Saturday, March 31, 2012

Privacy Alert: The Stalking App

Another day, another creepy mobile app. Here is one that allows you to find women in your area. It definitely wins the prize for too creepy.

Girls Around Me uses Foursquare, the location-based mobile service, to determine your location. It then scans for women in the area who have recently checked-in on the service. Once you identify a woman you’d like to talk to, one that inevitably has no idea you’re snooping on her, you can connect to her through Facebook, see her full name, profile photos and send her a message.

P.S. When you sign up for the Girls Around Me application, you are asked to log in to Facebook, giving the service your personal information, too. (more)

FutureWatch: The Creepy Guys Around Me app.

No, wait... This just in...
In direct response to our story from earlier today about Girls Around Me, an iOS app by Russian-based app developer i-Free that tracks and gives personal information about women without their knowledge, Foursquare has released a statement announcing that they have officially killed Girls Around Me’s access to their public API. (more)

Friday, March 30, 2012

Eavesdropper Reveries - Laser Keyboards

My new iPhone has a laser keyboard...
In my dreams :)
But until then, there is always this...

Somewhere, someone (other than me) is musing about how to eavesdrop on this technology.

The Bluetooth connection?
Optical intercept?
Keystroke logging spyware?
Or, maybe an accelerometer embedded in the table to decipher the finger tapping sounds?

Am I allowed to have this much fun at work?

Thursday, March 29, 2012

New CCTV Scans 36 Million Faces for a Match... in one second!

There were several news stories late last week about a new surveillance system by Hitachi Kokusai Electric that the company claims is able to capture a person's face and, in one second, scan some 36 million facial images stored in its database to see whether it can find a match. According to this story at Digital Trends:

"Now, here's my plan..."
"Hitachi’s software is able to recognize a face with up to 30 degrees of deviation turned vertically and horizontally away from the camera, and requires faces to fill at least 40 pixels by 40 pixels for accurate recognition. Any image, whether captured on a mobile phone, handheld camera, or a video still, can be uploaded and searched against its database for matches." 

The company states in a video posted at DigInfoTV that it thinks the system is "suitable for customers that have a relatively large-scale surveillance system, such as railways, power companies, law enforcement, and large stores."

Over time, I suspect that the technology will be reduced in price to be "suitable" for just about anyone with a surveillance system. (more)

Business Espionage: "If we can't hack your voicemail, we'll hack your business."

Australia - Revelations that a secret unit within Rupert Murdoch’s News Corp promoted high-tech piracy that damaged pay TV rivals will increase fears of corporate espionage in boardrooms across Australia and around the world. A four-year investigation by The Australian Financial Review has revealed a global trail of corporate dirty tricks by a group of former policemen and intelligence officers within News Corp that devastated competitors. (more)

Australia - Senior Australian officials have expressed concern over allegations that News Corporation engaged in hacking and piracy in order to damage its commercial television competitors. The allegations suggested that the firm owned by Rupert Murdoch had set up a unit to sabotage rivals. The Australian Financial Review said this was done by making pirate copies of competitors' smart cards. (more)

So You Want to be a Private Investigator - Top 25 Schools

Deciding on a professional private investigation training program can be tricky. Unlike many professions, a degree in investigations is not a requirement to enter into this field. Competing against individuals with extensive backgrounds in law enforcement, security and investigations can be a daunting task, but many industry veterans certainly believe hitting the classroom can help jump-start a career in investigations. Here is a list of the Top 25 educational institutions which can help you achieve your goal... (more)

"Come out with your hands up," this is the Hackers, and we have you surrounded.

The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," FBI executive assistant director Shawn Henry said.

Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said. (more)

FutureWatch Idea: Opto-isolate high-value information from the Internet, like opto-isolators do for electronic measurement equipment.

Privacy - If you are not outraged yet, wait for the strip search.

The assault on personal privacy has ramped up significantly in the past few years. From warrantless GPS tracking to ISP packet inspection, it seems that everyone wants to get in on the booming business of clandestine snooping -- even blatant prying, if you consider reports of employers demanding Facebook passwords prior to making hiring decisions.

