Sunday, July 31, 2011

SpyCam Story #616 - Cam or Gun? Duh, both!

NC - A Knightdale man faces charges that he put a camera in a woman's home to spy on her, according to arrest warrants.

The warrants state that Decarlos Lajuan Upchurch, 34, also broke into the woman's home early Saturday and pointed a black handgun at her. (more)

Friday, July 29, 2011

Scared of SCADA? You will be now...

In news that will probably leave you tutting and muttering “I knew this would happen,” two hackers have found a way to unlock cars that use remote control and telemetry systems like BMW Assist, GM OnStar, Ford Sync, and Hyundai Blue Link. These systems communicate with the automaker’s remote servers via standard standard mobile networks like GSM and CDMA — and with a clever bit of reverse engineering, the hackers were able to pose as these servers and communicate directly with a car’s on-board computer via “war texting” — a riff on “war driving,” the act of finding open wireless networks. (more)

The real scary part...
It’s not just cars that use telephony as a control network: there are 3G security cameras, traffic control systems, home automation systems, and — most worryingly — SCADA systems. SCADA is an acronym that covers almost any industrial control system, from manufacturing to power generation, to water treatment and the management of oil and gas pipelines. To quote Don Bailey, one of the hackers: “What I got in two hours with the car alarm is pretty horrifying when you consider other devices like this, such as SCADA systems and traffic-control cameras. How quick and easy it is to re-engineer them is pretty scary.”

SpyCam Story #615 - An American Bugging

FL - Two female Bulgarian students visiting the United States for the summer found hidden cameras hidden in their Florida apartment this week and fear they may have been videotaped throughout their three-month stay.

Ratitsa Dzhambazova, 23, and Vanya Amokovareva, 22, discovered at least four cameras stashed throughout the apartment they were sub-leasing for the summer in both bedrooms, the bathroom and the living room area, according to police.

"This is unbelievable, but one night I had a dream that someone watch me when I was naked," said Dzhambazova.

The women's worst nightmare came true when a male roommate pulled one of the smoke detector-like devices off the wall that discovered a camera hidden inside. They later discovered more cameras stationed around the apartment.

Four other roommates moved out of the apartment after the cameras were found, according to Dzhambazova, a journalism student. (more)

Not quite Theodore Dreiser, but a sad tale nonetheless. Reminds me of another multiple spycam incident in Florida.

News of the World - Phone Fiasco - Yet Another Victim

UK - The mother of a murdered child who became the face of a News of the World campaign to change British sex-offender laws says she was on the list of a private investigator who hacked phones for the tabloid— a development that is likely to generate more scrutiny for Rebekah Brooks, the former News Corp. executive who edited the paper at the time.

The mother of a murdered child who became the face of a News of the World campaign to change British sex-offender laws said she may have had her voice mails hacked. Paul Sonne also reports that James Murdoch will remain Chairman of BSkyB.

Sara Payne, in a prepared statement, said Thursday that police had found her details on a list seized from Glenn Mulcaire, the private investigator who worked for the now-closed News of the World and intercepted mobile-phone voice mails. Ms. Payne is the mother of Sarah Payne, an eight-year-old British girl who was abducted and murdered in July 2000 by a man who had a previous conviction for abduction and sexual assault against a child. (more)

Thursday, July 28, 2011

FutureWatch - The Cone of Silence... without the cone!

The Walls of Silence!
Get Smart
When it comes to the sound-proofing of buildings, most people likely think of using materials that simply absorb the sound waves in a noisy room, so they can't proceed into a neighboring quiet room. 

Get Smarter
Researchers at the California Institute of Technology (Caltech), however, are taking a different approach. They have created something known as an acoustic diode, that only allows sound traveling through it to go in one direction. If incorporated into building materials, such diodes would let sound travel from the quiet room to the noisy one, but would simply block noise transmission in the opposite direction. (more) (much more)

Wednesday, July 27, 2011

Corrections Officer Pleads Guilty to Eavesdropping on Superiors

OH - The second of three corrections officers at the Trumbull County Jail has pleaded guilty to reduced charges in an eavesdropping case in which the jail employees were listening to their superiors.

Robert J. Rihel Jr., 46, of Leavittsburg, pleaded guilty to 13 misdemeanor counts of falsification in a bill of information and will undergo a pre-sentence investigation ordered Thursday by Judge John M. Stuard.

