Tuesday, July 29, 2014

Security Scrapbook Post #5000 - FREE SpyWarn™ Announcement

Thank you to everyone who has enjoyed and contributed to Kevin's Security Scrapbook over the years. 5000 is a milestone, and a good time for you to dig into the archives. Enjoy!

It is also a good time to let my clients (and potential clients) know about a new benefit of using Murray Associates services...


1. Free Cell Phone MicSpike with Carry Container
    Prevents phones from being turned into bugging devices.

2. Free Anti-Spyware Kit for Smartphones
    Includes the MicSpike™ and more security items.
    SpyWarn™ security kit works for all types of phones.
    It is not available elsewhere. (patent pending)
    Details and free smartphone security tips at...

3. Free SpyWarn™ Android app.
    A forensic evaluation for discovering spyware
    infections on smartphones.
    Details at... http://www.spywarn.com

4. Free book, "Is My Cell Phone Bugged?
    Amazon rated...



Available only to clients and those whose offices we inspect.

This is the perfect time to add our Information
Security / TSCM* services to your security program.
*Technical Surveillance Countermeasures (aka, a bug sweep)

Download our introductory booklet.

Have questions? Need an estimate?
Just call me... from a "safe" phone.


Best regards,
Kevin D. Murray, CPP, CISM, CFE, MPSC

"Hey, what's your TSCM provider doing for you?"

Monday, July 28, 2014

Son Bugs Mom's Phone - $500.00 Fine

IL - A judge has fined a Lincoln man $500 for bugging his 90-year-old mother’s phone.

Richard Stamler, 60, pleaded no contest to disturbing the peace last week, and Lancaster County District Judge Andrew Jacobsen fined him... 

Stamler’s sister called police March 28, 2013, after she found a recording device in the basement of their mother’s home that had been connected to the phone line and set to record any time someone in the house picked up a phone.

She told police she recognized her brother’s voice reciting date information on the tape. He admitted to police he recorded calls on his mother's phone, but didn't think it was illegal. (more)

Snooping & Bugging: Five High Profile Cases (and this is just in India)

Was Nitin Gadkari's house bugged? The reported recovery of listening devices from Union Minister Gadkari's house has set tongues wagging in political circles, with Congress suggesting that this shows there is lack of trust among the NDA leaders. Even former Prime Minister Manmohan Singh has demanded a probe into this matter.

However, this is not the first time that news of political leaders being snooped upon by their adversaries has surfaced in the media. Let's look back at some similar controversies from the past... (more)

Sunday, July 27, 2014

The FBI Speaks Out: Economic Espionage and Protecting Trade Secrets

When: 7/30/2014
From 5:00 PM until 7:00 PM

Where: Boston Bar Association
16 Beacon Street
Boston, Massachusetts
United States

Trade secret thefts, both domestic and international, cost U.S. companies billions of dollars per year.  Over 85 percent of trade secret thefts involve employees and business partners.  It is imperative to put a trade secret protection program in place. The FBI will show you why and how. 

In a joint BBA/BPLA sponsored event, federal enforcement specialists Carmine Nigro and Ted Distaso, Brian Moriarty of Hamilton Brook Smith Reynolds, P.C., and Russell Beck of Beck Reed Riden LLP discuss methods of trade secret theft and best practices in theft prevention. (more) (register)

FYI - Just up the street from:
Cheers (pub)
84 Beacon St.
Boston, MA 02108

"Where everybody knows your name." (But that's another privacy issue.)

Reports of India Minister Bedroom Being Bugged

India - Former Prime Minister Manmohan Singh today said there should be an investigation into the report of bugging devices having been found in Union Minister Nitin Gadkari's residence and asked Government to explain the issue in Parliament.

"If Ministers' houses are bugged, then it is not a good omen. It should be investigated. How can it happen? it should be explained by the Government in the House," he told reporters at an Iftar get-together hosted by Congress President Sonia Gandhi

A media report has claimed that high power listening devices were found in the bed room at the 13 Teen Murti Lane residence here of Gadkari, the Road Transport and Highways Minister. (more)

Cost of Corporate Espionage in Germany Today

Every year, industrial espionage costs German businesses around 11.8 billion euros ($16 billion), according to a survey released Monday by the German security firm Corporate Trust.

Every second company in Germany has faced attacks - whether successful or not - with more than three-quarters of those surveyed registering financial losses as a result.

Corporate Trust said the survey reflected answers from 6,767 companies, some 40 percent of which estimated the damage from espionage had cost them anywhere from 10,000 euros to 100,000 euros.

Twelve percent said they lost more than 100,000 euros, and 4.5 percent said they lost more than 1 million euros. (more)

The Easy Fix to About 70% of Data Hacks

You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers.

Much has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.
It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few. If just one of these systems can be busted into, the hacker can crack ‘em all...

One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity. (more)

See Around Corners with Pocket Drone

Researchers at the U.S. Army Natick Soldier Research, Development and Engineering Center are developing a pocket-sized aerial surveillance device for Soldiers and small units operating in challenging ground environments.

The Cargo Pocket Intelligence, Surveillance and Reconnaissance program, or CP-ISR, seeks to develop a mobile Soldier sensor to increase the situational awareness of dismounted Soldiers by providing real-time video surveillance of threat areas within their immediate operational environment.

While larger systems have been used to provide over-the-hill ISR capabilities on the battlefield for almost a decade, none of those delivers it directly to the squad level, where Soldiers need the ability to see around the corner or into the next room during combat missions. (more)

See around Corners. Turn Walls into Mirrors. Well, sort of...

