Saturday, December 31, 2016

Security Director Alert - Russian Cyber Activity, GRIZZLY STEPPE

The Department of Homeland Security (DHS) has released a Joint Analysis Report (JAR) that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. 

This activity by Russian civilian and military intelligence services (RIS) is part of an ongoing campaign of cyber-enabled operations directed at the U.S. Government and private sector entities.

DHS recommends that network administrators review the Security Publication for more information and implement the recommendations provided.

Thursday, December 29, 2016

Home Invasion? Domestic Violence? Shout "Alexa" (before "help") for Documentation

Can amazon echo be used against you in a court of law? Have you ever wondered if “Alexa” is really spying on you?

Homicide investigators in Arkansas want Amazon to hand over a potential suspect’s “echo” transcripts. Brad Young of Harris-Dowell and Fisher Law Firm says Amazon has so far refused two requests.

“Amazon’s position is, is that the echo only records 60 seconds of information and then writes over if for the next 60 seconds,” Young says. “So, their position is that it would only have 60 seconds of information.”

However, when you ask your Echo a question, it is saved by Amazon as well as by Apple when you query Siri. Young says his legal personal opinion is that there is an expectation of privacy for things that are said – not queried.

“….when you ask Echo ‘Find what’s the best way to dispose of a dead body’ if that were the question, that information is saved,” Young says. “That information is available if it is a query posed to a device.”

Companies say it’s encrypted and no one can access it. Young says this has become a completely new “legal territory.” more additional info

Seriously, Alexa could become an omnipresent digital ear-witness. ~Kevin  

Secretary Arrested for Eavesdropping — Now Her Boss Suddenly Leaves

NY - Several town councilors confirm Supervisor Manny Falcone announced a sudden leave of absence at a meeting Wednesday evening...

Councilors say Falcone oversaw the duties performed by his former secretary Ellen Colelli. Colelli was arrested weeks ago, accused of eavesdropping. The felony charge brought by State Police accuses Colelli of listening to town employees by using video surveillance equipment that was installed inside the Geddes town office building...  Falcone has not been charged with a crime. more

Flying Tom's Last Peep

UAE - A 28-year-old man died after falling from a high rise building in Sharjah, in the United Arab Emirates, 
while spying on ladies living in the opposite building. The witness told police that the deceased fell due to imbalance while standing and looking into the rooms of the ladies.

Sharjah Police said that they received a call about the incident at the operation room and soon arrived at the site. The man was found dead in a pool of blood. He was rushed to Al Kuwaiti Hospital and then to forensic laboratory. more

Warsaw Waiter Wiretapping

Poland – A Polish court has sentenced a businessman and two waiters convicted in the illegal wiretapping of top Polish politicians in Warsaw restaurants to prison terms.

The court set a prison sentence of 2½ years to Marek Falenta, the businessman convicted of masterminding the wiretapping, and lesser sentences to two waiters involved. A third waiter must pay a fine.

The release of those tapes sparked a political scandal in 2014 that contributed to the loss of power last year of Civic Platform, the centrist party that governed Poland for eight years. more

Extra credit: Service Included: Four-Star Secrets of an Eavesdropping Waiter

Mobile Security: The InfoWorld Deep Dive

As iPhones, iPads, and Android devices become increasingly standard business equipment, IT organizations struggle on how to manage and secure them, and the data that runs through them.

Click to enlarge.
This guide, available in both PDF and ePub editions, explains the security capabilities inherent to each major mobile platform and where using third-party tools make sense -- and where they don't.

It also walks you through the factors to consider in terms of risk for your corporate data, and outlines a rational way to protect that data without getting tied up in knots.  more

Click to enlarge.

Wednesday, December 21, 2016

Android Phones (700 Million) Have Spying Firmware Pre-installed

The term “mobile phone security” is something of a joke these days, with the number of exploits, bugs, and breaches that are endlessly assaulting us and putting our personal information at risk. So, when security outfit Kryptowire sounded the alarm on Chinese company Adups for using its pre-installed apps to spy on Android users with Blu smartphones, it wasn’t exactly a shock.

Now, however, the impact of Adups alleged spying is growing in magnitude, and it’s dragging other Android device manufacturers into the quagmire.

Adups is a company that facilitates over-the-air updates for mobile devices, so its firmware is pre-installed on lots of devices. However, the firmware does much more than it claims, and has the ability to snoop in areas that it shouldn’t, and without the user ever knowing. That information can then be collected by Adups for whatever purposes it desires.

