Tuesday, May 31, 2016

10 types of spy cameras that could be watching you right now - No. 6 is a surprise

Camera technology has advanced a lot the past few years. They keep getting smaller and smaller, making it possible to conceal them any which way.

Spy cam manufacturers have been creative in producing some of the most cleverly disguised (and tiny) camera/DVR systems, complete with HD video, motion detection, large storage card support and remote controls...

1. USB flash drive spy cameras
These cameras look like your regular USB storage sticks, but think again. They have a hidden camera inside! It’s not unusual these days for someone to be carrying USB sticks around so spotting them can be a bit challenging.

So how can you tell? The camera lens for these USB stick cameras is usually located on the posterior end of the stick, opposite the USB plug. With this form factor, this spy cam will blend seamlessly in an office or classroom.

See all 10 here.

Concerns for Energy Espionage Climb

The FBI is warning U.S. energy companies that the oil industry's downturn is increasing their vulnerability to theft of technological secrets.
 

Companies that long have faced the prospect of economic espionage must now be prepared for the possibility that workers who have been laid off could be targeted by foreign entities and competitors wanting to steal intellectual property. 

"FBI investigations indicate economic espionage and trade secret theft against U.S. oil and natural gas companies and institutes are on the rise," according to an unclassified briefing report prepared for the energy industry.

Agents shared the report recently with about 150 energy sector executives, managers and others who gathered behind closed doors at the FBI building... more

How Business Espionage Really Works (Hint, it ain't just computers.)

The Dirty Dozen
  1. Trespassing on the property of a competitor.
  2. Secretly observing the activities or properties of others.
  3. Using electronic eavesdropping equipment.
  4. Learning trade secrets by hiring people who work for a competitor.
  5. Hiring a spy to get specific information from an other company.
  6. Planting an undercover operative on someone else’s payroll.
  7. Stealing documents or property (includes electronic documents).
  8. Conducting phone negotiations for a license, franchise, or distributorship in order to gain inside information.
  9. Gaining information by staging a phony market research study or similar interview project.
  10. Bribing. Most forms of bribery are unethical, including those disguised as “gifts”.
  11. Blackmailing.
  12. Extorting. 
From: Best Practice Guidelines in Business Espionage Controls & Countermeasures
  

Trump Campaign Manager Asked if Trump Offices Are Being Bugged - Bizarre Response

Donald Trump’s controversial campaign manager, Corey Lewandowski, appeared on “Fox News Sunday” this week to answer questions about the Republican front-runner’s strategy as the primary season winds down...

...with seconds remaining in the interview, host Chris Wallace asked a question that produced a response no one likely anticipated.

Wallace asked Lewandowski to comment on reports that some Trump associates are suspicious that the campaign’s Trump Tower offices are being bugged. At first the campaign manager ignored the question, but Wallace pressed further.

“Is there any bugging going on at the Trump Tower?” Wallace asked, with 10 seconds remaining in the interview.

“I think that’s a lot of speculation,” Lewandowski began. “I don’t think that’s the case at all — I think we’re very happy with the way that our offices are set up.”

It’s not quite clear what Lewandowski was trying to suggest, and given that there was no time for a follow-up question, the bizarre response was left alone. more

Friday, May 27, 2016

The Friendly Maintenance Man's Spycam

Apartment maintenance man Jerry Rowe was a nice, friendly guy who carried around treats for residents' dogs. Residents of the Steeplechase Apartments were surprised Thursday when word spread that Rowe, 65, had been arrested and charged with hiding a camera in the bathrooms of five female tenants. 

...The investigation into Rowe started Wednesday when a woman saw a camera in a vent in the ceiling of her bathroom.  The Friendly Maintenance Man's

She called the Warren Co. Sheriff's Office and deputies said they found images of Rowe placing the camera in the vent on the camera. Lt. John Faine said five women were captured by the camera...

Faine said he believes Rowe had one camera that he moved from one apartment to another. However, he cannot rule out that there may be other cameras at this point in the investigation. more

Thursday, May 26, 2016

DIY Tip: How to Check Your Wi-Fi for Spies

If you would like to see who (or what) is tapped into your wireless network, you can take a peek with router utilities and mobile apps...

Depending on your interest in technical fiddling, you can see what other devices are connected to your network in several ways. For one, you could log into your wireless router’s administrative page and check its DCHP Client Table (sometimes called the DHCP Client List or Attached Devices, as some router companies use different terms) to see the roster of computers, smartphones, tablets and other gear currently connected to the wireless router...

