Friday, August 30, 2013

Researchers Grow Human Brains in a Lab

A team at the Institute of Molecular Biotechnology of the Austrian Academy of Sciences has succeeded in growing miniature human brains...
The team, led by Dr. J├╝rgen Knoblich, started by analyzing human stem cells – a cell type that has the capacity to change into any other type of cell found in the body. Specifically, the scientists were interested in discovering what growth conditions are required for such cells to differentiate into various types of brain tissue cells.

Once those conditions had been identified, stem cells were used to create neuroectoderm, a layer of cells which is the “starting material” from which all components of the nervous system (including the brain) are derived...

After spending 15 to 20 days in the reactor, the neuroectoderm fragments had formed into a piece of continuous brain tissue, known as a cerebral organoid. (more)

Snapchat Not So Private and Secure

According to a "Snapchat Security Advisory" published by Australian researchers,
Snapchat names, aliases and phone numbers can be discovered and harvested via the Snapchat Android and iOS API - even if the Snapchat account is private.

Gibson Security discovered a range of disturbing security holes when it reverse-engineered the popular photo and video sharing app, including what it believes to be unsecure encryption practices (two encryption keys across all users) and code for in-app ads.

Gibson Security has informed ZDNet that "The API reversed isn't just used for Android, but iOS too. Both platforms are vulnerable." (more)

FutureWatch: On the Road to The Corporate State

Tech Companies and Government May Soon Go to War Over Surveillance

via Patrick Gray, wired.com...
On the very day the media dropped detailed documents on the NSA’s X-Keyscore collection program, the Facebook engineering team published a blog post stating that all access to Facebook via apps and web browsers was now SSL encrypted. Given X-Keyscore was a program primarily designed to intercept unencrypted internet traffic, you could be forgiven for interpreting Facebook’s post as a middle finger pointed in NSA’s direction...

You don't need a Weatherman to know...
You want us to execute that warrant for you? Ok, sure, but the user will get a nice big popup warning telling them that their messages are likely being intercepted!

There are new interception hurdles everywhere you look. Even plain old SSL encryption is becoming more difficult to snoop on. Previously, governments could rely on complicit or compromised certificate authorities to provide them with the means to intercept encrypted traffic. Thanks to the Iranian government’s overly enthusiastic use of this technique, Google made changes to the Chrome browser to neuter the practice. Similar updates are expected soon in Internet Explorer. There goes another interception technique for law enforcement!

And it’s only going to get worse for the poor ole G-Men. Technology companies are enabling security features that make certain types of government surveillance extremely difficult, and it’s a trend that’s set to continue. That’s why the U.S. government has long wanted laws that force tech companies to make their products wiretap friendly. (more)


"Knowledge is power." Whoever holds the knowledge, holds the power. (sing-a-long)

Thursday, August 29, 2013

Government and Business Team Up Against Espionage...

Germany - Faced with increasing rates of espionage attempts directed at companies, German government and business leaders have agreed on hammering out a joint protection strategy. Raising awareness is the first objective.

The German government and business organizations agreed on Wednesday that domestic companies needed stronger protection from espionage and cyber crime. They signed a declaration on hammering out a joint defense strategy and pooling resources for the most efficient infrastructure to ward off risks...

The Association of German Chambers of Commerce and Industry (DIHK) added putting an efficient security infrastructure in place should not be viewed by smaller firms as a way of wasting money.

"The costs those firms might incur through espionage and the resulting theft of intellectual property and know-how tend to be much higher than the investment in a good security setup," DIHK President Eric Schweitzer emphasized. (more)



Brilliant! Time for the U.S. to do the same.

Wiretapping Sparks Naked Protest

FEMEN activists shed clothes in front of Ukrainian embassy in Berlin...

Ukraine based feminist movement group, FEMEN has said that they are moving their office out of Ukraine's capital, Kiev after their telephone calls were wiretapped. 

A day prior, the police had alleged that a cache of illegal weapons were discovered from their headquarters.
The group is said to be moving out because of security concerns. The FEMEN group has said that the wiretapping incident has made the place impossible to work. (more)


Imagine what would happen if they were really bugged.

Use of phone-tracking technology in shopping centers set to increase

Australia - We are used to cameras watching our every move, but what about having your phone tracked when you go to the shops or the CBD (Central Business District)?

More and more shopping centers and councils around Australia are already doing it - working out where people are going and how they get there.

Mobile phone  
Photo: Companies can track phones by scanning for WiFi signals 
or by intercepting mobile phone network signals. (ABC News: Simon Brown)

With the technology you do not get to opt in and you do not have to be connected to a WiFi network.

There are two different approaches to tracking the phones. The Inhouse Group system scans WiFi signals given off by smartphones to pinpoint a customer's location.

Another product from the UK - FootPath by Path Intelligence - intercepts mobile phone network signals.

