Tuesday, July 30, 2013

Russian Metro to Track Lost / Stolen Phones

(подталкивать, подтолкнуть, подмигивание)

A major Russian newspaper reported that Moscow’s metro system is planning what appears to be a mobile phone tracking device in its metro stations—ostensibly to search for stolen phones.

According to Izvestia (Google Translate), Andrey Mokhov, the operations chief of the Moscow Metro system’s police department, said that the system will have a range of five meters (16 feet). “If the [SIM] card is wanted, the system automatically creates a route of its movement and passes that information to the station attendant,” Mokhov said.

Many outside experts, both in and outside Russia, though, believe that what local authorities are actually deploying is a “stingray,” or “IMSI catcher”—a device that can fool a phone and SIM into reading from a fake mobile phone tower. (IMSI, or an International Mobile Subscriber Identity number, is a 15-digit unique number that sits on every SIM card.) Such devices can be used as a simple way to see what phone numbers are being used in a given area or even to intercept the audio of voice calls. (more)

Monday, July 29, 2013

World's Biggest Data Breaches - Infographic

A beautiful way to get the point across...

Be sure to visit the interactive original HERE.

And, the winner of Who's Got the Biggest Electronic Ear is...

"According to the Max Planck Institute, you're 100 times more likely to be surveilled by your own government if you live in the Netherlands or you live in Italy," Baker said. 

"You're 30 to 50 times more likely to be surveilled if you're a French or a German national than in the United States." (more)

Israel's Verint to Get Indian Government Contract for Interception Tools

India - Verint's leadership team recently met communications minister Kapil Sibal in Israel and indicated the company's desire to work with the government to intercept all forms of encrypted communications to address India's cyber security needs.

Sibal has also apprised Israel's IT & communications minister Gilad Erdan about engaging Verint to implement an interception solution. "Verint is willing to work with the Indian government to address the issue of intercepting encrypted communications like Gmail, Yahoo-. mail and others. It will shortly co-ordinate with DoT's security wing and CERT-In teams to implement a customized interception solution," says an internal telecom department note, a copy of which was reviewed by ET. (more)

But wait! There's more!

India - Worried over increasing tiger deaths each year and many due to poaching and poisoning, India plans to start round-the-clock electronic surveillance of some of the tiger habitats using high definition cameras. (more)

Surveillance Camera Hack to be Reveled at Black Hat

A US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military, something that could potentially allow hackers to spy on facilities or gain access to sensitive computer networks.

Craig Heffner, a former software developer with the National Security Agency (NSA) who now works for a private security firm, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet...

He plans to demonstrate techniques for exploiting these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas.

ISPs Grossed as Feds Net Passwords

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. (more)

Saturday, July 27, 2013

Wiretap Evidence Included in SAC Capital Case

The evidence of insider trading at SAC Capital Advisors LP includes court-authorized wiretaps, a U.S. prosecutor said at the $14 billion hedge fund’s arraignment in federal court in Manhattan.

The discovery will be voluminous, including a large number of electronic recordings, including electronic messages, instant messages, court-authorized wiretaps and consensual recordings,” Assistant U.S. Attorney Antonia Apps told U.S. District Judge Laura Taylor Swain yesterday about the pretrial evidence-gathering process. “In short, a tremendous volume.” (more)

Friday, July 26, 2013

Double-Edged Sword Zone - Protect Your Office with iSpy (FREE)

iSpy (64-bit) uses your webcams and microphones to detect and record movement or sound and provides security, surveillance, monitoring and alerting services. You can Control cameras with PTZ, one-click or auto upload to YouTube, auto FTP to any servers, Listen to and monitor audio live over the network, connect and monitor as many cameras and microphones as you like, import and export object lists to share with colleagues, connect multiple computers in a group and manage over the web. FREE Download. (free warning sticker - download and print)

Of course, you can see how this could be used against you, and there is no free lunch. The software download is free, but there are $ enhancements ~Kevin

Did You Know... Surprising Spy Facts!