Rihel, who was placed on administrative leave without pay, had been indicted on 23 counts of ''interception of wire, oral or electronic communications - a fourth-degree felony.'' The various counts in the indictment say the eavesdropping occurred from July 7 to Nov. 1, 2010. (more) (sing-a-long)

Watergate: David Gergen - White House Files

Why is this man laughing?
87 pages of selected David Gergen White House files related to Watergate and the resignation of President Richard Nixon. These files were not available to the public until July 21, 2011. David Gergen worked as a presidential adviser for Presidents Richard Nixon, Gerald Ford, Ronald Reagan, and Bill Clinton. This set also includes four documents from the files of William Timmons, Assistant for Legislative Affairs, also released on July 2, 2011. This set contains correspondences to and/or from David Gergen, Richard Nixon, Gerald Ford, Allexander Haig, Pat Buchanan, Ron Ziegler, Ben Stein, Len Garment, Stephen Bull, and Ray Price. (download) (answer)

On Woot Today: 8 IR camera, 500 GB DVR Home Surveillance System - $279.99 - Amazing

or four cameras, only $189.99!

No, I'm not out to sell cameras or help Woot. In fact, buy the time you see this, they will probably be sold out.

It just strikes me that the cost of entry to spying/securing up the 'ol castle, small business or any location for that matter has dropped to $35.00 per recording eyeball. And, if that's not enough it will also transmit photos to your smartphone

It wasn't that long ago that a system like this would cost thousands. Granted, these may not be the highest quality cameras, but really, look at the features.
Warranty: 1 Year Zmodo
Condition: New

• Surveillance kit includes an 8-channel H.264 real-time standalone DVR, eight indoor/outdoor color IR security cameras, cabling and mounting hardware
• Everything you need to have your surveillance system up and running in your home or business quickly and easily
• The DVR is an 8-channel, fully integrated, real time, and hardware based standalone digital video recorder with 500GB SATA hard drive
• Supports up to 2TB 3.5" SATA hard drive and includes (2) hard drive mounting screws
• A hard drive is not needed when using cameras for surveillance, but is required when using DVR for recording camera images
• The DVR is based on an embedded Linux operating system and includes a remote control for easy setup and operation
• DVR functionality is easily controlled by using either the remote control or the front panel controls on the DVR
• DVR supports network access through Ethernet RJ45 interface
• Supports DVR backup via USB flash drive, removable drive, recorder and network
• The DVR also features the most updated 3G mobile live! Preview via mobile phone
• Use the 15-pin VGA output to connect a computer monitor (not included)
• Playback resolution 704x480
• The cameras included in the kit are weatherproof, day/night, security cameras with 30ft night vision
• Record Mode options include Continuous, Time Schedule, and Motion Detection
• Each camera comes with a 60-foot power and BNC video all-in-one cable
• All eight cameras are powered by one AC adapter using an 8-way power splitter
• Monitor is not included in the package

DVR Features:
• 8 CH H.264 Surveillance DVR
• 500GB Hard Drive Installed
• H.264 Hardware Compression
• Video Input / Output: BNC 8 / BNC 2
• Audio Input / Output: RCA 4 / RCA 2
• Two Type Video Out: TV Monitor BNC Output and PC Monitor VGA Output
• Signal System: NTSC / PAL
• Display: 240 fps
• Record: 240 fps
• Remote Access: Internet Explorer or Netviewer Software
• PTZ via RS485 Port (not with these cameras however)
• Support Remote View via Smart Phone & 3G Mobile with each of those systems below:
      a) iPhone™
      b) Google Android™
      c) Blackberry™ OS V4.7
      d) Windows Mobile™ Pro 5.0 & 6.1
      e) Symbian™ S60 3rd & S60 5th

Camera Features:
• 1/4” Color Image Sensor
• 420 TV Lines, Horizontal
• 3.6mm Lens
• Signal: NTSC
• IR Irradiation Distance: up to 30ft
• Weatherproof
• Video Connector: BNC
• Power Connector: RCA 12V DC
• Mount: Ceiling or Wall

Don't worry about missing the sale. They will even become less expensive in the future. (more)

Tuesday, July 26, 2011

"Landau details both the internal threat and industrial espionage, and it is not a pretty picture."

Book review by Ben Rothke... 
Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout the book. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times... 

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is an extremely important book on the topic of the many risks posed by new wiretapping technologies. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner. The book should be seen as the starting point for discussion on a most important topic.

Landau does an excellent job of detailing how unwarranted surveillance can undermine security and affect our rights, while noting that security for every citizen is paramount to the very spirit of the Constitution.