The functional difference between a diffuse wall and a mirror is well understood: one scatters back into all directions, and the other one preserves the directionality of reflected light.
The temporal structure of the light, however, is left intact by both: assuming simple surface reflection, photons that arrive first are reflected first. In this paper, we exploit this insight to recover objects outside the line of sight from second-order diffuse reflections, effectively turning walls into mirrors. (more)

SpyCam'er Goes Free - Guilty or Not - You Decide

UK - A man who hid his phone in a toilet with the intention of filming his colleagues has been cleared of three charges of voyeurism – after magistrates accepted he has an extreme phobia of diarrhea and vomit.

A psychologist was called in to explain how Thomas Clark's actions were not as perverse as was being claimed by prosecutors.

The 28-year-old, from Barry Close in Tilgate, told a court he was petrified someone using the unisex toilet at his workplace before him might have suffered a bout of diarrhea or been sick.

Between November 1, 2012, and June 5, 2013, Mr Clark's phone was found on three occasions hidden in the toilet, by women he worked with at an office in Southgate.

On one occasion it was found in a bin, on another in a newspaper and on the third occasion in an Argos catalog. (more)

Yo, Barry... check it out.

Friday, July 25, 2014

NJ's Top Court Proposes Change to Spousal Immunity

New Jersey's Supreme Court is proposing an exception to the law that keeps conversations between a husband and wife private...

The state's highest court sided with the appeals court that marital communication does not lose its privacy just because it's heard by wiretap. But the justices proposed that the Legislature create a crime-fraud exception when spouses are jointly involved in criminal activity. (more)

Ford - Listening Devices Found in Company Meeting Rooms

A former Ford engineer is being probed by the FBI after listening devices were found in meeting rooms at company offices.

Ford issued a statement saying that it "initiated an investigation of a now-former employee and requested the assistance of the FBI."

It also adds that Ford's offices were not searched by the agency. "Ford voluntarily provided the information and items requested in the search warrant. We continue to work in cooperation with the FBI on this joint investigation. As this is an ongoing investigation, we are not able to provide additional details." (more)

(Sharon) Leach admitted hiding the devices under tables to help her transcribe meetings, her lawyer said... 

The devices were installed before meetings but could not be easily removed, her lawyer said. The audio devices were left in the conference rooms and unintentionally recorded other meetings.

In all, Leach gave Ford security eight Sansa recording devices, her lawyer said. Those are the same devices listed on the FBI’s search warrant on July 11. (more)

From the 'Things are Tough All Over' Files - Scottish Espionage Bankrupt

A renowned four-floor Old Town nightclub has been put up for sale after its parent companies plunged into administration.

Dozens of jobs are at risk while the future of Espionage – based inside India Buildings in Victoria Street – is thrashed out. (more)

What Cats Can Teach You About Personal Privacy

Ever posted a picture of your cat online?

Unless your privacy settings avoid making APIs publicly available on sites like Flickr, Twitpic, Instagram or the like, there's a cat stalker who knows where your liddl' puddin' lives, and he's totally pwned your pussy by geolocating it. 

Mundy, a data analyst, artist, and Associate Professor in the Department of Art at Florida State University, has been working on the data visualization project, which is called I Know Where Your Cat Lives.

It's a data experiment that takes advantage of a furry monolith: some 15 million images currently tagged with the word "cat" on public image hosting sites, with more being uploaded at a rate of thousands more per day.

Mundy isn't even particularly a cat person. He could just have easily called the project "I know where your kid sleeps". Creepy? Oh yeah - much worse than kitty-stalking creepy. That is, of course, the point of the project... (more) (The Map)

Tip: Go tighten up your privacy settings. Better yet, turn off geo-location when taking photos. Ultimate better, stop posting.

Thursday, July 24, 2014

Proof the Surveillance Society is Making us Crazy - CV Dazzle

This is how bad things are getting...

"The NSA made me slather my face in make-up... I had slathered the paint on my face in order to hide from computers. The patterns in which I applied the paint were important: To the pixel-calculating machinations of facial recognition algorithms, they transformed my face into a mess of unremarkable pixels. In the computer’s vision, my face caused a momentary burst of confusion. That’s why the patterns are called computer vision dazzle (or CV dazzle). When it works, CV dazzle keeps facial-recognition algorithms from seeing a face...

...more unexpected was what CV dazzle taught me about the physical world. It reminded me of another tech experiment I’d undertaken

My phone’s Reminders app can tie a message to a specific place, it triggers an alert tone every time a user comes within 500 feet. I’d tried tying these reminders to a different kind of location—the 176 embassies and diplomatic missions in Washington, D.C. Whenever I got within a couple hundred feet of one, my phone sent me a little ping: “Iceland.” “Thailand.” “Equitorial New Guinea.”...

...here is the essence of CV dazzle’s strangeness: The very thing that makes you invisible to computers makes you glaringly obvious to other humans."  (more) (official site cvdazzle.com)

Blank Reg would have loved this.

Wednesday, July 23, 2014

Turkey Arrests 70 Cops for Spying on Prime Minister

Turkey’s political system appeared to be sinking deeper into crisis on Tuesday, as nearly 70 police officers, some of them senior, were arrested for illegally wiretapping the telephones of senior government figures, including the Prime Minster and the intelligence chief. At least 67 members of the country’s police force were arrested in raids that took place on Tuesday all over Turkey, while warrants have reportedly been issued for over 100 people.

