cameras, and other trusted behind the firewall type devices. Once accessed install similar tool sets, rinse and repeat for all reachable devices.

9. Lastly a coordinated attack. You locate physical assets to steal. At a coordinated time perform a denial of service internal to their network and take out the security infrastructure. Use tools like NetCat or simple packet capture replays with tshark to confuse the lan devices and potentially crash them if not just deafen their abilities to report. ARP storms are great for this. Actually once an inventory of devise is determined fingerprint scan each and look for known vulnerabilities for those devie’s kernels. Move in and out all the while the systems are incapacitated. Ideally you want to have the devices perform self remediation on their own, avoid forcing a hang condition and do not require reboots for remediation to hide the existence that anything happened adding to the confusion of what happened and how.

Not far fetched to believe. And all from a simple buy and return to the store type activity.

"Bob, you got me thinking. All these items are made in China, right? Isn't it possible likely that secret code has already been planted in them for future use?"


On another subject:
Do you recall a police movie (maybe Beverly hill cop) where the cop submits into evidence a large permanent magnet and it takes out the surv. video evidence. Well take that same concept to data tape backups.

I recently toured an Iron Mountain Magnet tape vault and observed them picking and putting tapes in and out for customers. Much to my dismay not all customers co-locate their tapes next to their own. Many of the tapes are slotted into the next available slot intermingling them with other customer’s tapes.

They don’t even screen the boxes coming in and out for high levels of magnetic flux. So a passive magnet weighing similar to the tape that gets checked in and out over a long period of time could potentially be creating small magnet grenades to the data nearby. To be a bit more sexy make that an active magnetic device with a motion trigger. Wait for no movement with a 3d accelerometer also sense that it is not lying flat in the original box but upright as if it is in the library. I mocked up this accelerometer algorithm in a two chip device using a basic stamp.

Allow it to ‘Wake up’ and generate as large of an oscillating magnetic flux as possible and expend the batteries. If movement is sensed have it go dormant again. Cycle these rogue tapes in and out rapidly over time. To target an attack request your own tape vault location and try to steer it near your competitors location or just carpet bomb the library with multiple devices over time. Not as affective but very destructive in nature. Evil isn’t it.

Not that I would never ever do such a thing or advocate or assist anyone in this behavior. But, I can think of it and other ways to thwart simple best practices.

Just like when I was in college and I came up with the idea to use an IR laser to take out a security camera by shifting its AGC and blacking out the picture. Later in life I saw this applied in a movie. I was like HEY I thought of that a long time ago. The cameras I bought for my place have the Sony chip in them that knows how to black out bright objects selectively within the ccd field of view. Thus obsoleting this vulnerability a bit.

Well thank for your time. My mind wandered with possibilities when I realized I have that other customers video content handed to me.

Have a great day."

As you can see, "Bob" is smarter and more clever than I am. That's why I love hanging out with the "Bob's" of the world. Now I know what "Bob" knows... and now, so do you. ~Kevin

Are you thinking, "Gee, I wish I knew who this "Bob" guy was. I have a security consulting project for him. Does he do freelance work?" 

I don't know. You'll have to ask him. His name is Bob Blair and he is an engineer in Massachusetts.

Saturday, May 21, 2011

China is listening, and wants to listen in more places.

Wikileaks documents revealed that China had approached the newly independent East Timor in 2007, and offered large amounts of foreign aid, and other considerations (bribes), for permission to build a radar and electronic eavesdropping base there... China is listening, and wants to listen in more places. (more)

Sound familiar?
q.v. - Zimbabwe

SpyCam Apps and Gadgets - The Evaporation of Privacy


The smartphone spycam app market is booming. Recording gadgets are being built into everything (see previous story). You can no longer count on someone looking obvious while taking photos, recording movies or just recording sound. 

Tip: Be like the CIA. If you care about your privacy and/or the confidentiality of your surroundings, don't allow any type of foreign electronics into the area.

An android app from one seller's web page...
The silent spy camera. Take pictures quickly and silently with a mini preview display overlay for ultimate discretion. Have you ever wanted to take a picture but didn't want to use the noisy and conspicuous built-in Android camera app? Taking a picture of a questionable practice at work, a restaurant worker mishandling food, a camera-shy family member, or maybe your secret crush?

Secret Spy Cam is for you!

