Wednesday, June 29, 2016

Spy Alert #734: The Olympic Games Warning

If Zika, political instability and contaminated water weren’t enough,

U.S. intelligence officials are warning Americans traveling to the August Olympic Games in Rio and other destinations abroad that proprietary information stored on electronic devices is at high risk for theft by spies and cyber criminals who are increasingly targeting global events as troughs rich in valuable intelligence.

Bill Evanina, the nation’s chief counter-intelligence executive, is urging travelers to carry “clean’’ devices, free of potentially valuable archives that could be tapped for economic advantage, personal data or security information.

Just as the Olympics draw the world’s most talented athletes, Evanina said the games and other international events represent a "great playground’’ for government intelligence services and criminals, if only because of the “sheer number of devices.’’ more

Nanny Cam Solves 2013 Home Invasion Case — 2016 Justice Served

A judge sentenced a New Jersey man to life in prison Wednesday for a brutal home invasion beating caught on a nanny cam, after listening to the victim describe how the attack left her with physical and psychological scars...

http://www.usatoday.com/story/news/nation/2013/06/25/home-invasion-millburn-camera/2458129/
(Judge) Wigler added an additional five years to Custis' life sentence for the child endangerment conviction. Custis won't be eligible for parole for more than 60 years.

Prosecutors had sought a life sentence for the Newark resident based on a criminal past Wigler termed "rather staggering." It included 38 arrests and 17 felony convictions before the 2013 attack in Millburn, a suburban town several miles from Newark...

"Half-measures of leniency haven't worked to deter this defendant," (Assistant Essex County Prosecutor) Semper said. "He has almost as many arrests as he's had birthdays." more

Not the World's Smallest "Camera" but... Possibly the World's Smallest Camera Lens

Tiny 3D-printed medical camera could be deployed from inside a syringe.

Getting inside the human body to have a look around is always going to be invasive, but that doesn't mean more can't be done to make things a little more comfortable. With this goal in mind, German researchers have developed a complex lens system no bigger than a grain of salt that fits inside a syringe. The imaging tool could make for not just more productive medical imaging, but tiny cameras for everything from drones to slimmer smartphones.

Scientists from the University of Stuttgart built their three-lens camera using a new 3D printing technique. They say their new approach offers sub-micrometer accuracy that makes it possible to 3D print optical lens systems with two or more lenses for the first time. Their resulting multi-lens system opens up the possibility of correcting for aberration (where a lens cannot bring all wavelengths of color to the same focal plane), which could enable higher image quality from smaller devices. more

Thursday, June 23, 2016

Mark Zuckerberg Tapes Over His Laptop Camera - You can do better!

Mark Zuckerberg is one of the most powerful men in the world...

On Tuesday, observers were reminded that Mr. Zuckerberg, 32, is not just a normal guy... his laptop camera and microphone jack appeared to be covered with tape...

The taped-over camera... usually a signal that someone is concerned... about hackers’ gaining access to his or her devices by using remote-access trojans — a process called “ratting.” (Remote access is not limited to ratters: According to a cache of National Security Agency documents leaked by Edward J. Snowden, at least two government-designed programs were devised to take over computer cameras and microphones.)

Security experts supported the taping, for a few good reasons... more
---
Murray Associates provided our clients with a more elegant solution—a year ago. 
(free)

Spybuster Tip #812 
Protect your privacy with just two disk magnets.

1. Affix one magnet to your laptop—adjacent to the camera lens.
2. Let the second magnet attach itself to the first one. It will orbit the first magnet.
3. Orbit the second magnet over the camera lens to eclipse the view.
4. Rotate it out of the way to use the camera.

Simple. Elegant. Effective.
Tape is tawdry.

You are now very cool! More cool than Zuck with his yuck tape.
Our ahead-of-the-curve mailing to our clients. Consider becoming one.

The Great Seal Bug - Excellent Synopsis

In 1946, a group of Russian children from the Vladimir Lenin All-Union Pioneer Organization (sort of a Soviet scouting group) presented a carved wooden replica of the Great Seal of the United States to Averell Harriman, the U.S. Ambassador to the Soviet Union.

