Sunday, December 30, 2012

2013 at the International Spy Museum

What's up at the International Spy Museum in Washington, DC next month... 

New Special Exhibit
Exquisitely Evil: 50 Years of Bond Villains

Meet Bond’s villains, uncover their evil schemes, and explore their exotic lairs and weapons in this special exhibit. Now open through 2014.

Exquisitely Evil Family Night
Friday, January 11
You are invited for a secret after-hours infiltration of the Museum’s newest exhibition, Exquisitely Evil: 50 Years of Bond Villains. Families are welcome to this exclusive viewing of the special exhibit complete with Code Cracker competitions, Bond Spy Trivia contests, SPY snacks, hot cocoa, and a chance to explore all forms of spy tradecraft. Eye patches optional.

Spying in America
Espionage from the Revolutionary War to the Dawn of the Cold War - Tuesday, January 15 (FREE)
Join Michael Sulick, former director of the CIA's National Clandestine Service, as he discusses his new book, Spying in America, which presents a history of more than 30 espionage cases inside the United States including Benedict Arnold and Julius Rosenberg.

On the Front Line
Protecting Presidents and Prime Ministers - Thursday, January 17
As Inauguration Day nears, consider what it’s like to guard the President. Meet two experts who know first-hand the work in keeping the head of the state safe: Mark J. Basil served with distinction in the United States Secret Service for ten years; and Daniel J. Mulvenna retired from the Security Service of the Royal Canadian Mounted Police after 21 years.

Spy Hunters
The Women Who Caught Aldrich Ames - Wednesday, January 23
Meet Sandy Grimes, a former CIA Operative in the Agency’s Clandestine Service, and hear how she and her fellow operative Jeanne Vertefeuille used their determination, hard work, and cunning to enable the capture and conviction of their former colleague and infamous CIA officer-turned traitor: Aldrich Ames.

Power and policy in syria
Intelligence Services, Foreign Relations and Democracy in the Modern Middle East - Wednesday, January 30
Join Radwan Ziadeh, Director of the Syrian Center for Political and Strategic Studies, as he presents a fresh and penetrating analysis of Syria's political structure and the Syrian intelligence service.

Spy Seminar Series
Exfiltrations, Captures, or Kills: Famous High Stakes Intelligence Operations
 - Wednesday, February 6 - February 27
Intelligence operations that hold human life in the balance are some of the most difficult missions any intelligence service will ever undertake. Exfiltrations are supremely delicate. This is the process of extracting a person or people from a targeted site with absolute urgency due to a sudden change which makes the site hostile. This could happen when a spy’s cover is blown or a change in leadership puts people in danger. Captures are just that - snaring an enemy. And lastly, kills. Wet jobs. Assassinations. When the enemy is bad enough that termination is the only answer. In this series, a distinguished group of experts and former intelligence personnel will introduce you to some of the greatest of these intense operations. — In collaboration with the Smithsonian Resident Associate Program.

While there, stop by the Spy Museum Store and pick up a copy of "Is My Cell Phone Bugged? Everything you need to know to keep your mobile communications private."

Predicting Personal Aerial Surveillance – Drone On

Mark Pesce takes a look at drones and tries to predict the future...

At the end of March, a new service announced itself to San Franciscans. 'One-click taco delivery' sounded quite reasonable. The perfect lunch food, ordered via smartphone, and couriered to your door while still steaming hot.

All perfectly normal - until you got a peek at the delivery vehicle: a 'quadcopter'.

A quadcopter looks a bit like a helicopter, but rather than the customary single rotor, they have four rotors mounted on an X frame, one rotor at the end of each arm. They're often quite small - less than a meter in width - and computer-controlled...

Tacocopter was revealed as an elaborate April Fool's prank...

As the cost of a drone drops below a hundred dollars, we'll see them used everywhere. Their mounted cameras will give us eyes in places we can't reach easily ourselves, and will find countless industrial uses...

Suddenly we can see everything, everywhere. We are stumbling into the Age of Omniscience almost accidentally, and before we know it there will be no place, high or low, where we can not be seen.

This will vex celebrities first... Within the next year, a jealous husband will be able to hire a private detective to track his wife by drone, and be able to witness her comings and goings for himself.