- 3 discreet preview sizes
- Runs as an overlay over any other app
- Single-tap picture taking
- Single-tap quick app exit
- No shutter sound while still allowing your phone to ring for incoming calls
- User manual available from the app's menu (more)

Examples of video from a high definition spycam sunglasses, key fobs, etc. (video) (video) (video)

SpyCam Story #610 - Starbuck's Naked Shot


Police said Friday they are still looking for dozens of victims recorded by a hidden camera found in a women's restroom at a Glendora Starbucks.

William Zafra Velasco, 25, allegedly used a plastic coat hanger spycam to record at least 45 women, said Glendora Police Chief Rob Castro. Some of those victims were juveniles, said Castro.

The device has a tiny camera hole atop the hanger, with two holes for audio and a USB hookup in the back. It is similar to the spycam seen here. (more)

Friday, May 20, 2011

Book—Compilation of State and Federal Privacy Laws—Now available in different formats.

The information in the Compilation of State and Federal Privacy Laws is now available in different formats. 

This book cites and describes more than 600 state and federal laws affecting the confidentiality of personal information and electronic surveillance. 

The laws are listed by state, grouped in categories like medical, credit, financial, security breaches, tracking technologies, employment, government, school records, Social Security numbers, marketing, telephone privacy and many more. Canadian laws too. (more) (Privacy Journal web site)

Android Malware Jumps 400 Percent as All Mobile Threats Rise

Mobile security is the new malware battlefield as attackers take advantage of users who don’t think their smartphones can get compromised.

Cyber-attackers are gunning for Google’s Android as they take advantage of a user base that is “unaware, disinterested or uneducated” in mobile security, according to a recent research report.

Malware developers are increasingly focusing on mobile devices, and Android malware has surged 400 percent since summer 2010, according to the Malicious Mobile Threats Report 2010/2011 released May 11. The increase in malware is a result of users not being concerned about security, large number of downloads from unknown sources and the lack of mobile security software, according to the Juniper Networks Global Threat Center, which compiled the report. (more)

Thursday, May 19, 2011

A Day at The International Spy Museum

The International Spy Museum is one of my favorite places. I spent the afternoon there yesterday.

If you have never been there, you "need to know" this... This is not some cheesy tourist trap one might find in Orlando. It is a quality museum in the finest sense of the word. The exhibits are first class, very educational, imaginative and entertaining—hard to do all in one shot, but they do it.

Visiting Washington, DC is always a compromise. There are so many great things to see and do. Do as many as you can, but save room for dessert. Visit the Spy Museum. It is history at its most relevant.

The newest exhibit – Cyber War – actually leaves people (me included) with a feeling of terror in the pit of the stomach. Yes, it is that well done. No, you won't like the feeling. I won't spoil it for you, but... think about what would happen if electricity were no longer available. All it might take are a few keystrokes.

"Aurora Experiment. In the Spy Museum’s new gallery dedicated to Cyber War, Weapons of Mass Disruption, video of an experiment conducted for the Department of Homeland Security depicts a simulated cyber attack on a generator control station. The simulation led to the generator’s destruction, demonstrating the all-too-real infrastructure vulnerabilities of the U.S power grid. On loan from four of the lead engineers who created and carried out the Aurora experiment, the Museum is pleased to display parts of the disabled generator."

As I was saying, they make espionage relevant. (more)

A Former KGB Lock Picker Discusses His Craft

Nicolai B. was, for thirty years, a senior operative of the KGB, stationed in Riga, Latvia. He and his colleagues were “laid off” in 1991 after the collapse of the Soviet Union and the reorganization of the Committee for State Security, one of the most feared entities by Soviet citizens. His comments and disclosures were of particular interest to me and my colleagues because of our work in designing, training, and using covert entry tools in connection with government operations. His job was to conduct sensitive “intrusions” into offices, homes, businesses and other facilities in order to gather information about suspected “enemies of the state.” The theft or covert copying of documents, installation of electronic eavesdropping devices and cameras, and the planting of evidence were all in a day’s job for this retired agent. (more)

AusCERT 2011 Conference — Smartphones: the perfect bugging device

Security experts at the AusCERT 2011 Conference in Queensland this week warned that serious attacks on mobile phones are expected before the end of this year, and that those attacks will involve tracking users, not just stealing their money.