Many of the arrestees were seen being taken away in handcuffs by security personnel, including two former heads of Istanbul police’s counter-terrorism unit. Hadi Salihoglu, Istanbul’s chief prosecutor, said in a written statement issued on Tuesday that the suspects were part of a criminal conspiracy that had wiretapped phones belonging to Turkeys’ Prime Minister, Recep Tayyip Erdoğan, as well as Hakan Fidan, director of Turkey’s National Intelligence Organization, known as MİT.

Thousands of other phone lines had also been wiretapped, he added, belonging to journalists and government administrators, including judges and military officials. (more)

Tuesday, July 22, 2014

South Park Man Kills Parents Over Imagined Phone Bugging

A South Park man is being held without bail after investigators say he murdered his mother and stepfather and then disposed of their bodies near the Duwamish River. 

Longtime friends of Parenteau say the father of two had become increasingly more paranoid... "He thought they put something in his arm and were bugging his phone. He thought he was Jesus." (more)

Moral: The fear of privacy invasion is serious and deeply felt. When someone mentions it, take it seriously. It doesn't matter if it is real or imagined. It is real to them. Don't ignore the anguish. Try to help.

Johns Hopkins To Pay $190 Million for SpyCam Gynecologist

A "rogue" gynecologist who used tiny cameras to secretly record videos and photos of his patients has forced one of the world's top medical centers to pay $190 million to 8,000 women and girls. 
Dr. Nikita Levy was fired after 25 years with the Johns Hopkins Health System in Baltimore in February 2013 after a female co-worker spotted the pen-like camera he wore around his neck and alerted authorities.

Levy committed suicide days later, as a federal investigation led to roughly 1,200 videos and 140 images stored on computers in his home... His suicide — by wrapping his head in a plastic bag with a hose connected to a helium tank — frustrated everyone who wanted to know his motives and see him face justice. (more)

Monday, July 21, 2014

iOS Devices are Still Safe -- from everybody except Apple and the NSA

According to a security researcher, undocumented services in iOS allow Apple -- and law enforcement -- to access the contents of any iOS device, including encrypted ones. 
Forensic researcher Jonathan Zdziarski has outlined details of how a number of undocumented services in iOS are purportedly used to collect personal data by law enforcement and government agencies, according to ZDNet.

The services, which sport names like "lockdownd," "pcapd" and "mobile.file_relay," are allegedly used to bypass lock screens and collect data from iOS devices, and are accessible by USB and WiFi. (Zdziarski adds "maybe cellular" to that list as well.)

Zdziarski presented his findings at the HOPE/X (Hackers On Planet Earth) conference in New York,
where he noted that while Apple has worked hard to make iOS secure against "typical attackers," the company has also ensured that it can "access data on end user devices on behalf of law enforcement. "The end result is that iOS has been made "more secure from everybody except Apple and the government." (more)

Russia's Retro Retraction, or... "We don't need no stinkin' spy base..."

"...we got Snowden!"

Russian President Vladimir Putin is denying media reports that he will reopen a Soviet-era base in Cuba used to spy on the United States.
Putin said Thursday there are no plans to resume operations at the Lourdes signals intelligence facility near Havana, after Russian media first reported a day earlier that the two countries provisionally agreed to the deal last week. (more)

Russia Goes Retro with Cuban Spy Base

Russia is trying to reopen a Cold War-era spy base in Cuba.

During Russian President Vladimir Putin’s trip to Cuba earlier this month, Putin and Cuban officials reportedly reached a provisional agreement to reopen the signals intelligence facility in Lourdes, Cuba, south of Havana...

The Lourdes base was first opened in 1964 and was used to intercept communications in the U.S. and throughout the Western Hemisphere. Some estimate that as much as 50 percent of the radio-intercepted intelligence that the Soviet Union collected on the U.S. during the Cold War came from Lourdes. Putin closed the facility back in 2001, citing it as a “goodwill gesture” toward the U.S., which had long expressed concerns about the Russian spy station. However, many analysts believed the real reason behind the decision was the $200 million-a-year rent that Moscow was reportedly paying to Cuba to maintain the base.

According to The Guardian, “the Lourdes facility was the Soviet Union’s largest foreign base, a mere 155 miles from the U.S. coast. It employed up to 3,000 military and intelligence personnel to intercept a wide array of American telephone and radio communications.” (more)

The Trust But Verify App ..."text my other phone."

mCouple is something you can download on your Android and iOS devices to keep track of your partners.

So if someone thinks their significant other is cheating on them or if they’re anxious about who their partner is talking to and where he/she is going... (You get the idea.) It works in a two-way fashion, so both the partners need to have it installed on their devices in order to take advantage of it... 

...its key concept is that all the history from you device will be accessible on your partner’s device. This means, any call or message you get during your day will be accessible on your partner’s connected smartphone without any bounds.

The same applies for contact entries made by you as well. ...its GPS tracking attribute makes it possible to track every move your partner makes. Facebook hasn’t been kept out of mCouple’s purview as well, with partners having been given the option of viewing all the Facebook chats of their significant others. (more)

FutureWatch: An in-app purchase offer for the Instant Alibi upgrade feature :)

Tip: Turn Your Old iPod into a Security Camera for Free

Manything is a free iOS app that lets you convert a spare iPod Touch, iPad, or iPhone into a video surveillance camera. The next part is up to you: either use a second device to view footage remotely and receive alerts and Cloud-saved clips based on motion activity, or simply track what's happening on the Manything Web app. Basically, it works like an IP camera without requiring a separate purchase.