Trustlook, another digital security firm, dug deeper on what devices utilize Adups and could be used by the Chinese company to scrape your private information, and the list is absolutely massive. Trustlook says that over 700 million Android smartphones have Adups firmware installed that puts the user at risk of having text messages, call histories, and device information collected without their knowledge or consent. more

Recorder Found Hidden in the End of a Flashlight

via John Van de Luijtgaarden

"I was just asked to confirm a finding... Got a message with a bad picture of a round black "thingie" inside the end part of a Mag-Lite.

I immediately recognized this one as the EDIC type 16 recorder (B30 model). It is now to wait for the exact type and how much it has been recording. It's memory capacity can run up to a 300 hours sadly the battery cannot.

A great hiding place for a naughty tool in a strategic place !! The Security main office / control room... Keeping you informed"

Last Minute Holiday Gifts for Your Favorite PI

Ho, ho, ho.

more more button video

Monday, December 19, 2016

Reality Spyware Documentary - Find My Phone

What happens to a smartphone after it's stolen? That was the question that a film student in Amsterdam had in mind when he produced a short documentary about a smartphone thief and their stolen goods. On the surface, it might not sound like the most avant-garde idea out there. But here's what made it interesting: the student procured material for his documentary by spying on the thief using a bugged smartphone.

The student, a certain Anthony van der Meer, intentionally had a phone of his stolen – one that he loaded with software called "Cerberus."

As The Next Web reported, the software gave him access to the device location, its features, and its contents – all of which he could retrieve when he wanted. The software also allowed him to make use of the phone's camera and microphone so he could spy on the thief.

For 2 weeks, that's exactly what der Meer did. He spied on the thief, tracking his moves, which resulted in the documentary posted above called Find My Phone – almost the namesake of the Apple app "Find My iPhone" used to find one's phone or disable it after being stolen. more

Excellent work, Anthony! ~Kevin

Vintage "Spy" Ads


Spying Feeds the Monkeys real life

Do Not Feed The Monkeys: Voyeuristic Spying Game Launches In 2017

from the press release...
“We all have a natural tendency to wonder about other people’s lives. Sometimes the best stories are kept secret … all in the name of privacy. It begs the question: Why miss out on life’s best experiences because they’re not your own? We’re trying our hand at an answer with Do Not Feed the Monkeys. Hope you enjoy the ride!” more

There's a New Law in Town - Wiretapper Bounty Hunter

The Seventh Circuit revived wiretap claims against a woman who used an email-autoforwarding program to show that the husband she was divorcing had cheated on her.

In a concurring opinion, U.S. Circuit Judge Richard Posner questioned the usefulness of allowing litigants to use the wiretapping law as a means of concealing misconduct.

“I don’t understand why law should promote dishonesty and deception by protecting an undeserved, a rightly tarnished, reputation,” Posner wrote.

Posner also found it relevant that adultery is illegal in Illinois, where the Epsteins are divorcing.

We might compare Mrs. Epstein to a bounty hunter — a private person who promotes a governmental interest,” he wrote. “She has uncovered criminal conduct hurtful to herself, and deserves compensation, such as a more generous settlement in her divorce proceeding.” more

Security Scrapbook Tip # 519 - Avast Ye Porch Pirates

Shipping companies like FedEx and UPS expect to deliver a record number of packages this holiday season...
Law enforcement officials are concerned that a record number of thieves could be following the trucks and attempting to steal the packages from porches before customers get home...

Hoping to stop "porch pirates" from taking packages, Seattle entrepreneur Michael Grabham invented a Frisbee-sized device called The Package Guard.
When delivery drivers place parcels on top of the $69 device, customers receive an alert via text message, email, or through an app. If a thief tries to remove the packages from the pressure-sensitive pad, a piercing alarm sounds.

The device can also be set up to send electronic alerts to neighbors if a theft is underway, according to the company’s website. more

Thursday, December 8, 2016

TSCM Team Finds "Plug Bug" Eavesdropping Device

Japan - An eavesdropping device was found in a waiting room for conservative members of the Mito Municipal Assembly, local city government officials and other sources told the Mainichi Shimbun on Dec. 7.

Example of a "Plug Bug"
Ibaraki Prefectural Police seized the device and are investigating the case which they suspect could constitute trespassing into the building and violation of the Radio Act.

According to Mito Government officials, it was tipped off about the bug on Dec. 6.