Neither is able to access any content stored on your phone. (more)

Wednesday, August 28, 2013

Millions of Android Users Vulnerable to Security Threats, Say Feds

According to a new document obtained by Public Intelligence, the U.S. Dept. of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are increasingly aware of the threats its law enforcement users and officials face at a federal, state, and local level in using older versions of the Android mobile platform.

According to the roll call release — marked as unclassified but "for official use only," and designed for police, fire, emergency medical services (EMS) and security personnel — upwards of 44 percent of Android users worldwide are still using Android versions 2.3.3 to 2.3.7, which still contain security vulnerabilities fixed in later versions. (more)


Spybusters Tip #492 - The latest version of Android is 4.3. Time to upgrade.

Tuesday, August 27, 2013

Spybusters Tip #972 - Own a Foscam FI9821W Megapixel IP camera? There is a security update waiting for you!

As mentioned here before, many IP surveillance cameras are vulnerable to hack attacks by outsiders. This firmware update notice from Foscam addresses that. 

In order to properly secure your Foscam FI9821W Megapixel IP camera as well as prevent any potential hardware or software failures, it is highly imperative that you please update to the latest stable Firmware version

If you are experienced with configuring your IP cameras please follow the detailed instructions located on our website here (attached hereto for reference as well): http://foscam.us/blog/foscamipcameras/how-to-update-firmware-on-the-fi9821w-v1/ 

If you would like us to assist you in updating the firmware or have us do it for you remotely, please contact us 24/7 at 1-800-930-0959.

This is an urgent matter that requires immediate action.

Firmware download links: 
Mirror 1: https://www.dropbox.com/s/p323grrqkpw0am6/FI9821W-1.1.1.13-20130607.zip 
Mirror 2: http://foscam.us/downloads/FI9821W-1.1.1.13-20130607.zip 
Mirror 3: http://www.foscam.com/Private/ProductFiles/FI9821W-1.1.1.13-20130607.zip 

If you have any questions, please do not hesitate to contact us at Email: sales@foscam.us ' sales@foscam.ca ' sales@foscam.co.uk Phone: US Toll Free: 1-800 930 0949 US/Canada Sales: (+1) 713 893 7869 US/Canada Support: (+1) 713 893 7866 UK Sales/Support: (+44) 203 627 0947

Snoop in the Soup - (You Can't Make This S--- Up)

Kenneth Enlow was arrested in July after Ambra Reynolds and her seven-year-old daughter noticed something moving in the septic tank beneath the toilet they were using at White Water Park in Sand Springs, Oklahoma.

When Ms Reynolds took a closer look, she saw Enlow looking up at her from inside the toilet...

Rescue crews pulled Enlow, who was covered in human waste, from the septic tank and cleaned him off with a fire hose.

He pleaded guilty in Tulsa County District Court to a misdemeanor violation of Oklahoma's peeping Tom statute last Thursday. (more)

Your Boss Won't Stop Spying on You (Because It Works)

No one likes the idea of a workplace in which managers keep a constant eye on employees. Workers find it creepy, and it’s not as if ambitious managers clawed their way up the ladder just to snoop on their underlings all day. Still, much of the surveillance now takes place electronically—in theory, freeing bosses to focus on other matters while monitoring software keeps everyone in line. So office spying isn’t going away.

A study published over the weekend by researchers suggests that electronic surveillance in the workplace is strikingly effective (PDF). An examination of data provided by NCR (NCR), which makes software that examines all activity on restaurants’ point-of-sale systems while looking for suspect patterns, found lower levels of theft under workplace surveillance. NCR even says that employees seem to become more productive in other ways. (more)

Friday, August 23, 2013

Boyfriend Tracker app Booted from Google Play

Yesterday the Associated Press reported that the Boyfriend Tracker app, which had seemed to take Brazil like an overbearing wildfire, was removed by Google from its app store with no explanation.

Both the app’s massive popularity (AP estimates around 50,000 downloads in just two months) and its removal raise questions. The former, of course, speaks to a fundamental problem in the security of relationships in Brazil. To be fair, it is certain that the app — called Rastreador de Namorados — would have just as much popularity elsewhere, but this one happened to be in a country famous for its casual liaisons. “In Brazil, we have this culture of switching partners really quickly, so this is a way of dealing with that,” the app’s maker, Matheus Grijo told the AP. “People really appreciate having a tool to help them find out whether they’re being cheated on.” (more) 

“Boyfriend Tracker” lets users obtain a call history, receive any incoming or outgoing text messages, identify a partner’s location on a map using GPS, and can turn on the phone to listen in to the surrounding environment. The app also lets users know when a phone is turned off or set to Airplane Mode. The app has to be downloaded on the intended individual phone, with their consent, according to Grijo. The individual can then text message codes to turn on the various tracking options. (more) (video)

Girlfriend Tracker app still available!
(No, just kidding.)

Thursday, August 22, 2013

Homes Hacked Through Wireless Devices - There Really is a Boogeyman

Sleep tight...

CEO Pleads Guilty to Wiretapping Charge

ID - Louis Kraml, the Chief Executive Officer of Bingham Memorial Hospital in Blackfoot, entered a plea of guilty today to a misdemeanor charge of stalking in the second degree...