If that sort of thing seems like way too much work, you can also get a program or app that scans your network for connected devices. Your router maker may have its own app, like Netgear’s Genie, Linkys Connect or Apple’s AirPort Utility for iOS.

You can also find software from other developers that is designed to reveal the devices connected to your wireless network. NirSoft Wireless Network Watcher. Who’s on my WiFi for Windows and the Fing network scanner for Android and iOS are among the options. more

Russian Election Monitor Sets Trap To Test NTV For Wiretapping

In March 2012, Michael McFaul, then the U.S. ambassador to Russia, famously accused journalists from the state-controlled network NTV of hacking his phone or e-mails to access his schedule after they approached him as he arrived at a private meeting with an opposition activist.

Four years later, those same journalists have been purportedly tripped up in a sting operation by an embattled Russian election-monitoring group seeking to prove that security services are wiretapping its phones and leaking details of its meetings with foreign diplomats to the Kremlin-loyal network.

Golos, an independent election monitor that has documented widespread violations at Russian ballot boxes in recent years, says it has concluded that NTV journalists are surreptitiously obtaining information about its employees’ movements from Russian law enforcement or intelligence agencies.

Using this information, Golos alleges, the journalists are able to track the group’s itinerary and wait for them -- cameras and microphones in hand -- outside embassies and other Moscow venues where they meet foreign diplomats to discuss the country’s elections. more

The 2017 Intelligence Authorization Act

As part of its continuing push for ever greater surveillance powers, the FBI is hoping that a new bill, known as the 2017 Intelligence Authorization Act, will be enacted into law, as the proposed legislation makes it possible for the agency to read emails without a warrant. It’s already been given Senate Intelligence Committee approval and will next be considered by the Senate as a whole....

Essentially, the bill would extend current FBI powers authorized by the Patriot Act, which allows the government to force telecoms companies to hand over phone records on individuals suspected of terrorism and other crimes. Known as a National Security Letter, recipients are not allowed to speak about the FBI investigation either, essentially gagging the companies and individuals involved.

...If enacted, sending such a letter would not require a court order, nor require any oversight from external organizations whatsoever.

That’s the aspect of the bill that lone-Senate Intelligence Committee dissenter, Ron Wyden, highlighted as part of his no vote.

This bill takes a hatchet to important protections for Americans’ liberty,” he said (via CNet). “This bill would mean more government surveillance of Americans, less due process, and less independent oversight of U.S. intelligence agencies.” more

Britain's Foreign Secretary Denies Office Cat is a Spy

Britain's foreign secretary Philip Hammond was forced to issue a denial after his own Conservative party colleague claimed the "chief mouser" at the UK's Foreign Office could be a European Union (EU) spy.

Palmerston, a cat that was adopted by the Foreign and Commonwealth Office, had been recently announced as the "chief mouser" to help tackle the problem of mice in the building in central London.

However, as the debate around Britain's membership of the EU heats up in the lead up to the June 23 referendum, a member of the camp in favour of remaining in the economic bloc told the House of Commons yesterday that those in favour of Brexitmay fear Palmerston has not been fully vetted.

"There is a serious point here. Can I ask my right honourable friend whether Palmerston has been security cleared or not... can I ask him, has he been positively vetted by the security service and scanned for bugs by GCHQ? And can my right honourable Friend assure the House –and the more paranoid element in the Brexiters - that he isn't a long term mole working for the EU Commission," Tory MP Keith Simpson asked Hammond.

The foreign secretary chose to the address the bizarre query, claiming Palmerston's attendance record had been impeccable.

He told MPs: "He is definitely not a mole. I can categorically assure my honourable friend that Palmerston has been regularly vetted." more

Wednesday, May 25, 2016

Survey: Corporate Espionage Rated as a Top Risk - Assessments Become Common

A large number of companies feel the existing security standards, legal, regulatory and compliance frameworks in the industry were not adequate to support corporate security requirements, a survey by PwC India and American Society for Industrial Security (ASIS) said.

The survey revealed that cybercrime and corporate espionage have been rated as two of the most serious threats to organizations in the coming years.

More than half the respondents felt precautionary and preventive measures taken is still not adequate...

The survey also highlighted that about 73 per cent of the respondents felt that the number of security incidents had increased in the past two years and would continue over the next two years.