On Wednesday, Amil Klein, CTO at Trusteer, explained how mobile malware has evolved to a stage where it can now bypass most banking security.

Graham Ingram, the general manager of AusCERT, backs this up.

"The genie is out of the bottle. The hardware is there, the software is there, the capability is there ... these guys will turn it around quickly, now. They know what to do, as soon as the reward is there — and it is clearly there — they will move rapidly into it, and I think that is going to shock a few people because we will wake up one morning and it will all be happening."

But it's not just users' bank accounts that are at stake; modern smartphones make the perfect bugging device.

The implications of being able to turn on a remote device that has the capacity to look at emails, geo-locate users, look at SMSes, listen to phone calls, record meetings and even turn on a camera are stunning. Intelligence agencies with these capabilities with a remote "on" button would be ecstatic. (more)

Tennis Players?!?! Where did the Mossad get that idea?

Undercover agents tracked a Syrian official carrying nuclear secrets to London where they broke into his hotel room and stole the plans as part of a daring operation on foreign soil by Mossad, the Israeli secret service, it has been claimed...

The operation involved at least 10 undercover agents on the streets of Britain and led directly to a controversial bombing raid into Syrian territory that destroyed a nuclear reactor that was under construction.

It closely mirrored the assassination of Mahmoud al-Mabhouh, a senior Hamas arms trader, who was killed in his hotel room in Dubai last year using agents disguised as tennis players. (more)

SpyCam Story #609 - Largest Video Monitoring Contract in History

In what it says is the “largest video monitoring contract in history,” Iverify at the end of April announced it won a five-year contract valued at $39 million to provide guard replacement and shrink-reduction services to 529 Family Dollar stores, nationwide.

Iverify president Mike May said Iverify brought big savings to the table for the Family Dollar.

"[They are] using a robust application that uses Cernium analytics for location-based risk assessment that triggers local announcements in the vicinity of high-shrink products. Further, with sophisticated time-based analysis, it then escalates the risk profile and engages a live intervention from a protection specialist," May told Security Systems News. "They then assess and respond to a protocol based in the actual risk. This is a best case model leveraging intelligent video coupled with a loss-prevention certified specialist that responds and reduces the customer's potential shrink losses." (more)

Think about it. Dollar Stores, yes DOLLAR STORES is going to invest about $14,750.00 per store, per year (actually more factoring in the "protection specialist" cost) to protect their dollar items from "walking"! They know the value of a dollar.

How much have you invested in your business counterespionage program to keep your intellectual secrets from "walking", your corporate secrets from "talking", and your strategic conversations from "bugging"? We can help, call us.

Wednesday, May 18, 2011

U.S. Secret Service to Enhance its Telecommunications Intercept Capabilities

The U.S. Secret Service wants to replace its existing telecommunications interception system with a new, all-inclusive intercept platform that can collect, analyze, decode and reconstruct voice, data and Voice Over Internet Protocol (VOIP) communications.

The new system will be used by approximately 250 Secret Service analysts, monitors and administrators, on a 24/7 basis, according to a sources sought notice published on May 12 by the DHS component.

“The system must be able to decode multiple specified common telecommunications application & network protocols,” said the agency. It must also support the automatic translation of intercepted messages in “numerous highly specific foreign languages,” which the Secret Service did not identify. (more)

U.N. Nuclear Agency Diplomats "Fear" Cell Phone Bugging During Visit to Iran

The U.N. nuclear agency is investigating fears from its experts that their cell phones and lap tops have been hacked into by Iranian officials looking for confidential information.

Diplomats tell The Associated press that the hardware apparently was tampered with while left unattended during inspection tours in the Islamic Republic. (more)

Pssst... Buy the book. Know for certain.

Monday, May 16, 2011

Mini SpyCam Now with 720P HD Picture Quality. Awesome.

from the sellers web site... 
The Little Brother Key Chain Pinhole Camera has so many uses; Great DVR Surveillance for Private Investigators and Journalists. Let your Small Spy Camera be as hidden as you are. This light and covert tiny spy camera will let you get it done without incurring suspicion. Use as a Nanny Cam – No one will Suspect your tiny spy camera is Recording.


                       Change video setting to 720P.