Specialized workers hired by the local government began searching for the device from the evening of Dec. 7 and found it in a waiting room for three assembly members from "Suiseikai" -- a conservative parliamentary group -- on the first floor of the temporary two-story prefabricated assembly building. The bug plugs into an electric outlet. more

The example shown operates like a cell phone, but looks (and also operates) as a USB charger. It is powered 24/7, and may be called from a cell phone anywhere in the world. BTW, it can  also automatically call the eavesdropper when it detects sound. Available on eBay for $14.79. 

Don't you think its time to have your offices and conference rooms checked? ~Kevin

Business Espionage: ThyssenKrupp AG Technical Trade Secrets Stolen

Germany - Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday.

"ThyssenKrupp has become the target of a massive cyber attack," the industrial conglomerate said in a statement.

In breaches discovered by the company's internal security team in April and traced back to February, hackers stole project data from ThyssenKrupp's plant engineering division and from other areas yet to be determined, the company said. more

Most "cyber" attacks are made possible by internal security vulnerabilities. Regular information security audits conducted by independent consultants greatly reduce this risk. ~Kevin

Chatty Kathy's Grandkids May be Criminals

Internet-connected toys pose privacy risks to children, and their parents often aren’t aware, according to advocacy groups for children and consumers.

A complaint filed Tuesday with the Federal Trade Commission alleges that two talking dolls—My Friend Cayla and I-Que Intelligent Robot, both made by Genesis Toys Inc.—collect and use personal information from children in violation of rules prohibiting unfair and deceptive practices.

The complaint was drafted by several groups, including the Campaign for a Commercial Free Childhood, a coalition of groups dedicated to ending child-targeted marketing, and Consumers Union. The groups also filed complaints with data protection, consumer protection and product safety regulators for the European Union, France, the Netherlands, Belgium, Ireland and Norway. more grandma

Monday, December 5, 2016

Pharmacy Bandits Nailed by GPS Cough Syrup

CA - The suspects had no idea that the bottle of cough syrup perched on a shelf at a Tustin pharmacy contained something more than cough relief. 

It wasn’t until the nondescript package was removed from the small Newport Avenue business by burglars that its secret ingredients went to work.

Concealed inside the bottle of cough syrup was a GPS device that began tracking the medicine thieves’ every move, according to police investigators...

Tustin police spokesman Lt. Robert Wright said investigators decided to drop the small piece of technology into a bottle of cough syrup after a half-dozen pharmacy burglaries this year. more

Friday, December 2, 2016

14 Year Old Kid Violates Wiretap Law ...again

PA - Police say a western Pennsylvania teen who recorded his principal making threatening comments toward him has a history of secretly recording school officials.

Chief Allen Park tells The Pittsburgh Tribune-Review that Churchill police charged the 14-year-old Woodland Hills High School student with violating Pennsylvania's wiretap law earlier this year.

Park says the boy recorded a September meeting called to settle a dispute with another student without permission and then posted the audio on Facebook.

The teen now finds himself at the center of the controversy surrounding Principal Kevin Murray, who was placed on leave Wednesday after the boy produced a recording where Murray can be heard saying he would punch him in the face. more

Pennsylvania is a 2-party consent sate, meaning all parties to a recorded conversation must agree to the recording. 

And no, the principal is not me. I live in New Jersey... where the last words recorded might be, "Take him for a ride." ~Kevin

UPDATE - One of our sharp readers from Pennsylvania points out that the kid may not have broken the law after all. An exemption was amended to the state law in 2012...

§ 5704. Exceptions to prohibition of interception and disclosure of communications.

(17) Any victim, witness or private detective licensed under the act of August 21, 1953 (P.L.1273, No.361), known as The Private Detective Act of 1953, to intercept the contents of any wire, electronic or oral communication, if that person is under a reasonable suspicion that the intercepted party is committing, about to commit or has committed a crime of violence and there is reason to believe that evidence of the crime of violence may be obtained from the interception.

DHS Whimps Out on IoT Protections

On November 15, the US Department of Homeland Security (DHS)

issued guidance to help stakeholders account for security in the development, manufacturing, implementation, and use of IoT devices.

The set of nonbinding principles and suggested best practices for IoT device security includes the following... more

Come on, DHS. Talk to Congress about regulations. ~Kevin

Spycam News: Security Check Nabs 'Moonlighting' Spy

TX - An employee of the National Security Agency in San Antonio is facing prison time for taking his agency's spying mission a little too far...

