Sunday, December 20, 2015

Irony Alert: Video Voyeur Sentenced - He Was Caught Spying by Spying

Former Border Patrol agent Armando Gonzalez was sentenced to 21 months in federal prison for planting a hidden camera in the women’s restroom at a Chula Vista Border Patrol facility. 

The camera, which Gonzalez used to violate the privacy of female employees who used the restroom, was discovered when he made reference to it in an email sent from his personal account to a friend and fellow voyeur-cam enthusiast...

Back Stories...
  • Department of Homeland Security’s surveillance of private emails credited with discovery of Border Patrol agent’s hidden camera voyeurism...
  • Further, drone footage taken through Mr. Gonzalez’s bedroom window clearly shows him viewing the camera’s digital feed on this personal computer. more

The Spy Pen in the Pen, or... Why You Need a Recording in the Workplace Policy

In March, state computer technician Rob Jones was on a routine job assignment at Maury Correctional Institution east of Goldsboro, working on a computer in an office used by private maintenance contractors.

Jones wanted to write a note but did not have a pen, so he grabbed one from the desk and clicked it.

Instead of a protruding pen point, Jones saw a blue light. He clicked again and the light changed to amber.

Jones didn’t know what the pen was, but he apparently knew it didn’t belong inside a maximum security prison. Jones took the pen to his office, unscrewed the top and found a USB plug. When he plugged it into a computer he saw the pen was actually a video camera.

Spy cameras, like cellphones and weapons, are contraband in prison. Jones gave it to his supervisors, whose investigation showed that a maintenance worker employed by The Keith Corp. brought the spy pen into the prison.

The investigation found that Andrew Foster, the top Keith employee at Maury, used the camera several months before to secretly record a meeting with the prison superintendent, whom Foster believed had mistreated him. Foster sent the recording to his bosses in Charlotte, who watched it but did not report the contraband to prison officials. more

P.S. I provide a "Recording in the Workplace" policy template (no charge) to all my clients.

Smartphone App: Record, Store & More

There are plenty of apps for recording your phone calls, but Yallo one has some extra tricks... like adding a subject line to your phone call. 
  • "Not urgent if you're busy."
  • "Emergency. Pick up."
  • "Quick question, promise."
  • "This is the kidnapper."
The full feature set... 

iPhone Call Recording App features:
  1. Outgoing Call Recording
  2. Free Incoming Call Recording - Unlimited!
  3. Saved on a Secure Cloud - Free Up Space
  4. Truly Unlimited Call Duration
  5. Keep Your Caller ID
  6. Mark Favorite Calls
  7. Custom Call Title 

Android App features:
  1. Go Yallo: No cell reception? No problem! With Go Yallo you are still available for calls to your regular number via WiFi and Yallo. 
  2. For the Record: Record and playback your calls, send them to your email, HD call quality. Save calls and listen later. Forward a recorded call to somebody else. Search based on keywords and phrases used in the call. 
  3. Call Caption: Want to let someone know why you’re calling so they can decide to pick up or not? Call Caption is the answer. Write a quick message that gives someone the context in advance.
  4. Existing Phone Numbers Welcome: No need to get a new number or transfer your existing one. Yallo works with your current number.
  5. Flexible: Make any device your phone, regardless of where your SIM card is. Out of juice or lost your phone? No problem. Log into Yallo on someone else’s phone and voila! it is your phone. Outgoing calls have your caller ID and incoming calls to your regular number, now come to your newly adopted phone.

The Ultimate Smartphone Brain Sucking Spider

As Razyone describes its product, "InterApp is a game-changing tactical intelligence system, developed for intelligence and law enforcement agencies, enabling them to stealthily collect information from the cloud using smartphone application vulnerabilities."

InterApp can allow its operators to break into nearby smartphones that have their WiFi connection open, and then, employing a diverse arsenal of security vulnerabilities, gain root permission on devices and exfiltrate information to a tactical server.

InterApp can steal passwords and data from targeted smartphones.

According to Rayzone, InterApp can steal a user's email address password and content, passwords for social networking apps, Dropbox passwords and files, the user's phone contact list, and his photo gallery.

Additionally, the gadget can also acquire the phone's previous geographical locations and plot them on a map, IMEI details, MSISDN data, MAC address, device model, OS info, and personal information on the target, such as gender, age, address, education, and more...

Even better, InterApp's hacking operations leave no forensics traces on a target's smartphone, or so Rayzone claims. more

Thursday, December 17, 2015

A History of Privacy - From 1844 to the NSA

An extraordinary fuss about eavesdropping 
started in the spring of 1844, when Giuseppe Mazzini, an Italian exile in London, became convinced that the British government was opening his mail.

Mazzini, a revolutionary who’d been thrown in jail in Genoa, imprisoned in Savona, sentenced to death in absentia, and arrested in Paris, was plotting the unification of the kingdoms of Italy and the founding of an Italian republic.

He suspected that, in London, he’d been the victim of what he called “post-office espionage”... more

Wednesday, December 16, 2015

From Ear Trumpets to Listening Urns: 2,500 Years of Chinese Bugging

Wee Kek Koon says, in light of Hong Kong University Council leaks, that China has a long history of clandestine recording.

Given the number of audio recordings involving members of the University of Hong Kong council leaked recently, one fears Hong Kong will become a place where everybody either watches what they say or chooses not to say anything for fear of being tried and fried by public opinion. The obvious question – who’s been doing the recording? – on everyone’s minds notwithstanding, it can’t be that hard to screen for listening devices.

Illustration: Bay Leung

Clandestine listening devices in ancient China were simple cylindrical tubes pressed against the wall, which gave rise to the saying geqiang you’er (“the walls have ears”).