Click to enlarge
The gift, a gesture of friendship to the USSR's World War II ally, was hung in the ambassador’s official residence at Spaso House in Moscow. It stayed there on a wall in the study for seven years until, through accident and a ruse, the State Department discovered that the seal was more than a mere decoration.

It was a bug.

The Soviets had built a listening device—dubbed “The Thing” by the U.S. intelligence community—into the replica seal and had been eavesdropping on Harriman and his successors the whole time it was in the house. “It represented, for that day, a fantastically advanced bit of applied electronics,” wrote George Kennan, the ambassador at the time the device was found. “I have the impression that with its discovery the whole art of intergovernmental eavesdropping was raised to a new technological level.” more

The full story.

Godless Android Malware - Secretly Roots Phone, Installs Programs

Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs.

The malware, dubbed Godless, has been found lurking on app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro said Tuesday in a blog post.

Godless hides inside an app and uses exploits to try to root the OS on your phone. This basically creates admin access to a device, allowing unauthorized apps to be installed.

Godless contains various exploits to ensure it can root a device, and it can even install spyware, Trend Micro said...

Trend recommends you buy some mobile security software. more

My solution. ~Kevin

Wednesday, June 22, 2016

Security Director Alert: Check the Settings on your Video Teleconferencing Equipment

Closed-door meetings by Canada's Quebec Liberal Party were exposed to trivial eavesdropping thanks to flaws in its video conferencing software.

The flaws, found and reported by a resident white hat researcher, are being fixed.

The researcher speaking on the condition of anonymity told local tabloid Le Journal de Montreal (French) he accessed the video streams using a vulnerability and the default password which was in use.

They were able to gain on-demand access to two meeting rooms in Quebec and Montreal, and supplied screen captures as evidence of the exploit.

"It was just too easy," the researcher told the paper. "It is as if they had stuck their PIN on their credit card."

Party communications director Maxime Roy says nothing relating to national security was discussed at the meetings... "We are working with our supplier." more

Need help? 
Call me.

Seek Thermal CompactPRO — Possible TSCM Tool Coming Soon

Seek Thermal has announced the first thermal imager for smartphones with 76,800 temperature pixels.

The new CompactPRO is said to deliver the high-quality thermal image resolution and the enhanced software features professionals demand, including:
  • 320 x 240 thermal sensor
  • Wide 32-degree field of view
  • Minimum focusable distance of 15cm
  • Emissivity control
  • Thermal level and span
  • 9 color palettes

I plan on testing this and will report in a future post. ~Kevin

Snooping on Mobile Phones: Prevalence and Trends

Abstract: Personal mobile devices keep private information which people other than the owner may try to access.

Thus far, it has been unclear how common it is for people to snoop on one another’s devices. Through an anonymity-preserving survey experiment, we quantify the pervasiveness of snooping attacks, de๏ฌned as "looking through someone else’s phone without their permission."

We estimated the 1-year prevalence to be 31% in an online participant pool. Weighted to the U.S. population, the data indicates that 1 in 5 adults snooped on at least one other person’s phone, just in the year before the survey was conducted.

We found snooping attacks to be especially prevalent among young people, and among those who are themselves smartphone users. In a follow-up study, we found that, among smartphone users, depth of adoption, like age, also predicts the probability of engaging in snooping attacks.

In particular, the more people use their devices for personal purposes, the more likely they are to snoop on others, possibly because they become aware of the sensitive information that is kept, and how to access it. These ๏ฌndings suggest that, all else remaining equal, the prevalence of snooping attacks may grow, as more people adopt smartphones, and motivate further e๏ฌ€ort into improving defenses. more

A Technology that lets Companies Eavesdrop on Mobile Calls Made on their Premises.

Ever sought a bit of privacy by stepping away from your desk to make a personal call on your cell phone?

Soon, that may not be enough to prevent the boss from listening in -- at least not in Russia.

A Moscow security firm has developed technology that lets companies eavesdrop on mobile calls made on their premises. InfoWatch says the product is legal in Russia and that it’s scouting for other markets where customers -- banks, government agencies, or anyone else trying prevent leaks of confidential information -- would be allowed to use it.

