Sunday, March 31, 2013

Cell Phone Tracking v. Right to Privacy - To be Decided

A secretive technology which lets police locate and track people through their cellphones in alleged violation of the US constitution will be challenged in a potential landmark court case... 

The American Civil Liberties Union hopes to rein in the little known but widespread "stingray" surveillance devices which it claims violate the fourth amendment and the right to privacy.

The group will urge a federal court in Arizona to disregard evidence obtained by a stingray in what could be a test case for limiting the technology's use without a warrant. (more) (much more)

Digital Cameras Easily Turned into Spying Devices

Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them.

But, as proven by Daniel Mende and Pascal Turbing, security researchers... these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices.

Mende and Turbing chose to compromise Canon's EOS-1D X DSLR camera an exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it. uploading porn to the camera, or turning it into a surveillance device. (more) (video presentation - long and boring)

Solution in a nutshell... Before purchasing any Wi-Fi enabled device, make sure it supports encryption.

Range Wars Redux - Animal Welfare Group Drones v. Cattlemen

Australia - Farming bodies have criticized an animal welfare group's plan to use a drone to film farming practices on properties around Australia, with one saying the drone would be shot down.

Animal Liberation has purchased a surveillance drone equipped with a powerful camera. The group says the drone can film from as low as 10 metres above the ground to gather potential evidence of animal abuse.

Click to enlarge
Spokesman Mark Pearson says the practice will not contravene trespass or privacy laws. He says animal welfare is in the public interest...

But the head of the Northern Territory Cattleman's Association, David Warriner, disagrees... Mr Warriner says he expects some farmers would shoot down the drones. (more)

Yo, Warriner! The war already started...
A remote-controlled aircraft owned by an animal rights group was reportedly shot down near Broxton Bridge Plantation Sunday near Ehrhardt, S.C. (more) (much more)

Saturday, March 30, 2013

How to Have Safe Specs - Just Say No

Amidst rising concerns about cyber spying and a House Intelligence Committee report last October, Sprint and Softbank have said they will not use any equipment from China-based Huawei Technologies.

The two companies are preparing for a merger, which is being overseen by the US government. The government has asked only to be informed when these two companies buy new equipment and where they buy it.

Mike Rogers, a Michigan Republican who leads the House Intelligence Committee, has confirmed these two companies have made this pledge.

I … was assured they would not integrate Huawei into the Sprint network and would take mitigation efforts to replace Huawei equipment in the Clearwire network,” said Rogers in a statement on Thursday. (more)

Putin on the Quits

Russian President Vladimir Putin jokingly told members of the All-Russia People's Front, a political movement he started, that he's stopped eavesdropping since he left the KGB, because it's not a nice thing to do, Russia’s RIA reported on Friday. (more) (rimshot)

Better Eyes for Flying Robots - A Runaway Hit

New systems could improve the vision of micro aerial vehicles.

Aerial robotics research has brought us flapping hummingbirds, seagulls, bumblebees, and dragonflies. But if these robots are to do anything more than bear a passing resemblance to their animal models, there is one thing they’ll definitely need: better vision.

In February, at the International Solid-State Circuits Conference (ISSCC) in San Francisco, two teams presented new work (PDF) aimed at building better-performing and lower-power vision systems that would help aerial robots navigate and aid them in identifying objects.

Dongsuk Jeon, a graduate student working with Zhengya Zhang and IEEE Fellows David Blaauw and Dennis Sylvester at the University of Michigan, in Ann Arbor, outlined an approach to drastically lower the power of the very first stage of any vision system—the feature extractor.  (more) (A "Runaway" hit from 1984.) 

FutureWatch: Mosquito-bots custom programmed to deliver injections (stun / drug / poison / etc.) based on recognition algorithms?

Friday, March 29, 2013

FutureWatch Update - Skype Tapping

When we last left Skype...

Was Skype reworked by Microsoft to make it easier to wiretap?

Hey kids, we bought and fixed Skype just for you!

In today's episode... 