While five years back physical security assessment was rare and uncommon, today almost 46 per cent of the organizations surveyed conduct a physical security risk assessment once a year, whereas 17 per cent do it monthly. more

New Old News - Official Warning - Wall Wart Eavesdropping Device

(My clients received their warning on January 14, 2015. ~Kevin)

FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.

The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks.

To lower the chances the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices.

"If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information," FBI officials wrote in last month's advisory. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen." more

Facebook Has Ears and is Nosey Too

Facebook admits that it “uses your microphone to identify the things you’re listening to or watching, based on the music and TV matches we’re able to identify.”

However, some experts believe that Facebook is not being fully transparent. Once the microphone feature is enabled, Facebook can listen in to your private conversation, even when one is not actively engaging with the app.


The feature listens for particular buzz words, which enable the site to weave the content that appears on news feeds to suit users’ personal interests.

In an NBC report, the feature is tested by Kelli Burns, a professor of Mass Communication at the University of South Florida.

In the experiment, she says aloud with her microphone feature on, “I’m really interested in going on an African safari. I think it’d be wonderful to ride in one of those jeeps.”

When she checked her Facebook newsfeed just 60 seconds later, the first item to appear was a safari story. She then also noticed an advertisement for Jeep vehicles. more

Holiday Weekend Filmfest - Watch the 10 Best PI Movies (infographic)

A tip of the magnifying glass to Adam Visnic
a licensed private investigator. 
May your next case become a 
classic movie. 

(Enlarge)

Friday, May 20, 2016

"Alexa, can you be used by outsiders for eavesdropping?"

via Matt Novak
"Back in March, I filed a Freedom of Information request with the FBI asking if the agency had ever wiretapped an Amazon Echo. This week I got a response: “We can neither confirm nor deny...”
We live in a world awash in microphones. They’re in our smartphones, they’re in our computers, and they’re in our TVs. We used to expect that they were only listening when we asked them to listen. But increasingly we’ve invited our internet-connected gadgets to be “always listening.” There’s no better example of this than the Amazon Echo.

In many ways the Echo is a law enforcement dream." (...or any hacker, snoop or spy.) more more

Thursday, May 19, 2016

10 Ways Law Firms Can Make Life Difficult for Hackers

1. More (and better) employee training.
2. Keep backups disconnected from the network and the Internet.
3. Install all patches and updates.
4. Update software – especially when it is no longer supported.
5. Block executable files, compressed archives and unidentified users.
6. If you use cloud storage, make sure your firm controls the encryption key.
7. Make your cybersecurity program meet the needs of potential clients.
8. Have clear, effective restrictions on remote access and mobile devices.
9. Set systems to capture log data, for forensic purposes if a breach occurs.
10. Share threat information. more

These basic tips apply to all hacker-target businesses. ~Kevin

Eavesdropping on the Public in 1919

In 1919 a Chicago Theater bugged the seats...

Click to enlarge.
to find out what the audience was saying about the production they were watching. The hope was that the honest criticism (or praise) they heard would help them make future performances better. more

Think Video Surveillance is Just for Crime Prevention? Think again...

Sure, surveillance video can be used to “catch the bad guy” and deter incidents. But it can do so much more!

Download the Top 10 Values of Video Surveillance by Pivot3 to see how you could be leveraging your video for strategic business purposes beyond security.

See how video can help you:
  • Defend against fraudulent liability claims
  • Avoid fines from non-compliance
  • Improve the value of other business systems to your organization
  • And more!

Tuesday, May 17, 2016

CIA Former Agent Trains You to Survive... your wallet is decimated, however.

A new show where you learn CIA spy secrets that could save your life is headed to the Strip — it’s a two-day “Escape and Evasion” presentation hosted by former CIA agent Jason Hanson, who served with the agency for nearly a decade.

“Spy Escape & Evasion” debuts at the “Pin Up” theater in the Stratosphere on Aug. 17 with the first four back-to-back days, with future seminars to be announced.

It’s a $1,499.95 ticket price per person that includes hands-on personal training by Jason and his CIA team of former officers. He also will participate in meet-and-greet sessions, and 30 audience members will dine with him after the lectures and training sessions.

If you’ve ever dreamed of being 007 or wished you possessed the skills to protect yourself from danger like those in the CIA, these shows are for you. Jason’s courses are designed to keep individuals and their families safe from danger.