A Bingham County grand jury indicted Kraml, and former hospital Information Technology Department employees Jack York, Chris Behunin and Tyler Lassen, with various violations of the Idaho wiretap statute...

According to the indictments, the defendants intercepted and recorded phone calls made by and to former hospital doctor Robert Rosin and his staff between June 2009 and August 2010. (more)

FutureWatch: Eavesdropping via Mind Reading

We continue to keep tabs on the next really big thing in eavesdropping - mind reading. Still way off in the future, advances are being made every year.  

Here is the latest...

By analyzing MRI images of the brain with an elegant mathematical model, it is possible to reconstruct thoughts more accurately than ever before. In this way, researchers from Radboud University Nijmegen have succeeded in determining which letter a test subject was looking at. The journal Neuroimage has accepted the article, which will be published soon. A preliminary version of the article can be read online.
‘In our further research we will be working with a more powerful MRI scanner,' explains Sanne Schoenmakers, who is working on a thesis about decoding thoughts. ‘Due to the higher resolution of the scanner, we hope to be able to link the model to more detailed images. We are currently linking images of letters to 1200 voxels in the brain; with the more powerful scanner we will link images of faces to 15,000 voxels.'  (more)

Laser Beam Eavesdropping - In the News Again

Since the 1970's, stories about laser listeners have periodically popped up in the news. The common thread is their magical ability to eavesdrop from far away using only an invisible beam of light. Fear mongering is the next element, closely followed by, "very expensive, only the government can buy one."

The reporters are either clueless or haven't done any decent research. Their information sources have vested interests: like governments spreading disinformation; or "de-bugging experts" and spyshop owners hoping the publicity will boost their business. Funny, a working device is never demonstrated, and nobody even claims first-hand knowledge.


Today, the BBC fell victim. Here is the story they published...
Not true.
The UK government has warned the Guardian newspaper that foreign agents could use laser technology to eavesdrop on them, in the wake of recent surveillance leaks. What are laser listening devices and are they effective? (more)

The theory is sound. CD / DVD players use it on a small scale. YouTube is full of videos demonstrating the technique... under very controlled conditions, with less than sterling results. But, is it really a practical surveillance tool? Click here for our research.

Spybusters Tip #948 - Android Device Manager Allows Remote Locate, Signal & Erase Security for Android Devices

Access the settings by opening the Google Settings app from your Android app drawer and tapping the option for Android Device Manager.
From there you can choose whether to enable remote location or wiping. This lets you login to the Android Device Manager website and find your phone on a map, cause your device to ring so you can find it if it’s in your other pants pocket or lost in couch cushions, or perform a factory reset if the phone’s been lost or stolen. (more)

Wednesday, August 21, 2013

Last of the Nixon Tapes Go Online

Forty years after President Richard M. Nixon turned off his secret tape recorder, the federal government on Wednesday finally released the last of the historic recordings that have provided an unparalleled insight into the workings of one of the nation’s most dramatic presidencies...

The 94 tapes released on Wednesday cover conversations from April 9 to July 12, 1973, after which the secret taping system was dismantled when a Nixon aide, Alexander Butterfield, disclosed its existence to Congress. (more)

Get yer hot Tricky Dicky tapes. 
Get yer hot tapes here.

Do You Know Your NSA History? (Pop Quiz - no prize)

When was this published in The New York Times?

"A Federal Court of Appeals recently ruled that the largest and most secretive intelligence agency of the United States, the National Security Agency, may lawfully intercept the overseas communications of Americans even if it has no reason to believe they are engaged in illegal activities. The ruling, which also allows summaries of these conversations to be sent to the Federal Bureau of Investigation, significantly broadens the already generous authority of the N.S.A. to keep track of American citizens."

A. 2013
B. 2003
C. 1993
D. 1983
E. 1973
(Answer)

Who Gets the Bill for Government Wiretaps?

Is a major telephone company issuing a surcharge to its customers for legal government wiretapping in what it's calling a "lawful interception recovery fee"? 

A Facebook post that went viral, which showed an apparent copy of an AT&T bill with a section reading "Lawful Interception Recovery Fee" under "Surcharges and Other Fees."

Text that accompanied the post, attributed to a Facebook user Kallie Snyder, read: "I called and they said it's a new fee for the ... cost incurred from the government. I don't have anything to hide so if they want to tap my phone go ahead ... but why should I have to pay for it??!!! This is ridiculous, please share this so we can get the word out there. Oh, and check your bills people!!" (more)

100% urban legend hoax.
Phone companies charge the government.
So... if you are a taxpayer, you do pay.
It just doesn't show up as a tapped-line item on your 1040 form.

Spy Drone Pisses Off Dr. Wee

KUALA LUMPUR - The two men, who allegedly spied on the home of MCA Youth chief Datuk Dr Wee Ka Siong (Deputy Minister of Education Malaysia) using a hexacopter, claimed that they were only testing the machine and not spying...