Creepy men will stalk their ex-girlfriends by drone, leading to an expansive application of restraining orders to cover 'personal airspace'. The right not to be seen will be debated in the courts, the public sphere, and on the floor of Parliament... (more)

Reality Check: In a majority of countries, air space is government controlled. Personal spy drones, as a legitimate delivery business or surveillance service, will not get off the ground without strict restrictions. But, like other electronic surveillance technologies — whose usage is already covered by legislation — illegal usage will proliferate

Maybe there is a new TSCM menu item in this, Drone Spotting... 

To paraphrase a line from an old blues song... "Spying been down so long, it look like up to me."  
I am sad about 2013. Too many developing surveillance technologies. Dropping prices and ethics. All this, creating more people and businesses whose privacy and intellectual property will be targeted. I am also optimistic. TSCM specialists – people like me who detect illegal surveillance as a business – around the world are keeping one step ahead of these developments, and are ready to help you.

Keeping an eye on the bugs in the sky... ~Kevin
(Excuse me, while I go on-line to shop for a portable radar station and ballistic air nets.)

Are They Tracking You? - Government Cell Phone Surveillance

From an article in "For the Defense" Winter 2012 • Volume XVI, Issue 4, New Mexico Criminal Defense Lawyers Association, by Bill Elliott, Criminal Defense Investigative Specialist — Contact the author for a pdf copy of the full article.

With the recent ruling in USA v. Jones mandating that law enforcement will now need probable cause and a warrant prior to attaching a GPS (Global Positioning System) tracking device to someone’s vehicle, most people are feeling pretty secure that the government will not be tracking their every movement without good reason and authorization from a judge. Nothing could be farther from the truth.

In fact, this narrow decision by the U.S. Supreme Court ( only addressed the issue of physically attaching a GPS tracker to someone’s vehicle and not the more common place practice of tracking someone using their cell phone...

What is a cell phone ‘ping’ and why all the government interest in cell site location data?

Simply stated, a cell ping is when a cell tower communicates with a cell phone in its area of coverage to see if there is a need to connect. Cell phones are continuously communicating with cell site towers every couple of seconds saying here I am, are you receiving my signal.

This is happening even if no call is being placed at the time. At times a cell phone may be communicating with as many as six cell towers at once as it nears a handoff point. Each cell tower is recording this contact and this information can be utilized to track the location and movements of the cell phone across town or across the country. A cell phone’s location can be identified to within a quarter-mile radius of the cell tower location. The location can be narrowed even further by utilizing information as to which side of the tower the cell phone was on and, using other cell phone towers to triangulate the cell phone’s signal, the actual location can be pinpointed with signal strength meters.

In a nutshell... If you voluntarily carry a GPS receiver with you (a feature of your cell phone), it is not a surveillance enhancement. Thus, it can be used against you.

Saturday, December 29, 2012

Turkish PM: Five Electronic Surveillance Devices Found

Turkey - Prime Minister Recep Tayyip Erdoğan revealed that four unauthorized wiretapping devices had been detected in his parliamentary office and government car.

A subsequent report from the Office of the Prime Minister on December 25 said that one more device had been found in Mr. Erdoğan’s home-office at this residence in Turkish capital Ankara. (more)

See Two App Store Icons on Your Phone? Beware.

New spyware Trojan – Android.DDoS.1.origin – silently takes over your phone.

via Dr. Web...
Android.DDoS.1.origin creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, (Google Play) will be launched, which significantly reduces the risk of any suspicion.

When launched, the Trojan tries to connect to a remote server and, if successful, it transmits the phone number of the compromised device to criminals and then waits for further SMS commands...

Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more.

It is not quite clear yet how the Trojan spreads but most probably criminals employ social engineering tricks and disguise the malware as a legitimate application from Google. (more)

Friday, December 28, 2012

Putting Spyware on Daughter's Phone Nets Restraining Order

OH - A university student who accused her mother and father of stalking her after they installed monitoring software on her phone and computer has won a restraining order against them.

A US judge ordered David and Julie Ireland to stay at least 150m away from their daughter Aubrey Ireland and have no contact with her at a court hearing in Ohio on December 10. (more)

Remember the spy who was found dead in a duffle bag?...

UK - Scotland Yard has concluded that MI6 Codebreaker Gareth Williams probably locked himself inside the duffel bag he was found dead in, sources close to the inquiry tell the Telegraph

Click to enlarge
Police re-opened the case after the coroner ruled that a third party had likely been involved—possibly even one of Williams' security service colleagues—but after taking DNA samples and re-interviewing MI6 employees, the detectives "have been unable to find any trace of anyone who should not have been in the flat," the source says. (more)

Thursday, December 27, 2012

Wiretapping Sweeps Over China

Now wiretapping is very popular in China's officialdom, from senior level to the grass-roots, spying equipment is being utilized widely.