Here are topics Jason will cover in his fascinating show presented by Red Mercury Entertainment:
• How to escape rope, duct tape, zip ties and handcuffs in 30 seconds or less;
• secrets of situational awareness;
• important everyday carry gear bag;
• how to pick locks, hotwire a car and disappear without a trace;
• how to use social engineering to get almost anything you want;
• what to do when a crisis occurs; technical pen techniques;
• basic counter surveillance techniques;
• and hands-on training. more

...and then there is the Shark Tank $1,997 special.
...and then there is the $37 version.
...and then there is FREE CIA training.

Spying Using Phone Call Records – Study Says It's Easy

Stanford University researchers used call records to uncover heart problems, marijuana habits of volunteers. 

Phone metadata doesn’t reveal what people say, but such records of calls and text messages can help spy agencies, businesses or hackers discover private information about someone’s relationships, shopping interests and even health problems, according to a study published on Monday.

The research published in the journal Proceedings of the National Academy of Sciences showed that scans of call records help create detailed maps of not just the person being investigated, but also the lives of contacts in their phone history. Metadata is the term used for the receipt of a call or a text message included in the history of a phone, and these records are often maintained by a telecom service provider.

"Once a participant was labeled as in a relationship, we found that identifying the participant’s partner was trivial,” according to the researchers. “Our results suggest that, even without human review, a business or agency could draw sensitive inferences from a significant share of telephone records.” more

Intriguing Spy Stories From Internal NSA Reports

In the early months of 2003, the National Security Agency saw demand for its services spike

as a new war in Iraq, as well as ongoing and profound changes in how people used the internet, added to a torrent of new agency work related to the war on terror, according to a review of 166 articles from a restricted agency newsletter.

The Intercept today is releasing the first three months of SIDtoday, March 31 through the end of June 2003, using files provided by NSA whistleblower Edward Snowden. In addition, we are releasing any subsequent 2003 installments of SIDtoday series that began during this period. The files are available for download here.

We combed through these files with help from other writers and editors with an eye toward finding the most interesting stories... more

The NSA does excellent behind-the-scenes work. Since some of their work is now public you can now be thankful and proud. ~Kevin

Monday, May 16, 2016

Philly Cheesy Stake-Out... Outted

The Philadelphia Police Department admitted today that a mysterious unmarked license plate surveillance truck disguised as a Google Maps vehicle, which Motherboard first reported on this morning, is its own.

In an emailed statement, a department spokesperson confirmed:

“We have been informed that this unmarked vehicle belongs to the police department; however, the placing of any particular decal on the vehicle was not approved through any chain of command.

With that being said, once this was brought to our attention, it was ordered that the decals be removed immediately.” more

Sunday, May 15, 2016

Spycam Found in Hospital Bathroom

Harris Health Systems is confirming that a hidden camera was found in a staff restroom at Ben Taub General Hospital. 

Hospital staff turned the camera over to Houston police.

Harris Health Systems oversees the county's public hospitals, including Ben Taub.

Kese Smith of the Houston Police Department said Thursday that the camera was found concealed inside a fifth floor restroom at the hospital which is used mostly by staff but is also sometimes accessed by the public.

It was not immediately known what kind of camera was found or how long it had been in the staff restroom. more

Thursday, May 12, 2016

Alarming Security Defects in SS7, the Global Cellular Network—and How to Fix Them

The global network that transfers calls between mobile phone carriers has security defects that permit hackers and governments to monitor users’ locations and eavesdrop on conversations.

Courtesy ESD America
As more reports of these activities surface, carriers are scrambling to protect customers from a few specific types of attacks.

The network, called Signaling System 7, or SS7, is a digital signaling protocol that mobile phone carriers including AT&T, T-Mobile, and Sprint use to send messages to each other about who is a subscriber, where subscribers are located, and how calls should be routed to reach them.

SS7 began as a closed network shared among a few major mobile phone carriers, but grew porous as more carriers joined. Hackers and governments can now gain access by purchasing rights from a carrier (which many are willing to provide for the right price) or infiltrating computers that already have permission. more

One security firm advises:
"...we have two products that represent the world’s first comprehensive solution against
SS7 attacks: ESD Oversight Protect & ESD Oversight Detect. SS7 Network Penetration testing is
also available to carriers around the world who recognize the need to ensure their networks and their
subscribers are protected from the potential damaged these vulnerabilities expose."