What happened? Did the rules change? What is it about digital information that's convinced some people this is OK? Maybe the right to privacy we were told so much about has simply become old-fashioned, a barrier to progress. In search of an answer, I tried a little thought experiment. Follow me, if you will, on a journey to a place in the space-time continuum I call the Land Before the Internet... (more) 

This story, "Your privacy is a sci-fi fantasy," was originally published at

Tuesday, March 27, 2012

The 'Open Mike' Devours Another Unsuspecting Victim

Unaware that a microphone was recording him, President Obama asked outgoing Russian President Dmitry Medvedev Monday for breathing room until after Mr. Obama’s re-election campaign to negotiate on missile defense. ...“This is my last election,” Mr. Obama said. “After my election, I have more flexibility.” (more)

Friday, March 23, 2012

TSCM Training & Counterespionage Education Around the World

Dever Clark + Associates
Eavesdropping Detection and Prevention Workshop (2 days) 

Eavesdropping detection and prevention, also known as ‘debugging’, ‘audio countermeasures’, ‘technical surveillance countermeasures’ (TSCM), or even ‘sweeps’, is the term used to describe the recognition, evaluation and minimisation of the threat from covert (and often illegal) electronic surveillance. This two-day non-technical workshop consists of no nonsense, practical advice on information security and eavesdropping prevention and is presented in terms, which can be understood by people without training in electronics. ... The workshop includes practical demonstrations and illustrations of common vulnerabilities. (more) (course brochure) Contact: Michael Dever, BSc (Security) CPP PSP

Eavesdropping Detections Solutions®
Basic Course in Electronic Eavesdropping Countermeasures
We are presenting a basic course in electronic eavesdropping countermeasures. The course is scheduled to take place from 02 – 13 July 2012 – Protea Waterfront Hotel, Centurion, Gauteng. Final date for registration is 25 June 2012. The course in electronic eavesdropping countermeasures, presented since 1998, is suitable for the individual who has no or little previous experience in technical surveillance countermeasures. The 80-hour course is presented over ten (10) working days. (more) Contact: Steve Whitehead

CBIA is hosting a three day international conference on business counterintelligence from 17 – 19 September 2012 at the Kwa Maritane Bush Lodge, Pilansberg (What a venue!). The brochure and registration form attached. One of the key aims of the conference is to involve and to provide business executives, decision-makers, managers and business unit leaders with the insight to understand business counterintelligence and how it differs from other streams of information management practices. This is a vital conference for those responsible for the protection of information in their organisations. The conference sessions are highly informative, powerful and offers a wealth of opportunities for learning.  (more) (brochure) Contact: Steve Whitehead

Technical Security Branch (TSB) of Professional Development TSCM Group Inc.
Canadian Technical Security Conference (CTSC)
- April 23-25, 2012
The annual Canadian Technical Security Conference (CTSC) event (Cornwall, Ontario) is a three (3) day professional development and networking opportunity with a local, regional, national and international following of professional technical operators, TSCM specific and test & measurement based equipment manufacturers and service providers. Our annual CTSC conference event is an absolute must attend event for local, regional and international technical security professionals from the private sector, corporate security industry, financial sector, oil, gas and mining sector, government, law enforcement and military organizations and agencies. (more) Contact: Paul D Turner, TSS TSI

Research Electronics International (REI)
(Algood, TN)
TSCM courses are designed to teach the basic procedural concepts of conducting a countersurveillance investigation. Courses currently offered provide training on REI equipment as well as general sweep procedures. Classes are held in our unique training rooms that simulate suspect environments. Students use these project rooms to exercise their knowledge of the use of detection equipment. REI has 5 full-time, highly qualified instructors with many years of cumulative experience in the surveillance field. (more) (brochure) Contact: Mark S. Uker, Director of Training
Jarvis Intelligence Solutions (Tulsa, OK)
Technical Security Countermeasures

This 40 hour course of instruction is designed to provide the student with the basic skills and knowledge to conduct technical security countermeasures sweeps and surveys. Students will learn various types of equipment that can be utilized to implement electronic espionage operations and how to effectively identify, locate and neutralize these attacks. (more) Contact: Ray Jarvis, Director

There are are several more schools and providers. These are just the ones I know personally, and which have some good programs coming up soon. ~Kevin

Too young to vote?
Try one of these!

The International Spy Museum in Washington, DC is always running interesting spy-related activities for kids. Check out their Spy School Summer Camp.

Can't get there? 
Try this, on-line...
Are You Ready to Become A Super Spy?