“Listening urns”, which were detailed in a military treatise some 2,500 years ago, were used on battlefields to provide advance warning of enemy approach. A wide-bodied urn would be buried with its small opening above ground, over which a thin piece of leather was stretched. By pressing one’s ear to the leather, one could detect the direction from which an enemy was approaching. For precision, huge urns were used, with someone sitting inside, at times. The visually impaired were preferred, for their supposedly acute sense of hearing. more

Bugging Incident - Episcopal Church COO Placed on Administrative Leave

via David W. Virtue DD
The Presiding Bishop of The Episcopal Church, Michael Curry, has suspended his right hand man, COO Bishop Stacey Sauls, and placed him on administrative leave along with two other senior church officers over what is being described as "misconduct in carrying out their duties as members of senior management of the Domestic and Foreign Missionary Society."

No one will give information about the exact nature of the incident...

A tape-recording device had been concealed and was running, Barlowe told a shocked room. Council members were exhorted to look under their tables to see if anything was taped. The hidden tape recorder was found on the floor near the lead table where top church leaders had been seated throughout Executive Council... No surveillance cameras that might have recorded someone hiding the recorder were found.

Who would possibly want to bug a church that is dying and has already passed all the hot button issues at various General Conventions? What is there left to bug, pray tell? Apparently a lot.

The incident resembles something out of an episode of Fawlty Towers, when Fawlty (John Cleese) bugged a guest's room to check how much toilet paper was being used. more

VPN Equip All Your Devices... especially if you use public Wi-Fi

To put it simply, a Virtual Private Network (VPN) is a service or program that allows a device to connect to a secure offsite server over a network using an encrypted, “tunnel-like” connection.

It allows the user’s IP address to be masked, providing a layer of all-important privacy and anonymity. Besides, the encryption of the connection is generally of such a high-grade that any data transmitted can be considered perfectly safe. Originally used for businesses, companies offering VPN services to consumers started to form, realizing the immense security benefits that users can reap from the service.

They are used by everyone from families at home who want to make sure no one can track their online habits to a journalist who doesn’t want people or governments to know where they are. Travelers love them in particular due to the safety they grant one on unknown networks. The underlying thread is protection, and running a quality VPN on your computer is a surefire way to make yourself safer and protect your personal information. more

The First Clip on a Spycam is Usually the Perp

LA - Baton Rouge Police detectives are attempting to identify a man who is believed to have placed a small video camera in the men’s urinal at the office building of 4000 S. Sherwood Forest.

According to police, the camera was found by a male using the restroom.

The camera was retrieved and an analysis was completed in which the image of this individual was observed.

Anyone with information on the identity of this individual is urged to contact the Special Victims Division at 225-389-3853 or Crime Stoppers at 225-344-7867. video

The Smallest Cameras Keep Getting Smaller

Misumi Electronics Corp. specializes in spy applications, surveillance systems, industrial inspection, and medical applications.

Monday, December 7, 2015

Field Reports from the Blue Blaze Irregulars - iPhone & Micro TV News

Your iPhone Keeps a List of Everywhere You’ve Ever Been. Here’s How to Delete It 





Your iPhone lists all of the exact locations of the major cities you’ve been recently.beneath every location you’ve visited, it lists the number of recorded visits in a certain time period. If you click on a location, it will list out all of the times and dates of your visit.  more

Want to turn it off? Here’s how:
  1. Go to the Settings menu, select Privacy
  2. Select Location Services
  3. Scroll down (really far) to the bottom (keep going) and select System Services
  4. Scroll and select Frequent Locations
  5. Get sufficiently creeped out by how much your iPhone knows about you
  6. Select ‘Clear History’ and swipe the Frequent Locations tab left
 (Submitted without comment.) ~BBI 62521


The Smallest Camera in the World
Medigus has developed a range of micro CMOS (complementary metal-oxide semiconductor) and CCD (charge-coupled device) video cameras, including micro ScoutCam™ 1.2, which to the best of the company's knowledge, is the smallest in the world. more

While these are intended to some degree for medical use they can be used for any “special” need. When you get down to the nano-sized cameras, the potential is mind-boggling. There are cameras now in insect-like drones too that would probably land on your shirt to save power. Hmmm…that buzzing in your ear is a camera!  ~BBI 77377

Saturday, December 5, 2015

Security Director Alert: A Brilliant Answer to Shredding Security Worries, and Cost

Epson Develops the World's First Office Papermaking System
Turns Waste Paper into New Paper 
  
PaperLab promises to revolutionize office recycling by securely destroying documents and turning them into office paper using a dry process.

Seiko Epson Corporation has developed what it believes to be the world's first compact office papermaking system capable of producing new paper from securely shredded waste paper, without the use of water.

Epson plans to put the new "PaperLab" into commercial production in Japan in 2016, with sales in other regions to be decided at a later date.

Businesses and government offices that install a PaperLab in a backyard area will be able to produce paper of various sizes, thicknesses, and types, from office paper and business card paper to paper that is colored and scented.

Until now enterprise has had to hire contractors to handle the disposal of confidential documents or has shredded them themselves. With a PaperLab, however, enterprise will be able to safely dispose of documents onsite instead of handing them over to a contractor. PaperLab breaks documents down into paper fibers, so the information on them is completely destroyed. more



This could be the biggest information security news of the year for many corporations and government agencies. ~Kevin

Being Ordinary Saves Apple from Wiretapping Charge

CA - A federal judge Monday found no evidence that Apple's failure to deliver text messages sent via iMessage to non-iPhone users amounts to wiretapping.

U.S. District Judge Lucy Koh... wrote. "Defendant does not 'intercept' the message within the meaning of the Wiretap Act by erroneously classifying the message as an iMessage."