The book closes with the very principles of what it means to get communications security right and that adhering to these principles cannot guarantee that we will be completely secure. But failure to adhere to them will guarantee that we will not. (more)

Today in Spy History

Sunday, July 24, 2011

Having Trouble Keeping Track of the Phone Hacking Scandal?

The Telegraph key pounds it out.

Click to enlarge.

Below is a list of the alleged victims of phone hacking. This includes public figures, celebrities and others who have accused News International newspapers of hacking, those who are currently bringing legal action and those who brought successful cases in the courts.

Alleged victims
Milly Dowler
Parents of Holly Wells and Jessica Chapman
Families of servicemen and women killed in Iraq and Afghanistan
Relatives of victims and victims of 7/7 bombings
Clarence Mitchell, spokesman for Madeleine McCann’s family
Colin Stagg, accused of Rachel Nickell murder
Elle Macpherson, model
Wayne Rooney, footballer
Hugh Grant, actor
Prince of Wales and Duchess of Cornwall
Simon Hughes, Liberal Democrat deputy leader
Helen Asprey, former royal aide
Michael Mansfield, barrister who represented Mohamed Al Fayed at the Princess Diana inquest
Jamie Lowther-Pinkerton, private secretary to Princes William and Harry
Peter Mandelson, former Labour minister
David Davis, former shadow Home Secretary
Andrew Neil, BBC presenter
Boris Johnson, London Mayor
Sir Ian Blair, former Metropolitan Police commissioner
Paddy Harverson, Prince of Wales’ communication secretary
Vanessa Feltz, presenter
Lembit Opik, former Liberal Democrat MP
Cousin of Jean Charles de Menezes, Brazilian man shot dead by police
Paul O'Grady, presenter and comedian
John Yates, former Metropolitan Police assistant commissioner
David Cook, former Metropolitan Police detective chief superintendent

Seeking legal action
Steve Coogan, actor and comedian
Sky Andrew, former Olympian
Nicola Phillips, assistant to Max Clifford
Andy Gray, broadcaster
Paul Gascoigne, footballer
Sienna Miller, actress
John Prescott, former Labour Deputy Prime Minister
Brian Paddick, former Metropolitan Police assistant commissioner
Brendan Montague, freelance journalist
Chris Bryant, Labour MP
Jude Law, actor
Ryan Giggs, footballer
Chris Tarrant, presenter
Leslie Ash and Lee Chapman, actress and former footballer
Kelly Hoppen, stepmother of Sienna Miller
Kieren Fallon, jockey
George Galloway, former MP

Successful cases
Max Clifford, publicist
Gordon Taylor, chief executive of Professional Footballers’ Association
Jo Armstrong, legal advisor to Gordon Taylor
Tessa Jowell, former culture secretary (offered settlement)
David Mills, lawyer and ex-husband of Tessa Jowell (offered settlement)
Joan Hammell, former aide to John Prescott (offered settlement)

The Number 1 Spybusters Tip that would have saved most of these people from being hacked...
Make sure your voice mail and cell phone both have decent secret passwords. 

Don't want to see your name on a list like this someday? 

Friday, July 22, 2011

TSCM Inspection Reveals Taps & Bugs In Inspector's Office

India - Karnataka Lokayukta Justice Santosh N Hegde, who is probing illegal mining in the state, on Thursday claimed that his phone has been tapped.

Hegde, a former Supreme Court judge, told PTI that after reports of alleged bugging in the office of Union Finance Minister Pranab Mukherjee surfaced, he had asked a professional to carry out a check in his office.

"(The professional) told me that my telephone has been tapped. Every conversation was being recorded from two sources," he said.

Hegde refused to comment on who could have tapped his phone. The tapping had been going on for the past three-four months, he said. (more

Tip: Quarterly inspections for bugs and taps (TSCM) within sensitive offices and conference rooms is a generally accepted security practice. (more)

"Murdock, he wrote."

Image courtesy of Guns, Gams, and Gumshoes
UK - A TV show personally overseen by Rupert Murdoch allegedly bugged the rooms of celebrities, politicians and other guests, the show's musical director told a friend shortly before his death, it has been claimed. The allegations came in a 'frantic' phone call from respected BBC journalist and musician, George Webley, days before Webley's untimely death in May, his friend John Romano said. “I have literally never talked to someone so afraid”, Romano said.

“Before his death, George Webley alleged that a News Corp entity bugged dressing rooms of celebs and politicos as far back as 1990. The allegation, if true, would show that News Corp had a pattern of bugging and hacking over a long period of time that went far beyond a rogue editor or reporter for News of the World,” Romano claimed...