Thursday, March 22, 2012

FutureWatch: Wireless Bugging Not Based on the Electro-Magnetic Spectrum for Transmission

Neutrinos have been in the news recently, and although it appears that they probably do not travel faster than light, they still hold court as three of the strangest of the known subatomic particles. Undeterred by these arcane particles, Fermilab scientists have succeeded in communicating with neutrino pulses through 240 meters of rock at a rate of 0.1 bits per second.

Although only capable of sending one alphanumeric character every minute, this is still an experimental tour de force that demonstrates the feasibility of using neutrino beams to provide a low-rate communications link independent of any electromagnetic radiation

FutureWatch: However, given the limited range, low data rate, and extreme technologies required to achieve this demonstration, significant improvements in neutrino beams and detectors will be required for “practical” applications of neutrino communications. (more)

How to Avoid Malicious Web Apps

Rule number one is simple: If you have any doubt, don't click. 

This single rule would help people avoid most Web app malware, but it seems to be hard to drill into users' heads.  –Tim Keanini, CTO of nCircle (more)

New Cell Phone Encryption Product - TrustCall

Here is a new twist on encrypting cell phone calls. TrustCall – Secure Phone Software

Both phones need to have an SDmicro card slot. The encryption is on the card, so it can be moved from phone to phone if desired. 

The beauty of this system is that the user doesn't have to do anything but place the call as normal. Calls takes slightly longer to connect, however. (review)

The product and company are new. As of this date, their web site is still under construction, but details can be seen here.

From the company... "TrustCall is a discreet, affordable, easy-to-install mobile security software solution for Android, BlackBerry® and iPhone in 2012. To activate, users simply choose a contact in their address book, select the “Place Secure Call” option and press send. TrustCall authenticates all user identities prior to establishing the call and maintains a secure phone connection from beginning to end. Enterprises can quickly deploy, manage and use TrustCall without advanced training or custom handsets.
Because our mobile phone security solution is portable, it can be easily removed and configured for multiple phones if needed. TrustCall can be deployed inside a client’s network or in a hosted environment while providing a platform to manage, activate and terminate secure communications in near real-time.

TrustChips are designed to operate on-demand, and only when needed, battery life is maximized. With these solutions, users enjoy all the benefits of a standard off-the-shelf smartphone as well as having seamless voice protection wherever and whenever a sensitive call needs to be made.

These TrustChip Secured applications are optimized for 3G and Wi-Fi networks. Multiple platforms are supported. (more)

Wednesday, March 21, 2012

A Cunning Plan to Protect Us from Business Espionage

(Not from the Daily Show or Black Adder.)
We are being bombarded with news stories and court trials tornadoing around Chinese spies. They’re everywhere. Collecting everything. They have become such a fixture in and around our hapless businesses that it only seems right to offer them health insurance, a pension plan, cookies and milk.

But wait. Let’s think this through. 

Aren’t these the folks who had the secrets of silk stolen from them by Justinian I? Humm, could this be why great neckties are made in Italy, not China? Even their espionage death penalty law couldn’t protect them. Boom! Economic espionage devastated their economy.

I also recall a dude from the UK, Robert Fortune, sort of an early 007. He was sent to steal the secrets of tea production from... Have you guessed yet? China! That caper is now know as The Great British Tea Heist. Boom! Economic espionage devastated their economy yet again. Oh, and what about the Chinese secret of making porcelain? A French Catholic priest stole that one. BOOM!! I could go on and on. Gunpowder, paper, etc. Bing! Bam! BOOM! Feeling sorry for China yet? Don’t. They are making up for it, right now. The disk drive that just started whirring in your computer... it might be them.

And, don’t think this is just some cosmic yin and yang, great mandella, or as we say here in Jersey, “What goes around, comes around.” No, that explanation is too simplistic, not to mention fatalistic. There is more to this industrial espionage business. The circle is bigger. This is history repeating itself, over and over and over.

Remember when England needed rubber? Where did they have to go to get it? I hear you say, “Brazil.” Correct! But they didn’t like being held captive by one source. So, what did they do? Right again. In 1876, they stole some rubber tree seeds from Brazil and cultivated their own trees. [insert Monty Python foot-stomping fart sound]! Brazil’s very promising economy, with car and bicycle tires just around the corner, is squashed. 