Both men have denied that they are members of a political party...

Dr Wee, when contacted, said the excuses given by the two men were ridiculous and urged police to investigate the matter further.

“Why would a photographer from Kluang come all the way to Cheras to take aerial photographs of my housing area and test the machine?” he said, adding that the footage in the camera showed it to be zooming in on only one or two houses.

He urged the authorities to push for more stringent rules and regulations on the use of such devices.

It was reported that the remote-controlled hexacopter, which had been allegedly spying on his bungalow in Bukit Tiara, Cheras on Aug 8, had fallen on the roof of the balcony of Dr Wee’s neighbour after hitting the lightning arrester. (more)


The Back Story
His neighbour’s 14-year-old son found the vehicle and informed his parents but his parents did not suspect anything amiss and told him to just throw it away.

However, the boy removed a chip attached to a tiny video camera from the vehicle and, together with his 15-year-old sister, played it on the computer. They made the shocking discovery and the family quickly informed Dr Wee.

Dr Wee collected the craft from his neighbor only on Thursday.

Dr Wee, who showed five short video clips extracted from the chip and recorded on Aug 5, said the hexa­copter was aimed in the direction of his house and his neighbour’s.

The video clip showed two men handling the hexacopter in its initial clip (Darwin Award!). In another, the camera screen paused when a security guard was going on his patrolling rounds and resumed when the guard moved away. (more)

IKEA Store Union's Covert Video Allowed

Canada - Two different panels of the BC Labor Relations Board have made findings in favor of a union’s covert video surveillance at the IKEA store in Richmond, BC. The store has operated behind a picket line since May 13.

With over 300 unionized employees on the outside looking in, and only 27 who have decided to cross the picket line, most store operations have continued. The kids’ ballroom is closed, and the 600 seat cafeteria isn’t serving up Swedish meatballs (or anything else), but otherwise the store is open and sales are being made. That has made the union suspicious that IKEA is getting work done in violation of the law against using replacement workers: - section 68 of the Labor Relations Code.

The union hired private investigators to covertly videotape activity inside the store. It then sought to rely on still pictures taken from the video of certain individuals alleged to be working in violation of section 68.

Both panels rejected IKEA’s argument that the covert video surveillance was in violation of the Privacy Act and the Personal Information Protection Act (“PIPA“) and therefore should not be admitted into evidence. The panels, deciding the cases before them independently, reached similar conclusions for similar reasons. (more)

Intel's IT Computer Network PanOptiCop - Code Name "SANTA"

Intel has created a Hadoop-based rig that analyses just about every network event in the company – four to six billion of them on business days - in close to real time so it can spot threats including industrial espionage.

Intel officials declined to name the tool, saying it would not be "productive" to disclose its name, but said it was created by an 80-strong team of big data specialists working from its Israel offices and makes extensive use of Apache Hadoop. Ron Kasabian, Chipzilla's general manager of Big Data, said the tool was developed because conventional malware detection tools – even those from Intel's security-focused subsidiary McAfee – can't find the especially novel or subtle attacks Intel fears.

Kasabian described the tool as analyzing “every access request by every employee, every time they access a file, sharepoint, email or ERP”. Watching all those activities is important because Intel's intellectual property like product designs and manufacturing processes must be very closely guarded. (more)


Snooping A Network Tells All (SANTA)
Oh come on, what else would you call it?

Monday, August 19, 2013

Some Stuff Around the House Which Might Be Spying on You

For Americans concerned about their privacy, the NSA data grabs are daunting, but what about the data grabs happening inside your own home, perpetrated not by the government, but by your coffee machine?

Consider every appliance and every piece of home electronics that you own. Does it gather data about how you use it? Does it connect to the Internet? If so, it could be used to spy on you. Your mobile devices, your TV, and now various other types of home appliances can be wired into a network that can track you. If those networks are hacked, information about your habits and behaviors could be available to people with nefarious goals. The same technological innovation that empowers us also makes us vulnerable to those who would exploit such advances against us.

Here are nine appliances and other systems inside your house that may be spying on you right now, or used to spy on you in the future... (more)


FutureWatch: The "Internet of Things" is in its infancy now. The problem of having more back doors to your home than one is only going to worsen.

Sunday, August 18, 2013

Spybusters Tip # 723 - Be Smart - Use a Dumb Phone to Thwart Spyware

Sometimes you just need a dumb phone that can't spy on you. 
inKlien Global's tiny phone

One that can't hold spyware. 
One that can't GPS track you. 
One that can't bite you with Bluetooth. 

Dumb phones are not always easy to find.  

Your local cell phone store wants you to buy smartphones with data plans. Your significant other isn't going to gift you a dumb phone. (A smartphone, maybe, but don't trust it.)