• The new NSA center in Utah is 15 times the size of MetLife Stadium, home to the New York Giants and Jets, and 7 times bigger than the Pentagon. (more) 

• Spy blimps can stay aloft for almost 3 weeks. (more) And, they are coming to Washington, DC (more) (video)

• 1,600 intelligence gatherers working at the Rivanna Station along with NGIC— DIA (Defense Intelligence Agency), NGA (National Geospatial-Intelligence Agency, and the frequently-in-the news National Security Agency (NSA)— call them the "crown jewels" of the Department of Defense intelligence. (more)

• The S&P 500 SPDR (SPY, A) is the oldest and best-known exchange-traded fund. (more) (oops, wrong spy)

• Authorities in eastern Turkey have cleared a small bird detained on suspicions of spying for Israel. (more)

• North Korea to put captured US spy ship on display. (more) 

• The real danger the NSA poses can be found here.

Happy Birthday, CIA

On July 26, 1947, 
President Truman signed the National Security Act, creating the Department of Defense, the National Security Council, the Central Intelligence Agency and the Joint Chiefs of Staff. (more)

Wednesday, July 24, 2013

Hot Stock Tip...

Invest in SPYs Spies.

The string of revelations about America's surveillance apparatus by former National Security Agency contractor Edward Snowden has cast a spotlight on the growing number of American companies involved in electronic spycraft.

It hasn't visibly damped enthusiasm among Silicon Valley investors and military contractors looking for ways to get into a business many see as one of the few growth areas left as U.S. military spending contracts.

Some of the country's most influential venture capitalists and former spy chiefs are investing in companies now providing the government with the sweeping electronic spy system and evolving cyberwarfare programs exposed by Mr. Snowden. (more)

The Other Domestic Spying Scandal

With all the concern about the government spying on us, is it any wonder that couples spy on one another?

Dating site SeekingArrangement.com surveyed over 22,000 Americans and found that 55% admitted to spying on their partners.

In Houston, at least according to the survey, it isn’t that bad. Only 48.8% of the people admitted to spying, which ranks us as the 10th most trusting city in the county. (more)

Business Secrets Leak via Personal Devices

The smartphone revolution opened the floodgates to the BYOD (bring your own device) trend among workers... 

More than half of information workers own the devices they use for work, according to Forrester Research, which surveyed almost 10,000 people in 17 countries, and that proportion is likely to increase, says David Johnson, a senior analyst at Forrester.

The groundswell caused many IT directors to simply throw up their hands.
A study published last November by Kaspersky Lab, a digital-security firm, found that one in three organizations allowed personal cellphones unrestricted access to corporate resources—with troubling consequences. One in five companies in the same survey admitted losing business data after personal devices were lost or stolen. (more)

The pressure is on manufacturers to come up with better security features. 
"Certified for Business Use" has a nice value-added ring to it.

Android Phones - The New Corporate Espionage Tool

Alcatel-Lucent’s Kindsight subsidiary has released figures that show an increase in malicious software (malware) used by hackers to gain access to devices for corporate espionage, spying on individuals, theft of personal information, generating spam, denial of service attacks on business and governments and millions of dollars in fraudulent banking and advertising scams.

“Malware and cybersecurity threats continue to be a growing problem for home networks and mobile devices, particularly for Android smartphones and tablets which are increasingly targeted,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs.

A third of the top 15 security threats are now spyware related, up from only two spyware instances the last quarter,” said McNamee. “MobileSpy and FlexiSpy were already in the top 15 list, but SpyBubble moved up to take the 4th spot, while SpyMob and PhoneRecon appeared for the first time, ranking 5th and 7th respectively.

Mobile spyware in the BYOD context poses a threat to enterprises because it can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage.”

McNamee said it is “surprisingly easy” to add a command and control interface to allow the attacker to control the device remotely, activating the phone’s camera and microphone without the user’s knowledge.

This enables the attacker to monitor and record business meetings from a remote location. The attacker can even send text messages, make calls or retrieve and modify information stored on the device – all without the user’s knowledge.

“The mobile phone is a fully functional network device. When connected to the company’s Wi-Fi, the infected phone provides backdoor access to the network and the ability to probe for vulnerabilities and assets. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."  

Monday, July 22, 2013

SIM Card Flaw Could Allow Eavesdropping on Phone Conversations

Vulnerability in the security key that protects the card could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, a security researcher warns.

Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, Nohl warned. 

Can you decode the code?
"We can remotely install software on a handset that operates completely independently from your phone," warned Nohl, who said he managed the entire operation in less than two minutes using a standard PC. "We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account." (more)

The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant."

Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks. (more)

You’ve Nicked Hackers... Now Expose the Buggers

UK - Phone hacking is a crude but preventable means of invading someone’s privacy.

You can go to jail for it — and many journalists face this risk as they await trial.

By comparison, breaking into a telecoms substation, plugging into a landline and intercepting private phone calls and computer traffic is a really serious crime.

Yet while those journalists were arrested at dawn and charged after long periods on police bail, nobody has been arraigned for bugging despite evidence over many years.

The difference between the two offences is important.

Hacking is opportunistic eavesdropping. Bugging is nothing less than espionage.

Once a bug is attached by stealth, it can monitor every spoken word and keystroke without the subscriber ever knowing. 

Saturday, July 20, 2013

The Wild Wild West - Town to Issue Drone Hunting Permits

Deer Trail, a small Colorado town, is considering a measure that would allow its residents to hunt for federal drones and shoot them down.

“Is it illegal? Of course it is. But it’s also illegal to spy on American citizens,” resident Phillip Steel told CNN in a phone interview. “If they fly in town, we will shoot them down.

Steel said he wrote the ordinance after he learned the Federal Aviation Administration “loosened regulations that would allow the flight of drones in domestic airspace.” (more)

Bug Found in Office of Berlusconi's Judge

An electronic bug was found in the offices of the Italian judges due to hear a final appeal this month by former premier Silvio Berlusconi against a tax fraud conviction, news reports said Friday.

An employee of the Court of Cassation discovered a device used to record or intercept conversations and alerted police Thursday afternoon, the Rome-based Il Tempo newspaper said.

The bug, which was removed by police, did not have any batteries, the daily said. (more)

Friday, July 19, 2013

If You Can Pee, You Can Make a Phone Call

If asked what would be a great power source for mobile phones, it’s a fair bet that most people wouldn't make urine their first choice. But that's exactly what a group of scientists at Bristol Robotics Laboratory in the UK have done. As part of a project to find new ways to provide electricity for small devices in emergency situations and developing countries they have created a new fuel cell system powered by pee.

 The key to this rather unorthodox way of powering a phone is a microbial fuel cell (MFC) that converts organic matter directly into electricity. Inside the MFC, there are a mixture of ordinary anaerobic microorganisms that release electrons as they feed – in this case, on the urine. (more)

Thus giving a whole new meaning to streaming media. (rimshot!) Gee whiz.

Mobile Security Apps Perform Dismally Against Spyware

via Josh Kirschner at Techlicious...
Mobile spyware can have a devastating effect on your life; the constant fear that a spouse, significant other or even employer is following your every move, knows everything about your life and has completely removed any vestige of privacy...

And spyware is not as rare as you may think. According to mobile security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual. Sophos reports a similar .2% infection rate from spyware. If those numbers hold true for Android users in general, that would mean tens of thousands could be infected.

I set out to test the leading Android anti-malware vendors to see how they fared at protecting us against the threat of spyware...

The results, generally speaking, were dismal. Of twelve products I tested, none was able to detect more than two-thirds of the samples. Many missed half or more of the spyware apps. And, surprisingly, the potential spyware apps least likely to be detected were those widely available in Google Play. (more)

Josh did an excellent job researching this topic and we thank him for publicly exposing the flaws. 

Now, what can be done about really detecting spyware?

Murray Associates was approached by two clients several years ago who had come to the same conclusion as Josh via their own research. They asked us to develop a solution – based on the following conditions:
  1. The solution must make quick and reasonable spyware evaluations. 
  2. No special forensic tools should be required. 
  3. No special skills should be necessary.
  4. No assistance should be necessary once the initial training is over. The phone owner must be able to conduct the test him- or herself—anytime, anyplace.
  5. Advancements in spyware software and cell phone hardware should not render the test ineffective.

The results of this project are published in the book, "Is My Cell Phone Bugged?", and are used in SpyWarn 2.0, a unique Android spyware detection app.