“These technologies have been used by secret services or the military in certain countries,” said Natalya Kaspersky, chief executive officer of InfoWatch. “Our breakthrough is in applying them for corporate security.”The product expands an employer’s arsenal for fighting industrial espionage but is also likely to further fuel the global debate about data privacy. more

"Emergency! Everybody to get from street!"

Monday, June 20, 2016

Cadillac CT6: A Luxury $53,000-plus 360ยบ Surveillance Camera

Integrated into the front grille of the Cadillac CT6 is a surveillance camera that the driver can secretly activate. 

There's one on the rear trunk lid, too.

 If the alarm system is triggered, these two cameras activate, and two others on the door-mounted rearview mirrors do as well.

Footage is stored on a removable SD card in the trunk. more

Amateur Skygazers Have Already Found the New Spy Satellite

Last week, the U.S. National Reconnaissance Office launched NROL-37, carrying its latest spy satellite into geosynchronous orbit via Delta IV-Heavy rocket. But it only took amateur space enthusiasts a few days to locate the mysterious new craft in the skies near Malaysia, over the Strait of Malacca.

While the contents and capabilities of the NROL-37 mission's payload are classified (the satellite is innocuously labeled US-268), its need to hitch a ride on the world's biggest rocket strongly suggests it is the seventh member of the Mentor/Orion family, an extra-large class of signals intelligence (SIGINT) satellites which help provide eavesdropping capability to US intelligence agencies.



Their large size also makes Mentor satellites the easiest to find and photograph. In a blog post, Dr. Marco Langbroek details how he and two other amateur skygazers found the Mentor-7 satellite near 104 E longitude over the course of a few days using standard photographic equipment. (You can always spot a geosynchronous satellite by taking long exposures of the sky at night and noting which “stars” aren’t moving.) more

Eavesdropping History: Wiretapping Observations in the 1890's

via Futility Closet...
Click to enlarge.(sic)
In 1890, as the telephone’s influence spread across the United States, Judge Robert S. Taylor of Fort Wayne, Ind., told an audience of inventors that the telephone had introduced an “epoch of neighborship without propinquity.” Scientific American called it “nothing less than a new organization of society.” The New York Times reported that two Providence men “were recently experimenting with a telephone, the wire of which was stretched over the roofs of innumerable buildings, and was estimated to be fully four miles in length”:
They relate that on the first evening of their telephonic dissipation, they heard men and women singing songs and eloquent clergymen preaching ponderous sermons, and that they detected several persons in the act of practising (sic) on brass instruments. This sort of thing was repeated every evening, while on Sunday morning a perfect deluge of partially conglomerated sermons rolled in upon them. … The remarks of thousands of midnight cats were borne to their listening ears; the confidential conversations of hundreds of husbands and wives were whispered through the treacherous telephone. … The two astonished telephone experimenters learned enough of the secrets of the leading families of Providence to render it a hazardous matter for any resident of that city to hereafter accept a nomination for any office.
In 1897 one London writer wrote, “We shall soon be nothing but transparent heaps of jelly to each other.” (From Carolyn Marvin, When Old Technologies Were New, 1988.)

Security Director Alert: Check Your Alarm Systems - Especially at Executive Residences

Dec. 31, 2016 is the proposed date for all 2G cell towers to discontinue service.

2G networks are on their way out the door, as AT&T and Verizon announced plans to discontinue services. This change brings with it the end of many older security system models whose radios will need to be updated or replaced to be compliant with 3G and 4G requirements.

If the alarm systems at your executives' residences, or remote locations, have not been updated yet... do it now.
~Kevin

Replacement 3G & 4G cellular alarm dialers.

Spycam, Blackmail and a former Waffle House CEO (surprise ending)

Mye Brindle, a housekeeper for Joe Rogers, former CEO of the Waffle House restaurant chain, was indicted on Friday, for allegedly trying to extort millions of dollars from her boss. 
 
Her lawyers, John Butters and David Cohen, were charged as well. According to the Associated Press, all three were indicted for secretly videotaping Brindle and Rogers having sex in Rogers’ home, and then trying to blackmail him with the recording...

Records indicated that the video, made with a spy camera Brindle received from a private investigator, did not show that Brindle did anything against her will.

Secretly recording someone in their bedroom is considered eavesdropping, which is a felony in Georgia.