James Johannes pleaded guilty in Federal Court in San Antonio on Thursday to sneaking around outside the homes of his neighbors, and using his smart phone to take videos of little girls who were undressing, peeking through their windows and open doors.

Johannes was nabbed in a rather unconventional way. He was attending a meeting at Fort Sam Houston, and as he left, military police asked to check his cell phone. It is standard procedure to check the cell phones of people in secure areas to make sure there is no classified material on them.

The guards found videos of an underage girl getting undressed and stepping into the shower.

Other similar images were found on Johannes' cell phone, and one of the girls recognized him...because he was a youth leader at their church. more

UK Politicians Exempt Themselves from Extreme Spying Laws

UK - Politicians have exempted themselves from Britain's new wide-ranging spying laws.

The Investigatory Powers Act, which has just passed into law, brings some of the most extreme and invasive surveillance powers ever given to spies in a democratic state. But protections against those spying powers have been given to MPs. more

Thursday, December 1, 2016

The Martini Olive Bug, or who was Hal Lipset?

He was a private investigator in San Francisco, and chief investigator for Sam Dash on the Senate Watergate Committee...

Francis Ford Coppola considered the implications of the professional eavesdropper when he made The Conversation... It should come as no surprise that Hal Lipset was hired as technical consultant for the picture.

Lipset spoke in Congress using the famous "bug in the martini olive" and other secret surveillance devices that he and his staff pioneered...

In 1964, Time Magazine wrote, "Hal Lipset, a seasoned San Francisco private eye, maintains a laboratory behind a false warehouse from where his eavesdropping ‘genius,' Ralph Bertsche, works out new gimmicks such as a high-powered bug that fits into a pack of filter-tip cigarettes..."

His first chance to go public on the national scene occurred the previous year when he was invited to testify before the Senate Constitutional Rights Subcommittee... "First I thought I’d dazzle them with an array of miniature devices they had never seen before; then I would surprise them by playing back my own testimony from a recorder I had hidden before the hearing."

The great idea worked too well. Lipset’s appearance was seen as a clever but ominous sign of   snooping running amok.
... the next time he was invited to Washington to speak before a Senate subcommittee - this one in 1965 to hear testimony specifically on eavesdropping - he renewed his efforts...

"We came up with the "bug in the martini olive" idea, it didn’t seem all that unusual. The martini glass was simply another example of how ingenious these devices could be."

The glass held a facsimile of an olive, which could hold a tiny transmitter, the pimento inside the olive, in which we could embed the microphone, and a toothpick, which could house a copper wire as an antenna. No gin was used - that could cause a short.

It was the bug in the martini olive that made Lipset "the real star of the day," as UPI reported. Hardly an ominous indication of private snoopers taking over the world, this little olive with its toothpick antenna became a "playful" and charming toy.
This is the very condensed version of his story. The full story is here,  as excerpted from his biography, "The Bug in the Martini Olive," by Patricia Holt, Little Brown, 1991 ~Kevin

Wednesday, November 30, 2016

Angry Birdmen of Malta v Scientists in Eavesdropping Spat

Malta - The FKNK Federation for Hunting and Conservation – Malta, said on Friday said that BirdLife Malta was...

“possibly desperately resorting to illegal and corrupt methods to abolish the traditional socio-cultural practice of live-finch capturing from the Maltese islands,” claiming that BirdLife had been using electronic devices to eavesdrop on private mobile phone conversations.

Possibly, a false GSM base station known as ‘IMSI catcher’ or similar was used to intercept the trappers’ mobile traffic in the immediate area,” the hunting federation said.

But MaltaToday has learnt that the would-be “eavesdropping equipment” are actually antennae set up for 15 to 20 minutes in different locations to establish accurate GPS positioning data as part of a research study on coastal land-sliding being carried out by an Italian team of experts on behalf of the University of Malta and with the full cooperation of local authorities. more

Telephone Eavesdropper Learns The Beatles Were Right

UK - A multi-millionaire property developer strangled a burlesque dancer after bugging her home
and learning that she was planning to “fleece him”, a court heard yesterday.

Peter Morgan, 54, had been paying Georgina Symonds, a 25-year-old single mother, up to £10,000 a month to stop seeing other men after meeting her while she was working as an escort.