Since its acquisition of Skype in May 2011, Microsoft has added a legitimate monitoring technology to Skype, says Maksim Emm, Executive Director of Peak Systems. Now any user can be switched to a special mode in which encryption keys will be generated on a server rather than the user's phone or computer.

Access to the server allows Skype calls or conversations to be tapped. Microsoft has been providing this technology to security services across the world, including Russia.

Group-IB CEO Ilya Sachkov said that the security services have been able to monitor the conversations and location of Skype users for a couple of years now.

"This is exactly why our staff are not allowed to discuss business on Skype," he said. (more)

Thursday, March 28, 2013

Security Director Tip of the Month - More Secure Conferencing Calling

Over the years, you have read many posts here about organizations being victimized by eavesdroppers on their conference calls. I am expecting you will see fewer in years to come...

CrowdCall, a specialized conference-calling app available for iOS and Android smartphones and the web. 

Instead of scheduling a dial-in line, e-mailing all parties involved and then hoping everyone calls at the appointed time, CrowdCall's interface lets users choose up to 20 participants from their contacts list and LinkedIn connections and dial them immediately (assuming the contacts have added their phone number to their LinkedIn profiles). When participants answer, they simply push "1" to enter the conference--they don't even need to have the app to participate. feature in particular makes it attractive to small businesses. Because the call originator controls invitations, unauthorized participants can't use dial-in information to access the call, providing a measure of security when discussing sensitive information. (more)

Wednesday, March 27, 2013

Cell Phone Fingerprinting - GPS Tells WHO You Are

Can you be identified only by where you take your phone? Yes, according to a new study, which finds it's not very hard at all.

While most of us are free to go wherever we want, our daily and weekly movement patterns are pretty predictable. We go to work, to school, to church, to our neighborhood gym, grocery store or coffee shop, and we come home -- all quietly tracked by the GPS in our phone.

Click to enlarge.
And with nothing more than this anonymous location data, someone who wanted to badly enough could easily figure out who you are by tracking your smartphone. Patterns of our movements, when traced on a map, create something akin to a fingerprint that is unique to every person.

"Four randomly chosen points are enough to uniquely characterize 95% of the users (ε > .95), whereas two randomly chosen points still uniquely characterize more than 50% of the users (ε > .5). This shows that mobility traces are highly unique, and can therefore be re-identified using little outside information."

Those are the findings of a report by researchers from MIT and elsewhere, published this week in the journal Scientific Reports. (more)

Hello Federal! Give Me No Second Hand

Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. 

But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a “top priority” this year.

Last week, during a talk for the American Bar Association in Washington, D.C., FBI general counsel Andrew Weissmann discussed some of the pressing surveillance and national security issues facing the bureau. He gave a few updates on the FBI’s efforts to address what it calls the “going dark” problem—how the rise in popularity of email and social networks has stifled its ability to monitor communications as they are being transmitted. It’s no secret that under the Electronic Communications Privacy Act, the feds can easily obtain archive copies of emails. When it comes to spying on emails or Gchat in real time, however, it’s a different story. (more)

Sunday, March 24, 2013

Bugged Van, Other Man, "I'll kill him"... "Just kidding."

A 44-year-old Howell man is facing felony charges after allegedly installing an eavesdropping device in his wife's van in an attempt to catch her in an extramarital affair.

Livingston County Sheriff Bob Bezotte said Friday that the case came to police attention when the 48-year-old woman's alleged boyfriend, 21, called to ask if installing such devices is illegal. He told police that he felt his privacy had been violated after learning that the device captured him and the wife being "passionate," the sheriff said.

Bezotte said the defendant allegedly threatened to kill the 21-year-old boyfriend and threatened to "make him lose his coaching position." The sheriff (said) the defendant claimed that he was "mad and kidding" when he made the comments. (more)

Friday, March 22, 2013

Zombie Privacy Bills Struggle to Become Laws

Just two days after new legislative reform on e-mail privacy was re-introduced in Congress, another privacy bill was brought back from years past.