If you are in the market for a spybusting phone, or just a secret second phone, try looking at these...

inKlien Global "The world slimmest card size phone." (turn off Bluetooth)
johnsphones.com "The world's most basic cell phone."
Kyocera Marbl K127  (Virgin Mobile) Cellular Phone
Motorola W260g  Prepaid Phone (Tracfone)
Motorola C139  Prepaid Phone (Tracfone)


More Spybusters Tips:
• If you suspect your phone is spying on you, don't completely stop using it until you can collect evidence to prove your case. 
• Pick up a cheap, dumb, unblocked secret phone.
-- Don't give out the number.

-- Don't tell anyone you have it.
-- Use a pre-paid SIM card.
-- Use it for very confidential calls only, Let a little information leak via your smartphone. You don't want to tip off your spy that you have gone dark.
-- Completely turn off your smartphone when using your secret phone.
• Block your phone number from being sent. Press *67 before entering the number you want to call. Remember, calls to toll-free numbers like 700, 800, and 900 numbers (and their variants) can not be blocked.
Rather text than phone? Return to those thrilling days of yesteryear... rent a pager

Before you snicker, review your spy service's history

The recent revelations by the whistleblower Edward Snowden were fascinating. But they - and all the reactions to them - had one enormous assumption at their heart. 

That the spies know what they are doing. 

It is a belief that has been central to much of the journalism about spying and spies over the past fifty years. That the anonymous figures in the intelligence world have a dark omniscience. That they know what's going on in ways that we don't.

It doesn't matter whether you hate the spies and believe they are corroding democracy, or if you think they are the noble guardians of the state. In both cases the assumption is that the secret agents know more than we do. 

But the strange fact is that often when you look into the history of spies what you discover is something very different... (more)

The Latest Holiday Season Spy Toy Rolls Out... and records!

...from the seller...
"The I Spy Tank uses all of the latest technology so that you are able to see what the I Spy Tank sees. 

With the Wi-Fi transmitter you are able to control the I Spy Tank with your iPhone, iPad or iPod.

Because of the built in Live Streaming Video Camera you are able to have battles with other I Spy Tanks. Why not see what your friends and neighbors are up to from your very own arm chair while your I Spy Tank goes and finds out. Why not use several I Spy Tanks to arrange war games with your friends? The possibilities are limitless!"


SPECIFICATIONS
WiFi Controlled
4 Channel
Use With Your iPhone / iPad / Android device to control vehicle
Records Video and Sound Up To 20 Metres Away
Records Straight To Your Device
Play Time : 60 Minutes
Charge Time : 120 Minutes
Distance Control : 30 Metres
Batteries Required : 6 x AA (not included)
Dimensions : L230 x W190 x H115mm
For ages 8 and up - Warning! Choking hazard due to small parts. 

iPad, iPhone, and iPod not included

Friday, August 16, 2013

"Paranoia is our friend."

The quote is from a legend in the corporate counterespionage business.  

The movie Paranoia - which opens today - is from a terrific novel written by Joe Finder. Joe is a stickler for accuracy and detail; part of the reason he is a New York Times bestselling author. 

If you want a peek under the skirt of business espionage see Paranoia this weekend.


Sign up here to win an autographed copy of the book. Movie times.

"Privacy is a myth."
#CHANGETHEGAME

FutureWatch: Powerless Bugs or Teslabestiola

Ambient Backscatter research is in its infancy. 
Imagine the possibilities.
Technical espionage could see its biggest advancement since the transistor.

Thursday, August 15, 2013

Man Bugs his Ex's Home for Over Three Years

UK - A woman has been left terrified in her home and was turned against her closest friends after her ex-partner bugged her house for three and a half years, a court has heard.

The victim said she suspected her ex had planted a listening device in her Darlington home after he started talking about things which she did not believe he should know...

The man, who cannot be identified for legal reasons, said he installed the device to check on his young daughter.


As near as we can tell from the report, the bug looked like this one.
The device, which the man bought in London for £180 ($280.00), was installed behind a plug socket in the living room in November 2009, and could be accessed through his mobile phone...

In a statement read to the court by Ms Milson, the victim said she had nearly suffered a mental breakdown after finding out she had been bugged.

She said: “I feel sick to the pit of my stomach that he has been listening to me for over three years, he has always known too much about my life.

“He made me question myself and used what he heard against me. I am scared every single day, I am totally distraught and it has left me feeling differently about my home.” (more)


The price on these has dropped since 2009. 
The one shown above is now $79.95. 
The economy of scale, perhaps?

Baby Cam Hackers Can See You, Hear You, and Talk to You... and Your Kids

A hacker was able to shout abuse at a two-year-old child by exploiting a vulnerability in a camera advertised as an ideal "baby monitor".

ABC News revealed how a couple in Houston, Texas, heard a voice saying lewd comments coming from the camera, made by manufacturer Foscam.


Vulnerabilities in Foscam products were exposed in April, and the company issued an emergency fix.

Foscam said it was unable to provide a statement at this time.

However, a UK-based reseller told the BBC it would contact its entire customer database to remind them "the importance in setting a password to their cameras".

The spokesman added that it would be urging Foscam's head office - based in Shenzhen, China - to send out a memo to all its resellers suggesting they too contact their customers.