He decided to murder her after listening in to a telephone conversation in which she told a male friend that she was planning to leave Mr Morgan, a jury was told. more sing-a-long

Personal Security: Your Internet Vanishing Act May Begin Here

Just FYI...
I have not tested this. Use at your own risk.

Remember... If it's "free" you're not the consumer, you're the product.
via Dan Misener, for CBC New
With all the fake news, toxic speech, and online scams out there, you might be feeling like now is a good time to scale back your online footprint. 

There's a new tool that promises to help you do just that — by essentially deleting yourself from the internet.

It's called, and it does one thing and one thing only — it displays a list of all the online services you've ever signed up for.

So if you had a MySpace account in the early 2000s, it'll probably show up in Deseat. If you created an avatar in Second Life, it's likely to show up as well. And of course, so will things like your Facebook or Twitter accounts...

To use, you first log in using a Google account. Then, once it knows your email address, it can find any accounts that have been linked in any way to that Google account.

Now, it will ask for some things which may sound creepy — it will not only ask to view your email address, but also to view your email messages and settings. Based on my experience, scans through your email archives to find sign-up confirmation messages from various services. more

Tuesday, November 29, 2016

Business Espionage: The Darknet - Where Industrial Trade Secrets are Sold

Ludwig Sandell, Dignato AS general manager, expressed his concern over how the darknet is a place where sensitive industrial trade secrets can be exchanged without repercussions.

To be more precise, he feels there are multiple local companies affected by espionage, which could significantly hurt their business if these details fall into the wrong hands...

...industrial trade secrets of a Norwegian wind power project run by Statoil are up for grabs on the darknet as we speak. The data itself was found on a memory stick – which was either lost or stolen – and includes vital measurement information. For the company itself, having that information leak to the public could spell the end of their business rather quickly. more

Are your company secrets for sale on the darknet?
Hire a service to find out. ~Kevin

Japanese Singer Calls Police to Report Spycam... gets arrested.

Fallen Japanese pop star Aska has been arrested on drugs charges after calling police to tell them he was being spied on at home by a hidden camera, police and reports said Tuesday.

The singer -- one half of folk rockers Chage and Aska -- was slurring on the call when he insisted he was being watched, Jiji Press and other media said.

Police who visited his Tokyo home on Monday arrested the 58-year-old on suspicion of using stimulants and MDMA, a force spokesman told AFP. more

Brooklyn Prosecutor Allegedly Wiretapped Cop Love Interest's Cell Phone

NY - A Brooklyn assistant district attorney was arrested this week for allegedly wiretapping two cell phones so she could hear conversations between a cop love interest and another woman.

According to a criminal complaint, Tara Lenich, 41, forged judges' signatures to authorize the wiretapping of the aforementioned unidentified cop's cell phone, as well as a phone belonging to an unidentified woman. Lenich, who was in charge of the Violent Criminal Enterprises Bureau at the DA's office, may have been romantically attached to the cop, and tabloid reports speculate the wiretapped woman was his new love interest.

The complaint says Lenich forged warrants related to the wiretapping at least 20 times, using different judges' names, between August 20, 2015 and November 25, 2016. Lenich allegedly called the wiretapping a "secret outside investigation" when discussing it with colleagues. more

Monday, November 28, 2016

Spybuster Tip #715: How to Prevent Hacker Wi-Fi Attacks

If your Wi-Fi name (SSID) is on this list, you're at risk. 
If you ever used a Wi-Fi whose name (SSID) is on this list, you're at risk.

The list consists of approximately the 5000 most common SSIDs.

If a hacker uses this list to broadcast SSIDs, your laptop or phone may automatically connect to them. At that point, they see everything you do; user names, passwords, etc.

In a nutshell, program your device so that it does not automatically connect to a Wi-Fi SSID to which it has previously connected. Purge your previous connections list just to be sure.

Basic Spy Tradecraft: "Beware of pretty faces that you find..."

A German spy's romantic time in Latvia has ended up in a Munich court. The love-struck agent has lost his job, and a court case. 

A German spy fell in love with a Latvian woman in Riga and lost his job for violating policy. He has lost a legal battle against the BND intelligence agency.

The unnamed spy dated a Latvian woman while station chief in Riga, despite being instructed against having romantic relations with locals. Instead of informing the BND, he asked Latvia's intelligence agency to run a background check on his girlfriend, who came up clean.

Only after the Latvian woman had moved in with him did the station chief inform his superiors. That landed him in hot water, leading the BND to recall the spy and find him unfit for duty.