Since Manything just launched an IFTTT channel, you can pair it with Belkin WeMo (or other compatible products) to create DIY home security hacks. Here's how to get started... 


Sunday, July 20, 2014

Leaked British Spy Catalog Reveals Tools to Manipulate Online Information

No online communication is for your eyes only in the age of Internet surveillance by government spy agencies. But a leaked British spy catalog has revealed a wide array of online tools designed to also control online communication by doing everything from hacking online polls to artificially boosting online traffic to a particular website.

The spy catalog information developed by the British spy agency GCHQ comes from documents leaked by former NSA contractor Edward Snowden, according to The Intercept. Such documents don't contain much in the way of technical information about how the online spy tools work, but they do reveal a colorful array of code names for methods aimed at both collecting information and manipulating online information seen on websites such as Facebook and YouTube. (more)

Listen To A Wiretap Of Ukraine Rebels: 'We Just Shot Down A Plane'

Ukraine has released audio from phone calls made between rebels and Russian officers after the downing of Malaysia Airlines Flight 17. You can listen to it here...

In one of the calls, a rebel is heard to say that “We have just shot down a plane.” A reminder, perhaps, that even if the content they carry is atrocious, there is a time and a place for wiretaps. (more)

Scytale - Ancient Spy Gadget - Early Tweet

500 BC: The Spartans of ancient Greece invented the Scytale to transport hidden messages. Scytales were long, slender rods typically wrapped in a thin strip of papyrus, leather, or parchment.
A message was written on the wrapping, and then the strip was unwound and passed on to a messenger. Only when it was rewound around a rod of the same diameter could the original message be deciphered. (more)

Surveilling Celebrities Does A 180º Turnabout

Facebook launched a new app on Thursday, but you can’t get it unless you’re famous. Seriously. Facebook mentions is a new tool that allows celebs to keep constant tabs on what you, your Aunt Helen, the dude who works at your coffee shop, and everyone else in the world are saying about them on Facebook all day in the form of a constantly updating RSS feed! (more)

China Outlawed Manufacturer & Sale of Bugging Devices... meh

Gadgets such as tracking devices and wiretapping bugs have been popular products on China's online shopping websites. Their popularity has not waned even after being declared illegal by the Chinese government, which has since begun shutting down businesses selling and using them, reports the Beijing News...

Most of the sellers in Zhongguancun, which has been dubbed "China's Silicon Valley," only offer the devices when clients ask. Some of them have stopped selling these devices after Chinese authorities banned producing and selling wiretapping devices and hidden cameras on May 1. Producing and selling these devices can be punishable by up to three years in jail. People using them can serve up to two years.

The law seems not to have deterred their sale, however. Over thousands of these devices are available on China's leading e-commerce website Taobao at prices ranging from hundreds to thousands of yuan. They are all advertised as "theft or lost item prevention" devices to avoid legal responsibilities. (more)

Friday, July 18, 2014

Could Drones be the New Force Multiplier for Physical Security?

The use of drones for physical security is limited only by the imagination and battery life, says J. Patrick Murphy, president of LPT Security Consulting.

He envisions drones being used for security purposes in mall parking lots and at oil refineries and other big plants, at hospitals and schools.

Murphy recently had the opportunity to see what camera-mounted drones can offer. He was on an assignment for a Houston-based clinic/pharmaceutical chain, conducting a security assessment of their buildings. As part of that, he needed to do a light(ing) study.

“We went to the parking lot in one location and did a walk-around in the daytime,” Murphy told Security Director News.

Then, he contacted local drone manufacturer and pilot Michael Sclafani of West Fork Drones for a nighttime flyover.
“It just blew me away because of the functionality and maneuverability,” Murphy said of the flyover... With the drone, he was able to see which trees were blocking certain lights and the shadows that resulted. “That’s a story told that I probably would have missed otherwise,” he said. (more)

Thursday, July 17, 2014

Residential Breakin - SpyCam Planted by Neighbor

NJ - The woman says she left for work that morning but returned home an hour later after realizing she'd forgotten her cell phone. She says she noticed the attic door open, and an air vent cover and tools were laid out around her bedroom. 

"I still don't think that it hit me because nothing was taken. The television was here, and the house wasn't ransacked," she said. So, she left her home on Mayfair Lane but called her husband, who told her to call police.

They arrived to find everything cleaned up but searched and reportedly found a camera in the bedroom inside a vent and one installed in a tiny hole drilled in the bathroom shower. She believes the suspect hid it and cleaned up when she left...

Police say further investigation led them just 100 feet away to a neighbor's house, where they arrested 36-year-old Nader Ibrahim. (more - with video)

Amateur Hour: Spying Politicos Leave Their Video Behind

MI - For the third time this year, Democratic gubernatorial candidate Mark Schauer is accusing Republicans of attempting to spy on his campaign.

But this time, the suspected political subterfuge involves a high-tech hidden camera and a video memory disk that fell into the hands of Democrats.

And Republicans are defending their campaign snooping.

Schauer’s campaign and Oakland County Democrats recently came into possession of a tiny disk containing raw video footage of a young woman and man who secretly recorded a Schauer campaign fundraiser June 22 at a private home in Bloomfield Hills.

A spokesman for the Michigan Republican Party acknowledged Wednesday the state party sent staffers... to videotape Schauer and his running mate... (more)

Outrageous Phone Tap of the Month

via Techlicious...
If you’ve ever tried to cut the cable TV cord, then you know how difficult an experience it can be. Your cable company has customer retention specialists trained to do whatever it takes to keep you as a customer. Usually, this just means offering leaving customers better prices to entice them to stay. Usually.