The BBC has found evidence of hackers sharing information on how to access insecure Foscam cameras via several widely-used forums. Using specialist search engines, people can narrow their results by location...
 

Foscam is not the only company to find itself the target of hackers. Last year, camera company Trendnet had to rush out an update to fix a security hole that left thousands of cameras exposed. (more

This is not a new problem. Manufacturers have been slow to respond. (Security Scrapbook warnings from 2/12 and 7/13). Why?

Espionage Idea: Imagine your country is the top manufacturer of surveillance cameras. You build in a back-door capability to monitor each one, and hope no one notices. Salt the Earth with your product. Target the units placed in sensitive areas. Wow, what power! And, then some hackers blow it for you. Damn hackers.

Example

Wednesday, August 14, 2013

Spy Cameras, Secret Audio Help Fight Movie Piracy

If all the sounds of the summer blockbuster "Man of Steel" were stripped away ...a light humming would still be heard. The barely audible noise is an audio watermark...

Designed by engineers at San Diego company Verance Corp., the watermark is a unique signal to Blu-ray disc players that the movie being watched was illegally recorded at a movie theater. After 20 minutes of playtime, the disc player shuts the movie down and offers the viewer the chance to continue watching—by paying for the movie through legitimate sources like Amazon.com Inc. and Netflix Inc.

...a San Diego startup, PirateEye, believes they can combat piracy using a vastly different technology.


The PirateEve camera, in theaters, can spot people recording a movie.
 

It installs cameras above theater screens that can detect recording devices in the audience and then send pictures of offenders to theater security.

PirateEye's camera-spotting technology was adapted from a military application that placed sensors under combat helicopters to scan the ground below for reflections from scopes on sniper rifles. 


Hollywood studios provided several million dollars in investment for the company, which has also been funded by private investors. (more)

Former Director's Wiretapping Conviction Could Spoil MGM's Licensing Bids

On Tuesday, the Wall Street Journal’s Alexandra Berzon reported that MGM is getting a hard look from regulators regarding former board member Terry Christensen, who resigned after being indicted in 2006 (and convicted in 2008) for his involvement in the illegal wiretapping of the ex-wife of billionaire Kirk Kerkorian, who currently holds 18.6% of MGM’s stock via his investment firm Tracinda Corp.

...sources said the Christensen matter could be a “potentially significant issue” for regulators pondering MGM’s pending licensing efforts not only in New Jersey, but also in Massachusetts and Maryland. (more)

Spy Malware Buried on Official Tibetan Website

Chinese-speaking individuals visiting the website for the Central Tibetan Administration are being targeted with a Java exploit that installs advanced malware on their machines.

According to researchers at security firm Kaspersky Lab, the official site for the Tibetan government-in-exile, led by the Dalai Lama, was seeded with a backdoor that takes advantage of a vulnerability in Java, CVE-2012-4681, which was fixed by Oracle roughly a year ago.

The incident bears the signature of a watering hole attack, in which espionage malware is planted on a legitimate site, and then the attackers wait for their desired victims to visit and take the bait. (more)

Clap On - Clap Off... Some Applaud

Clapper won't lead NSA review, White House says...

Intelligence Director James Clapper will not lead a National Security Agency review President Obama vowed would be autonomous, a spokeswoman said.

An Obama memorandum Monday directing Clapper, the nation's top intelligence figure, to "establish" the review group and report its findings to the president did not mean Clapper would head the panel or be involved with the panel members' selection, White House National Security Council spokeswoman Caitlin Hayden said Tuesday.

"The panel members are being selected by the White House, in consultation with the intelligence community," she said in a statement. (more)

Britain’s Fraud Agency Admits to Loss of Data and Audio Tapes

The Serious Fraud Office has admitted accidentally sending a huge cache of confidential documents from an investigation into Britain's biggest arms firm, BAE, to the wrong person.
It did not realise for up to a year that it had misplaced the material which comprised 32,000 pages of documents, 81 audio tapes and computer files.

The material had originally been given to the SFO by 59 sources that helped the agency during one of its most high-profile investigations.

The SFO is not identifying at the moment the individual who inadvertently received the documents, nor did it spell out what they contained. (more)


If someone dumped 32,000 pages of documents, 81 audio tapes and computer files on you - "by accident" - wouldn't you immediately call the sender and say, "What do I look like, a freakin' warehouse?!?!"

Time to call in the Monty Python Very Very Serious Fraud Office to investigate.
Not a joke. Click to enlarge.

Friday, August 9, 2013

Silent Circle Silenced

...as predicted here and here and here...
Two major secure e-mail service providers on Thursday took the extraordinary step of shutting down service.

A Texas-based company called Lavabit, which was reportedly used by Edward J. Snowden, announced its suspension Thursday afternoon, citing concerns about secret government court orders.

By evening, Silent Circle, a Maryland-based firm that counts heads of state among its customers, said it was following Lavabit’s lead and shutting its e-mail service as a protective measure.