The man then sought compensation from the BND for lost earnings and other losses to the tune of 400,000 euros ($421,920). more sing-a-long

Spycam News: Multi-Millionaire Landlord Pleads Guilty to Secretly Filming his Tenants

Australia - A multi-millionaire Sydney landlord will face sentencing next month after pleading guilty to charges relating to secretly filming his tenants without consent to obtain sexual arousal.

Masaaki Imaeda, 66, installed hidden cameras into his rental properties so he could spy on tenants having sex or undressing...

After finding a warning about Imaeda and his spy cameras on a Japanese website, a husband and wife who rented a bedroom from him found a camera in their bedroom light fitting.

The young couple called police, who found multiple other hidden cameras inside the house...

He faces up to two years in prison. more

UK - A Starbucks customer in London was left “shocked and disgusted”* after finding a hidden camera above a toilet in a branch of the coffee shop. 

Ricci Arcari, 33, was at the Starbucks in Vauxhall when he spotted the device hidden in an air vent directly above the unisex toilet.

He told The Independent: “I go in [to the store] regularly. I ordered my drink and while I was waiting I popped in to use the toilet.

“I was standing using the toilet when I noticed a little glint Iike the way glass reflects.

“I stood on top of the toilet seat to get a better look and realised it was a webcam or some other kind of recording device.”

Mr Arcari, who used to work for Starbucks himself, said he ran out of the toilet, asked to speak to the store manager and showed him the camera.

The manager seemed “pretty shocked” and reportedly said “Oh God, that’s not good".

The device was immediately taken down and placed in a bag to be passed to police. more

 * May also be applied to the dirty air vent grill.
Protect yourself.

Business Espionage Today: Sling TV Launches Cloud DVR Hours Before DirecTV

Sling TV users will soon be able to record some TV shows and store them online for later viewing.

The feature, which will initially be available as an invite-only beta to users of Dish's online streaming video service, is being announced on the same day that a major rival is appearing on the scene. Details of AT&T's DirecTV Now will be unveiled at a press event in New York later today. more

Just coincidence? You decide. 
How secret is your marketing strategy? 
When was the last time you checked? ~Kevin

3 Ways Corporate Spies Might Be Watching Your Business and How to Stop Them

Business is a game of constant competition, but the widespread emergence of covert surveillance and tracking tools has expanded the playbook. Now, industrial espionage has a new dimension.

In the corporate world, the practice is nothing new. In fact, it's been a marketing tactic for decades... But the digital age has given corporate spying a new face. And with the modern proliferation of web-based spying options, corporate surveillance is more sophisticated and covert than ever.

Today, corporate spies for hire carry titles like "Competitive Intelligence Analyst" and "Competitive Market Strategist." There are many lucrative opportunities for these workers. And they might be watching your business right now. Here are three of the ways they do it—and also how to dodge their efforts. more

Sunday, November 27, 2016

Turn Any Computer Into an Eavesdropping Device

Researchers at Israel’s Ben-Gurion University of the Negev have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones.

In a paper titled "SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit," the researchers this week described malware they have developed for re-configuring a headphone jack from a line-out configuration to a line-in jack, thereby enabling connected headphones to work as microphones.

The exploit works with most off-the-shelf headphones and even when the computer doesn’t have a connected microphone or has a microphone that has been disabled, according to the researchers. more

 Spoiler Alert: It ain't easy to do, or likely to happen to you. ~Kevin

Tuesday, November 22, 2016

Business Espionage: GSM Bugs Are Mini Cell Phones in Disguise

(from a seller's website in the UK)
GSM bugs are also known as mobile phone bugs and infinity bugs. Based around mobile technology, these devices provide a discreet listening facility with an unlimited distance.

Click to enlarge.
Up until a few years ago radio frequency transmitters were relied upon to provide an eavesdropping solution, albeit over only relatively short distances, generally up to about 800 metres line of sight. These devices are still available, but have been outlawed by OFCOM legislation and are therefore not legal to sell into the UK or operate in the UK without a radio broadcast licence. GSM Bugs use the existing GSM network as a transmission tool.

When they fist became available, the GSM bugs were literally modified mobile phones that auto-answered silently to open up the microphone and listen into the surrounding environment. These devices are still available today and some dedicated (dead phone) units have had enhanced microphone adjustments to make them more attuned to pick up sounds in a wider area, turning them into dedicated listening devices.