Murdoch-owned papers bugged people all the time, long before the time frame that they are accused of”, Webley claimed, according to Romano. After remaining silent for many years Webley had in 2011 taken his allegations of illegal bugging activity to UK authorities investigating News Corp, Romano believed, and he now feared for his safety, believing his phone was tapped and he was being followed.
“I’ve pissed some really powerful people off”, Webley told Romano in April this year. The BBC journalist seemed so frightened that Romano asked him if he felt his life was in danger. “No, Murdoch’s game is to destroy your life, not end it”, he replied. One week later, Webley died at home, aged 53. Local authorities are yet to release a report on his death but have not described it as suspicious. (more)

Business Espionage: FBI Thwarts Akamai Info Heist
MA - A former employee of a website content delivery company has agreed to plead guilty to a charge of foreign economic espionage for providing company trade secrets to an undercover FBI agent posing as an Israeli intelligence officer, federal prosecutors announced Thursday.

Elliot Doxer, 42, will admit to providing trade secrets from Cambridge-based Akamai Technologies Inc. over an 18-month period to the agent, whom he believed was an Israeli spy, the U.S. Attorney's Office for Massachusetts said in a statement. A plea hearing is scheduled for Aug. 29. (more)

"Everybody wants to get in on the act." It's not just phone hacking.

UK - Millionaire Labour donor David Abrahams claims he was a victim of phone hacking.

Mr Abrahams, who was plunged into the epicentre of a media storm in 2007 when he was accused of making thousands of pounds of illegal donations to Labour, has revealed how he believes he was the victim of secret bugging...

Now he claims the current phone hacking scandal is simply “the tip of the iceberg.

And he claims bugs and other recording devices were placed in his home, prompting him to call in experts who discovered the electrics at his property had been tampered with.

Today he warns there could be much more to come from the hacking scandal. He told the Chronicle: “It’s not just News International and it’s not just phone hacking.

They put little video cameras in car aerials and bugs and devices in people’s houses. There are a lot of other factors as well as phone hacking. I’ve had it in my own life far too many times.” (more)

More Reporters Bugging Out

Korea - Police said Friday they are currently investigating telephone calls made between a reporter and politician related to the alleged bugging of a Democratic Party meeting...

The potentially-explosive scandal was disclosed to the public on June 26 when the main opposition Democratic Party filed a complaint with the police, claiming a KBS reporter had bugged a meeting held to discuss strategies over the state-run broadcaster’s controversial plan to raise TV subscription fees. (more)

Thursday, July 21, 2011

Recover a Stolen Laptop with Free Tracking Software

via Rick Broida, PCWorld...
In the last month, two family members and one friend have had laptops stolen right out of their homes. Sadly, none of the systems were equipped with remote-monitoring software, meaning the chances of recovery are just about zero.

To me this serves as a wake-up call; I'm in the process of evaluating various laptop-recovery services to see which one I should deploy on my own machines.

Short-term, I'm equipping my primary, can't-live-without-it laptop with LockItTight. Like similar services, it relies on a small, hidden client program that performs location tracking, Webcam captures, file recovery, and even keylogging. Unlike similar services, LockItTight is free--for one PC, anyway.

After you sign up for and activate your account, you download and run the LockItTight client (which is compatible with Windows XP and later). And that's pretty much the last you see of it; you won't find any evidence of it in the system tray or Programs menu. (Neither will tech-savvy thieves, which is exactly the point.)

To tweak LockItTight's settings and/or find out what your laptop's been up to, you sign into your account via a Web browser. By default, the client will simply report the laptop's position (usually via Wi-Fi, which in my tests was accurate to about 500 meters), but you can also enable screen capture, Webcam capture, key logs, clipboard logs, remote file retrieval, and remote file deletion. (more)

Need something like this for your Mac? Try Adeona, also FREE.

From the Land of Paladin, Have Antidote, Will Travel

Google's search engine is now fighting against a strain of malware that secretly intercepts Web browser activity on Windows PCs. FREE

Infected users will see a big yellow box at the top of search results, directing them to a Google Web page that explains how to remove the malware. That page urges users to download or update their antivirus software, and also provides manual instructions for removing the malware from Windows computers. (To see if you're infected, run any search on and look for the yellow box.) (more)
Click to enlarge.