Taken together, the closures signal that e-mails, even if they are encrypted, can be accessed by government authorities and that the only way to prevent turning over the data is to obliterate the servers that the data sits on.

Mike Janke, Silent Circle’s chief executive, said in a telephone interview late Thursday that his company had destroyed its server. “Gone. Can’t get it back. Nobody can,” he said. “We thought it was better to take flak from customers than be forced to turn it over.”

The company, in a blog post dated Friday, Aug. 9, said it had taken the extreme measure even though it had not received a search order from the government. (more)

Thursday, August 8, 2013

Espionage Battlebots - China v. USA - Guess Who Wins

...by Brian Dodson, gizmag.com...
 For the past 23 years, the IARC has challenged college teams with missions requiring complex autonomous robotic behaviors that are often beyond the capabilities of even the most sophisticated military robots. This year's competition, which was held in China and the United States over the past week, saw the team from Tsinghua University in Beijing successfully complete the current mission – an elaborate espionage operation known as Mission Six.

First proposed in 2010, the Mission Six scenario is that an enemy has plans for taking control of the Eurasian banking system, a move that could throw the entire world into chaos. This plan is contained in a USB flash drive located in a remote security office of the enemy's intelligence organization.

The target building has a broken window on the same floor as the security office...and is equipped with laser intrusion detectors, floor sensors, video surveillance, and periodic patrols. Mission Six calls for covertly capturing the flash drive, and replacing it with another of the same make to postpone discovery of the theft... The mission must be carried out within ten minutes to avoid security patrols.

The vehicles are required to be completely autonomous, with no external commands accepted during the mission. The vehicles can be of any type (as long as they fly)...



(Play Mission Impossible theme while watching.)

All vehicles must contain their own power supplies. The vehicle is required to sense its immediate surroundings, and decide on its own actions, but need not contain its control computer – it can instead be linked to an external computer by radio. While external navigation aids are allowed, GPS locating is not.

...the Michigan Autonomous Aerial Vehicles team, associated with the University of Michigan, had been touted as the most likely entry at the American venue to succeed with Mission Six. Unfortunately, they encountered a perfect storm of equipment malfunctions, and were unable to complete the mission. (more)

FutureWatch - Just as piloted fighter planes are being replaced by unmanned drones, spies keep themselves out of harm's way using technology too. Bugs, wiretaps, spyware, and now robots will also be doing the dirty work in the future. Imagine, armies of robo-roaches scanning all the paperwork left out overnight, and perhaps planting themselves as audio / visual bugs.

Today in Eavesdropping History

On Aug. 8, 1974, President Richard Nixon announced he would resign following damaging revelations in the Watergate scandal. (more)
 
He submitted his official resignation the following day...

Wednesday, August 7, 2013

How to Protect Your Company Against Corporate Espionage

An abridged overview by Jim Lindell, President, Thorsten Consulting Group Inc.... 
First, the company must establish values and principles that define appropriate behavior regarding confidential information such as personnel, technologies, customers and suppliers. Once values and policies have been established, management must support, review and enforce them.

Second, make sure the hiring process emphasizes how employees must handle confidential information. Determine the candidate's ability to maintain confidentiality. How? By asking tough questions during the interview and doing thorough background checks.  

After the employee is hired, continue training and explaining your policies and procedures regarding confidential information. The role of the CEO and senior management can't be overstated.  

The CEO, on a regular basis, should highlight unacceptable public behavior and emphasize that it won't be tolerated. The Snowden/Manning incidents provide excellent examples that illustrate confidentiality expectations for all employees. At a minimum, these messages must come from the CEO at last once a year. 

The best policies and procedures
To be effective, policies and procedures must:
• Reinforce acceptable behavior.
• Create a monitoring process to detect breaches in confidential information. (An integral part of a TSCM bug sweep.)
• Create an audit process to determine whether existing rules are being followed.
(An integral part of a TSCM bug sweep.)
 
You must assess the nature of confidential information that is maintained and the potential for abuse. Both Snowden and Manning required technological tools and technological skills. You must understand the devices your employees are using, and how they can use them to access confidential information...
 

In addition to electronic access to your systems, you also must be aware of people who have physical access. The ability to take pictures of processes, documents and employees has changed dramatically. You must restrict access to your plant and offices.  

Finally, it's important to establish policies and procedures that address disposal of equipment like computers, tablets, hard disk drives and flash drives. Since we can't see the digital information, it's easy to discard hardware and not realize what we're actually tossing out.  

All businesses are at risk. Some are just more prepared than others. (more)

Tuesday, August 6, 2013

Solar-Powered Smartphones (and more) Coming Soon

Smartphones should soon be able to charge themselves

using transparent Wysips Crystal photovoltaic panels bonded into their screens. And if the idea takes off, tablets and eventually whole buildings could follow... (more) (more including photovoltaic clothing)

Imagine... 
The bug hidden in the picture frame would never have to have its battery replaced.