Koh agreed with Apple that its server falls under the Wiretap Act's "ordinary course of business" exception, saying the evidence, redacted and undisputed by both sides, showed that the iMessage server never operated outside its ordinary functions. A device acting within the ordinary course of business, Koh wrote, cannot form the basis of a Wiretap Act claim. She granted Apple's motion for summary judgment.  more

Montreal Makes Spying a Hackneyed Phrase

Montreal Is Now Spying On The City’s Taxi Drivers

...the Montreal taxi bureau will be sending out “mystery passengers” that will spy on cab drivers.

Hoping to get a real picture of how drivers treat passengers, 150 mystery riders will get in cabs around the city and evaluate drivers, according to Global News...

On the other hand, now that we’re all talking about the taxi-driver-spies, drivers may be on their toes and act all nice and pleasant in fear of being reprimanded, which isn’t a solution to an ongoing problem. Guess we’ll have to wait and see. more

U-2 Spy Plane Teardown

via
Aircraft maintenance is no laughing matter. Keeping planes, especially multi-million-dollar spy planes, in the air requires loads of work. Like many military aircraft, the U-2 spy plane gets a complete and total disassembly, a thorough inspection of all its parts, and in the case of the Dragon Lady, a complete repainting.

Sploid has an awesome time-lapse video of the process, which is handled every 4,700 flight hours by Lockheed Martin technicians. The video shows everything from the roll in to the post-maintenance takeoff, with the breakdown of parts, stripping of paint and the general inspection shown in a decent degree of detail. What we find most fascinating, though, is the way the entire plane seems to come apart like a giant Lego assembly. The wings and tail just sort of pop off, leaving the surprisingly tiny fuselage to be inspected.



Following the inspection and reassembly, the U-2 is returned to the Air Force where it can conduct its usual spying and reconnaissance operations. more

Monday, November 30, 2015

The Best Spy Museum You will Never See... except for the parts on-line

The CIA Museum's collection includes artifacts associated with the CIA's predecessor, the Office of Strategic Services; foreign intelligence organizations; and the CIA itself.

The collection includes clothing, equipment, weapons, insignia and other memorabilia that serve as tangible testimony to the Agency's history. Many of the objects the Museum holds were designed, manufactured and used specifically for intelligence operations.

CIA used the “Belly Buster” drill during the late 1950s and early 1960s to drill holes into masonry for implanting audio devices. After assembly, the base of the drill was held firmly against the stomach while the handle was cranked manually. This kit came with several drill bits and accessories.
52.5 cm x 22.5 cm x 5 cm
(L x W x H)

All artifacts displayed in the museum's exhibits have been declassified by the appropriate Agency officials. Please note that because the Museum is located on the CIA compound, it is not open to the public for tours. Take the on-line tour.

Italian Authorities to Spend 150 Million Euros on Monitoring PlayStation Chat

Italian Minister of Justice Andrea Orlando has revealed that the Italian government intends to spend 150 million euros (£105mn | $157mn) 

on new equipment and techniques to monitor encrypted communications, including the PlayStation 4 game chat protocols which recently fell under suspicion as a means of communication by which ISIS may have coordinated the recent attacks on Paris.

It is not clear whether the ‘new instruments’ of surveillance about which Orlando spoke to Il Messaggero [Italian language] will be new to investigative authorities, or new per se – but the decision to make the investment involves not just equipment and technicians, but additional ‘cultural mediators’ in prisons, “to prevent these forms of radicalization, that have developed in other countries in [the same] context.” more

Merry Christmas folks!

Sunday, November 29, 2015

Town Supervisor Faces a Second Round of Eavesdropping Charges

NY - Embattled Windham Supervisor Stacy M. Post is facing additional charges in a six-count indictment handed up by a Greene County grand jury.

Post’s second indictment cites alleged illegal activities between Feb. 22 and March 3, 2014, at the Windham Town Hall by the supervisor and former police chief. The first indictment was released in February, after her arrest by state police on Jan. 12...

The most recent indictment charges Post with installing video and audio surveillance software and hardware on her office computer “for the purpose of eavesdropping on individuals without their knowledge or consent” and with using eavesdropping equipment in her possession to eavesdrop on town employee Cynthia Nelson, former town employee Bette Rhoades, Town Clerk Bonnie Poehmel and Councilman Wayne Van Valin between Feb. 25 and March 3, 2014. more

Saturday, November 28, 2015

Spy for Art's Sake

Spy vs. Spy: Tech-Savvy Swiss Duo Bitnik Refines the Art of Espionage

‘I’ve hijacked your surveillance camera. How about a game of chess?”
The words filled a closed-circuit television screen that only seconds before had shown commuters in London’s Charing Cross station.

Whichever security guard read the message soon saw it replaced by a chessboard and the words: “You are white. I am black. Call me or text me to make your move. This is my phone number: 075 8246 0851.”

In the heart of the world’s most surveilled city, two artists were registering their polite protest with the help of a laptop and an interfering transmitter. Carmen Weisskopf and Domagoj Smoljo, a Swiss team known as !Mediengruppe Bitnik, have been co-opting the spy’s arsenal to practice their own, artistic style of counter-espionage...

 

Artists and spies are loners, operating on the margins. They observe, gather intelligence, surgically intervene, and detect and disseminate artifice. They try to stay ahead of everyone else. more

"Tell me all your secrets," said Barbie, in an unusually deep voice.

The new 'Hello Barbie' doll has come under scrutiny after security experts warned it could be exploited by hackers to spy on young children.

The doll is the 'world's first' interactive doll and has speech recognition and WiFi connectivity so that it can store what owners like and dislike, which manufacturer Mattel says will give everyone a 'unique experience' with the toy...