How to Protect Your Home While Traveling

Fred Burton, former special agent and STRATFOR’s VP of Intelligence, discusses ways to protect your home before you travel. Basic tips. (video)

Sunday, July 17, 2011

Spy Tools: The Evolution of Two Stage Weapons

(1963) Colonel Klebb is a high ranking member of the feared Russian counter-intelligence agency SMERSH, where she serves as the supervisor of Department II (operations and executions)... Klebb attempts to kick Bond with the poison-tipped shoe, but Bond blocks the attack with a chair. (more)

(1975) It wasn’t just Soviet bloc spies who used such techniques, though. In a 1975 US Senate hearing, CIA Director William Colby handed the committee’s chairman a gun developed by his researchers. Equipped with a telescopic sight, it could accurately fire a tiny dart – tipped with shellfish toxin or cobra venom – up to 250 feet. Colby claimed that this and other weapons had never been used, but couldn’t entirely rule out the possibility. (more) (video) BTW, the "dart" is believed to be an icicle. No 'pop gun' jokes, please.

(1978) The assassination of Georgi Markov in London in 1978 by a man with a poison-tipped umbrella was one of the most infamous incidents of the Cold War. The story reads like it is straight out of a super-spy novel. The forensic autopsy findings and results are as sensational as today's TV crime dramas. There is motive,a possible weapon, the known cause of death, and shadow government workings involved. Still there is no killer, and offically there may well never be. (more)

(2011) This weapon injects a freezing cold ball of compressed gas, approximately the size of a basketball, at 800psi nearly instantly. The effects of this injection will drop many of the world's largest land predators. The effects of the compressed gas not only cause over-inflation during ascent when used underwater, but also freezes all tissues and organs surrounding the point of injection on land or at sea. When used underwater, the injected gas carries the predator to the surface BEFORE blood is released into the water. Thus giving the diver added protection by diverting other potential predators to the surface. (more) (video) No, "Who cut the cheese?" jokes, please.

Project X: Murdock Phone Hacking Scandal Continues to Grow

"Argh, Miss Brooks"
The U.K. police investigation into alleged phone hacking took a dramatic turn on Sunday with the arrest of Rebekah Brooks, the former chief of News Corp.'s U.K. newspaper unit who resigned on Friday.

London's Metropolitan Police, known as Scotland Yard, said they arrested her around noon Sunday (7 a.m. EDT) when she appeared by appointment at a London police station. She remained in custody as of early afternoon Sunday and hadn't been charged.

It's the 10th arrest by police in a dual probe investigating allegations of voicemail interceptions and corrupt payments to police. The allegations focus on the News of the World, News Corp.'s Sunday tabloid that the company recently closed after 168 years amid an escalating scandal. (more)

"Our Miss Brooks"

Our Miss Brooks: Mr. Conklin's "Project X" is a sound system that allows him to eavesdrop on the entire school. (download MP3)

Friday, July 15, 2011

How to Write Like an Educated Spy

Writing a good spy report is not as easy as it looks. You need more than a copy of Strunk & White's manual, The Elements of Style. You need the National Security Agency (NSA) SIGINT Reporter's Style and Usage Manual!
Did you know...
• In nautical contexts in SIGINT reports, do not call a ship a boat. As a general guideline, a boat will go on a ship, but not vice versa. Lifeboats go on cruise ships. Submarines are boats. Most of the literate public, however, uses the term boat to refer to any floating contrivance of any size. Such use is standard in general contexts, but not appropriate in SIGINT reports.

• Do not use the terms A-bomb or H-bomb. Spell out the words. Do not capitalize atomic bomb, hydrogen bomb, etc.

• Never include obscenities in a report. If an obscenity is part of a quote, replace it with the phrase ((expletive deleted)).

• PDDG ... (Sorry, that's still classified.)

Military Intelligence: How to make unclassified information classified without classifying it!?!?

The Pentagon is proposing to keep under wraps all unclassified information shared between contractors and the Defense Department except that which is expressly released to the public.

That has sparked an outcry not only from open-government advocates but from contractors who argue they could be forced to pay millions of dollars to install systems to protect that information. Tens of thousands of companies would have to meet the new requirements, according to the Pentagon's own reckoning...
The proposed rule, published June 29 in the Federal Register, would impose new controls for unclassified Defense Department information that is not cleared for public release and that is either provided by DoD to a contractor or else developed by a contractor on the department's behalf. (more)

Military Intelligence: What happens to the real classified information?

The US Pentagon has admitted that a foreign intelligence service stole 24,000 files from a US defense contractor earlier this year.

US deputy defense secretary William J Lynn will not say which contractor was holding the data or which country stole it, but he says over the past few years, information about some of the Pentagon's most sensitive programs has been pilfered from military contractors. 

"Over the past decade terabytes of data have been extracted by foreign intruders from corporate networks of defense companies. Indeed in a single intrusion this past March, 24,000 files were taken," he said.