As the technology has moved on, these eavesdropping devices have become smaller and more sophisticated. They are really only restricted in size at present by the battery size, however, some of the latest units are built into mains powered devices such as multi-plug adapters and mains sockets, thereby making them invisible to the naked eye and with no power consumption restrictions.

Some of these eavesdropping devices are obviously for the UK market.
Bugs for other electrical standards are also available. 

Do you have electrical extension strips in your office?
Have they been inspected and sealed by a TSCM specialist


Hot Tech History: The "iPod" of 1938

via Matt Novak 
 Today we take it for granted that we can bring music with us wherever we go.

But that obviously wasn’t always the case. As just one example of how cumbersome portable music could sometimes be, take a look at this portable radio receiver from 1938. It was all the rage in France.

The May 1938 issue of Short Wave and Television magazine included a photo-filled spread of new radio sets that had recently been featured at an electronics exhibit in Paris. As you can see in the photo on the far left, the latest “portable radio” included a strap so that you could lug it around with you.

Radio miniaturization was happening at a quick pace in the 1920s, and this was far from the only portable radio of the 1930s. But it’s a decent reminder that portability is and always has been relative... more

Monday, November 21, 2016

3D Industrial Espionage

Your 3-D printer is leaking, but not in ways you can see.

It leaks sounds and energy. That's not a problem — unless you want to keep your creation a secret. In that case, it's time to get serious about security. Computer scientists have now shown that hackers can eavesdrop on 3-D printers — and then copy what they made. All it takes is your average smartphone.

As 3-D printing becomes more widespread, thieves will find new ways to steal original designs, worries Wenyao Xu. This computer scientist at the State University of New York in Buffalo led the new work...

To hack these printers, a spy needs to merely “listen” to the noise and energy the machine emits, including the magnetic fields that vary as it works. Both sound and electromagnetic energy travel as waves. By tapping into these waves, Xu says, a spy could identify the shape of what was being printed. This would allow someone to steal a design without ever seeing the original.

“We need to prevent these attacks,” Xu says. more

The Most Intrusive Spying Powers in the “History of Western Democracy.”

Britain’s Investigatory Powers Bill, voted through Wednesday, 

gives the government what critics claim will be some of the most intrusive spying powers in the “history of Western democracy.”

U.K.-based Internet service providers will be expected to keep full records of every customer’s browsing history, stretching back a year, and the statute will provide enough legal clout for the government to force companies to decrypt data on demand as well as create security backdoors on the devices they sell in order to facilitate spying. more

The Spy Who Couldn't Spell Straight

...and now we're going to hear a story that sounds just too bizarre to be true. 

More than a decade before Edward Snowden famously leaked thousands of classified records to the world, another U.S. government contractor tried a similar move the old-fashioned way. His name is Brian Regan. And in 1999 and 2000, he smuggled classified documents out of his office and buried them in the woods hoping to sell them to a foreign government. But he was foiled in part by his own terrible spelling.

This thrilling story is out this month in a new book called "The Spy Who Couldn't Spell: A Dyslexic Traitor, An Unbreakable Code And The FBI's Hunt For America's Stolen Secrets." Michel Martin talked with author Yudhijit Bhattacharjee about the strange story of Brian Regan.

MM: Why do you think most people have never heard of this story?

YB: The main reason is that Brian Regan was arrested just two weeks before 9/11. And so his story got completely overshadowed by the coverage of what was arguably the biggest story of the last 20 years... more

Friday, November 18, 2016

How to Get Into a Locked iPhone... and what to do about it.

It's Pretty Easy For Someone To Access Your Photos And Other Personal Info On Your Locked iPhone

YouTuber iDeviceHelp is "not a hacker" but still managed to find a fairly simple way to get into a locked iPhone running iOS 9. No passcode needed.

If you have an iPhone you want to turn off SIRI when the screen is locked. ~Kevin

China Secretly Spying on Android Devices

According to Cybersecurity firm Kryptowire, some Android phones, including those from American phone manufacturer BLU, are being preinstalled with software that monitors where users go, who they call, and what they text. The information is then sent back to Chinese servers.

A software dedicated to spying on users is the trojan horse hidden inside some phones manufactured in China. Kryptowire, a Cybersecurity consulting firm, has released a report stating that such malware is being used to gather sensitive information such as GPS locations, text messages, etc. to send back to Chinese servers every 72 hours.

The piece of code has been lurking inside the Android operative system. As such, the program managed to conceal itself from the user’s perspective.