College Students – Never miss a lecture by a Professor again! Currently House or Apartment shopping - Never get confused on another property again. Capture those Funniest Moments with just two clicks of the Little Brother wireless spy cam. Memorialize Every Wonderful moment with your Mini HD DV Camera. (more)

Why do I mention it?
So you will know what you're up against.

Sunday, May 15, 2011

Cell Phone Spyware for Kids, or... The Santa Clause

South Africa - A new startup has entered the mobile stage to help parents keep track of their children’s mobile usage. Mobilflock a Cape Town-based startup, that says it makes “cell phones safe for kids by giving parents visibility over how they use their phones, and tools to protect their children from harm.”

The startup is the brain child of Patrick Lawson, founder of Clickatell who according to co-founder Vanessa Clark, “realised the need to protect children on their mobile phones in the same way you would them on a computer”.

The web is crawling with apps and websites that help parents track and protect their children from the dangers on line. Mobiflock joins the likes of Nokia’s Kno-Where an application that allows parents track their children’s whereabouts and activity on less savoury websites like Cell Phone Tracking, and provides parents or quardians with a way of ‘spying’ on any mobile phone...

Here is how it works, parents visit the website (or the soon to be launched Ovi Store and other apps) to download a client onto their child’s mobile. This client then gives parents access to a “secure” online dashboard to monitor phone traffic (calls, messages, web browsing, location), and parents can then set up security barriers and alerts for their child. (more)

Free Tickets to International Spy Museum with Stay at Marriott's Nearby "Safe House"


The Washington Marriott at Metro Center is offering an exciting downtown Washington, DC hotel package which includes Spy Museum tickets and hotel accommodations. With International Spy Museum tickets, guest can indulge in conspiracy theories, spy traps, military intelligence and the fascinating world of espionage... (more)

Sons of Blackwater Open Corporate Spying Shop

Veterans from the most infamous private security firm on Earth and one of the military’s most controversial datamining operations are teaming up to provide the Fortune 500 with their own private spies.

Take one part Blackwater, and another part Able Danger, the military data-mining op that claimed to have identified members of al-Qaida living in the United States before 9/11. Put ‘em together, and you’ve got a new company called Jellyfish. Jellyfish is about corporate-information dominance. (more)

Saturday, May 14, 2011

VoIP Phone Eavesdropping Alert

Contact centers and businesses using a popular make of internet phone were at risk of having their communications intercepted and confidential information leaked, a hacking group demonstrated.

Security consultant Chris Gatford showed SC Magazine how internet-protocol phone systems from market leader Cisco were vulnerable out of the box to attacks that were widely known. He said customers of his had lost $20,000 a day through such exploits.

A Cisco spokesman said the networking vendor was serious about security and advised users to apply the relevant recommendations in the manual to secure their systems. 
( Products / Security)

Gatford said VoIP phone systems could turn on their users, hacked to become networked listening devices or 'bugs', wiretapped remotely or silenced, blacking out communications. Contact centers that often use internet-protocol phones because they were cheap to run, were especially at risk, he said.

“It is the closest attack in a real world environment that mimics so many of the scenes Hollywood likes to show us” Gatford said.

You can imagine if you’re an employee who wants to listen into the boss during a meeting, that the phone in the conference room will be a target.” (more)

Friday, May 13, 2011

"£50,000, or yer lucky charms video goes public."

 Ireland - A group of men allegedly demanded £50,000 from a businessman by threatening to release a stolen video to the media, a court has heard.

Belfast Crown Court heard that police arrested two of the five defendants minutes after the alleged victim, known as Witness A, handed over £15,000.

A barrister told the court that the video was inside a car belonging to Witness A which was stolen in 2001.

He added the video "was of a nature that he did not want anyone to see". (more)

Super Injunctions - The New Privacy Club

Something rather interesting is happening to privacy, in the breakneck world of the internet. It's being privatized.

Legislatures around the world are flummoxed by the sheer breadth of the internet-related privacy issues piling up with exponential speed on their doorsteps...

As governments struggle with these questions, the privacy mercenaries are moving in. The most obvious example currently is in the United Kingdom, where a court remedy known as the "super injunction" has evolved as a high-priced means of shutting down unfavorable stories about celebrities and business people in the media. Here's how it works... (more)

More Sports Spying - The 2018 World Cup Caper

England football chiefs hired a team of spies to snoop on rival bidders for the 2018 World Cup, it was claimed yesterday.