On Thursday, three members of the House (two Republicans and a Democrat) and two bipartisan senators introduced the GPS Act, which would require law enforcement to obtain a probable cause-driven warrant before accessing a suspect’s geolocation information. The bill had originally been introduced nearly two years ago by the same group of legislators. 
The new GPS bill as it stands (PDF) contains exceptions for emergencies, including "national security" under the Foreign Intelligence Surveillance Act, but otherwise requires a warrant for covert government-issued tracking devices. The proposed penalty for violating this new provision could come with fines and/or five years in prison.

Thursday, March 21, 2013

From the Security Scrapbook Archives - 2003

Here is what the Security Scrapbook looked like 10 years ago... (Some links are now dead.)

"They're GR-R-REAT!®"When the CIA's secret gadget-makers invented a listening device for the Asian jungles, they disguised it so the enemy wouldn't be tempted to pick it up and examine it: The device looked like tiger droppings. The guise worked. ... The CIA's Directorate of Science and Technology is celebrating its 40th anniversary by revealing a few dozen of its secrets for a new museum inside its headquarters near Washington. Keith Melton, a leading historian of intelligence, calls it "the finest spy musuem you'll never see." It is accessible only to CIA employees and guests admitted to those closed quarters.
See the e-poop at...!/artifact/17


...but not good for the gander-er.Last week, Jackson and his lawyer learned they were secretly videotaped by a camera hidden aboard the plane when Jackson traveled from Las Vegas to Santa Barbara to turn himself in. The discovery triggered an FBI investigation and a lawsuit by Jackson against the charter jet company. (Charter companies might record passenger cabin video to document any damage done by... oh say... rock stars who might party too hearty and cause damage.)

It's Plain View Doctrine, not Plane View Doctrine, Jimmy.A man claiming to be a news and photo agency reporter was arrested after Jackson's security staff found him aboard the entertainer's private plane while Jackson was surrendering to authorities.

NSS...Sheriff's officials said several wireless microphones discovered outside their headquarters could be the latest of several attempts by journalists to surreptitiously get information on the Michael Jackson molestation case. The devices were found in a brushy area where Sheriff's Department employees frequently take breaks and where reporters are not normally allowed. Officials did not say when they discovered the microphones.

I always feel like
Somebody's watching me
Can I have my privacy
(...and Moon Walk stage left)
Michael Jackson thinks authorities may be spying on him in his own home. The Gloved One is said to be so fearful that his Neverland ranch has been bugged, he's even looking at his teddy bears suspiciously. A Jackson insider tells us the singer believes that law-enforcement officers may have planted electronic surveillance devices in his mansion last month when they spent 12 hours searching the grounds for evidence that he molested a 12-year-old boy. "He ordered a sweep of the entire place," said the source. "They're even running the teddy bears through radio-frequency sensors to see if there might be transmitters inside." (Somebody's Watching Me - lyrics)

The plot thickens...COURT TV anchor Diane Dimond, who reported on the first days of the Michael Jackson sex case a decade ago, is the latest to be caught up in a Hollywood phone-bugging scandal. Dimond said yesterday that authorities have informed her that wiretaps on her phone from 1994 are part of evidence seized by the FBI last year from the computer of Hollywood private eye Anthony Pellicano. Dimond was a reporter for "Hard Copy" in 1993 in the first days after the story broke of a youngster accusing Jackson of sexually molesting him. Pellicano worked for Jackson's attorney, Harold Weitzman. (Have a feeling we'll hear more about Mr. Pellicano?)

SPECIAL SECTION -- "Teach your children well..."

In the 1960's...
Children were influenced by spy movies, TV shows and associated toys in a positive way. The 'spies' rarely spied. They were heros. They fought against evil-doers. They did "good." (Secret Agent / Danger Man, The Man from U.N.C.L.E., I Spy, James Bond - 007, Mission Impossible, The Prisoner, The Saint, The Avengers...)

By the 1980's...The spies' toys had become the heros. Eavesdropping, snooping and general spying had become "cute."

Some people recognized this and raised editorial warning flags..."In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood are unwittingly being cultivated." - from the article, You'd Better Watch Out! This is the Year of Spying Kits for Kids, Gary T. Marx, The Los Angeles Times, 1988.