Extra Credit — Ghosts in the Network: SS7 and RF Vulnerabilities in Cellular Networks — a presentation given at RSA Conference 2016

Tuesday, May 10, 2016

Med Students Caught Cheating with Spycams & Smart Watches

A top Thai medical college has caught students using spy cameras linked to smartwatches to cheat during exams in what some social media users have compared to a plot straight out of a Mission: Impossible movie.

Key points:
  • Thai students caught using spyglasses to send images of exam questions to accomplices
  • Accomplices sent answers back to students' smartwatches
  • Students paid 800,000 baht ($31,000) for equipment, answers
Arthit Ourairat, the rector of Rangsit University, posted pictures of the hi-tech cheating equipment on his Facebook page, announcing that the entrance exam in question had been cancelled after the plot was discovered.

Three students used glasses with wireless cameras embedded in their frames to transmit images to a group of as yet unnamed people, who then sent the answers to the smartwatches.

Mr Arthit said the trio had paid 800,000 baht ($31,000) each to the tutor group for the equipment and the answers.

"The team did it in real-time," Mr Arthit wrote. more

Checklist for Admissibility of Electronic Evidence


by Paul W. Grimm & Kevin F. Brady

HOPE Cranks it to Eleven this Summer - Tickets on Sale Now

Hackers On Planet Earth (HOPE) holds their 11th gathering July 22-24 in New York City.

Cory Doctorow is on tap to be their first keynote speaker.

Cory Doctorow (craphound.com) is a science fiction novelist, blogger, and technology activist. He is the co-editor of the popular weblog Boing Boing (boingboing.net), and a contributor to The Guardian, Publishers Weekly, Wired, and many other newspapers, magazines, and websites. (He even wrote an article for 2600 under a different name many years ago!) He is a special consultant to the Electronic Frontier Foundation (eff.org), you know, those superheroes who defend freedom in cyberspace on a daily basis. more

Why "Eleven"? The same reason Tesla auto sound systems peak at Eleven! video

The End of "A Little Bird Told Me"

At Twitter’s behest, US intelligence agencies have lost access to Dataminr, a company that turns social media data into an advanced notification system, according to the Wall Street Journal. While that may sound like a win for privacy, it’s a bit more complicated in practice.

The move leaves government officials without a valuable tool. Somewhat less clear is what sort of stand, if any, Twitter is taking...

“From the government perspective, it’s a good tool, because it gives real-time alerts to things that are happening before anyone really knows what’s going on,” says Aki Peritz, a former CIA counterterrorism expert and current adjunct professor at American University. “We want to allow law enforcement and the intelligence services to know bad things are happening in real time.” more

It's time to make peace with passwords. This free guide will help.

By now we're all well aware of what makes a bad password … it's us. 

A glance at SplashData's annual reporting on the world's worst passwords shows just how laughably bad at creating passwords us humans really are. But what's worse, as Steve Ragan's analysis of leaked passwords shows, is that many passwords on the naughty list adhere to the carefully crafted password policies in use in companies today.

How can security leaders do better? For one thing, we can stop blaming users, says Michael Santarcangelo. Instead, we can focus on providing them with technology that makes the job easier.

That's where this guide comes in. more

US Government Study of Spyware - Possible Precursor to New Laws

Why GAO Did This Study
Smartphone tracking apps exist that allow a person to not only surreptitiously track another person’s smartphone location information, but also surreptitiously intercept the smartphone’s communications—such as texts, e-mails, and phone calls. This type of monitoring—without a person’s knowledge or consent—can present serious safety and privacy risks...

The federal government has undertaken educational, enforcement, and legislative efforts to protect individuals from the use of surreptitious tracking apps, but stakeholders differed over whether current federal laws need to be strengthened to combat stalking. Educational efforts by the Department of Justice (DOJ) have included funding for the Stalking Resource Center, which trains law enforcement officers, victim service professionals, policymakers, and researchers on the use of technology in stalking. With regard to enforcement, DOJ has prosecuted a manufacturer and an individual under the federal wiretap statute for the manufacture or use of a surreptitious tracking app.

Some stakeholders believed the federal wiretap statute should be amended to explicitly include the interception of location data and DOJ has proposed amending the statute to allow for the forfeiture of proceeds from the sale of smartphone tracking apps and to make the sale of such apps a predicate offense for money laundering. Stakeholders differed in their opinions on the applicability and strengths of the relevant federal laws and the need for legislative action. Some industry stakeholders were concerned that legislative actions could be overly broad and harm legitimate uses of tracking apps. However, stakeholders generally agreed that location data can be highly personal information and are deserving of privacy protections. more full study