The admission came as the US defence department announced a new cyber warfare strategy, aimed at securing the military's secrets...

He says it is not the only attack... (more)

Ping! We know where you are, and people who will pay us to tell.

What is pinging?
Mobile phone networks have the ability to locate their customers' handsets (pinging). At a basic level, they can determine which cell the phone is using. In a city, that might narrow-down the location to a few hundred metres. In the countryside it could be several kilometres. It is also possible to triangulate the position of a phone more precisely using its relative position to several masts. Additionally, many modern phones contain GPS technology to help determine their exact longitude and latitude.

Mobile operators are reluctant to discuss exactly what level of detail they are able to provide to law enforcement, although there are examples of police tracking criminals, accident victims and missing persons by their mobile phones.

A former News of the World journalist's allegation the newspaper paid police to track mobile phones raises serious questions about the UK's eavesdropping laws, according to experts. Sean Hoare said it was possible to "ping" a handset's location for £300. (more) (DIY Ping) (How to)

50 Ways to Get in Ethical Trouble with Technology

Originally written for attorneys, but great advice applicable to many of us...

Technology makes everything easier and faster. In fact, it makes it possible to commit malpractice at warp speed. We can fail to represent diligently, lose our clients data, perform incompetently, and violate the rules regarding attorney advertising—all in sixty seconds or less.

There are so many ways to potentially commit malpractice with technology that it is impossible to list them all. Still, let us make a credible stab at some of the more common missteps. (more)

Jersey Girls Spy Hard - Court Approves Cell Phone Bill Request

New Jersey officials who use taxpayer funded cell phones cannot keep information on the destination of outgoing calls secret, a state appellate court ruled earlier this week.

In Livecchia v. Borough of Mount Arlington, the Superior Court of New Jersey, Appellate Division, ruled on Wednesday that the public interest in information on the city and state of the location of cell phone calls outweighed the privacy interests of state officials. It also rejected an effort by the state to absolutely bar such information from becoming public.

The court said “there is no absolute bar to the release of the destination location of telephone calls placed by public employees using publicly funded cell phones and the same would not impinge upon individual privacy interests.”

The case began when resident Gayle Ann Livecchia submitted a public records request for two months’ worth of cell phone records documenting the use of publicly funded phones by all employees in the borough.

Livecchia wanted to use the records to see whether employees exceeded limits placed on the taxpayer-funded phones and also whether individuals were using the phones for personal reasons without reimbursing the borough, according to the court. (more) (ruling)

Thursday, July 14, 2011

Your Old Smartphone's Data Can Come Back to Haunt You

Your smartphone probably contains data in places you might not think to look. People--and companies--that sell old phones often do a lousy job of erasing all that info, according to our research with 13 secondhand phones. 

Stands at the flea market were selling stolen phones. The owners had not been able to wipe the phones remotely. Your old cell phone data can reemerge from the past to haunt you. Whether it’s because sellers are lazy or naive, cast-off phones still contain troves of information about their former users. And as phones get smarter, they’re ever more likely to hold bank account passwords, personal email, or private photographs that anyone with the right kind of motivation could exploit. (more)

Tip: Always protect your cell phone with a passcode PIN. Some smartphones allow their passcodes to be longer than the usual four digits and will automatically erase your data if the wrong code is entered too many times. ~Kevin

Smartphone Hacking Becomes News of the World

It's never this obvious.
The “phone hacking” scandal unfolding in the UK has demonstrated how trivial it is to gain unauthorized access to voicemail and other information stored on smartphones. Ignoring basic security steps only makes it easier.

With the help of Kevin Mitnick, CNET reporter Elinor Mills demonstrated just how easy it can be to hack into someone’s voicemail. This was done in the wake of the “phone hacking” scandal that has erupted in the UK in which employees for News of the World hacked into a murdered girl’s phone and materially interfered with the then ongoing police investigation. It’s now grown much larger even than that one terrible incident, and this is, of course, an extreme example of the harm that can be done to people with unsecured mobile phones. (more)

If you own a smartphone you are a viable target,
and you really need to ask yourself, 
"Is my cell phone bugged."

Interesting Smartphone Hack & Spy Links

Thanks to our West Coast secret agent for compiling and sharing these interesting smartphone-related links...

The Vodafone Femtocell Hack

Femtocells are "small cellular base stations, typically designed for use in a home or small business. It connects to the service provider’s network via broadband (such as DSL or cable); current designs typically support 2 to 4 active mobile phones in a residential setting, and 8 to 16 active mobile phones in enterprise settings. A femtocell allows service providers to extend service coverage indoors, especially where access would otherwise be limited or unavailable."