Brindle, Butters, and Cohen are all charged with conspiracy to commit extortion, conspiracy to commit unlawful eavesdropping, and eavesdropping, each facing a sentence of up to five years of incarceration. more

The Future of Eavesdropping Past – The Thought Recorder

ELECTRICAL EXPERIMENTER May, 1919
Click to enlarge.

Tuesday, June 14, 2016

Active Shooter: This 5-Minute Video Could Save Your Life

Run. Hide. Fight.


More Tips
Former Secret Service agent warns: You are the soft targets | Fox News Video

Follow the general "if you see something, say something".

Reminder of what you should do to be "situationally aware":
• Report suspicious activity to your local law enforcement agency.
• If you think there's an imminent threat use 911, otherwise call law enforcement on their local lines.
• Threats to the President or Vice President should go to the Secret Service first if there's time.
• Describe, to the best of your ability, specifically what you heard or observed, including:
      - Who or what you saw;
      - When you saw it;
      - Where it occurred; and
      - Why you believe it's suspicious.

It is better to report and be wrong than to not report and have a potentially serious incident occur. Let Law Enforcement (LE) be the deciding factor.

Make sure you ALWAYS look for a second exit when entering a building. This is not just in case of terrorism, robbery, etc., but in case there's a fire.

Resource materials for security directors:
1. IF YOU SEE SOMETHING, SAY SOMETHING. Department of Homeland Security

2. Active Shooter Guide - FEMA

3. Operational Templates and Guidance for EMS Mass Incident Deployment

4. The First Responder Guidance for Improving Survivability in Improvised Explosive Device and/or Active Shooter Incidents (DHS)

5. Mass Casualty Management Systems – World Health Organization

6. Active Shooter Study: Quick Reference Guide (FBI)

Tuesday, June 7, 2016

Video Voyeur Spycam Incidents Still Running at High Levels

AR - Police in Greenwood, AR arrested a man on Sunday after he was accused of recording women in a restaurant bathroom, says a 5 News Online report. Authorities were notified after a 10-year-old girl found a hidden cell phone that had been recording video in the women’s bathroom at El Palenque. more

AR -  A Lowell man pleaded not guilty Monday to charges accusing him of secretly recording in a men's bathroom. more

DE - Police in Milltown, Delaware, are investigating a hidden camera found in the women’s bathroom of Moe’s Southwest Grill that contained video clips of over 100 women and even an little girl. The bathroom camera was discovered after a restaurant employee overheard a man discussing the camera. The camera was found fastened to a garbage can in the women’s restroom. Along with the camera a power source and a memory card was discovered. more

FL - Authorities found cameras disguised as wall-mounted coat hooks in at least three public bathrooms in and around the Florida Keys, according to a new report. Over the last week the hidden devices were discovered in the women’s room of a Circle K outlet, the girls’ room in a park at Anne’s Beach, and the women’s room at Harry Harris Park, police said this week. more

FL - Authorities arrested David Newell, 55, after a female friend of the jail informant told officials she had rented a room from Newell but moved out after she said she found cameras within the walls of the room. Authorities obtained a search warrant Thursday morning for Newell's Southport home, where they found camera wires in the walls and a camera in Newell's closet. Investigators say they also found a large, underground room in his backyard. more

OH - He'll be back in court next Tuesday. Bond for 65-year-old Jerry Rowe is being kept at $20,000. Rowe was arrested last week after cameras were found installed in the bathrooms of five women at the Steeplechase apartments where Rowe was a maintenance worker. According to the sheriff's office, one of the cameras captured Rowe installing it. more

Until Your Offices Look Like This, Keep Your TSCM Inspections Current

Dutch firm MVRDV recently completed an unusual project in Hong Kong that involved the gutting of an existing factory interior and its replacement with all-glass office spaces. Featuring glass walls, glass floors, and glass tables, 133 Wai Yip Street is conceived as a new working space for the business with nothing to hide.

Click to enlarge.
While glass architecture is not too unusual in itself, the 13-floor 133 Wai Yip Street building goes to remarkable lengths in the pursuit of transparency...

In MVRDV's model office (Arch-Innovativ was also involved in the project), music booms out of glass-encased speakers and computers rest on glass computer stands. Glass elevators also move through glass elevator shafts, and even the emergency fire-stairs are encased in (fire-retardant) glass.