Last week, AOL executive Ryan Block and his wife Veronica Belmont called up Comcast to close their account and switch to another cable provider. Their customer service rep would have none of it, however. After 10 minutes of unsuccessfully trying to end service via the worst customer service agent in the world, Belmont handed the phone over to Block, who had the foresight to start recording the conversation. (more)

Wednesday, July 16, 2014

REI - Business Intelligence and Security Conference - Sept. 9-11

REI is hosting a 3-day conference on securing corporate and private sector assets. September 9 through 11 at the REI Training Center, Algood, TN. 

Too often, security is primarily focused on physical protection of property and personnel. However, the American Society for Industrial Security (ASIS) states that 70% of a corporations’ value is from intangible assets and its proprietary business operations.

REI has assembled a group of leading experts to cover several aspects of corporate and private sector technical security in today’s environment. (flyer and registration form)

I have attended many of REI's training sessions and related conferences. All have been very worthwhile. Guaranteed, you will learn things not taught elsewhere. This seminar seems especially worthwhile for security directors and security consultants. PS - They always provide great food.

See Threat, Ignore Security - IT = Idocracy Time

In a study, most IT execs at critical infrastructure companies revealed that their organization was compromised in the last year, but only 28 percent of them said that security was a top priority across their enterprise.

Nearly 600 global IT and IT security execs across 13 countries were polled for the “Critical Infrastructure: Security Preparedness and Maturity” report, released Thursday. And of those respondents, 67 percent said they had dealt with at least one security compromise, leading to the loss of confidential information or disruption to operations, at their companies.  
In an interview with SCMagazine.com, Dave Frymier, CISO of Unisys, found it concerning that so many respondents seemed to be knowledgeable of threats to their organizations, but that this awareness hadn't translated to a heightened focus on security. (more) (10 things "Idocracy" predicted that came true.)

Time to yank some of that IT "security" budget and put it back where it was doing some good - traditional information and intellectual property security measures. Call us.

Counterespionage Trick #003: Germany Blows the Dust off of Old Typewriters

Germany is considering going back to the trusty old typewriter to counter alleged spying by the U.S. government.

In an interview with the TV service Morgenmagazin, a politician in charge of a parliamentary inquiry into U.S. spying in Germany said that the government is seriously considering a low-tech solution to the ongoing espionage problem, according to the Guardian.

Asked "Are you considering typewriters?" by the interviewer, Christian Democrat politician Patrick Sensburg said: "As a matter of fact, we have – and not electronic models either." "Really?" the surprised interviewer checked. "Yes, no joke," Sensburg responded. (more)

Police Won't Rule Out Reports Coffin was Bugged in Bid to Catch Killer

Australia - The former head of the Queensland Police homicide squad is not ruling out reports that Allison Baden-Clay's coffin or flowers were bugged at her funeral in a bid to catch her killer. 

Former real estate agent Gerard Baden-Clay was yesterday sentenced to life in prison after being found guilty of murdering his wife in 2012.

He reported her missing 10 days before her body was found on the bank of Kholo Creek in Brisbane.

Detective Superintendent Brian Wilkins, who headed the investigation into Allison's murder, told 612 ABC Brisbane's Steve Austin that police were immediately suspicious of Baden-Clay because his face was scratched and "things did not add up".

He also said "wide and varied strategies" were used to gather evidence. (more)

Tuesday, July 15, 2014

Tap Stars of Las Vegas - "...we're damn good!"

"Let me call in a buddy of mine. He's an expert on wiretaps."

Las Vegas authorities use electronic wiretaps more than almost every other police agency in the country, according to a new report. Clark County judges approved 187 wiretaps on phones in 2013, and police executed 178, according to the Administrative Office of U.S. Courts. 

All of the wiretaps were for drug investigations. That’s a lot of wiretapping, especially when you factor the county’s population, compared to metro areas at least four times larger. 

Los Angeles County judges approved 148 wiretaps last year. New York City’s special narcotics bureau had 138 wiretaps approved. 

Pew Research Center analyzed the data and determined — based on population — that the Silver State leads the nation with 38 phone wiretaps per 500,000 people in 2013. 

No other state saw more than 12 wiretaps per 500,000 people, according to the nonpartisan think tank. So why are Nevada’s numbers so high... (more)

Monday, July 14, 2014

Privacy Tip: How To Remove Your House From Google Street View

Stars like Paul McCartney and Jimmy Page are asking Google to blur out their houses on Street View, but that's not a feature exclusive to celebrities. You can do it, too. Celebrities -- they're just like us!

There's not a whole lot of privacy to go around nowadays, so it's a good idea to take advantage of any opportunity for anonymity you can find. It's actually pretty easy to ask Google to blur out your house from Street View.  

Here's how: Find your house on Street View by searching for your address on Google Maps... (more)

How bad is computer security in the business world?

Complete disarray, if you believe a friend of mine who's worked in the industry forever. Behold his hair-raising tales... (more)

Australia - Stronger privacy laws needed to protect public from drones

A federal parliamentary committee is recommending stronger privacy laws to protect the public from invasive technologies like drones.

The Government-dominated committee's report is titled Eyes in the Sky, but its recommendations go beyond the use of remote piloted aircraft, more commonly known as drones.

The House of Representatives' standing committee on social policy and legal affairs calls on the Abbott Government to look at creating a tort of privacy.