Android Malware that Gives Hackers Remote Control is Rising (Technical but important news.)

via... Sean Gallagher - Ars Technica 
Remote access tools have long been a major part of targeted hacker attacks on individuals and corporate networks. RATs* have been used for everything from hacking the e-mail boxes of New York Times reporters to capturing video and audio of victims over their webcams. Recently, wireless broadband and the power of smartphones and tablets have extended hackers’ reach beyond the desktop. In a blog post yesterday, Symantec Senior Software Engineer Andrea Lelli described the rise of an underground market for malware tools based on Androrat, a remote administration tool that can give an attacker complete control over devices running the Android OS.

Androrat was published on GitHub in November 2012 as an open source tool for remote administration of Android devices. Packaged as a standard Android application (in an APK file), Androrat can be installed as a service on the device that launches at start-up or as a standard “activity” application. Once it’s installed, the user doesn’t need to interact with the application at all—it can be activated remotely by an SMS message or a call from a specific phone number.

The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.

Hackers have taken Androrat’s code and run with it. Recently, underground marketplaces for malware have begun to offer Androrat “binder” tools, which can attach the RAT to the APK files of other legitimate applications. When a user downloads what appears to be a harmless app that has been bound to Androrat, the RAT gets installed along with the app without requiring additional user input, sneaking past Android’s security model. Symantec reports that analysts have found 23 instances of legitimate apps that have been turned into carriers for Androrat. The code has also been incorporated into other “commercial” malware, such as Adwind—a Java-based RAT that can be used against multiple operating systems.

Lelli said that Symantec has detected “several hundred” cases of Androrat-based malware infections on Android devices, mostly in the US and Turkey. But now that binders are available to anyone willing to pay for them, the potential for infection to spread is growing rapidly. (more)

*Spybusters Countermeasure: Android app SpyWarn detects RAT spyware activity. (http://tinyurl.com/SpyWarnApp)

New Jersey Supreme Court Restricts Police Searches of Phone Data

Staking out new ground in the noisy debate about technology and privacy in law enforcement, the New Jersey Supreme Court on Thursday ordered that the police will now have to get a search warrant before obtaining tracking information from cellphone providers.

The ruling puts the state at the forefront of efforts to define the boundaries around a law enforcement practice that a national survey last year showed was routine, and typically done without court oversight or public awareness. With lower courts divided on the use of cellphone tracking data, legal experts say, the issue is likely to end up before the United States Supreme Court. (more)

Thursday, July 18, 2013

If You Think The NSA Is Bad, Wait To You See South Korea’s Surveillance State

SEOUL, South Korea — Americans are apparently blasé about government eavesdropping.

In the days after former National Security Agency contractor Edward Snowden revealed that Washington spies extensively on its own citizens, polls found that about half of Americans have no problem with such snooping, as long as it protects them from terrorism.

But a scandal unfolding here in South Korea illustrates how such domestic snooping can easily harm a democracy. The imbroglio has sparked student protests and candlelight vigils around Seoul... (more)

NSA Leak Highlights the Power of Spying - Irish Eyes Aren't Smiling

Ireland - Entrepreneurs are worried. Not because they have something to hide from US authorities, but for fear of breaking contractual liability

"I'm currently setting up two businesses here," said Jude Braden, who employs 12 people in Dublin-based data-related businesses. "My problem is that under Irish and EU law, I have a duty to protect the data of my clients. I can potentially be sued if my clients' data gets out into the public domain. But the events of recent weeks and months puts me in a position where I may not be able to fulfill the terms of that obligation."
 Espionage and industrial skullduggery have long been connected, said Conor Flynn, founder of Isas, a Dublin- IT security firm... "There has always been suspicions among American industrialists when they travel to China that they would be monitored for espionage purposes.

Dublin-based IT security expert Brian Honan agrees. "You don't bug German embassy offices if you're looking for Al-Qai'da," said Honan. "When the US plants bugs in EU embassies it is clearly targeted at trade talks and industrial interests."