Bosses and designers behind the new Barbie have come out and defended the doll, saying that it is safe to use. more

Affairs of Spy Pairs... and more

  • Thousands Protest Arrest of 2 Turkish Journalists on Spying Charges more 
  • 2 Kenyans Arrested for Spying for Iran more 
  • AQIM Islamists say killed two men for spying for France more 
  • Two pensioners appear in court charged with spying on allotment holders in Stirling more 
...and not to be outdone...
  • More than 10 Japanese detained in China for spying since 2012 more 

Thursday, November 26, 2015

Vintage Spy Camera Auction in Hong Kong

An incredible archive of rare vintage spy cameras that would rival James Bond's own collection has emerged for sale for £400,000.
Among the rarities is one of only two existing examples of the Lucky Strike Spy Camera developed for the US Signal Corps between 1949 and 1950. The camera, made by the Mast Development Corp, was built to fit inside the outer wrapper from a packet of Lucky Strike cigarettes. Despite its size it was capable of taking 18 x 16mm still photographs with varying shutter speeds, but ultimately it was rejected. It is worth around £43,000. more

Microsoft Makes Windows 10 Automatic Spying Worse - Update

When Windows 10 was released, many people were up in arms over the operating system’s ability to constantly track how users were interacting with it and would send that information back to Microsoft.

With the first major update for Windows 10 that came out earlier this month, Microsoft has seemingly removed Diagnostics Tracking Service, also known as DiagTrack, which was responsible for the tracking. But it turns out the company has just renamed the service.  more

Those who don’t want Windows 10 to constantly send their data back to Microsoft, fear not. There’s a way to disable the service. Forbes has released instructions on how to do so:
  1. Hold down the Windows key and tap the R key
  2. In the box that opens type ‘services.msc’ and press the Enter key
  3. In the ‘Services (Local)’ section locate ‘Connected User Experiences and Telemetry’ and double-click it
  4. In the ‘Service status’ section click ‘Stop’
  5. Under the ‘Startup type’ drop down menu select ‘Disabled’ and then confirm this and close the window by clicking ‘OK’

Privacy Journal's "Compilation of State and Federal Privacy Laws" - Updated

The Compilation of State and Federal Privacy Laws book 
cites and describes more than 600 state and federal laws affecting the confidentiality of personal information and electronic surveillance.

The laws are listed by state, grouped in categories like medical, credit, financial, security breaches, tracking technologies, employment, government, school records, Social Security numbers, marketing, telephone privacy and many more. Canadian laws too.

The 2015 Supplement to Privacy Journal's "Compilation of State and Federal Privacy Laws" (2013) has just been published, adding 20 more laws enacted by states in the past 12 months.

Wednesday, November 25, 2015

How Browser Extensions Steal Logins & Browsing Habits; Conduct Corporate Espionage

via boingboing.com
Seemingly harmless browser extensions that generate emojis, enlarge thumbnails, help you debug Javascript errors and other common utilities routinely run secret background processes that collect and retransmit your login credentials, private URLs that grant access to sensitive files, corporate secrets, full PDFs and other personally identifying, potentially compromising data.

Many extensions conduct surveillance without any notification at all, but some do legal backflips to cover up their activities -- characterizing your installation of the extension as explicit permission to spy; pretending that URLs are by nature anonymous and so on. The data is aggregated and sold to unnamed third parties, reputedly for $0.04/user/month. Many of the spying extensions have more than a million users. One of the extensions identified as conducting secret spying advertises itself as a privacy-enhancing tool (!).

Detectify Labs have posted a technical explanation of how Chrome extensions conduct surveillance, and note near the end of their analysis that Firefox extensions are just as prone to spying. more

Microsoft Makes Windows 10 Automatic Spying Worse

Earlier this month Microsoft finally went on record admitting that automatic spying within Windows 10 cannot be stopped
This sparked a lot of outrage and with ‘Threshold 2’ it appeared Microsoft had done a sharp U-turn because the background service at the heart tracking (the ‘Diagnostics Tracking Service’ aka ‘DiagTrack’) appeared to have been removed. Critics celebrated and it was another well deserved pat on the back for Microsoft.

Except it turns out Microsoft had just been very sneaky. What Tweakhound discovered and was subsequently confirmed by BetaNews, is Microsoft simply renamed DiagTrack. It is now called the ‘Connected User Experiences and Telemetry Service’ – which is both a) deliberately vague, and b) misleading (don’t ‘Connected User Experiences’ sound great). more

Two Spies Out This Week

Ronald Pelton, former National Security Agency employee convicted of selling defense and communication secrets he gained during his career has been released from federal custody 30 years after his arrest. more
 
Jonathan J. Pollard was released on parole from federal prison on Friday after serving 30 years of a life sentence for violations of the Espionage Act. more

FutureWatch: No Lens Spycams Thinner than a Dime

How thin can a camera be? Very, say Rice University researchers who have developed patented prototypes of their technological breakthrough.

FlatCam, invented by the Rice labs of electrical and computer engineers Richard Baraniuk and Ashok Veeraraghavan, is little more than a thin sensor chip with a mask that replaces lenses in a traditional camera.



"We can make curved cameras, or wallpaper that's actually a camera," says Richard Baraniuk, professor of electrical and computer engineering at Rice University. "You can have a camera on your credit card or a camera in an ultrathin tablet computer."

Making it practical are the sophisticated computer algorithms that process what the sensor detects and converts the sensor measurements into images and videos. more

Saturday, November 21, 2015

Ads Go from Subliminal to Ultrasonic - "PSSST... Any devices nearby?"

Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person's online behavior across a range of devices, including phones, TVs, tablets, and computers.