But Attorney-General George Brandis has previously rejected such a move as an intrusion on personal freedoms. (more)

The fight drones on. Personal Privacy v. Personal Freedoms.

Sunday, July 13, 2014

PI High Flyers are not Keeping a Low Profile - What could possibly go wrong?

(Private) Investigators are taking drones to new heights — using the remote-controlled aircraft to catch New Yorkers cheating on spouses, lying about disabilities and endangering their kids.

“People want you to believe there’s all this negativity associated with drones . . . but they could be a very helpful tool,” said Olwyn Triggs, a gumshoe for 23 years and president of Professional Investigators Network Inc. in Glen Cove, LI.

Triggs recently used a drone to find an upstate man suspected of insurance fraud. Signs on his rural property warned that trespassers would be shot, so she sent in her 2-pound, foot-long Phantom 2 Vision quadcopter, which costs about $1,000...

"And if they're not disabled..."
Matthew Seifer recently pretended to test-fly a drone in Central Park. He was actually recording a husband fooling around with a female coworker from 100 feet away.

“Sometimes the best thing is to be right there in plain sight,” said Seifer, president of Long Island-based Executive Investigations...

“We raised the drone above the restaurant, [and] he was engaged in a sexual act in the front seat of his car,” the investigator said. “[Drones] get us those types of money shots.” (more)

...an FAA crackdown, loss of PI license, lawsuit defense expenses, etc.

Friday, July 11, 2014

Keylogger Malware Found in Hotel Business Centers

The NCCIC and the USSS North Texas Electronic Crimes Task Force recommend that hotel managers, owners and other hospitality industry stakeholders consider the following.

Contacting your network administrator to request that:
• A banner be displayed to users when logging onto business center computers; this should include warnings that highlight the risks of using publicly accessible machines.

• Individual unique log on credentials be generated for access to both business center computers and Wi-Fi; this may deter individuals who are not guests from logging in.
• All accounts be given least privilege accesses; for example, guests logging in with the supplied user ID and password should not be able to download, install, uninstall, or save files whereas one authorized employee may have a need for those privileges to carry out daily duties. 

• Virtual local area networks (VLANs) are made available for all users, which will inhibit attackers from using their computer to imitate the hotel’s main server.
• All new devices are scanned (e.g. USB drives and other removable media) before they are attached to the computer and network; disabling the Auto run feature will also prevent removable media from opening automatically.
• Predetermined time limits are established for active and non-active guest and employee sessions.
• Safe defaults are selected in the browsers available on the business center desktops (e.g. Internet Explorer, Mozilla Firefox). Options such as private browsing and ‘do not track’ for passwords and websites are some of the many available.

Any questions regarding this advisory can be directed to the United States Secret Service North Texas Electronic Crimes Task Force at (972) 868-3200

Correctional Facility Bugs Employees, Claims it was a Test (cue klaxon)

Correctional staff are reeling and demanding answers after a microphone was found inside of a smoke detector in a staff lounge area.

CBC News reports that the acting director of Saskatoon Correctional Center claimed the listening device was a prototype for a new intercom system intended to keep the facility safer.

If it were actually used, it would be placed in inmate living areas. The testing, however, had to be done elsewhere.

“It was not installed as a means in which to covertly listen to staff conversations. For anyone to covertly listen or intercept private communications would require legal authority to do so,” Jock McDowell said.

The device was designed to look like a smoke detector to discourage inmates to tamper with it.

The union says this has further strained staff-management relations. (more) (RIP Dick Jones) (sing-a-long)

Business Espionage: White Pigment Spy Sentenced by Judge White

A federal judge on Thursday sentenced a California chemical engineer to 15 years in prison and fined him $28.3 million for a rare economic-espionage conviction for selling China a secret recipe to a widely used white pigment.

U.S. District Court Judge Jeffrey White in Oakland said Liew, a naturalized U.S. citizen, had "turned against his adopted country over greed." (more)

You Know You Want One...

Have something small — cash, microfilm, an SD card loaded with private videos — that you want kept safe and out-of-sight? 

Hide it in plain view with the Spy Bolt. Based on Soviet KGB hollow bolts, this handy gadget features a secret storage compartment that's nearly half and inch in diameter and almost three inches long, offering plenty of room for covert communications. And should the bolt find its way outside, you rest assured that the contents are safe, thanks to an O-ring seal around the top. (more)

Emboldened by Their Upcoming World Cup Victory this Sunday...

Germany expelled the CIA station chief in Berlin over alleged spying by the United States which has refused to break its silence over the escalating row between the Western allies.

The expulsion came after two suspected US spy cases were uncovered in less than a week in Germany, where anger still simmers over the NSA surveillance scandal...

“The representative of the US intelligence services at the embassy of the United States of America has been told to leave Germany,” German government spokesman Steffen Seibert said. The step was highly unusual among NATO allies and underlined Berlin’s anger. (more)

The NSA Speaks (humor)

The NSA addresses allegations that the U.S. has been spying on Germany. (video)

Monday, July 7, 2014

Before There Was Snowden There Was Mitrokhin

The papers spent years hidden in a milk churn beneath a Russian dacha and read like an encyclopedia of Cold War espionage.

Original documents from one of the biggest intelligence leaks in history — a who's who of Soviet spying — were released Monday after being held in secret for two decades.

The files smuggled out of Russia in 1992 by senior KGB official Vasili Mitrokhin describe sabotage plots, booby-trapped weapons caches and armies of agents under cover in the West — the real-life inspiration for the fictional Soviet moles in "The Americans" TV series.