By the 21st century..."Competitive Intelligence" had become an established job description. Corporate eavesdropping and espionage inspections had become a routine necessity for survival. And Murray Associates ( celebrated 25 years in business with one specialty - eavesdropping auditing.

Today...Kiddy eavesdropping, snooping and general spying toys are now theme-corporations, e.g. Wild Planet's Spy Gear, Undercover Girl and Girl Tech. Even the venerable "Discovery Channel" offers twelve children's spy toys for sale, including a "Night Spy Dart Launcher" for "ages 5+" !!!

Logical Conclusion...Toys teach.
We reap what we sow.


Call a pay phone on the observation deck of the Eiffel Tower, Paris, France and see who answers. +33 (0)1 47 53 75 68

Really Really Bored?There were two old men, one a retired professor of psychology, and the other a retired professor of history. Their wives had talked them into a two week stay at a hotel in the mountains. They were sitting around on the porch of the hotel watching the sun set. The history professor said to the psychology professor, "Have you read Marx?"
To which the professor of psychology said,
"Yes, I think it's the wicker chairs!"


Wednesday, March 20, 2013

World's Smallest Video Cameras

Typical applications are medical endoscopy, dental imaging, surgical robots, guide wire visualization, intubation equipment visualization, disposable equipment ...and some spy applications to be sure. 

P.S. The one on the coin is a 3-D camera!

Criminals Spy Ops in Mexico

via a Blue Blaze irregular...
"I thought this might interest you. The Mexican drug cartels continue to exploit and develop their SIGINT capabilities. The criminals who specialize in surveillance against the police are called "Hawks" or "Falcons" and generally perform both physical surveillance of patrol units and radio monitoring. This particular group was arrested for monitoring police radio calls and giving gang members early warning of significant movement and potential raids in Veracruz." (more)

More background...
"Years ago I was hearing some RUMINT that a major European communication company (that also supplies the US Military) was selling high tech radio equipment to Mexican drug cartels." (more) (more)

Saturday, March 16, 2013

"Hey kids, hack it for your Uncle Sam!"

Bored with classes? 

Carnegie Mellon University and one of the government’s top spy agencies want to interest high school students in a game of computer hacking.

Their goal with “Toaster Wars” is to cultivate the nation’s next generation of cyber warriors in offensive and defensive strategies. The free, online “high school hacking competition” is scheduled to run from April 26 to May 6, and any U.S. student or team in grades six through 12 can apply and participate.


David Brumley, professor of computer science at Carnegie Mellon, said the game is designed to be fun and challenging, but he hopes participants come to see computer security as an excellent career choice. (more)

P.S. Registration is now open!

Casino CCTV Commandeered in $32 Million Sting

Australia - Thieves have infiltrated Crown casino's surveillance system to pull off a $32 million sting.

A foreign high roller who was staying at Crown has been implicated in the rip-off, in which the venue's security cameras were used to spy for him

 (more) (as predicted)

Thursday, March 14, 2013

Spy Camera Glasses - Austin Powers is Thrilled

Question Mark & the Mysterians may sue... 

from the manufacturer...
"Ankaka launches Innovative Spy Camera Glasses Espionage. The high tech spy gadget manufacturer Ankaka is back!

This time they bring people the Spy Camera Glasses espionage-spy-camera-sunglasses; Very stylish and comfortable to use, this latest make of high quality spy gadgets enables people to walk around with no worries as people spy on their subject..." (more) (video)

Enough already. This insults the word covert. It's time to stop applying the word "spy" to everything. (grab your glasses and sing-a-long)

Chinese Launch Espionage Investigation Against Coca-Cola

Chinese authorities have opened an espionage investigation against Coca-Cola Co. for allegedly making illegal maps of restricted areas in China, according to a South China Morning Post report Thursday. 

"What we can say for now is that many subsidiaries of Coca-Cola are involved and this happens in many provinces," the report quoted an unidentified Chinese official as saying, adding that the Ministry of State Security was involved in the probe. 

Among the issues was the use of hand-held GPS devices to collect sensitive geographic information in Yunnan province, the report said. 