Undercover agents were paid by the FA to infiltrate Zurich hotels where Fifa committee members were staying last December and report what they learned.

One FA spy even mingled with guests – including Prince William, PM David Cameron and David Beckham, who were drafted in at the last minute to lobby for the bid – in the city’s Baur au Lac hotel...

The FA refused to comment ­officially yesterday, but a 2018 official admitted to the Mirror: “Yes, we had a private security team.

There were undercover people inside the Baur au Lac. They were in the lobby and the bar, listening in. It’s not illegal to listen to conversations.” (more)

Why is this important to you?
Sports is just another business. Big business. Just like your big business. The same tactics are being used against you. Most often it is successful and unnoticed. Time to bring a counterespionage consultant on board.

Wednesday, May 11, 2011

Spy News as seen from London - The WhiteRock Report

 via WhiteRock...
• Hotel Wiretapping: Latvian Security Services Accused in Planting Bugs in Radisson
• Apple Design Theft: Three Chinese Workers Charged over Leak of iPad 2 Specs
• Espionage Fear: Swiss Intelligence Lists Economic Spying among Major Security Threats
• Trillions for Trade Secrets: South Korean Security Service does the Espionage Maths


Hotel Wiretapping: Latvian Security Services Accused in Planting Bugs in Radisson
An eavesdropping scandal has broken out in Latvia, one of the Baltic States. An investigation was launched last week to find out whether the National Security Service has eavesdropped the VIP rooms in one of the high-end Radisson chain hotels, popular among foreign dignitaries.

The country’s former transportation minister, Ainars Slesers, made the allegation in a TV interview, which became the basis for the investigation. He claimed the luxury suites at the Radisson Blu Ridzene in the country’s capital Riga were bugged over a long period of time, while the hotel hosted numerous foreign and local high-ranking officials. The constitutional Protection Bureau, which carries out wiretaps in Latvia, refused to comment on the allegations. 

Raili Maripuu, WhiteRock Managing Director: "Many government bodies and global corporations alike neglect the appropriate security measures when utilising hotels to host high value meeting and events. This investigation into wiretapping in the Radisson hotel is a stark warning to businesses that rely solely on in-house security provisions. Solutions to counter unauthorised surveillance at events and meetings in public locations exist, which aim to mitigate exposure, maintain confidentiality and avoid subsequent embarrassment and financial loss."
Read Full Story from Original Source... 


Apple Design Theft: Three Chinese Workers Charged over Leak of iPad 2 Specs
Three employees of the China-based computer components manufacturer Foxconn, arrested in December 2010, were charged two weeks ago for violating trade secrets when leaking the design of the iPad 2.

Apple was alerted to the leak by the fact that some accessory manufacturers were prepared to offer cases for the iPad 2 ahead of the product itself going on sale. Foxconn supplies the components for the Apple products, such as iPhone, iPad and MacBook, but also works with HP, Dell, Microsoft, Sony and Samsung.
Read Full Story from Original Source...


DID YOU KNOW?
The US Congress recently gave an option to ban a scientific collaboration with China due to extremely high espionage risk. Source: Forbes 


Espionage Fear: Swiss Intelligence Lists Economic Spying among Major Security Threats
Switzerland’s National Security Service outlined commercial espionage as one of the greatest future threats in its report published last week.

The report warns that economic espionage can undermine state sovereignty, weaken the competitiveness of businesses established in Switzerland and threaten the financial industry. Swiss Federal Intelligence states further that to fight economic espionage, protective and preventative measures are needed, such as the Government’s Prophylax training programme, which aims to help private corporate and research institutions to better protect themselves.
Read Full Story from Original Source...


Trillions for Trade Secrets: South Korean Security Service does the Espionage Maths
The South Korean Industrial Security Center, which works under National Intelligence, estimates that the damage from trade secret leaks to local companies’ amounts to over 50 trillion KRW, i.e. nearly 28 million GBP per annum. (about 46 million USD)

The sum includes the funds that companies invest in technological development and the damage incurred by technology leaks leading to sales and export failure.

The Korean Association for Industrial Technology Security, which conducted a similar survey late last year, established that nearly 80% of the SMEs developing nationally important technologies found themselves at the danger level.
Read Full Story from Original Source...