Officials wiretap each other to find their opponent's secrets, then use it as a bargaining chip to achieve a promotion. In many situations, people can see that the officials embrace each other. In fact, it's an action to check whether the other has a wiretapping device or not.

Commentators thought the spy equipment has been a tool of siding with the bully in China, where it isn't ruled by law.

Qi Hong is an expert on detecting spying equipment in China. Recently he told media that he had helped more than one hundred officials remove more than 300 bugs in 2011. His job is locating the wiretap device and pinhole camera from officials' car, bedroom and office. In busiest times, he removed more than 40 devices in a week.

Qi Hong also exposed that wiretap devices are widely used among the Chinese Communist Party (CCP) members. In some cases, the subordinates want to find some crimes of their superior, so that he can replace them. In some cases, competitors want to find the secrets of others which can be used to plot against them. In some cases, the superiors want to control the subordinates.

In addition, the wives and lovers want to grasp some insider information. Normally, the wiretap devices were installed in officials' cars, offices and bedrooms. (more) (video)

Repeat after me, class, "Emails are postcards."

The Senate has sent legislation to President Obama that strips out an amendment that would have forced law enforcement to obtain warrants before reading the emails of U.S. citizens stored in the cloud. 

The new measure is a tweak to the Video Privacy Protection Act, which outlaws the disclosure of video-rental information unless given consent by customers. The act was adopted in 1988 after failed Supreme Court nominee Robert Bork's rental history was leaked to the Washington City Paper. (more)

Christmas, and another phone company Pontius Pilate's spyware

Vietnam - Mobile phone subscribers have become worried stiff when hearing that their phone conversations would be tapped at any time, as the software pieces and devices allowing to bug phone calls have been selling everywhere.

There are a lot of bug device suppliers. Especially, the ad pieces on supplying tapping software pieces and devices can be found on websites as well. The advertisers affirm that all the latest generation software pieces like Spyphone, Copyphone, PokerSpyphone, Spy Mobile, Mobile Phone Spy would be delivered right after buyers make payment.

Clients have been told that it’ll take them some minutes only to install the software or bug devices into the targeted phones to record all the conversations and messages. Especially, the devices are dirt cheap, just about one million dong, which makes nothing to the people who can afford the smart phones running on iOS or Android.

In reply, network operators have affirmed that they have no involvement in the wiretapping operation and that in principle, all the personal information of subscribers has been kept confidential. (more)

But, we don't hear them complaining about the extra revenue they earn from spyware data transfers. ~Kevin

KGB: We Bugged Royals (We're shocked.)

Soviet secret agents bugged Princess Margaret’s telephone and ­listened in on the conversations of other senior royals. 

Listening devices were planted in the Princess’s bedroom during an official trip to Copenhagen in 1964. Until last week the Russians had always denied the ­covert operation... Colonel Vadim Goncharov, the KGB chief in charge of snooping operations on key western targets, installed listening devices in Princess Margaret’s lighter, cigarette case, ashtrays and telephones, eavesdropping on conversations that were “most interesting, even scandalous”... A book by the newspaper’s intelligence analyst, Gennady Sokolov, to be published next year, will provide new details about the operation against the Queen’s sister... Entitled The Kremlin v The Windsors – Palace Spies Of The Secret War, it will also reveal other attempts by Russian intelligence to spy on the Royal Family. (more)

Wednesday, December 26, 2012

Three Years of Privacy Stories - Wall Street Journal

Watched: A Wall Street Journal Privacy Report
As surveillance technologies decline in cost and grow in sophistication, tracking of many aspects of our daily activities, even the seemingly mundane, has become the default rather than the exception. The Wall Street Journal's Watched project—the latest in a years-long series on privacy—explores the impact of ubiquitous surveillance on citizens and society. (more)

The End of Privacy
The age of computing has created a new economy, in which data on people's habits, activities and interests is collected, sold and traded, often without their knowledge. The Wall Street Journal's What They Know series documents new, cutting edge uses of tracking technology and what the rise of ubiquitous surveillance means for consumers and society. (more)

The What They Know Series (more)

Android Virus Uses Your Phone to Spread Spam

Android smartphone users alert...
Spammed text messages have begun circulating that can infect your handset, causing it to continually send virulent text messages to thousands of live phone numbers each day.