Click to enlarge.
Remember America’s meteoric rise to the top of the International charts? Guess what propelled that one... intellectual property thefts committed by Samuel Slater and Francis Cabot Lowell. They brought the secrets of cotton and wool production to our shores from England. Instant industrial revolution for us. Zip! The economic loose thread on Britain's sweater got “yanked”.

I feel their pain. It’s happening to us right now.

The history of mystery list continues with Lieven Bauwens, a Belgian, stealing the British spinning mule; Thomas Whitty stealing weaving secrets; John Lombe stealing silk machine designs; atomic bomb secrets going everywhere. Even English muffin baking secrets aren't safe. (“...there are but seven executives who know the exact formula that causes the English muffins to develop their nooks and crannies,” and one guy tried to make off with it.)

What we have learned.
• Anyone with exclusive information will attract business spies.
• Industrial spying changes the fortunes of countries and the courses of history.
• Espionage laws with stiff legal penalties do not deter spies.
• History repeats itself.

What we haven’t learned.
• How to stop business espionage.

Competitive advantages are national treasures. Losing a competitive advantage doesn’t just hurt the business which owns it. In the long run, it hurts entire countries and its citizens. The economic damage lasts for centuries. 

Viewed in this light, the obligation becomes clear. The keeper of a competitive advantage has a moral and social obligation to protect the asset.

So, why don’t businesses do a better job of protecting their intellectual property? 
• No direct ownership of the protection responsibility.
• Short-sighted greed. Security costs a little money. (Very little in the long run.)
• Reliance on espionage laws which are based solely on punishing the spies... if they are caught. If they are not caught the damage still occurs; no one is held accountable.

And now for my cunning plan...
Treat intellectual assets, business secrets, high-level business discussions, communications and critical strategies with the same respect we afford military secrets. They are just as vital, and arguably, more so. Label these gems of information for what they are... National Interest Assets.

Round out the espionage laws. 
History has proved the one-sided, punish-the-spy model does not work – even when the penalty is DEATH! 

Impose a legal responsibility to proactively protect National Interest Assets. Hold the corporate caretakers of our economic future accountable for protecting their valuables. Create standards of protection. Provide penalties for inadequate or negligent protection. Enforce compliance before the theft occurs. Hey, we do it with medical and financial records.

In short, make proactive counterespionage protection an economically attractive, moral and legal responsibility. 

If you agree, please pass this article on to your legislators. I’ll be doing the same here. The end result will benefit everyone.

Be seeing you,

When Social Notworking May Really Mean Not Working

Employers ask job seekers for Facebook passwords
When Justin Bassett interviewed for a new job, he expected the usual questions about experience and references. So he was astonished when the interviewer asked for something else: his Facebook username and password.

Bassett, a New York City statistician, had just finished answering a few character questions when the interviewer turned to her computer to search for his Facebook page. But she couldn't see his private profile. She turned back and asked him to hand over his login information.

Bassett refused and withdrew his application, saying he didn't want to work for a company that would seek such personal information. But as the job market steadily improves, other job candidates are confronting the same question from prospective employers, and some of them cannot afford to say no. (more)

LAUSD Can Now Spy on Teachers' Online Activity, Punish Them for Facebook Comments

Los Angeles Unified School District headquarters tells teachers -- and any other adult associated with the district -- that they'd better keep their social-media persona in check.

Actually, the new policy was put in place almost two months ago. But until the news wire mentioned it in an article today, it seems to have passed quietly under the radar. (more)

Tuesday, March 20, 2012

FutureWatch: Your Next TV May Watch You

via the HD Guru...
Artist's conception. Not really Samsung.
Samsung’s 2012 top-of-the-line plasmas and LED HDTVs offer new features never before available within a television including a built-in, internally wired HD camera, twin microphones, face tracking and speech recognition.  

While these features give you unprecedented control over an HDTV, the devices themselves, more similar than ever to a personal computer, may allow hackers or even Samsung to see and hear you and your family, and collect extremely personal data.

And unlike other TVs, which have cameras and microphones as add-on accessories connected by a single, easily removable USB cable, you can’t just unplug these sensors.