The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

Cross-device tracking raises important privacy concerns, the Center for Democracy and Technology wrote in recently filed comments to the Federal Trade Commission. The FTC has scheduled a workshop on Monday to discuss the technology. Often, people use as many as five connected devices throughout a given day—a phone, computer, tablet, wearable health device, and an RFID-enabled access fob. Until now, there hasn't been an easy way to track activity on one and tie it to another.

"As a person goes about her business, her activity on each device generates different data streams about her preferences and behavior that are siloed in these devices and services that mediate them," CDT officials wrote. "Cross-device tracking allows marketers to combine these streams by linking them to the same individual, enhancing the granularity of what they know about that person." more

FBI Investigates Drone Crash Outside NJ Refinery

Industrial espionage, terrorists, or innocent hobbyist? You decide.

The FBI and local police are investigating after a drone fell out of the sky and crashed into a truck in New Jersey on Wednesday morning.

As CBS2’s Christine Sloan reported, of particular concern to authorities is that the incident happened on a road just outside a Phillips 66 refinery in Linden.

The driver of the truck apparently got out and had words with the operator of the drone, who took off, investigators said.
John Victor Jacobson, head of New Jersey-based Drone Service Systems, said he cannot think of a good reason to fly one of these air crafts in such a sensitive area. more

This location is also very close to Newark Airport, to the South of its runway flight path. 

The New Cowboy Spy

From the Ol' Timer...
"Howdy, partner. There is a new surveillance risk in town, and he be a-aimin' at you.


Worried about board meeting eavesdroppers; business espionage desperados, and bad egg buggists? Darn tootin' you are, and you've hired the local TSCM-slinger to keep you above snakes. Does a fine job of it, too. 


Oh, about Mr. New Surveillance Risk. He ain't no fancy foreign spy, crow-bait competitor, or even a chiseler employee. No sir, bub, he's the cow chip of the spy world; a tenderfoot with a mighty powerful weapon. A sneaky dude who'll leave you in court, emptyin' your wallet faster than greased lightning. Yes sir'ee, he's the Workplace Video Voyeur, and he ain't a-playing according to Hoyle."



Thanks for the warning, old timer. You're right as rain. I know. I've run into a couple of these hombres during my time on the trail. Let me tell you a story... 


My Fortune 50 client called me a few months ago. Seems, an employee found a spy camera hidden in one of their restrooms. The news media caught wind of it and jumped all over the story. It was an embarrassing mess. It may also be an expensive mess if the people caught by the camera decide to sue. 


We had been inspecting their boardroom, executive offices and off-site meeting locations for over two decades. This due diligence resulted in the capture of one spy, on-site (a competitor's employee), one wireless bug, and several general information security loopholes which they quickly patched up. 


Nobody expected a bathroom video voyeur, however. Yet this incident held promise of greater damage than any corporate espionage attack. In addition to being costly in dollars and damaging reputation-wise, a video voyeur attack directly affects employee morale. Its hard to put a price on that.


The company asked me for help. They needed to prevent future incidents. Made sense. After one incident, they could face "foreseeability," a legal term. In short, it is the theory that if something happens once you become aware it could happen again. If you do nothing to correct the situation, and it does happen again, you are considered negligent. Sexual harassment in the workplace also plays into future incidents. This makes for an expensive mix in court. 


In addition to protecting themselves, the company really wanted to assure their employees that they were taking the situation very seriously.

We discussed several possible solutions. 

Sending our Technical Surveillance Countermeasures (TSCM) team to inspect all their restrooms and locker rooms (worldwide) was impractical, of course. What we eventually decided upon was a three-fold strategy, which turned out to be very cost-effective.
  1. A review of their Recording in the Workplace Policy for completeness and effectiveness. This policy covers all aspects of recording anything to do with the company (audio, video and data). Most companies don't even have policy.

  2. Development of an on-line spycam detection training program for their local facilities managers and security staff. This would professionally prepare them to conduct simple periodic inspections of the 'expectation of privacy' areas on company property. An inspection log and photos would be kept on file. The log documents inspection dates and results. The photos document changes in the area over time. Both may be used to show due diligence in court.
 
  3. A short on-line spycam awareness video was produced for all employees to view. This was placed on the company intranet. It explained the growing social problem of video voyeurism, the steps the company is taking to prevent the problem in the workplace, and self-protection tips employees can use to protect themselves and their families, wherever they are.

This company-wide solution cost them about as much as a one-day sweep of their executive offices, and it will be used at all their locations, for years to come. 


Other companies have not been so lucky. Another New York City firm paid two employees one million dollars apiece in connection with their video voyeur incident.

Yup, ol' timer. The times are changing. Companies need to start watching their butts, when it comes to butt watchers.


~Kevin

Wednesday, November 18, 2015

A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps

A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps
Click to Enlarge
 Tested - 110 popular, free Android and iOS apps to look for apps that shared personal, behavioral, and location data with third parties

73% of Android apps shared personal information such as email address with third parties, and 47% of iOS apps shared geo-coordinates and other location data with third parties

93% of Android apps tested connected to a mysterious domain, safemovedm.com, likely due to a background process of the Android phone

A significant proportion of apps share data from user inputs such as personal information or search terms with third parties without Android or iOS requiring a notification to the user more

FCC Chairman Suggests Expanded Wiretap Laws

The nation’s top telecom regulator recommended broadening America’s wiretapping laws Tuesday, in response to the recent attacks in Paris by the Islamic State that left more than 120 people dead.

While the Federal Communications Commission cannot take direct action against the Islamic State, such as shutting down its Web sites or social media accounts, Congress could do “specific things” allowing the FCC to assist law enforcement more effectively, agency Chairman Tom Wheeler told a House subcommittee.