It quoted a Coca-Cola statement Wednesday as saying the company was "cooperating fully" with the investigation, and that GPS devices involved used "digital map and customer logistic systems commercially available in China." (more)

How to keep dragons at bay... (click)

Pwn Pad - Use it IT, Before it is used against IT

The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. - Wired Magazine

The Pwn Pad - a commercial grade penetration testing tablet which provides professionals an unprecedented ease of use in evaluating wired and wireless networks.

The sleek form factor of the Pwn Pad makes it an ideal product choice when on the road or conducting a company or agency walk-through. This highspeed, lightweight device, featuring extended battery life and 7” of screen real estate offers pentesters an alternative never known before. (more)

Wireless Tools
Bluetooth Tools:
Ubertooth tools Web Tools
Wa3f Network Tools
Ettercap-ng 7.5.3
SSLstrip v9
Hamster and Ferret
Metasploit 4
Easy-Creds v3.7.3
John (JTR)
Medusa 2.1.1

The Return of the Invisible Anythings

"We propose a method for removing marked dynamic objects from videos captured with a free-moving camera, so long as the objects occlude parts of the scene with a static background." Max Planck Institute for Informatics (more)

Political propaganda videos will never look the same...

(Supplementary video. Takes time to load.)

Wednesday, March 13, 2013

The Ratters - men who spy on women through their webcams

The woman is visible from thousands of miles away on a hacker's computer.  

The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman's screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun...

Women who have this done to them, especially when the spying escalates into blackmail, report feeling paranoia. One woman targeted by the California "sextortionist" Luis Mijangos wouldn't leave her dorm room for a week after Mijangos turned her laptop into a sophisticated bugging device. Mijangos began taunting her with information gleaned from offline conversations...

For many ratters, though, the spying remains little more than a game. It might be an odd hobby, but it's apparently no big deal to invade someone's machine, rifle through the personal files, and watch them silently from behind their own screens. "Most of my slaves are boring," wrote one aspiring ratter... (more) (sing-a-long)

That's "old news".
The story really begins here...
The hack follows the path of most hacks. It started as a challenge, became video voyeurism, and evolved into blackmail. Hackers eventually smell money in their hacks. 

While you read about "ratters" today, today's hacker-criminals are sniffing in deep pockets - businesses. Eavesdropping on corporate meetings and watching executive computer screens makes more sense financially. Next year the media will be printing stories about that. Meanwhile, you have them scooped.

Q. So, why don't we notice?
A. “The more cameras we see in our environment, the less we see them.” 

When electronic cameras were new, you noticed them. Now they are everywhere. You pay no attention. The same is true with microphones. The weird logic continues... If one isn't noticing cameras and microphones, one tends to either think they don't exist, or are not being manipulated as surveillance devices.

Many business executives know better. They know the reality of business espionage and electronic surveillance. Their mental Achilles Heel... If you don't see where your stolen conversations, strategies, ideas, etc. are going, well they are probably not going anywhere. Think of that the next time you go car shopping, and they all look like Tesla's... or vice versa. Then, call me.

Wiretapping - Silvio Berlusconi Sentenced to One Year in Prison... or not!

Former Italian Prime Minister Silvio Berlusconi was convicted in a wiretapping case in Milan Thursday and sentenced to a year in jail.

The wiretapping charge — related to the 2006 battle for control of a major Italian bank — is one of three corruption rulings the hard-partying Berlusconi faces this month.

A Milan court is also set to rule on charges he engaged a minor in prostitution, and an appeals tribunal will decide whether to uphold a four-year sentence for tax fraud. (more)

Or nots...
• Berlusconi is unlikely to serve jail time - Italian law doesn’t require prison sentences to be carried out until the appeals process exhausted, which can take several years.
• Berlusconi could become Prime Minister again.

The Pepsi Spycam

Enjoy it for the Spycam...

Monday, March 11, 2013

Employee Bugs Boss - True Story

"Employee hid a recording device in supervisor's office. In addition, without authorization, Employee made copies of supervisor's negative comments about Employee that Employee located by conducting an  unauthorized search of the supervisor's office and briefcase. Employee provided the notes to lawyer in support of lawsuit against supervisor. Finally, Employee lied to investigators during the course of the administrative inquiry."