Though esoteric at first glance, most people will get the gist of this cell phone intercept hack.

• Can be used worldwide via VPN tunneling.
Allows eavesdropping, calling, text messaging... via someone else's SIM card.
• Inexpensive.

The GSM Association says...
"In addition to attacks against deployed femtocell access points, it is important to remember how the equipment itself could potentially be used for illegal purposes. It is important that femtocell equipment is only supplied to reputable buyers as failure to do so opens up the possibility of femtocell access points being used to support illegal call selling and traffic routing activities, avoidance of lawful interception, use as a false base station to launch man in-the-middle attacks, etc. Of particular concern is the potential for femtocell access points to facilitate the placement of fraudulent calls on 3G networks." (more)

Wednesday, July 13, 2011

Accused SpyCam'er Aquitted - Non-HD SpyCam Saved Her Butt... and His

Australia - An army corporal accused of secretly filming a woman while she showered at an Adelaide Hills barracks has been acquitted in the Adelaide Magistrates Court...

Magistrate Kym Boxall rejected claims by the defence that the card may have been stolen and worn to disguise the identity of the perpetrator.

"I find that rather the actual perpetrator inadvertently filmed himself, including the identification card, and thereby almost gave himself away," he said...

"There is no doubt that a crime of indecently filming a female person was committed at Woodside Army Base using a small filming device that looked like a vehicle remote control unit," he said.

However, he said he was not satisfied beyond reasonable doubt that Freeman was the person who planted the device. Freeman was found not guilty and the charge was dismissed. (more)

Etienne Labuschagne on Business Spying and Eavesdropping

“Many people think that this sort of thing isn’t happening — that corporate espionage is just something you see in movies,” says Etienne Labuschagne. “But that’s just not the case. As more people use these kinds of methods, more of them are getting caught. We live in an era where you can buy bugging gear for a few dollars … and where people will move mountains to get information first.”

Labuschagne says News of the World was simply “one of the unlucky ones that got caught doing it”. He suggests the newspaper got complacent after having gotten away with the practice for so long.

“It used to be easy to say people were just paranoid,” says Labuschagne. “I’m dealing with more and more clients every day who have these problems.”

The only way to ensure one’s phone calls, SMS messages and voice mails are entirely secure is to encrypt conversations, he adds. “The only way to be 100% sure is by using point-to-point encryption, where your unit and mine are both encrypted.”

With corporate espionage on the rise, he says that many companies are opting for counter surveillance strategies to protect their information, particularly because prevention is always easier than prosecution. “I recently dealt with a company that knew it had been bugged by competitors. But the problem is that in order to prosecute, the company would have to produce extensive evidence. Even then, that doesn’t stop it in the interim.”  (more)

Could Your Hard Drives (and other electronics) be Time-Bombed?

A Department of Homeland Security (DHS) official acknowledged the persistent threat of pre-existent malware on imported electronic and computer devices sold within the United States, sparking renewed interest in a problem the federal government has been trying to mitigate for some time.

Calling the threat "one of the most complicated and difficult challenges we have," Greg Schaffer, acting deputy undersecretary for the National Protection and Programs Directorate for the DHS, said that he is "aware that there are instances where that has happened," although he did not go into specifics about those instances. (more)

Tuesday, July 12, 2011

In an effort to better live up to their name, Yahoo! now reads your email before you do.

Houyhnhnms - Yahoo! has recently changed certain settings in its email policy which will allow the company to eavesdrop on customer mail.

With the new service, the search engine uses a spam blocking technology to learn about its users so they can be targeted by display advertisements.

However, this is not where it ends – Yahoo! will also hold the right to scan emails from people using other email accounts if they send emails to Yahoo! users.

In addition to this, users hold the responsibility to warn others about the changes made to their accounts. (more)

Extra Credit: How to Encrypt Your Email

Jersey Girls Spy Hard - Court Approves their Private GPS Spying

NJ - Appellate court in New Jersey sees no issue with private use of GPS devices to secretly track motorists. 

Police are not alone in the ability to secretly use GPS devices to track someone without his knowledge, the New Jersey Superior Court's Appellate Division ruled Thursday. 