That discovery comes as hackers continue to probe the Android platform, in particular, for security holes with no slowdown expected in 2013...

Messaging security firm Cloudmark Research recently discovered a virulent spam campaign that is sending text messages to Android users offering free versions of Need for Speed Most Wanted, Angry Birds Star Wars, Grand Theft Auto and other popular games.

By installing the free app, the user actually downloads a hidden program connecting their handset to a command and control server in Hong Kong, says Cloudmark researcher Andrew Conway. The Hong Kong server next sends the handset a list of 50 phone numbers, copies of viral messages and instructions to begin sending the messages to each of the numbers. (more)

If victims don't have an unlimited texting plan, the next phone bill could be a whopper because each infected phone can blast thousands of viral text messages a day.

Monday, December 24, 2012

SpyCam Story #664 - This Month In SpyCam News

SpyCam stories have become commonplace and the techniques used, repetitive. We continue to keep lose track of the subject for statistical purposes, but won't bore you with too many details. Links supplied. 

"What's up Doc?"
CO - Man hiding in Yoga festival porta-potty tank pleads not guilty. Try insanity next time.
AR - Hidden camera in girl's bedroom. A dolt claims, "to see if she was having sex."
AR - Tanning bed spycam'er pleads guilty
FL - Man gets 10 years for spycam in bedrooms and evidence tampering.
LA - Ex-security guard - 42 counts of voyeurism. Hid spycams in restrooms at his building.
MI - Man jailed for taping sexual encounter between himself and three women.
Canada - Swimming instructor puts spycam in staff-only locker room
Canada - Clothing store dressing room cam-man turns himself in
Canada - Another clothing store cam-man.
Austria - Artist installs one-way mirror in cafe. Peeks from mens restroom into ladies room

School Daze...
KY - A real McCoy caught upskirting at college.
NJ - Chief custodian at Catholic high school + 8 cameras - Arrested.
CT - Cell phone + college co-ed showers... What could possibly go wrong? 
IN - Janitor + spycam + locker room.
IN - Middle School science teacher + spycam + women's faculty restroom at the school
OH - Middle School teacher + spycam + 2 female teachers in teachers-only bathroom.
OH - High school coach + camera in Boy's Locker Room, pleads not guilty
CT - School psychologist + camera + house guest.

Darwin Awards...
AR - Wife finds video of underage girl on his/her computer. He filmed himself setting it up.
Canada - Likes to watch women sleep. Voyeurism no, B&E yes. Cell phone left behind.

Sunday, December 23, 2012

Florida Man Convicted in Wiretapping Scheme Targeting Celebrities

A Florida man who hacked into the personal e-mail accounts of more than 50 people associated with the entertainment industry—including actors Scarlett Johansson, Mila Kunis, and Renee Olstead—was sentenced this afternoon to 120 months in federal prison.

Christopher Chaney, 36, of Jacksonville, Florida, was sentenced by U.S. District Court Judge S. James Otero, who also ordered the defendant to pay $66,179 in restitution. At today’s hearing, Judge Otero said Chaney’s conduct demonstrated a “callous disregard to the victims”—particularly, two non-celebrity victims, each of whom was stalked by Chaney for more than 10 years. Judge Otero noted that with the increase in cybercrime, it is important to realize that extreme emotional distress can be as devastating as a physical injury.

Chaney has been in custody since March, when he pleaded guilty to nine felony counts, including wiretapping and unauthorized access to protected computers. (more)

Friday, December 21, 2012

Android Malware Among Top Threats for 2013

Security company Trend Micro has prophesied that the number of malicious and insecure Android apps will triple from 350,000 by the end of this year to more than a million.

Also among the company's predictions in its "Security Threats to Business, the Digital Lifestyle, and the Cloud" report: Cyber criminals will heavily abuse legitimate cloud services; hacktivist attacks will become more destructive; and the increase in computing platforms and devices will lead to threats cropping up in unexpected places. (more)

FutureWatch: New TSCM Tool on the Far Horizon

A secret agent is racing against time. He knows a bomb is nearby. He rounds a corner, spots a pile of suspicious boxes in the alleyway, and pulls out his cell phone. As he scans it over the packages, their contents appear onscreen. In the nick of time, his handy smartphone application reveals an explosive device, and the agent saves the day.