Conor and Brian are correct. Industrial skullduggery, and bugging, are key espionage tactics – and, they are not the tools of governments alone. Tried and true spy methods still work in the business world.  (more)

Tuesday, July 16, 2013

Bremont Codebreaker Crypto Watch Turns Position of Earth into a Usable Measurement

The Bremont Codebreaker is a limited edition chronograph that uses original artifacts from the famous cryptographic facility to commemorate British code breaking efforts during the Second World War.

Bletchley Park was one of the best kept secrets of the Second World War and remained so for decades after until the story was made public in 1974. The ancient estate with its Victorian mansion was the headquarters for the Government Code and Cipher School (GC&CS), where 9,000 scientists, mathematicians and others were tasked with decrypting enemy ciphers from the German Enigma and Lorenz machines. It was where Alan Turing laid the foundations for modern computer science and artificial intelligence and was the birthplace of Colossus, the world’s first programmable electronic computer.

The efforts of the team at Bletchley Park were perhaps the greatest single strategic advantage of the Allies and may have shortened the war by two years. The Codebreaker is meant to not only act as a commemoration piece, but also a physical container of some of that story. According to Bremont, the Codebreaker was Inspired by a classic 1940’s officers watch and that 240 steel Codebreaker watches will be created along with 50 rose gold watches. Each numbered watch has a flyback Chronograph GMT automatic movement and is made from materials directly related to the code breaking efforts. (more)

Keeping the NSA in Perspective

by George Friedman, Stratfor
In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn't win.

The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan's naval code and thus knew a great deal of the country's battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently. (more)

George Friedman is the Chairman of Stratfor, a company he founded in 1996 that is now a leader in the field of global intelligence.

Hackers Turn Verizon Box into Spy Tool

Researchers at iSec hacked into a Verizon network extender, which anyone can buy online, and turned it into a cell phone tower small enough to fit inside a backpack capable of capturing and intercepting all calls, text messages and data sent by mobile devices within range...

"The level of technical skill that you need to break into one of these, people are learning college. 

A malicious person could put one of these, with a battery, in a backpack, and go downtown - to a place like Times Square or Wall Street...

Frankly, these devices scare us. It is not the NSA tapping ordinary people. It is about ordinary people attacking ordinary people." (more)

Note: Verizon says they fixed this particular issue.

Warning: Femtocells in general, however, offer a new playground to hackers and criminals alike. Cut back on your confidential transmissions in densely populated areas.

Saturday, July 13, 2013

Attack of the Cyber Mercenaries

A British intelligence report says that other nations are hiring hackers to launch attacks against their enemies, a trend it described as particularly worrying.

Have board, will travel. ~K3y5LingR
The warning over cyber mercenaries came in an annual report published by Britain's Intelligence and Security Committee, a watchdog body of senior lawmakers that oversees Britain's spy agencies. (more)

Friday, July 12, 2013

Watergate Redux

The Dallas, Texas offices of law firm Schulman & Mathias were broken into two weeks ago by two burglars caught on surveillance camera. The two stole three computers. Damon Mathias, a partner at the firm, said

Attorneys said the burglars may have been hired to steal documents related to State Department whistleblower Aurelia Fedenisn, who is represented by the firm...

In early June, Fedenisn gave CBS News a draft State Department Inspector General report which offered the details of allegations that alleged sex crimes involving diplomats — including one U.S. ambassador who allegedly visited prostitutes — were ignored by State Department top officials. (more)

Time to sweep the office.

Monday, July 8, 2013

Free Webinar - Corporate Espionage via Mobile Device

Corporate Espionage via Mobile Device
Wednesday, July 10, 2013
02:00 PM Eastern DT (11:00 AM Pacific)
Duration: 45 Min

We discuss the topic of mobile risk and espionage via compromised mobile device. viaForensics' Director of R&D Thomas Cannon recently demonstrated "Corporate Espionage via a Mobile Device" as a proof of concept attack. In this demonstration, an innocent application is leveraged to harbor malware and exfiltrate data from a mobile device. The attacker is able to remotely activate phone features such as the camera and microphone, and the device can be used to bypass corporate defenses and infiltrate a corporate network. (Register)

Saturday, July 6, 2013

How Eavesdropping Was Punished in Medieval Times

via - theweek.com 
The problem of eavesdropping dates back to the 1370s, according to one historian.