A three-judge panel made this decision in the context of a privacy invasion suit brought by Kenneth R. Villanova against Innovative Investigations Inc after his now ex-wife hired the private-eye company to spy on him. She intended to document alleged infidelities prior to filing for divorce in May 2008. At the firm's suggestion, Villanova's wife installed the tracking device on her husband's GMC Yukon-Denali which followed the vehicle's every move for forty days. (more) Villanova v. Innovative Investigations (New Jersey Superior Court Appellate Division, 7/7/2011)

Psst... Wanna buy some spy HQ blueprints?

Germany is investigating reports that a set of blueprints its future BND spy headquarters under construction in Berlin may have been missing for up to a year.

Several media were citing a German-language report in Focus magazine which, if confirmed, would likely pose a serious security risk — and be a huge embarrassment for the spy agency.

According to the Telegraph: The plans for the new building included details on alarms, emergency exits, wall thickness and the locking systems designed to protect the 4,000 personnel who will work there. Focus also said the blueprints could have been missing for a year before anyone noticed their absence. (more)

Oh, like this has never happened before...
UK - DETAILED top-secret plans of MI5's fortress HQ have been sensationally handed to News of the World.

The lost 66-page dossier of floor layouts—once used by trusted CONTRACTORS at the high-security Central London base—would be gold dust to terrorists.

The plans were given to us by a worried member of the public, who got them from a friend who worked at the building and never handed them back. (more)

Keep the Guards Awake - Make them Wear Point & Shoot BulletCams

12 Megapixel 1/2.5 HD CMOS Sensor
  • HD Video Resolution 720p (1280x720 Pixel)
  • 170° Wide angle
  • 10 m water proof
  • With Photo Capture Mode:Camera takes a photo every 3 seconds
  • Aluminum housing
  • High Definition Camcorder 1,280 x 720, 30 fps
  • Up to 2 h battery power
  • Incl. 4 GB Micro-SD Card
  • Incl. splash-proof camera head for improved sound recordings
  • Incl. adapter for helmet, goggles, handle bar, 360° universal mount, case, USB cable, power adapter, sealants, lithium-ion battery
Technical features
  • Image sensor 12 Megapixel 1/2.5 HD CMOS Sensor
  • Objective 170° Wide Angle | Aperture: f = 2.8
  • Memory Slot for Micro-SD Card up to 32 GB
  • Data format Movie: MPEG codec , AVI file format
  • System requierements PC: MS Windows XP / Vista / Windows 7 | Mac 10.6.6
  • Connectors Mini USB 2.0
  • Battery Life Video up to 2 hours with Micro-SD card 32 GB/Class 6
  • Power rechargeable Lithium-ion battery
  • Dimensions approx. 90 x 30 x 10 mm
  • Weight approx. 83 g (without battery)

Monday, July 11, 2011

Alert: ZeuS Trojan Runs on Android Phones - Steals Bank Passcodes

Criminals have developed a component of the ZeuS Trojan designed to run on Google Android phones. The new strain of malware comes as security experts are warning about the threat from mobile malware that may use tainted ads and drive-by downloads.

Researchers at Fortinet said the malicious file is a new version of "Zitmo," a family of mobile malware first spotted last year that stands for "ZeuS in the mobile." The Zitmo variant, disguised as a security application, is designed to intercept the one-time passcodes that banks send to mobile users as an added security feature. It masquerades as a component of Rapport, a banking activation application from Trusteer. Once installed, the malware lies in wait for incoming text messages, and forwards them to a remote Web server. (more)

When Computer Spy Art is Not Smart

Artist Kyle McDonald put a strange art project into practice when he installed what amounts to surveillance software on the public computers at an Apple store and used the images collected to create a presentation that he hoped would give us, by the facial expressions captured, insight into our relationship with the computers we use...

McDonald figured that Apple had decided the program wasn't a big deal. That was until four Secret Service men in suits woke him up on Thursday morning with a search warrant for computer fraud. They confiscated two computers, an iPod and two flash drives, and told McDonald that Apple would contact him separately. (more)

People Staring at Computers from Kyle McDonald on Vimeo. 

Dude, next time just Christo the store.

Need Expert Police & Security Advice? Check was founded by Lieutenant Raymond E. Foster, LAPD (ret.).  An educator and prolific writer himself, Lt. Foster observed that many of the best people in law enforcement were sharing their expertise by writing books. He also recognized that their works needed a headquarters to be easily found. Hence,

The book isles include diverse topic sections, such as:

Historically, a listing in was only granted to "anyone person who completed their probationary period in a state or local police or law enforcement organization." This has recently been expanded to include Other Law Enforcement Writers including Security Professionals, thus making the site an even more valuable repository of expertise.

As Mr. Peabody might say, "This is a site you should ...bookmark!"