Privacy concerns
We began to wonder exactly what data Samsung collects from its new “eyes and ears” and how it and other companies intend use it, which raises the following questions:

* Can Samsung or Samsung-authorized companies watch you watching your Samsung TV? 
* Do the televisions send a user ID or the TV’s serial number to the Samsung cloud whenever it has an Internet connection? 
* Does Samsung cross reference a user ID or facial scan to your warranty registration information, such as name, address etc.? 
* Can a person or company listen to you, at will, via the microphone and Internet connection? 
* Does Samsung’s cloud store all this information? How secure is this extremely personal data? 
* Can a hacker intercept this data or view you via the built in camera? 
* Can a third-party app program do any of the above? 
* Exactly what information does the TV send to Samsung or other parties? 
* Does Samsung intend to sell data collected by its Smart TV owners, such as who, what and when one is viewing? (more)

Sunday, March 18, 2012

Send your Kids to Camp this Summer... Spy Camp

 This isn’t your ordinary day camp—this is Spy Camp!

Somewhere deep inside the International Spy Museum in Washington DC is an elite group of 10-13 year old recruits, lurking in the shadows, preparing to take on top secret missions. No one really knows who they are, or for that matter, what they’re really up to. Now it’s your turn to join their ranks. 

Each day at Spy Camp is filled with top secret briefings and activities that will put spy skills and street smarts to the test. Aspiring KidSpy recruits will hone their tradecraft, learn from real spies, and hit the streets to run training missions. Develop a disguise for cover, make and break codes, discover escape and evasion techniques, create and use spy gadgets, uncover the science behind spying—all of this and more awaits young recruits! (Secret Briefing)

Friday, March 16, 2012

Case History: How Foreign Espionage is Killing U.S. Companies

A cautionary tale of woe...
Last June, three men squeezed inside a wind turbine in China’s Gobi Desert. They were employees of American Superconductor Corp., a maker of computer systems that serve as the electronic brains of the device... to test a new version of its control system software...

The software was designed to disable the turbine several weeks earlier, at the end of the testing period. But for some reason, this turbine ignored the system’s shutdown command and the blades kept right on spinning.

The problem wasn’t immediately clear, so the technicians made a copy of the control system’s software and sent it to the company’s research center...

...some startling findings... The Sinovel turbine appeared to be running a stolen version of AMSC’s software. Worse, the software revealed Beijing-based Sinovel had complete access to AMSC’s proprietary source code. In short, Sinovel didn’t really need AMSC anymore... March 2011, Sinovel abruptly and inexplicably began turning away AMSC’s shipments...

AMSC had no choice but to announce that Sinovel -- now its biggest customer, accounting for more than two-thirds of the company’s $315 million in revenue in 2010 -- had stopped making purchases. Investors fled, erasing 40 percent of AMSC’s value in a single day and 84 percent of it by September.

What happened to AMSC may be incredibly brazen, but it’s hardly exceptional. There have been a large number of corporate spying cases involving China recently, and they are coming to light as President Barack Obama and the U.S., along with Japan and the European Union, have filed a formal complaint to the World Trade Organization over China’s unfair trading practices. 

...14 U.S. intelligence agencies issued a report describing a far-reaching industrial espionage campaign by Chinese spy agencies. This campaign has been in the works for years and targets a swath of industries.

“It’s the greatest transfer of wealth in history,” General Keith Alexander, director of the National Security Agency, said at a security conference at New York’s Fordham University in January. (more)

Manufacturing is gone.
Intellectual property is going.
What will we have left to sell?
Please. Start taking espionage seriously. ~Kevin

FutureWatch: The Most Powerful Spy Center In the World

Deep in the Utah desert, at the feet of the Wasatch mountain range, is one of the most secret, most guarded, most secure facilities in the world. Here is where everything you say is analyzed to search for security threats against the United States.

It's the National Security Agency's Utah Data Center, a $2 billion facility that will capture, record and scrutinize every communication in the world, from emails to phone calls to text messages to chats. It will also crack codes. According to Threat Level, the encryption cracking will be the most powerful in the world, and will help get into "financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications."

There will be four data rooms, 25,000-square-foot each, full of servers, cooled down by 60,000 tons of machinery and 1.7 million gallons of water per day. The site has its own 65-megawatt electrical substation, as well as backup generators that can power the whole thing for three days, uninterrupted. Just the video security system alone costs more than $10 million. (more)

SpyCam Story #657 - Rutgers SpyCam Case Verdict

NJ - An ex-Rutgers student accused of using a webcam to spy on his gay roommate was convicted of invasion of privacy but cleared of some of the more serious charges of bias intimidation Friday.