Already in use, but not yet cheap and portable.
Sound far-fetched? In fact it is a real possibility, thanks to tiny inexpensive silicon microchips developed by a pair of electrical engineers at the California Institute of Technology (Caltech). 

The chips generate and radiate high-frequency electromagnetic waves, called terahertz (THz) waves, that fall into a largely untapped region of the electromagnetic spectrum—between microwaves and far-infrared radiation—and that can penetrate a host of materials without the ionizing damage of X-rays.

When incorporated into handheld devices, the new microchips could enable a broad range of applications in fields ranging from homeland security (and TSCM) to wireless communications (new types of bugs) to health care, and even touchless gaming. In the future, the technology may lead to noninvasive cancer diagnosis, among other applications. (more)

Wednesday, December 19, 2012

The Bugging Report Too Dangerous to be Released

Australia - The secret police report into the widespread phone-tapping and bugging of over 110 serving and former officers was too "dangerous" to be released, the Inspector of the Police Integrity Commission, David Levine, said yesterday.

The reputations of the NSW Police Force and individual officers could be trashed if the report and recommendations by strike force Emblems were made public, the former Supreme Court judge said. (more)

Tuesday, December 18, 2012

" I heard that law enforcement has some sort of scanner that...

...tells them if a car has a large amount of money and then proceed to pull the car over where they eventually confiscate the cash. Is there really a "money scanner" like that?"

I get a lot of strange questions. 

This one was particularly intriguing.


For now, this appears to be an urban legend.
However, developing a technique to do this is on their radar screen...

"As U.S. financial institutions continue to improve legislation that reduces money laundering, criminals with large quantities of cash have shifted their focus to bulk currency smuggling, making deposits in foreign banks. Current DHS and law enforcement technologies catch only a fraction of the currency passing through the ports and borders. To date, a dedicated currency detector has never been developed. Lattice Government Services (LGS) will work with the University of Washington to define requirements and a Concept of Operations, research gaseous chemical detection, and physical spectral/magnetic detection technologies, and down select ideal systems..." (more)

From the fine state that brought you the light bulb, tetracycline, the visible-light lasers, bubble wrap, oral ACE inhibitors and the TV dinner...

"Paul Burgess, the chief executive of New Jersey-based Lattice Inc, the parent of Lattice Government Services, described challenges: “it isn’t just currency moving through an airport, a body scanner will pick that up. The bigger problem is at border crossings. You can put money in a side door and it’s going to be very difficult to detect."

As of May, 2011 we know that...

"DHS will soon begin reviewing the companies’ reports to decide whether there are any ideas worth pursuing, Verrico said. If the agency decides to move forward, one or more prototypes will be built and field-tested. “We will evaluate them over the next 30 to 60 days before we make any further decisions on ‘phase two,’” he said.” (more)

Stay tuned.

Personally, I think money detection will eventually be accomplished by embedding micro-RFID chips into the paper. Of course, the countermeasure would then be to carry money in a shielded container or wallet

Perhaps "smell" is the answer. Dogs are slow and scarce. But, these problems are being worked out...

"Tai Hyun Park and Seunghun Hong, of Seoul National University, with their colleagues, recreated a simplified version of the detecting cells in a dog’s nose using tiny bubbles made from cell membrane." 

They are working on artificial noses in Japan and Germany, too. You can buy an electronic nose today from Alpha MOS, but it is not portable enough for sniffing out money. The Cyranose 320 is portable but doesn't know what money smells like. We'll check back with you folks later.

Got any ideas for money detection?  
Send them (along with a case of M&M's) to:
"Show me the money!"
PO Box 668
Oldwick, NJ 08858

Dockworkers Union Alleges Eavesdropping - West Coast Port Strike

APM Terminals has been accused by a California dockworkers union of eavesdropping on workers to gain an edge in contract negotiations. 

The complaint, filed with the National Labor Relations Board by International Longshore and Warehouse Union Local 63, said APM "conducted secret surveillance, eavesdropping and snooping and listening in on confidential communications between and among union representatives, shop stewards and members concerning ongoing contract negotiations, bargaining strategies and labor-management issues."