In reality, top-quality spies could be hard to get.
The papers reveal that some were given Communist honors and pensions by a grateful USSR, but others proved loose-lipped, drunk or unreliable.

Intelligence historian Christopher Andrew said the vast dossier, released by the Churchill Archives Centre at Cambridge University, was considered "the most important single intelligence source ever" by British and American authorities.

Mitrokhin was a senior archivist at the KGB's foreign intelligence headquarters — and a secret dissident. For more than a decade he secretly took files home, copied them in longhand and then typed and collated them into volumes. He hid the papers at his country cottage, or dacha, some stuffed into a milk churn and buried.

After the 1991 collapse of the Soviet Union, Mitrokhin traveled to a Baltic state — which one has never been confirmed — and took a sample of his files to the U.S. Embassy, only to be turned away. So he tried the British embassy, where a junior diplomat sat him down and asked, "Would you like a cup of tea?"

"That was the sentence that changed his life," said Andrew.

Smuggled out of Russia, Mitrokhin spent the rest of his life in Britain under a false name and police protection, dying in 2004 at 81. (more)

Priest Bugged

Australia - Police are examining alleged threats made to a Greek priest and the bugging of a church house in which he was living.

The alleged threats, involving an unnamed priest from the Autocephalic Greek Church of America and Australia, were reported a fortnight ago while the discovery of the concealed listening device was reported to police in late March.

The alleged threats are ­related to the controversial ordination of Father Prokopios Kanavas as bishop of the AGCAA last August.

Father Kanavas resigned in acrimonious circumstances in April – just eight months after he was ordained. He has been stripped of his titles and moves are now being made to expel him from the Greek Orthodox Community of South Australia.

While GOCSA executives ­believe they know who made the unlawful threats to the priest, the precise motive and culprit ­responsible for the bugging remain unclear.
The listening device was hidden in the rangehood of a church house in Grattan St, in the city, adjacent the Greek ­Orthodox cathedral. Such devices, which are freely available for purchase on the internet, have a range of around 50m. (more)

Employee and Aid Bug Co-Workers

An accountant resigned from her $42,000-a-year part-time job as West Seneca’s comptroller two months ago after employees accused her and an aide of using a tape recorder to secretly record their workplace conversations.

Town officials confirmed that two town employees made complaints against Jean M. Nihill, 57, about a month before she resigned from her job as the town’s top finance officer on May 12. Nihill, a certified public accountant, is the business partner of one of the town’s most politically powerful individuals – town Democratic Party leader Paul T. Clark, who served as town supervisor for 16 years.

The employees also alleged that former deputy comptroller Linda Kauderer took part in the bugging.
Kauderer retired from her town job May 20.

Police investigated the complaints and verified that a tape recorder was used to record the employees while they were working in town offices, Police Chief Daniel M. Denz confirmed. (more)

1978 Federal Intelligence Surveillance Act Instigator Dead at 68

David Truong, a Vietnamese antiwar activist whose conviction on espionage charges in the United States in 1978 raised alarms about the federal government’s use of wiretaps without court orders and spurred passage of the 1978 Federal Intelligence Surveillance Act prohibiting such practices, died on June 26 in Penang, Malaysia. He was 68. (more)

Thursday, July 3, 2014

Today in Business Espionage News

PA - Cumberland County-based Harsco Corp. is suing one of its former top executives in federal court, accusing him of corporate espionage for allegedly passing confidential company information to a competitor.
Clyde Kirkwood essentially acted as a mole, Harsco contends in the U.S. Middle District Court complaint it filed this week.

Kirkwood abruptly quit his post as commercial vice president for Harsco's Metals & Minerals Division in early June, three months after he secretly agreed to take an executive job with the Michigan-based Edw. C. Levy Co., Harsco's suit states.

Harsco claims that, starting early this year, Kirkwood not only passed confidential Harsco information to Levy, including data on top-level corporate decisions, he also intervened to try to steer Harsco away from international projects where it could be in competition with Levy. (more)


Taiwan tech giant Hon Hai said today it has pulled out of a deal to buy 4G equipment from Huawei after the government warned that the Chinese company posed a national security threat.

Taiwan raised those concerns in March after Hon Hai announced the USD 178 million deal, saying telecom equipment purchased from Huawei could be used for cyber espionage. (more)


The wife of a Chinese company’s chairman was arrested in California after she was charged in an indictment filed Wednesday in federal court in Des Moines with conspiracy to steal trade secrets from U.S. seed corn companies.

Mo Yun, 42, was arrested Tuesday in Los Angeles. She is a citizen of China. A spokesman for U.S. Attorney Nicholas Klinefeldt said he could not comment on whether she was in the U.S. on a work or visitor visa or why she was in California.

Her arrest is the latest development in a case Klinefeldt announced in December in which several employees of Beijing Dabeinong Technology Group Co., known as DNB Group, or its subsidiaries were alleged to have stolen patented seed corn from fields in Iowa and Illinois and shipped it to China to try to reproduce its traits. (more)