Dharun Ravi, 20, was stoic as the jury rendered its mixed verdict in New Jersey’s Middlesex Country Superior Court after deliberating since Wednesday.

Ravi was accused of 15 counts after using a webcam to spy on roommate Tyler Clementi’s dorm-room tryst with another man in 2010.

Clementi, 18, jumped to his death from the George Washington Bridge three days after the spying incident. (more)

Two Simple Tips to Prevent Snooping on Your Lost Cell Phone

Anyone who loses their mobile phone should expect the data to be accessed by the person who finds it, and business data is no exception, according to a study released this week by security firm Symantec.

In its Smartphone Honey Stick Project, Symantec "lost" 10 phones in each of five cities, leaving them on top of newspaper boxes, in food courts, and even the ladies restroom of a Chinese restaurant. In all but one instance, people who found the phones accessed the devices, with 83 percent of people accessing one or more of the four business applications, including two human resources files, corporate email, and a remote administration tool. More than 4 out of 10 people even accessed the banking application on the device.

...two simple security measures can protect the data on devices... 
• While complex passcodes are best, using even a simple four-digit code would protect the devices from casual access.
• Installing a remote management tool to remotely track the device can help to quickly recover a lost phone. Most device management tools also allow users to remotely delete the data on the device, a hedge against a more tech-savvy data thief. (more)

Advice: Use Cell Phone Forensics, not Spyware, to Gather Evidence

via Pursuit Magazine...
"As a private investigator, I’m often asked by businesses to gather information from cell phones owned by a company; you can protect your business by tracking your employee’s cell phone data. Even though I know the best method for collecting data from phones is through mobile phone forensics, one client was insistent that we use spyware to track calls, text messages, etc. from one specific employee they suspected of stealing from the company..." (and it goes downhill from here) (more)

Thursday, March 15, 2012

Privacy Invading Lawsuit - Apps

Facebook, Apple, Twitter, Yelp and 14 other companies have been hit with a lawsuit accusing them of distributing privacy-invading mobile applications.
The lawsuit was filed by a group of 13 individuals in the United States District Court for the Western District of Texas earlier this week. The suit charges 18 companies with surreptitiously gathering data from the address books of tens of millions of smartphone users. (more)

Psychopath Chat

To investigate whether there are actually “psychopathic tendencies” in the way a person talks, researchers at Cornell University compared stories told by 14 imprisoned psychopathic male murderers with those of 38 convicted murderers who were not diagnosed as psychopathic. 

Each subject was asked to describe his crime in detail; the stories were taped, transcribed and subjected to computer analysis.

The analysis showed that psychopaths are more likely than other criminals to use words that reveal a great degree of selfishness, detachment from their crimes and emotional flatness, the study found. These include conjunctions like “because,” “since” or “so that,” to imply that the crime “had to be done” to obtain a particular goal. 

Here are a few other notable differences:
• Psychopaths used twice as many words relating to physical needs, such as food, sex or money, while non-psychopaths used more words about social needs, including family, religion and spirituality.
• They were also more likely to use the past tense, suggesting a detachment from their crimes.
• They tended to be less fluent in their speech, using more “ums” and “uhs.” The exact reason for this is not clear, but the researchers speculate that the psychopath is trying harder to make a positive impression and needs to use more mental effort to frame the story. (more)

Wednesday, March 14, 2012

"Yer out!" Baseball Spy Gets the Boot

AZ - A scout for the Los Angeles Angels who was watching San Francisco take infield practice Wednesday morning was ejected from Scottsdale Stadium at the request of Giants manager Bruce Bochy.

Media reports said Angels scout Jeff Schugel was taking notes during the Giants’ routine drills when he was told to leave the ballpark.

Earlier this spring, Diamondbacks manager Kirk Gibson had scouts removed while they were watching drills at Arizona’s camp. (more)

FS - Slightly Tarnished Surveillance Equipment Company - Buyer's Identity Protected

French technology company Amesys is offloading its business that sells Internet-interception equipment, a move that comes six months after it became public that Moammar Gadhafi's regime had been using the technology to spy on Libyans.