When people live together in small communities, they can be a great source of comfort and support to each other — but they can also really get on each other's nerves. Every community must figure out the best way to keep conflict to a minimum. In the late middle ages, English village courts tried to maintain equilibrium by imposing punishment for eavesdropping, scolding, and noctivagation (aimless night wandering), three offenses, as Marjorie McIntosh explains in her book Controlling Misbehaviour in England, 1370-1600, "often said in local records to be damaging to local harmony, goodwill, and peaceful relations between neighbors."

The term "eavesdropping" originally came from Anglo-Saxon laws against building too close to the border of your land, lest the rain running off your roof, the yfesdrype or "eaves drip," mess up your neighbor's property. "Eavesdropper" became the word for a person who stands within range of the eaves drip — too close — in order to listen in on what was going on inside the house...

Eavesdropping was best carried out under cover of darkness, hence the suspicion under which noctivagators, or "nightwalkers," were held. Anyone found to be wandering round at night without a good reason was assumed to be eavesdropping...

The problem with eavesdropping wasn't so much about notions of rights to privacy as about people who "perturbed the peace" by using the information they gained through eavesdropping to sow discord. Getting the goods on your neighbors might lead to scolding — verbally attacking, berating, stirring things up. Where eavesdropping might get you fined, the punishment for scolding could be much worse. Repeat scolders might get dunked in the water on the "cucking-stool" until they were thoroughly soaked and humiliated, or made to wear a "scold's bridle," an iron muzzle with a spiked gag to keep the tongue from moving.

..."for a good two hundred years, beginning in the 1370s, the medieval cocktail of eavesdropping and tale-telling comprised about 8 percent of all social crimes." (more)

"That ain't my phone." (Extra penalty point.)

Maryland Terrapins running back Wes Brown was arrested on charges of second-degree assault, theft under $1,000, and illegal use of wiretapping on Wednesday, Baltimore Police confirmed.

Police were attempting to question Brown as a person of interest in the investigation of a non-fatal shooting, police say, when the sophomore assaulted the officer and ran away. They say Brown was recording his conversation with the officer on a cellphone in his pocket, without the officer’s knowledge – a felony in the state of Maryland.

University of Maryland Police say the cell phone Brown used to record the officer was stolen. (more)

Living in La La Land - Where Nobody Spies

Canada's top corporate executives remain relatively unconcerned that their businesses are vulnerable to cyber attacks.

The latest C-Suite survey of business leaders shows that cyber-security is not a serious worry for a majority of those sitting in the nation’s corner offices.

Only 40 per cent say they are very or somewhat concerned about cyber-security threats to their companies. Even fewer say they think that businesses like theirs will likely be a target of an attack on the corporate computer system. 

And more than 90 per cent of those who responded are confident in their organization’s efforts to protect their business from these threats... (more)

A voice in the wind...
Greg Hawkins, CEO of Yellowhead Mining Inc., agrees that companies should not be complacent... Firms that think they have the situation completely under control “are living in la la land,” he said.

Friday, July 5, 2013

TSCM Bug Sweep Cost Question & Infrared Instrumentation Example

Security Director: "When I ask for TSCM bug sweep quotes I get some prices which seem incredibly low. Shouldn't everyone be in the same ballpark?"

Answer: There are many reasons for this. Most revolve around skimping by the vendor — on everything from insurance to training to instrumentation.

Let's look at one representative example, thermal imaging...

Most TSCM providers these days offer thermal imaging as a detection technique. The skimpers use ineffective, cheap cameras – just so they can claim this capability. It is a dishonest marketing ploy which lets skimpers "say" they are in the game.

• Outdated and low-end utility thermal cameras are available on ebay for less than $2,000.
• High-sensitivity / resolution thermal cameras cost between $25,000-$50,000.

DIY Test:
A TSCM-capable infrared thermal camera will clearly show heat from a fingerprint after an object has been lightly and briefly, touched.

Generally speaking, low-cost equals low probability of detection. Effective TSCM service costs are driven by capital / educational investment... and sincere commitment.

Moral: A cheap sweep is worse than no sweep. Bugs aren't eliminated, just your sense of caution, and budget.

[sotto voce] If you like cartoons, hire a clown.