Marti Oakley's Pre-4th of July Privacy Review

  • We have street lights spying on us in public.
  • We have your SMART meters tracking what you do in your home, not to mention making many people ill.
  • We got your scan enabled license plates so that you can be tracked for any reason or no reason as you travel.
  • These plates will also be handy for “tax per mile” calculation at the pump coming to a state near you in the very near future.
  • Our cell phones can be tracked using GPS installed in them.
  • Retailers can access your cell phone while you shop in their stores.
  • NSA can listen in and track you anytime they want on the phone, on the net, or on any gadget you might possess.
  • GPS allows the tracking and location of our vehicles.
  • Black box recorders are now installed on all new models of cars so that conversations in the cab of the car can be retrieved, insurance companies can access info about you and so can the NSA.
  • And there is not one major retail establishment that you can enter without having your picture snapped, compared to millions of faces in the system, and identified. You can and will be tracked throughout the store you are in, along with your purchases and how you paid for them.
  • We have nano-chips, scan enabled from satellites, sprinkled in numerous high volume food products so that what we eat can be tracked, if anyone really wants to know what we are eating and where we are eating it.
  • Medications are soon to be laced with nano-chips so that your doctor and/or insurance provider can determine if you are taking prescribed medications.  (You can be dropped from your insurance for non-compliance if you are not taking the drugs for any reason)
  • They will also be inserted into medical devices, like your hip and knee replacements. (more)
Note: The above comments are not mine and should be subject to fact-checking.

On the other hand, fireworks haven't been banned in all states, yet.
Map that shows the types of fireworks allowed in each state.

"Talk to the badge, Axxxxxx."

UK - Shop workers who have been the victims of hate crime are to be given 'spy' name badges - in a bid crack down on racism.

Some 48 devices are being bought by Merseyside's Police Commissioner Jane Kennedy to help tackle hate crime.

The semi-covert video cameras, which look like large name-badges, are intended to support victims of racial abuse. The cameras will capture evidence to help prosecute offenders.

The commissioner is also buying 100 personal safety devices for use by high-risk victims of domestic abuse, harassment and stalking. (more)

Spy Badges Gain Traction...
HIGHLY trained officers keeping the peace during G20 will wear tiny, spy-like cameras – the first to be issued by the Queensland Police Service.

The lightweight, miniature video cameras will be clipped to officers’ uniforms to record potential evidence during November’s summit.

The Courier-Mail can reveal 70 high-definition cameras will be used by frontline police. (more)

The Government Owns Your Tweets - No, not the NSA... the LOC

Even deleting your Twitter account won't help. 
You're brain farts are permanently archived.

Twitter and the Library of Congress have this "deal", see. Twitter gave the right to the Library of Congress to archive your public tweets from 2006 on. The result... everything posted publicly by you, since then, is now owned by the government.

"An element of our mission at the Library of Congress is to collect the story of America and to acquire collections that will have research value. So when the Library had the opportunity to acquire an archive from the popular social media service Twitter, we decided this was a collection that should be here.

In April 2010, the Library and Twitter signed an agreement providing the Library the public tweets from the company’s inception through the date of the agreement, an archive of tweets from 2006 through April 2010. Additionally, the Library and Twitter agreed that Twitter would provide all public tweets on an ongoing basis under the same terms."

FutureWatch: Data mining of your tweets by employers, attorneys, investigators, retailers, insurance companies, LOEs, ex's, and plain old creepy people.

BTW... Kevin's Security Scrapbook post headlines are Tweeted.

Infographic - NSA Interactive Spy Chart

This is a plot of the NSA programs revealed in the past year according to whether they are bulk or targeted, and whether the targets of surveillance are foreign or domestic. Most of the programs fall squarely into the agency’s stated mission of foreign surveillance, but some – particularly those that are both domestic and broad-sweeping – are more controversial.
Click to see whole chart.

Just as with the New York Magazine approval matrix that served as our inspiration, the placement of each program is based on judgments and is approximate.
For more details, read our FAQ or listen to our podcast. Also, take our quiz to test your NSA knowledge. (more)

Wednesday, July 2, 2014

BSI Publishes Study on Enterprise Mobile Device Security

BSI, the German Federal Office for Information Security, has published a report on "Enterprise mobile device security" (in German*) that provides a comprehensive overview on the current risks associated with the deployment of mobile devices in an enterprise context.
The report... covers Apple iOS, Google Android and Blackberry devices, taking a hard look at the current generation of hardware and software and the resulting dependencies on a limited number of key suppliers.

The study identifies key risk areas associated with the deployment of mobile devices in an enterprise context... and makes the case for doing so only in the context of a well-defined framework of organizational and technical measures that secure the enterprise against industrial espionage and other kinds of attacks. 

* An English version may be available. Ask at ESD America
Audio interview about Cryptophone, a high security cell phone ≈ 6 min.

Tuesday, July 1, 2014

Travel - Should executives expect to be subjected to more traditional means of surveillance...

...such as hidden cameras or microphones, intrusion into hotel rooms, or being followed?

Hidden cameras, microphones or physical surveillance are all reportedly routine in many parts of the world, not just China, for purposes that can include industrial espionage, blackmail and to identify and monitor potential criminal activity. 

Physical security systems, domestic security practices and personal privacy expectations can vary in different areas, but all of the above may be encountered. 

At major facilities catering to foreign business travelers, we expect that plainclothes police and domestic security personnel are nearby at almost all times. 

However, some individuals claiming to be police or facility staff may be scam artist impersonators – you never want to hand over a wallet containing identification, cash and all your payment cards. 

If you travel into the interior on a domestic flight, do not be surprised if your wallet and personal electronic devices are removed to a location out of your view during screening at the security checkpoint. (more)

First a Drone. Now a Helicopter. World Cup Spying Continues.

A helicopter from TV Globo was caught spying on Chile’s practice just outside Belo Horizonte.

Chile coach, Jorge Sampaoli, brought the session to a temporary standstill until the helicopter was ushered away from local side Cruzerio’s training centre at Toca da Raposa. (more)