Bull SA, Amesys's parent company, said Thursday it had "signed an exclusivity agreement with a view to negotiating the sale of the activities" related to its Eagle interception product. Bull declined to identify the buyer. (more)

From Racoon Twsp. in Beaver County a Bed Bugger's Comedy

PA - A Raccoon Township man was charged after police said he hid a listening device under his wife's bed in an attempt to catch her having an affair.
Suzanne Cripe, contacted police and said she had found a "transmitter device" under her bed... She told police she thought the device had been placed there by her husband, Wayne Comet Cripe.

The Cripes "have been separated for some time," and were still sharing a house, but they had separate bedrooms, the police report said.
When police made contact with Wayne Cripe he said, "I guess she found the transmitter," before police even asked him any questions.
Cripe told the police he put the transmitter under his wife's bed because he wanted to know whether she and her boyfriend were having sex. He told police he was tired of hearing them and wanted to know "if the coast was clear" before entering his home. (more)

SpyCam Story #657 - This Week in SpyCam News

SpyCam stories have become commonplace and the techniques used, repetitive. We continue to keep lose track of the subject for statistical purposes, but won't bore you with the details. Only links to the stories will be supplied unless there is something useful to be learned.

Monday, March 12, 2012

FutureWatch - Facebook and the Fourth Amendment

Click to enlarge
" Justice Sotomayor recently suggested, the wholesale sharing of your reading history with Facebook friends may ultimately impact the Supreme Court’s understanding of what constitutes a “reasonable expectation of privacy...
"The recent trend toward social readers and other types of frictionless sharing may at first glance seem innocuous, if inane... users may not understand that sharing what they read with friends may mean sharing what they read with the government, as well. That is a whole lot more serious than just annoying your friends with your taste for celebrity gossip. Indeed, it may be another step toward the death of the Fourth Amendment by a thousand cuts." —Margot Kaminski, writing in the Wake Forest Law Review (more)

Surprise! Trade Secret Theft is not automatically Economic Espionage

Corporate espionage used to be rather straight forward as the typical Coke-Pepsi textbook example illustrates. It is a crime when one stole company data/trade secrets and passed it to a business rival.
This was, however, not quite the case of former Goldman Sachs computer programmer Sergey Aleynikov. A US federal appeals court acquitted Aleynikov in mid-February after he had served a year of his eight-year sentence... His acquittal was not only a blow to his former employer but also the Department of Justice.

Most importantly, his case is an acid test of the 16-year old Economic Espionage Act that specifically targets theft of trade secrets.

The Economic Espionage Act makes theft or misappropriation of a trade secret a federal crime, whether it is with the knowledge or intent that the theft will benefit a foreign power or for interstate and/or international commerce with the knowledge or intent that it will hurt the owner of the trade secret.

Coincidentally just a week before Aleynikov was let go, another US court acquitted Chinese-born American software developer Hanjuan Jin for allegedly stealing confidential information from her employer Motorola Inc...

But the judge said while the evidence showed she stole trade was not enough to prove she committed economic espionage by selling the information to a foreign government or entity. (more)

Moral: Prevention is more swift and sure than legal protection. Get professional help.

Social Media Spy Trick #101 - Know Who Your Friends Are... really.

Spies opened a fake Facebook account under the name of NATO’s supreme allied commander, Adm. James Stavridis, and fooled senior British defense and government officials into accepting friend requests, it was reported yesterday. 

The incident allowed the reportedly Chinese spies access to the personal e-mail and contact information of some British officials, but it was unlikely any military secrets were compromised, according to The Sunday Telegraph.

“Discussions/chats/postings on Facebook are of course only about unclassified topics,” a NATO official said of the information that was accessed. (more)

Is this Web Site Malicious?

Special thanks to Lenny Zeltser...
Several organizations offer free on-line tools for looking up a potentially malicious website. Some of these tools provide historical information; others examine the URL in real time to identify threats:

On Corporate Intellectual Fruit ...and how to keep it.

Dodd-Frank related governance issues such as say-on-pay and proxy access have been well known focal points for boardrooms during the 2012 proxy and annual meeting season, but another issue has topped headlines and is of increasing concern to boardrooms: business intelligence gathering activities...

Effective corporate governance principles dictate that those who conduct unethical or, worse, illegal activities on behalf of a company must be brought to heel. 

The phrase “traditional intelligence gathering” has its roots corporate espionage. 