"We are moving into a transparent society, businesses are becoming more open with the public, and people care more about what goes on behind closed doors," reckons MVRDV co-founder Winy Maas. "In that way, a clear workspace leaves nothing questionable, nothing hidden; it generates trust. But also it is an opportunity for the building to become a reminder of the industrial history of the neighborhood, monumentalized in a casing of glass." more

Monday, June 6, 2016

Spybuster Tip # 845: How to Give Google Amnesia

Did you know, you can tell Google to forget everything you said to it, searched on it, and watched on YouTube?

Visit your Web and Activity Page.
  • Look for the three dots in the upper right corner. Click on them.
  • Then, click on Delete Web & App Activity. 
  • Click Advanced. 
  • Click Select Date.
You can take it from there!
~Kevin

NSA's Untangling the Web, A Guide to Internet Research

Want to learn how to search like a spy? 
This 600+ page tome will help you do it.

Untangling the Web, A Guide to Internet Research – has just been declassified, to satisfy a Freedom of Information Request. Download the irony here.

(Originally posted in 2013. Back by popular demand.)

Business Espionage Alert: Select Your Hotel Carefully

You are a business executive or a member of the government with sensitive data on your laptop computer. You check into a luxury hotel in the United States or in many other countries. Chances are this hotel may be owned by a Chinese company even though it carries a known western brand name. Often such investors get their money directly from the Chinese Government.

You connect your computer to the hotel wifi and you may notice your secure connection can no longer be secure. Ever noticed wanting to send an email using your own domain, and you have to unblock "authentication" to make it work while connected to a hotel network? Did you ever wonder how this could open up your computer data to foreign espionage? You are no longer the only one worrying...

Chinese global investments in tourism, specifically in name brand luxury hotels and resorts is overwhelming. This is the same for Chinese investments in the United States, as it is for Chinese domination in Cuba, South America, India, South East Asia and many African countries...

A review of the Chinese $1.95-billion acquisition of New York's Waldorf-Astoria Hotel in 2014, possibly recognizing that the hotel's role as the official residence of the U.S. ambassador to the United Nations and the frequent lodging for U.S. and foreign dignitaries with business in New York made it a prime target of CFIUS (The Committee on Foreign Investment in the United States). No action by US authorities were taken...

The next time you travel on business, you have sensitive data on your computer that could lead to industrial espionage attacks, or you are a government official with data you don't want to get into Chinese hands, select your hotel carefully. more

Russian Hi-Tech Spy Devices Under Attack Over Privacy Fears

New Russian technologies, including phone call interception and a facial recognition app, have stirred a fierce debate about privacy and data monitoring. 
 
Infowatch, a Moscow-based IT security company managed by businesswoman Natalya Kasperskaya, found itself in hot water last month after it revealed it had invented a system that companies can use to intercept employees' mobile phone conversations...

The goal behind phone call interception, Kasperskaya said, is to provide large businesses with a tool to prevent information leaks, including companies whose success depends on protecting corporate secrets. more

34 Officials Pardoned for Wiretapping 20,000 People... now unpardoned.

President Gjorge Ivanov on Monday revoked pardons he had granted to 34 officials implicated in a wire-tapping scandal that has thrown Macedonia into political turmoil, meeting demands from the opposition, the European Union and the United States.

In an EU-brokered deal last year, Macedonia's political parties agreed to hold an early election and that a special prosecutor should investigate allegations that former prime minister Nikola Gruevski and his close allies authorized eavesdropping on more than 20,000 people.

Ivanov's decision in April to pardon 56 officials prosecuted over their involvement in the scandal drew nationwide protests that led to the cancellation of an election set for June 5. more

Thursday, June 2, 2016

Book - "Accidental P.I." by David B. Watts - Very Non-Fiction. Very Good.

Accidental P.I. takes you on a thrill ride following the fifty-year professional career of Private Investigator David Watts, as his life story treats you to these experiences and more. From murder, rioting, gambling and drug raids to sex cases, and fraud, this behind-the-scenes peek at real-life cases shows how investigators get the job done—not like in the movies or on television.