Think Changing Your SIM Card Can Mask Who You Are? Think Again

Tech-savvy criminals try to evade being tracked by changing their cellphone's built-in ID code and by regularly dumping SIM cards. But engineers in Germany have discovered that the radio signal from every cellphone handset hides within it an unalterable digital fingerprint — potentially giving law enforcers a simple way of tracking the handset itself.

Developed by Jakob Hasse and colleagues at the Technical Univ. of Dresden the tracking method exploits the tiny variations in the quality of the various electronic components inside a phone.

When analogue signals are converted into digital phone ones, the stream of data each phone broadcasts to the local mast contains error patterns that are unique to that phone's peculiar mix of components. In tests on 13 handsets in their lab, the Dresden team were able to identify the source handset with an accuracy of 97.6 percent. (more)

Windows Phones Susceptible to Password Theft When Connecting to Rogue Wi-Fi

Smartphones running Microsoft's Windows Phone operating system are vulnerable to attacks that can extract the user credentials needed to log in to sensitive corporate networks, the company warned Monday...

"An attacker-controlled system could pose as a known Wi-Fi access point, causing the victim's device to automatically attempt to authenticate with the access point and in turn allowing the attacker to intercept the victim's encrypted domain credentials," the Microsoft advisory warned. "An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials." (more)

Turn on certificate requirement before connecting to WPA2 networks. Now.

CreepyDOL - The sinister Espionage System for $57

Brendan O’Connor is a security researcher. How easy would it be, he recently wondered, to monitor the movement of everyone on the street – not by a government intelligence agency, but by a private citizen with a few hundred dollars to spare?

Mr. O’Connor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones.


Each box cost $57. He produced 10 of them, and then he turned them on – to spy on himself. He could pick up the Web sites he browsed when he connected to a public Wi-Fi – say at a cafe – and he scooped up the unique identifier connected to his phone and iPad. Gobs of information traveled over the Internet in the clear, meaning they were entirely unencrypted and simple to scoop up.

Even when he didn’t connect to a Wi-Fi network, his sensors could track his location through Wi-Fi “pings.” His iPhone pinged the iMessage server to check for new messages. When he logged on to an unsecured Wi-Fi, it revealed what operating system he was using on what kind of device, and whether he was using Dropbox or went on a dating site or browsed for shoes on an e-commerce site. One site might leak his e-mail address, another his photo.

It could be used for anything depending on how creepy you want to be,” he said.

You could spy on your ex-lover, by placing the sensor boxes near the places the person frequents, or your teenage child, or the residents of a particular neighborhood. You could keep tabs on people who gather at a certain house of worship or take part in a protest demonstration in a town square. Their phones and tablets, Mr. O’Connor argued, would surely leak some information about them – and certainly if they then connected to an unsecured Wi-Fi. The boxes are small enough to be tucked under a cafe table or dropped from a hobby drone. They can be scattered around a city and go unnoticed. (more) (Want your own CreepyDOL?)


Yet another thing a TSCM survey could uncover for you.

Thursday, August 1, 2013

Mystery Car Thefts - Solved

Remember this post from June
---
The news media is overflowing with reports of "High Tech" car burglars. They appear to be opening locked cars while holding a "black box" which "has police all over the nation stumped as to how it works."

Here, at the Spybusters Countermeasures Compound, we believe the black box is nothing more than a radio signal jammer. 
---

The spybusters tracked down the tool they probably used to pull off the heists...
You can read all about it here.

Corporate Sleuths on Edge after China Detains Foreign Consultants

The detention by Chinese authorities of a British corporate investigator and his American wife in the wake of a corruption probe into pharmaceutical giant GlaxoSmithKline has had a chilling effect on other risk consultants working in China.

It's unclear why Peter Humphrey and Yu Yingzeng, whose firm ChinaWhys has done work for GSK and other drug makers, were detained. But corporate investigators said they were concerned about the repercussions for the industry.

Multinationals, banks and investors rely on corporate investigators for information about potential partners and investments in China, where a lack of transparency is a hurdle to doing business. Restrictions in the flow of such background information could potentially leave foreign investors exposed to greater risk in the world's second-largest economy. (more)

Men's Room Leaks Prompt Eavesdropping Fears

Canada - Men are forced to use the women’s washroom at Peterborough city hall when council is in closed door meetings. The reason? Fear of people eavesdropping.

Peterborough city council thinks there is more than one kind of leak happening in the men’s bathroom.
 

City officials are closing down the washroom — which shares a wall with council chambers — for fear that people could eavesdrop on proceedings.
 

That means men needing the washroom during any closed-door meeting are being asked to use the ladies’ room instead — and a security guard is positioned in the hallway to make sure of that.

City clerk John Kennedy defended the decision to close down the washroom, saying it happens whenever there is a confidential meeting. (more)

Warrantless Cellphone Tracking Is Upheld

In a significant victory for law enforcement, a federal appeals court on Tuesday said that government authorities could extract historical location data directly from telecommunications carriers without a search warrant. 

The ruling is the first that squarely addresses the constitutionality of warrantless searches of the historical location data stored by cellphone service providers. (more)