Think this can't happen to you?
Think again.
This case comes from the files of the FBI. 
It was their employee. (more)

P.S. This report was labeled "NOT FOR PUBLIC DISSEMINATION" (oops, again)
Click to enlarge.

Vatican Bugs

Last Month - An Italian news magazine, Panorama, claimed that Vatican authorities had conducted, and are still conducting, an extensive covert surveillance programme, tapping the phone calls and intercepting the emails of cardinals and bishops in the Curia, the governing body of the Catholic Church. (more)

This Month - The Vatican has gone high tech to prevent leaks like in 2005 when German media outlets were able to report that Joseph Ratzinger was going to be elected as Pope. A Faraday cage is being put in place to jam any signals. A Faraday cage is a mesh structure used to block outside electrical fields. For the Vatican, the usage of the Faraday cage will cause the Sistine Chapel to become a “dead zone,” preventing any cell phones from getting service. (more)

Prior to the vote, Vatican officials will sweep the chapel and the guesthouse that houses the cardinals with anti-bugging scanners to detect any hidden microphones. (more)

...and what are you doing to protect your business secrets? (more)

Perkele - Android Malware Swipes SMS Messages

via Kreb's on Security...
An explosion in malware targeting Android users is being fueled in part by a budding market for mobile malcode creation kits, as well as a brisk market for hijacked or fraudulent developer accounts at Google Play that can be used to disguise malware as legitimate apps for sale... 

Unsurprisingly, this particular entrepreneur also sells an Android SMS malware package that targets customers of Citibank, HSBC and ING, as well as 66 other financial institutions in Australia, France, India, Italy, Germany, New Zealand, Singapore, Spain, Switzerland and Turkey (the complete list is here). The targeted banks offer text messages as a form of multi-factor authentication, and this bot is designed to intercept all incoming SMS messages on infected Android phones.

This bot kit — dubbed Perkeleby a malcoder who goes by the same nickname (‘perkele’ is a Finnish curse word for “devil” or “damn”) — does not appear to be terribly diabolical or sophisticated as modern mobile malware goes. Still, judging from the number and reputation of forum buyers who endorsed Perkele’s malware, it appears quite popular and to perform as advertised. (more)

Tip: Before downloading an app, check out the name of the app developer. If it's a name you aren't familiar with, do a quick Web search for either the developer's name or the name of the app. Anything questionable about the developer or the application should come up. (more)

Super Secure Cell Phone

CryptoPhone 500 is a new configurable secure cell phone. Protection is based on...

Click to enlarge.
• End-to-end voice and message encryption: Secure end-to-end encrypted messaging and voice over IP. Works on any network, including 2G GSM, 3G/UMTS, and Wireless LAN.

• Hardened operating system: It is the first mobile phone featuring GSMK's secure Android operating system, built from source code with granular security management. Permission enforcement module controls access to networks, data and sensors (camera, microphone, etc.).

• Baseband firewall: Protection against over-the-air attacks. Constant monitoring of baseband processor activity, baseband attack detection, and automated initiation of countermeasures.

• Encrypted storage system: Protects data at rest against unauthorized access.

The CryptoPhone 500 becomes commercially available by end of April. (more)

Barney Google 2013

Google Glass is the company's upcoming product that puts a computer on your face. Google is about to release the dorky-looking device and most likely it will be snapped up by the techie crowd. It is an innovative product that pushes live-blogging to the next level, and that will unleash a storm of concern never before seen caused by a mobile gadget. ...

Rightly or wrongly there's already a concern about folks taking photos and videos in certain public locations and situations. Pull out a camera in places like public schools, playgrounds, and airports and you might incur the wrath of authorities and parents, especially where public safety of kids are concerned.

When public awareness of Google Glass reaches a critical mass and it's understood that these devices can record photos, video, and audio of the wearer's surroundings, an outbreak of bans is sure to result. Don't be surprised if within weeks of the Google Glasses general release we start seeing bans of it cropping up all over the place.

These bans are not going to be the result of Google Glass wearers actually using them, they are going to be a result over the concern that they can be used discretely. (more)