David Watts entered the investigative field as a young New Jersey policeman at the beginning of the turbulent 1960s. His descriptions of the seedier side of the cultural revolution during that era is riveting . . . and you get to go along for the ride! Switching to the private sector, armed with a Super 8 camera, he had the guts to quit law enforcement and start his own business in 1976 and has been at it ever since...

About the Author 
David B. Watts, a licensed private investigator for the past four decades, specializes in fraud and business investigations. He and Linda, his wife of 53 years, worked for major law firms and the Fortune 500 in the busy New York to Philadelphia corridor on cases ranging from kickbacks to special security issues. Dave has also worked several murder cases and innumerable insurance fraud matters.

His investigation career began in his twenties as a Plainfield, New Jersey patrolman. He was promoted to detective, then joined the Union County Prosecutor's Office as a County Investigator. These early experiences eventually launched him into a lifetime of investigation work in the private sector. His pursuit of the facts brought him into state and federal courts as well as the board rooms of major corporations. He is respected among his peers and continues to take on special investigations, now in his seventies. more

Dave and I go way back. I am familiar with some of his cases (as he is with some of mine) so I can assure you he shares these experiences accurately. Reading about them brought back some good memories. It also made me realize how much he and his wife Linda accomplished in their career together.  Congratulations, Dave & Linda! 

Meet Dave - Book Signings
June 12, 2016 – 1 to 3 p.m. Clinton Book Shop, Clinton, NJ
July 10, 2016 – 12 N to 2 p.m. Barnes & Noble, Bridgewater, NJ

Wednesday, June 1, 2016

Spy on Any Phone, Anywhere... for a price.

With just a few million dollars and a phone number, you can snoop on any call or text that phone makes – no matter where you are or where the device is located.

That’s the bold claim of Israel’s Ability Inc, which offers its set of bleeding-edge spy tools to governments the world over. And it’s plotting to flog its kit to American cops in the coming months.

Ability’s most startling product, from both technical and price perspectives, is the Unlimited Interception System (ULIN). Launched in November last year, it can cost as much as $20 million, depending on how many targets the customer wants to surveil.

All a ULIN customer requires is the target’s phone number or the IMSI (International Mobile Subscriber Identity), the unique identifier for an individual mobile device. Got those? Then boom – you can spy on a target’s location, calls and texts.

This capability is far more advanced than that of IMSI-catchers (widely known as StingRays), currently used by police departments in the United States. IMSI-catchers can help acquire a target’s IMSI number, as well as snoop on mobiles, but only if the target is within range. more

"What are the most important characteristics of a great InfoSec professional in 2016?"

23 Information Security Leaders Reveal the Most Important Traits for InfoSec Pros in 2016

Digital Guardian compiled their responses to create a comprehensive guide outlining the most important characteristics for InfoSec professionals. (My contribution appears below. The additional 22 thoughtful responses appear here.)
---

"The single most important characteristic for successful InfoSec professionals in 2016 is..."

Inquisitiveness.

With this quality, an InfoSec professional will question the status quo, look for loopholes, seek new solutions, follow-up on red flags early on, and look at InfoSec from a holistic viewpoint.

The viewpoint is the most important element. It shapes all other aspects of the job. The inquisitive person will see their job not as an IT defender, but as a defender of information, no matter how it is generated, stored, or transmitted. The great InfoSec professional realizes all the data stored on the computers was available to the adversary long before it ever entered a database.

This holistic outlook takes into account the genesis of information. It may start out as a phone call, which may be wiretapped; a conference room strategy meeting, which can be bugged; unsecured written information left on desks or unlocked file cabinets, which may be easily photographed; information stored on a photocopier hard drive, which can later be reprinted; or on an unsecured Wi-Fi Appearance Point, or wireless printer, whose transmissions may be intercepted. The list of info-vulnerabilities is long.

In recent years, the rush has been to focus on IT security, and rightly so. But, in doing so, the gap between great InfoSec professionals and tunnel-visioned InfoSec managers has become wide and clear. Great InfoSec professionals, being inquisitive, see and handle the big picture. It isn't just computers. The real task is detecting and plugging any method by which information can leak out. Today's great InfoSec professionals defend accordingly. They are much more successful than their colleagues, who only put out fires.  ~Kevin