The complaint was filed Nov. 14, about two weeks before the union's clerical workers went on an eight-day strike that shut down most of the cargo terminals at the ports of Los Angeles and Long Beach, the busiest seaport complex in the country. In the document, the union local alleges that the surveillance dates back at least six months. (more)

Top 5 Wireless Tips for IT Pros

via Altius IT Information Security...

Listed below are the top 5 tips IT professionals should take to enhance wireless network security.

1. Encryption. There are many different types of encryption methods used to secure wireless networks. Wired Equivalent Privacy (WEP) is the oldest and least preferred. Wi-Fi Protected Access (WPA) is newer and offers better protection. WPA2 is the newest and should be used if possible. Configure Virtual Private Network (VPN) access for users connecting to corporate systems.

2. Firewalls. Segment the wireless network from your in-house wired network. Use firewalls to restrict traffic to and from the internal network. Configure user devices so firewalls are turned on and actively protect applications and data.

3. Manual connection. Configure portable devices such as laptops and handhelds so that they do not automatically connect to wireless networks. A manual process helps ensure that the device connects to the appropriate wireless network.

4. Patch management.
Ensure device operating system, application, and security protection software is patched and up-to-date. Ensure browsers and updates to third party software packages are applied in a timely manner. Critical updates should be tested and applied as soon as possible.

5. Incident management. Prepare a formal Incident Response Plan and educate users to inform the appropriate personnel if they believe they logged into the wrong network, sensitive information such as their ID/password was compromised, their device was lost or stolen, etc. (more)

UPDATE: From our "Persistence is Futile" file...

A Canadian history buff seems to have cracked a coded World War II message that was found strapped to the leg of a dead carrier pigeon.

Click to enlarge.
Last month, Englishman David Martin found the bird's bones in his chimney when he was renovating his fireplace in the town of Surrey.

Inside a red capsule strapped to the leg of the bird was a message from Sergeant William Stott, who had been deployed behind German lines to observe the enemy's activities.

When the message was taken to Britain's top code-breakers at the Government Communications Headquarters (GCHQ), they declared the code uncrackable. (more) (audio report) (our original report)

Monday, December 17, 2012

Google Funds Spy Technology - Surveillance to the Rescue!

Carter Roberts, president of the The World Wildlife Fund, says on his organization’s site, “We face an unprecedented poaching crisis. The killings are way up. We need solutions that are as sophisticated as the threats we face.”

This week, the World Wildlife Fund (WWF) announced its receipt of a $5 million grant, courtesy of Google’s Global Impact Awards to test advanced technology in the fight against animal crime. 

If it works, the new system will include sensors placed in wildlife environments and on the animals themselves, which would be monitored by a network of surveillance drones overhead. When poachers are detected, the drones will signal mobile ranger patrols on the ground to move in, hopefully stopping the poachers’ attack. (more)

UPDATE: $50 Hacking Device Opens Millions of Hotel Room Locks

The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.

The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies.

An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks changed.

The lock scandal began as a hacker exercise. During a technology conference, an attendee revealed that he'd found a security flaw -- a way to electronically unlock a common, electronic hotel-door lock using inconspicuous tools. Other hackers checked out his claim and verified it. Their methods eventually showed up in a series of YouTube videos. (more) (and here!)

NCTC Scope "Breathtaking" - "Pre-Cogs" - fiction to fact in 10 years

via The Wall Street Journal...
Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime...


The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.

Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited. Data about Americans "reasonably believed to constitute terrorism information" may be permanently retained...

The changes also allow databases of U.S. civilian information to be given to foreign governments for analysis of their own. In effect, U.S. and foreign governments would be using the information to look for clues that people might commit future crimes.

"It's breathtaking" in its scope, said a former senior administration official familiar with the White House debate. (more)

2012 - Targeting U.S. Technologies Report Out

Targeting U.S. Technologies: A Trend Analysis of Reporting from Defense Industry", presents DSS' analysis of industry reports submitted in 2011.

Although the report is geared for Facility Security Officers at Cleared Defense Contractors (CDC), it is a valuable reference for law enforcement, public and private sector executives and security officials responsible for protecting intellectual property, trade secrets and sensitive corporate information as the trends in collection directed against CDCs are important in understanding foreign collection directed against economic and corporate data in all business and government sectors. The 2012 DSS Full Report, containing information on 2011 incidents can be downloaded here.

Security Flaw – Samsung Handsets & Tablets

A suspected fault in Samsung's implementation of the Android kernel could result in malicious apps gaining control over user devices... 