Security Alert: 'Master key' to Android Phones Uncovered

If exploited, the bug would give attackers access to almost any Android phone.

A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.

Upon hearing the bad news Android wets itself.
The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

The loophole has been present in every version of the Android operating system released since 2009.

Google said it currently had no comment to make on BlueBox's discovery...

The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves. (more)

The race is on between Google and The Cyber-thieves. We'll keep you posted. ~Kevin

Surveillance Humor

Eavesdropping... scanning... watching... 
Friday July 5, 2013 5:52 PM By Walt Handelsman


Thursday, July 4, 2013

Secret Recording of Rupert Murdoch's Staff Meeting Published

A recording from March earlier this year, obtained by investigative website Exaro, shows the 82-year-old... raging against the police and claiming that the inquiry into corrupt payments to public officials has been blown out of proportion.

Throughout the recording, which lasts about 45 minutes, the News Corp boss repeatedly accuses the police of incompetence - of being "unbelievably slow" he says at one point.

He belittles the corrupt payments issue. And for anyone convicted over it... (more)

Isn't it time to sweep your boardroom?

How to Use Public Wi-Fi More Securely

via Eric Geier, PCWorld
  • Every time you log in to a website, make sure that your connection is encrypted. The URL address should start with https instead of http.
  • You also need to make sure that the connection stays encrypted for all of your online session. Some websites, including Facebook, will encrypt your log-in and then return you to an unsecured session—leaving you vulnerable to hijacking, as discussed earlier.
  • Many sites give you the option of encrypting your entire session. You can do this with Facebook by enabling Secure Browsing in the Security settings.
  • When you check your email, try to login via the Web browser and ensure that your connection is encrypted (again, look for https at the beginning of the URL). If you use an email client such as Outlook, make sure your POP3 or IMAP and SMTP accounts are configured with encryption turned on.
  • Never use FTP or other services that aren’t encrypted.
  • To encrypt your Web browsing and all other online activity, use a VPN, or virtual private network (this article will show you how).
  • Keep in mind that private networks have similar vulnerabilities: Anyone nearby can eavesdrop on the network. Enabling WPA or WPA2 security will encrypt the Wi-Fi traffic, obscuring the actual communications, but anyone who also has that password will be able to snoop on the packets traveling over the network. This is particularly important for small businesses that don’t use the enterprise (802.1X) mode of WPA or WPA2 security that prevents user-to-user eavesdropping. (more)

Major Privacy Breach Discovered on Motorola Phones

An independent security researcher published proof this week that Motorola phones with the Blur service installed are sending a myriad of credentials and private information silently to Motorola servers, as well as communicating via a modified version of the Jabber protocol in a format reminiscent of botnet command-and-control.

The disclosure - which featured packet captures, screen shots, and a full analysis of all of the data being sent - includes reproduction instructions for anyone concerned about their Motorola phone behaving in a similar manner. 

Impacted phone owners appear to have little recourse at this time, as the service responsible for this information disclosure cannot be removed without rooting the phone and installing a stock version of Android. (more)

Espionage is No Secret

Governments around the world are responding with outrage about the revelations from National Security Agency traitor Edward Snowden...

Are they really that outraged? Not likely. Only the childishly naïve would believe foreign governments were unaware of international espionage. Not only is the U.S. spying on foreign governments, including their allies, virtually every government in the world is engaged in espionage against every other government accessible to them...

Think allies don’t spy on each other? Think again... There isn’t room on this page to list the espionage activities of nations like China. For the curious, simply type, China espionage into any Internet search engine. (About 77,100,000 results)

The tactics used in the espionage world shock and surprise polite society because they seem underhanded and dishonest. And, usually, they are. Just as importantly, they are usually necessary evils. (more)

Your tax dollars at work, really.