That includes revisiting the wiretap legislation, said Wheeler. The 1994 law, known as the Communications Assistance for Law Enforcement Act, or CALEA, provides for the “lawful intercept” of a suspect’s telephone and online communications. It requires telecom companies and Internet providers, not to mention some online voice services, to build their networks in ways that grant authorities easier access to those communications. more

A $50. Audio Video Bugging Device is Child's Play

Remote Spy Mode
The Video Walkie Talkies act as a hidden camera. Place one Walkie in a secret location, press the activation button on the other and you’ll instantly have a hidden, live-feed surveillance cam. If you leave your Video Walkies for 15 minutes unused they automatically turn off to save power. When your mission is complete, the Video Walkie Talkies easily fold up for compact storage and screen protection! Gear up with the Spy Gear Video Walkie Talkies!

No Data or Wi-Fi Required
The Video Walkie Talkies do not require Data or Wi-Fi to use! Just press the activation button and you can wirelessly communicate with your friends on video! With a range of up to 160 feet you’ll be in constant communication with your fellow agent.

Quick Set Up – Easy As 1-2-3
Only Spy Gear has the spy technology to let you stay in constant 2-way, visual and audio communication at long range! Open up your Video Walkie Talkies and turn the power on. You’ll instantly be able to see your friends on the LCD screen. Now press the TRANSMIT BUTTON for audio communication with the other Video Walkie. Want to go stealth? Plug headphones into both Video Walkies to listen in secret and communicate without pressing the TRANSMIT BUTTON. more

Monday, November 16, 2015

BlackBerry SecuSUITE - Voice Encryption for iOS, Android & BlackBerry

BlackBerry Limited and its subsidiary Secusmart has today announced the release of SecuSUITE for Enterprise, 
a new voice encryption solution that protects mobile calls on the Android, iOS and BlackBerry operating systems.

By using the VoIP, software-based, cloud-hosted solution, employees will be able to conduct secure conversations worldwide and be able to send encrypted text messages of any length.

Voice and text messages are encrypted with 128-bit Advanced Encryption Standard (AES) on the individual device level, meaning messages are stored on the receiver’s smartphone and only sent to the recipient when they are available to receive them. more

The Newest Anti-Espionage Agents... Monks & Nuns!?!?

China is training Buddhist monks and nuns in Tibet to carry out anti-espionage operations
along the remote Sino-Indian border to prevent attempts to create "conflict" by "ethnic separatists", in a veiled reference to the Dalai Lama and his supporters.

"Twenty-two monks and nuns from three temples in Nyingchi, a city in southeastern Tibet, close to the Sino-Indian border, received the three-hour lecture at Lamaling Temple on the counter-espionage law by local and national security officials," state-run news portal Tibet.Cn reported.

The lecture conducted in the Himalayan region along the border with India was about how to abide by the counter-espionage law and the legal consequences of violating the law, it said. more 

Sunday, November 15, 2015

Every James Bond Gadget. Ever.

The $8 USB Memory Stick Lock

3 Digit Combination USB Flash Drive Security Lock.
A physical lock for your USB Flash Drive.

Set your own 3 digits code to prevent your flash drive from being inserted into another computer.

Of course, it won't stop everyone, but it may thwart general snoops.  more

Saturday, November 14, 2015

Visit Switzerland in June - Information Security and Cryptography Seminar

INFORMATION SECURITY AND CRYPTOGRAPHY, FUNDAMENTALS AND APPLICATIONS (June 13-15, 2016)

Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography. The seminar takes place in Zurich, Switzerland. The lectures and all course material are in English.

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects.

A full description of the seminar, including a detailed listing of topics covered, is available at www.infsec.ch

Friday, November 13, 2015

How to Stop Your Vizio TV form Spying On You

from vizio.com
Beginning October 31, 2015, VIZIO will use Viewing Data together with your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements.
These advertisements may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV...

Smart Interactivity is a feature on Internet-connected VIZIO televisions that recognizes onscreen content. Currently, we only use this feature to gather data on a non-personal or anonymous basis, as described below...

...your VIZIO Smart TV can intelligently recognize linear television and other content shown on the screen and in the future may display accompanying interactive features such as bonus features related to the content you are viewing, the ability to vote in polls, or advertisements that match your interests...

Smart Interactivity collects information from your product which triggers events, such as pop-ups, about what you are viewing. Follow the steps below on how to turn on or off Smart Interactivity based on the version of VIZIO Internet Apps (VIA) installed on your television.

Thursday, November 12, 2015

Security Director Alert - Don't Be a Business Espionage Target While Traveling

via http://seriouslyvc.com
The following list represents the most important procedures you and your colleagues should follow on your next trip abroad:
  1. Avoid disclosing your travel details to strangers.
  2. Never put electronics in your checked luggage.
  3. Consider traveling with a disposable cellphone (they are less susceptible to eavesdropping).
  4. Use a separate “throw-away” email to communicate with your family and 
coworkers (this prevents hackers from penetrating your company’s email 
system even after you have completed your trip).
  5. Consider installing an asymmetric email encryption program such as “Pretty Good Privacy” (PGP) on your computer, which allows you to encrypt and decrypt your email over the Internet.
  6. Put sensitive business documents on password-protected USB drives (such 
as “Iron Key” or “BitLocker”).
  7. Never use complimentary WiFi when traveling, unless absolutely necessary, and always use a trusted VPN.
  8. Never leave your sensitive business materials and/or electronics unattended 
in your hotel room — and your hotel safe is not safe! Carry all electronics with you at all times (hence, the need for smaller devices).
  9. If you spend time in the hotel bar, be cautious of what you say and to whom, 
because they are prime hunting grounds for espionage operatives.
  10. Be mindful of sexual entrapment (the Russians are still the masters of “honeypots” and have blackmailed many a business traveler into disclosing sensitive information in exchange for keeping their affairs secret).
  11. Use a strong passphrase (instead of password) containing up to 14-18 characters (and change it every 180 days or after every international trip).
  12. Make it a habit to power-off your devices when they are not in use. more

Book - How to Be a Spy - WWII Training Manual

In the early years of World War II, Special Operations Executive (SOE) set up top secret training schools to instruct prospective agents in the art of being a spy.