Popular targets include technology related industries such as software, hardware, aerospace, biotechnology, telecommunications and energy, among others... It is clear, however, that no specific industry or sector is immune to these issues. (more)

Intelligence is the fruit of creativity; the food by which companies grow. Fruit that falls and rolls into the road is picked up by competitive intelligence professionals, legally. But when they come on property and pick fresh, ripe fruit off the trees, it's illegal. With a good fence, you can keep all your fruit.

Friday, March 9, 2012

Pursuit Magazine Book Review - "Is My Cell Phone Bugged?"

By Stephanie Mitchell, CompassPoint Investigations / Pursuit Magazine

"'Nearly everyone carries instant access to phone service, and tapping has become a personal concern.' The well documented comprehensive guide Is My Cell Phone Bugged, by Kevin D. Murray, provides well-documented information and research addressing cell phone privacy issues.

I found the book well written and superbly formatted. Even those who are not technologically savvy will find it to be very user-friendly. At no time during my reading did I feel bogged down with complicated technical language! Mr. Murray’s explanation and thorough direction assists the reader in regaining their privacy and the security of their personal information. Mr. Murray’s guidance ensures the reader that cell phone security and privacy can be achieved even if you are not a counterespionage expert.

I was impressed with the wealth of information and knowledge I gained from this book. Topics include: communications technology, purchasing secure cordless devices, how to avoid pre-bugged cell phones, understanding and identifying spyware, preventing tapping and information leaks, caller-ID technology, and identifying when your phone is under surveillance. As an investigator, I was particularly appreciative of the Legal Issues chapter covering privacy laws in a clear and precise manner." (complete review)

Thank you — Kevin

Thursday, March 8, 2012

From that wonderful state that brought you the Hatfield–McCoy feud... The Rat App

“If every West Virginia resident that owns a smart phone (and knows how to use it) gets this app . . . you'll literally have 10 (sic) citizen spy's working for you!” – a review at the Google Android app store

Snitching has eventually entered the digital age thanks to a new smartphone app that lets anyone, anywhere tell the police: “Hey! That’s kind of weird!”

Authorities in the state of West Virginia are encouraging residents to install an Android and iPhone application that lets alerting law enforcement of suspicious activity become as easy as a click of a button — or, for some smartphone owners, the touch of a screen.

The official government website for the state of West Virginia now prominently features a product available for download on select mobile devices. It’s the Suspicious Activity Reporting mobile application and it lets users type up notes about any mundane yet worrisome incident they witness and send it straight over to local law enforcement. The app even allows the user to capture and upload a photo of someone they might consider suspicious, only to then provide the police with a detailed visual description of someone who may — or may not — be up to no good...

The device’s manufacturers add that any tips, such as suspicious vehicles or mysterious packages, can be reported anonymously if the user opts for that choice. (more)

FutureWatch - The actual process of filing a report with a live police official filtered out most casual / grudge / unfounded / harassment complaints in the past. With app-happy ease and the promise of anonymity might not the floodgates of neighborly bile open? And, should we really believe that identifying information (phone number, GPS, etc.) won't get transmitted just because you pressed an app's anonymous button? When you call 911, caller ID blocking doesn't block.

Van Eck 2012 - Brain Sucking Cell Phone Spiders

The processors in smart phones and tablets leak radio signals that betray the encryption keys used to protect sensitive data. 

At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.

The antenna was detecting radio signals "leaking" from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. When Kenworthy tuned his equipment to look in the right place, a clear, regular pattern of peaks and troughs appeared on his computer screen. They could be seen to come in two varieties, large and small, directly corresponding to the string of digital 1s and 0s that make up the encryption key.

"You could build an antenna into the side of a van to increase your gain—well, now you've gone from 10 feet to 300 feet." (more) (creepy computerized audio version) (Van Eck)

Info Security in 2 Steps - Train Your Humans, Have Your Technical Vulnerabilities Checked and Patched

There’s a famous saying that “amateurs hack systems, while professionals hack people.” The point is that security technology designed to stop hackers, spies, phishers and frauds are always compromised by timeless human weaknesses: inattention, incompetence and complacency.

Click to enlarge.
The only thing standing between your company’s information systems and the people who are out to compromise them is employees. Technical security vulnerabilities can be patched but humans are always vulnerable. (more) (need patching?)