The Surveillance Group Ltd Denies Bugging the Ecuadorian Embassy

British security firm Surveillance Group Ltd has denied bugging the Ecuadorian Embassy in London.
"We have this morning heard an accusation the source of which is apparently Ricardo Patino, the Ecuadorian Foreign Minister suggesting that we have bugged the Ecuadorian Embassy.
This is completely untrue. The Surveillance Group do not and have never been engaged in any activities of this nature.
We have not been contacted by any member of the Ecuadorian Government and our first notification about this incident was via the press this morning.
This is a wholly untrue assertion."
– Timothy Young, CEO, Surveillance Group Ltd. (Press Release - 04/07/2013)

We are waiting see if the embassy produces some substantial evidence to support their claim. After all, "What is in a name?" R&J (II, ii, 1-2)

Wednesday, July 3, 2013

Hidden Microphone Found at Embassy Where Julian Assange Resides

A hidden microphone has been found inside the Ecuadorean embassy in London, where the WikiLeaks founder Julian Assange is holed up, according to the country's foreign minister.

Ricardo Patiño said the device had been discovered a fortnight ago inside the office of the Ecuadorean ambassador, Ana Alban, while he was in the UK to meet Assange and discuss the whistleblower's plight with the British foreign secretary, William Hague.

"We regret to inform you that in our embassy in London we have found a hidden microphone," Patiño told a news conference in Quito on Tuesday.

"I didn't report this at the time because we didn't want the theme of our visit to London to be confused with this matter," he said.

"Furthermore, we first wanted to ascertain with precision the origin of this interception device in the office of our ambassador." (more)

Good luck.

In other news...
French company Spotter has developed an analytics tool that claims to have up to 80% accuracy in identifying sarcastic comments posted online.

Spotter says its clients include the Home Office, EU Commission and Dubai Courts. (more)

We retract the last comment.

Monday, July 1, 2013

U.S. Looks to Blunt Corporate Espionage

The U.S. could be signaling stepped-up prosecution of Chinese companies accused of stealing trade secrets as it filed criminal charges against one of China's largest wind-turbine manufacturers and two of its executives, experts said.

"Maybe five years ago, it was sexier to chase drug cases than trade-secret cases," said Benjamin Bai, a partner at Allen & Overy in Shanghai. However, "the political climate is brewing the perfect storm in the U.S. for prosecutions to increase."

A recent law strengthening the U.S. Economic Espionage Act will likely encourage more prosecutions, said Mr. Bai, who has represented U.S. clients on intellectual-property issues. (more)

European Commission Conducts Bug Sweeps

The European Commission will sweep its offices for electronic listening devices and other security breaches following revelations of alleged U.S. surveillance programs targeting European leaders, a commission spokeswoman said Monday.


The allegations, reported Sunday by the German news magazine Der Spiegel, threaten to derail negotiations on a variety of issues with the United States, French President Francois Hollande said Monday...

Hollande's comments and the planned security sweep come amid building outrage in Europe over allegations that the National Security Agency had bugged EU offices in Washington and New York and conducted an "electronic eavesdropping operation" that tapped into an EU building in Brussels, Belgium. (more)


The European Union has ordered a worldwide security sweep of all its premises following reports US intelligence has bugged its offices in Washington, Brussels and the United Nations. Jose Manuel Barroso, president of the EU's Executive Commission, "has instructed the competent commission services to proceed to a comprehensive ad hoc security sweep and check" in light of the most recent spying allegations leveled at the US, spokeswoman Pia Ahrenkilde Hansen told reporters. (more)
Note: It is generally standard practice for government agencies (and at-risk businesses) to conduct Technical Surveillance Countermeasures (TSCM, or bug sweeps) on a regular basis. Check with your Security Department to see if your office is being inspected regularly.

Wi-Vi Sees Movement Behind Walls Using Cheap Wi-Fi Tech

A new system allows researchers to track up to three separate people through a wall, solely with the help of low-power Wi-Fi signals.

The Wi-Vi system relies on two antennas to broadcast Wi-Fi signals and a receiver to read them, according to the researchers’ paper. The Wi-Fi signals degrade in quality each time they pass through a wall, so the receiver must be prepared to pick up on very weak signals. It is also quickly overwhelmed if there are too many to sort through...

Researchers think the Wi-Vi system could also be used to find survivors in destroyed buildings or count and track criminals. Compared to previous military-oriented tracking systems, Wi-Vi is cheap, compact and lightweight, which makes it practical for consumer uses such as personal safety. (more)

What does espionage look like in the 21st century?

A short interview (10:17) on the BBC...

(audio - available until 7/7/13)