"You should be very afraid of this exploit -- any app can use it to gain root without asking and without any permissions on a vulnerable device," the forum use wrote. "Let's hope for some fixes ASAP."...affected devices include the Samsung Galaxy S2, Samsung Galaxy Note 2, Samsung Galaxy Note 10.1 and Samsung Galaxy Tab Plus.

The community says that it has informed Samsung of the flaw, and so we can hope a fix will soon be issued if the claims ring true. With so many apps floating around the Internet, the Android operating system has become an increasing target for hackers, who can slip malicious code into seemingly innocent applications which end up stealing data or taking control of your device.

As malicious apps begin to send unauthorized premium-rate SMS messages and steal user bank data, keeping our devices secure is now just as important as being careful when we surf the web on our desktops. (more)

Thursday, December 13, 2012

TSCM Bug Sweeps: When, and When Not To - Part II

The following provides advice specifically meant for: 
Private Investigators, 
Security Directors, 
Security Consultants 
and TSCM professionals.

What you can do to keep your current business clients espionage-free

Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.
In TSCM Bug Sweeps: Part I we discussed how to handled requests from new clients for TSCM bug sweeps. In Part II we look at helping your current business clients. After you alert them to your business espionage solutions you will be viewed as a more valuable resource. Your revenue will also increase.

A typical case involving current business clients...

The Ostrich Effect:
Ignore the risk and maybe it will go away.

Many companies are doing very little to protect themselves against business espionage. Worse, they do not even know what protection measures are available, or where to go to find them. The natural result is “The Ostrich Effect”: ignore the risk and maybe it will go away. As their security adviser you should, and can, be helping them avoid this major disaster.

Step 1. Partner with a competent TSCM specialist.

As mentioned in Part I of this series, partner with a competent specialist. You may already have someone you know and trust. If so, great. If not, conduct a search using terms like “eavesdropping detection”, or simply “TSCM”. Once you have found specialists to vet, ask plenty of questions. If you are not sure of what to ask, search “TSCM compare” for a list of questions. Qualify your specialist with questions, but be sure to note their professionalism too. Their presentation and demeanor will reflect on you.

Knowing a good TSCM specialist will make the rest of the steps very easy for you. (more) (Part 1)

Steps 2-4 comprise the rest of this article.
Take-away point: If you don’t help your clients, another person reading this post will.

Feeb to Fed Xmas Files Secret Flash Sale

On Dec. 20, for the first time in its history, the Federal Bureau of Investigation will open its New York store at 26 Federal Plaza to federal employees for a limited time.

Selling a full line of FBI-branded clothing and merchandise—hats, t-shirts, sweatshirts, jackets, patches, pens and coins—the store will only be open a brief four hours, from 11 a.m. to 3 p.m. Some items are priced as low as $2, boasted an email sent earlier this week to federal staffers. The store is run by the FBI Recreation Association, a nonprofit headquartered in Washington D.C. Representatives did not return calls requesting comment about this flash sale opportunity. (more 

Can't go? :(   
Shop here! :)

How to secure your Android phone - 14 Tips

via Gary Sims, Spybusters and SpyWarn...
Tip #1 – Never leave your phone laying around where uninvited guests can access it.
Tip #2 – Use a lock screen.
Tip #3 – Set a PIN to protect purchases on Google Play.
Tip #4 – Install a phone location app / security app with an anti-theft component.
Tip #5 – Don’t install apps from dodgy third party sites.
Tip #6 – Always read the reviews of apps before installing them.
Tip #7 – Check the permissions. Does the "game" really need to send SMS messages?
Tip #8 – Never follow links in unsolicited emails or text messages to install an app.
Tip #9 – Use an anti-virus / anti-malware app.
Tip #10 – Don’t root your phone unless absolutely necessary.
Tip #11 – If your device has valuable data on it, use encryption.
Tip #12 – Use a VPN on unsecured Wi-Fi connection.
Tip #13 – Read "Is My Cell Phone Bugged?"
Tip #14 – Use SpyWarn (freemium) periodically to help determine if your phone has been infected with spyware.

Tuesday, December 11, 2012

Bus-ted... Public Buses Quietly Adding Microphones to Record Passenger Conversations

Transit authorities in cities across the country are quietly installing microphone-enabled surveillance systems on public buses that would give them the ability to record and store private conversations, according to documents obtained by a news outlet.