By the end of 1941, an international network of schools was in operation in secluded locations ranging from the Scottish Highlands to Singapore and Canada.

How to Be a Spy reproduces the extensive training manuals used to prepare agents for their highly dangerous missions behind enemy lines. The courses cover a variety of clandestine skills including disguise, surveillance, burglary, interrogation, close combat, and assassination - everything needed to wreak havoc in occupied Europe.

Contest - Tell Us Everything You Know About this Wiretapping Device

I am guessing anyone who as ever used this is now pushing up punchdown blocks.
But, there is a nice prize for the person who can tell us about this device...
   • the manufacturer,
   • who used this device,
   • approximate year of manufacturer.
BONUS PRIZE if you send me the manual.
Information you submit will be shared below.
Enter HERE.

Winner: RH - Regarding your mystery wiretapping device, it is a Western Electric model 300ABC telephone line recording unit. Western Electric was the manufacturing company of AT&T up until the mid-90s, and furnished a lot of kit for the military. Based on the design and housing of this unit, it was likely manufactured some time between 1939 and 1946. While this could be used for wiretapping, these devices were common in military command posts were it would be used to record phone conversations between officers, and the recording would subsequently be transcribed and filed.

(Additional insights welcome.)

Slurpee Sound Cups - Now Imagine a Cup Made with Wiretaps

By now, you probably know all about 7 Eleven's Bring Your Own Cup Day, the minimart's annual event during which anyone can bring practically any sort of container into the store and fill it up with Slurpee, all for the same low price.
Well, earlier this fall during BYO Cup Day in Australia, 7 Eleven, along with its agency Leo Burnett Melbourne, took the cup idea up a notch by allowing consumers to fill up radio ads with Slurpee.

Come again? Yes, radio ads became drink containers in the inventive campaign "Slurpee Sound Cup" campaign. 7 Eleven took the sound waves of three radio spots, themed around Viking opera, Brazilian soccer fans and randy whales, and transformed them into a series of distinctive 3D-printed vessels that were given away to Slurpee fans for the big day. Consumers could also download the 3D files and make the cups themselves. video

Big Taps in The Big House

Thousands of confidential phone conversations between inmates and their lawyers have been recorded 
by a leading prison phone company that also serves New York City jails — a major data breach exposed by a hacker, according to a report.

The anonymous hacker believes the company, Securus Technologies, is violating prisoners’ constitutional rights by recording privileged conversations, The Intercept reported Wednesday.

Of 70 million phone-call records obtained by The Intercept, 14,000 were for legally protected calls made to prisoners’ attorneys, The Intercept said. more

Wednesday, November 11, 2015

Uninstall InstaAgent From Your Phone Now

By
If you’re one of the thousands of people with an app named Who Viewed Your Profile – InstaAgent installed on your smartphone, stop using it and delete it right now.

Why? Because it’s stealing your password, transferring it to a server, and then posting images on your Instagram account suggesting others should also download the app.

The app is a third-party Instagram client that promised to tell you who visited your Instagram account, something it could only do once you’d handed over your username and password. This function was never carried out, and the app’s sole intention was to steal Instagram logins. more

Wednesday, November 4, 2015

Dial 12339 To Report a Spy in China (Let the SWATing Begin)

China has set up a new national hot line for reporting “spies” as authorities grow increasingly sensitive over national security issues. 

The new service was set up by officials in the north-eastern province of Jilin, the local New Cultural Newspaper said Sunday, with reports saying those who suspect “espionage activity” can call 12339.


“The hot line targets foreign organizations and individuals who conduct espionage activities or who instigate and sponsor others in conducting them,” the fiercely nationalist Global Times newspaper said.

A list of "guidelines" to help people identify spies appeared on Chinese social media soon after the hot line was announced, however it was unclear where it originated.

Potential spies included “those with vague job tiles and a lot of money” and “those who bring up controversial topics at parties and then only observe the discussion”, said the guidelines, which had been shared widely on Chinese messaging app Wechat. more

"If You're Not Paranoid, You're Crazy"

An excellent, thought provoking article on how others are predicting our next moves...

(excerpt from Walter Kirn's article in The Atlantic.) "I was already growing certain that we, the sensible majority, owe plenty of so-called crackpots a few apologies. We dismissed them, shrugging off as delusions or urban legends various warnings and anecdotes that now stand revealed, in all too many instances, as either solid inside tips or spooky marvels of intuition.

The Mormon elder who told me when I was a teenager back in 1975 that people soon would have to carry “chips” around or “be banished from the marketplace.”

The ex–Army ranger in the 1980s who said an “eye in the sky” could read my license plate.

The girlfriend in 1993 who forbade me to rent a dirty video on the grounds that “they keep lists of everything.”

The Hollywood actor in 2011 who declined to join me on his sundeck because he’d put on weight and a security expert had advised him that the paparazzi were flying drones.

The tattooed grad student who, about a year before Edward Snowden gave the world the lowdown on code-named snooping programs such as PRISM and XKeyscore, told me about a childhood friend of his who worked in military intelligence and refused to go to wild parties unless the guests agreed to leave their phones locked outside in a car trunk or a cooler, preferably with the battery removed, and who also confessed to snooping on a girlfriend through the camera in her laptop.