Tom Karygiannis from Kryptowire revealed that the malicious program was created by the Chinese company Adups, with the sole purpose of spying, stating that it isn’t the result of an error. Karygiannis said that the malware’s goal may be is to perform state espionage or to merely to sell advertising data....

Adups has over 700 million active users, and a market share exceeding 70% across 200+ countries and regions. 

The company’s software is used in phones, cars, and other devices. American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected, promptly stating that it had released an update to remove Adups’ spyware. more

Happy Holidays, or How Not to Get Scammed Online This Season

Protect yourself against online shopping scams by watching for these 10 telltale signs...

Many mom-and-pop retail stores maintain websites for selling their wares, and some entrepreneurs create online-only stores that ship products directly from warehouses. Unfortunately, scammers also use ecommerce as an opportunity to take shoppers' personal and financial information from afar. An odd-looking site or too-good-to-be-true deal might be the work of scammer rather than an ecommerce amateur. The following 10 signs can help shoppers distinguish between the two. more

Lawyers Should Not Bug Opposing Lawyer's Email

Alaska may have only about 2,500 active resident lawyers, but its bar ethics committee has become just the second authority in the country to weigh in on the practice of “bugging” the e-mail of opposing counsel.

The committee disapproved of this spy method in an opinion issued in late October, saying that it violated the Last Frontier’s version of Model Rule 8.4, which prohibits dishonesty and misrepresentation.

A “web bug” is a tracking device consisting of an object embedded in a web page or e-mail, that unobtrusively (usually invisibly) reveals whether and how a user has accessed the content. Other names for a web bug are web beacon, pixel tracker and page tag. more

Want to check who is secretly bugging you? Little Snitch for OSX does an excellent job and offers a free trial. Similar products exist for PC based computers. ~Kevin

Thursday, November 17, 2016

This $5 Device Can Hack Your Locked Computer In One Minute

Next time you go out for lunch and leave your computer unattended at the office, be careful. A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks.

Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there’s a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday.

And all a hacker has to do is plug it in and wait. more

Tune into PI's Declassified! Thursday, 9 am Pacific, Noon Eastern

Is Your Cell Phone Bugging You?
Do you want to know how to protect your cell phone privacy or detect spyware on your smartphone? Are there warning signs that your phone is infected with spyware? Are there applications available to prevent your phone from being tapped or to catch the spy red-handed? Kevin D. Murray is an expert on mobile phone electronic surveillance and eavesdropping detection, known as technical surveillance countermeasures. He is also the author of Is My Cell Phone Bugged? Tune in to hear Kevin Murray discuss detecting mobile phone spyware, and tips to protect your most private conversations.
Link to show

Tuesday, November 15, 2016

Shazam, You're Bugged!

Shazam Keeps Your Mac’s Microphone Always On, Even When You Turn It Off

What’s that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple’s computers, Shazam never turns the microphone off, even if you tell it to.

When a user of Shazam’s Mac app turns the app “OFF,” the app actually keeps the microphone on in the background.

For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it’s just a feature that makes the app work better. more

TSCM School: How Small Can Electronic Surveillance Bugs Be?

...or, why we listen to the wires.

Electronic surveillance devices (audio, video, data) are often referred to by their generic term — bugs.
Amplified Mic (enlarged)
Bugs may be highly specialized, as in a video only spy camera, or may incorporate audio, video and data snooping. An example of this is a device which is secreted in a vehicle, which collects GPS data, audio and video.

Most people, however, think of bugs as audio-only radio transmitters.

Often the simplest bugs are the most effective. These are just microphones attached to a length of wire.

The other end of the wire can be connected to a distant radio transmitter, voice recorder, or simply an amplifier with headphones.

Most people are surprised to learn all homes and offices come prewired, bugging-ready.

Standard telephone cables have unused pairs, and computer Ethernet cables generally only use two of the four pairs they contain. Most older office buildings also have legacy wiring which was never removed.

These "hardwired" bugs are among the most difficult to detect, which is why spies and law enforcement favor them.

Since a microphone is the main element of a hardwired bug,
I thought it might be very useful to show you how small they
can be.

These fingers are holding a real microphone, actual size.

Now you know just how much the other picture was enlarged.

Amazingly small, these microphones are mass produced by the millions.

Fortunately, most wind up in cell phones and hearing aids. However, many are sold on eBay for pennies, and then become bugs.

Not everyone knows how to find these. But, don't worry, we do.