The systems are being installed in San Francisco, Baltimore, and other cities with funding from the Department of Homeland Security in some cases, according to the Daily, which obtained copies of contracts, procurement requests, specs and other documents.

The use of the equipment raises serious questions about eavesdropping without a warrant, particularly since recordings of passengers could be obtained and used by law enforcement agencies.

It also raises questions about security, since the IP audio-video systems can be accessed remotely via a built-in web server (.pdf), and can be combined with GPS data to track the movement of buses and passengers throughout the city. (more)

Friday, December 7, 2012

"Get me Bond. I'm ticked at the watchmakers."

Authorities in Switzerland are investigating the theft of sensitive information from the country's Federal Intelligence Service (NDB) that was allegedly carried out by a senior IT technician at the agency. 

Officials believe that the suspect was upset because his advice on operating the spy agency's data systems was not being taken seriously, and that he decided to retaliate by stealing classified information from the agency's servers. That information included intelligence collected by the British spy agency MI6 about counterterrorism operations. 

The suspect is thought to have carried out the theft by abusing his administrator rights and downloading files onto portable hard drives, which he then hid in a backpack in order to sneak them out of the building. (more)

Friday, November 30, 2012

The Smartphone Turns 20

The First Smartphone
Click to enlarge.
IBM debuted a prototype device, code named "Angler," on November, 23, 1992 at the COMDEX computer and technology trade show in Las Vegas, Nevada, United States... BellSouth executives gave the finished product its final name, "Simon Personal Communicator", before its public debut at the Wireless World Conference in November, 1993... In addition to its ability to make and receive cellular phone calls, Simon was also able to send and receive facsimiles, e-mails and cellular pages. Simon included many applications including an address book, calendar, appointment scheduler, calculator, world time clock, electronic note pad, handwritten annotations and standard and predictive stylus input screen keyboards. (1)

The Simon could be upgraded to run third party applications either by inserting a
PCMCIA card or by downloading an application to the phone's internal memory. Atlanta, Georgia-based PDA Dimensions developed "DispatchIt", the only aftermarket, third-party application developed for Simon. The DispatchIt application costs were US$2,999 for the host PC software and US$299 for each Simon software client. (2)

Thursday, November 29, 2012

Security Alert: Patch Your Samsung Printers

Samsung printers contain a hardcoded backdoor account that could allow remote network access exploitation and device control via SNMP. (Yes, your print job may be stolen before the paper hits the tray.) Details of the exploit have been published... Samsung has stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices. (more)

Wednesday, November 28, 2012

Everything You Need to Know About Shredding Sensitive Waste Paper

Scraps of seemingly useless information tossed in the trash may be synergistically related. Analysis can reveal the big picture to outsiders. Reducing the availability of these puzzle parts is an important counterespionage responsibility. Stealing trash is believed to be the number one business espionage trick.

Shredding Checklist
  • Encourage the destruction of all waste paper as soon as it becomes waste.
  • Make a deskside crosscut shredder your primary weapon.
  • Large volume waste will require a larger, bulk crosscut shredder.
  • Place a shredder or locked bin next to photocopy machines in sensitive areas.
  • Extend shredding efforts to key executives’ home offices as well.
  • Never save confidential papers in a box under the desk “to be shredded later.”
  • Always use crosscut type (or better) shredders.
  • Retire any strip-cut shredders you are using.
  • Once shredders or locked bins are in place, remind people to use them.
  • Do not entrust bulk wastepaper destruction to paper recyclers unless they can destroy on-site using a truck-mounted shredder (and you can watch). Cart and shred only when sheer bulk dictates this as the logical choice and the material is not highly sensitive. Otherwise, destroy it yourself before recycling.
The big shredder purchasing mistake… Buying just one large central shredder for everyone to use. Reason: Not everyone will use it. Why? Too inconvenient.

People are too busy to be bothered to walk over to a shredder every time they should. A better choice - several convenient deskside crosscut shredders, or locked storage bins. This is one perk which has a very positive payback.

Did You Know?…  
There are people who will reassemble shredded strips, and computer programs which can optically piece together shredded strips, too.

Buyers Guide to Shredders 
Shredder manufacturers and distributors...
  • Replace your stripcut shredders with crosscut (or better) models. Stripcut models do not provide business-level security.  
  • Deskside crosscut shredders are also available from retails stores such as Staples or Office Depot.