The night I vowed never again to mock such people, in January 2014, I was standing knee-deep in a field of crusty snow at the edge of a National Guard base near Saratoga Springs, Utah, a fresh-from-the-factory all-American settlement, densely flagpoled and lavishly front-porched, just south of Salt Lake City. Above its rooftops the moon was a pale sliver, and filling the sky were the sort of ragged clouds in which one might discern the face of Jesus. I had on a dark jacket, a dark wool cap, and a black nylon mask to keep my cheeks from freezing.

The key would be surviving those first days after the ATMs stopped working and the grocery stores were looted bare.

I’d gone there for purposes of counterespionage..." more

Smart Sheriff Chased Out of Town

Remember our Smart Sheriff post from May? 
South Korea created this spyware for cell phones. 
I'll wait while you check it out.

UPDATE: South Korea pulls plug on child monitoring app
The most widely used child surveillance app in South Korea is being quietly pulled from the market after security specialists raised serious concerns about the program’s safety...

Smart Sheriff’s disappearance is awkward news for South Korea’s effort to keep closer tabs on the online lives of its youngest citizens.


A law passed in April requires all new smartphones sold to those 18 and under to be equipped with software that parents can use to snoop on their kids’ social media activity. Smart Sheriff, the most popular of more than a dozen state-approved apps, was meant to keep children safe from pornography, bullying, and other threats, but experts say its abysmal security left the door wide open to hackers and put the personal information of some 380,000 users at risk. more

Friday, October 30, 2015

Security Director Alert - 80% Chance Your Card Key System Can Be Bypassed

A device the size of a quarter that can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments.

The device, dubbed BLEKey, is used to read cleartext data sent from card readers to door controllers to either clone cards or feed that data to a mobile application that can be used to unlock doors at any number of installations.

The hack unveiled at Black Hat is worrisome for facilities reliant on proximity cards and readers for access to buildings in critical industries or enterprises. Researchers Eric Evenchick, an embedded systems architect at electric car manufacturer Faraday Future, and Mark Baseggio, a managing principal consultant at Optiv (formerly Accuvant), used the ubiquitous HID cards and readers in a number of successful demos during their talk, but said that it’s likely the same weaknesses that facilitate their attacks are present in devices from other manufacturers. more video

Really Scary: 29:35 minutes into the video they explain how to make a card-key interceptor, stick it into a back pack, go to the target workplace, get in an elevator with employees (or just close to one of them), secretly read everyone's cards, and make a clone card.
Happy Halloween ~Kevin

The Disorderly Orderly, or Spycam Peek-A-Boo in the ICU

India - Police have arrested a 30-year-old male orderly of Rajiv Gandhi Cancer Institute and Research Centre

on charges of filming women after allegedly putting up spy camera in changing room for nurses.

A nurse spotted the spy camera in the changing room inside the intensive care unit (ICU) on the third floor and alerted a security guard, said sources.

Police have reportedly recovered two obscene video clips from his spy camera, which was installed for around 12 hours, said sources. Police will now try to retrieve deleted data, added the sources. more

Police vs Spy Blimp in PA - Shotguns Preveil

PA - State police used shotguns Thursday to deflate a wayward military surveillance blimp that broke loose in Maryland and floated for hours before coming down into trees in the Pennsylvania countryside.

Curious residents trickled into a staging area as the military began gathering up some 6,000 feet of tether, the blimp’s huge hull and a smaller tail piece, a process expected to take at least through Friday.

The white behemoth still had helium in its nose when it went down in a steep ravine on Wednesday afternoon, and the easiest way to drain the gas was to shoot it, U.S. Army Captain Matthew Villa said. State police troopers peppered the blimp with about 100 shots. more How it all started.

The Ultimate Spy vs Spy

via Mark Frauenfelder, Boing Boing
It was a wordless one-page comic about two oddly pointy faced spies, one dressed in black and the other dressed in white. Other than their different colored outfits, they behaved identically. They hated each other and created elaborate Rube Goldberg type machines to try to kill each other. Sometimes their machines worked, often, they’d backfire. They were tricky but usually too clever for their own good.


This anthology colorizes 150 “Spy vs Spy” comics drawn by Antonio Prohías from 1961 until his death in 1987. The book also includes a collection of “Spy vs Spy” comics by the talented cartoonist Peter Kuper, who took over the strip when Prohías died. The anthology features a section of wonderful “Spy vs Spy” tribute drawings by noted cartoonists such as Peter Bagge, Bob Staake, Darwyn Cooke, Gilbert and Jaime Hernandez, and Bill Sienkiewicz. There’s also a biography of the Cuban-born Prohíasm and a new 4-page color strip by MAD luminary Sergio Aragones about his friendship with Prohías. With all the new material here, this book is a must for anyone who loves “Spy vs Spy.”

Spy Vs Spy: An Explosive Celebration
by Antonio Prohías and Peter Kuper
Liberty Street, 2015, 224 pages, 8.8 x 0.8 x 11.2 inches
$16.46 at Amazon

Thursday, October 29, 2015

Spycam Ejection

Australia - A Brisbane landlord has been slammed for installing CCTV cameras inside his rental property and spying on his tenants, who he evicted once they complained.

Renters Ben and Lila - who withheld their surnames - told Channel Nine's A Current Affair they noticed they were being recorded on the first day they moved into their new apartment.

The security camera was set up in the lounge room, switched on and recording.

According to the program, the furious flatmates immediate flicked the switch on the camera, before they were contacted by the landlord who said they had to turn it back on.  more video