Thursday, March 31, 2016

Security Director Alert: 20,000 Printers Under the Siege

The notorious hacker and troll Andrew Auernheimer, also known as “Weev,” just proved that the Internet of Things can be abused to spread hateful propaganda.

On Thursday, Auernheimer used two lines of code to scan the entire internet for insecure printers and made them automatically spill out a racist and anti-semitic flyer. 

Hours later, several people started reporting the incident on social media, and eventually a few local news outlets picked up on the story when colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer.

Auernheimer detailed this “brief experiment,” as he called it, in a blog post on Friday. Later, in a chat, he said that he made over 20,000 printers put out the flyer, and defended his actions. more

Imagine the chaos if he sent a more realistic version of the coupon shown above, or false documents to internal company printers. Make sure all printers associated with your company operate in a secure manner – internal and home office units. Don't forget to check for insecure Wi-Fi settings as well. Need help? Call me.

Scary Password Stats

Market Pulse Survey 
Click to enlarge.
Reveals Growing Security Negligence in the Workplace 
Despite Employees’ Concern Over Risk to Personal Data 

Yes, 1 in 5 would sell their passwords... and it only take one to spring a leak.  ~Kevin

Business Espionage: Guaranteed Rate Hit with $25M Judgment

A jury awarded Mount Olympus Mortgage Co. more than $25 million in a lawsuit alleging "corporate espionage" by former employee Benjamin Anderson and his new employer, Guaranteed Rate.

Anderson and another former Mount Olympus originator who now works for Guaranteed Rate, Brian Decker, were accused of stealing loan files, borrower information and other proprietary data from the Irvine, Calif.-based lender.

"The purpose of the scheme was to divert hundreds of MOMCo loan customers to Guaranteed. The Individual Defendants misappropriated MOMCo's confidential and proprietary information and directed MOMCo customers to Guaranteed," the lawsuit, filed in an Orange County, Calif., superior court, reads.

The complaint alleges the pair acted with the encouragement of Chicago-based Guaranteed Rate. more

Surveillance Self-Defense 101: A teach-in for activists

On Sunday, April 3, 

EFF will co-host a free workshop on surveillance self-defense with local grassroots groups in New York and Brooklyn. The workshop will be open to the public, though particularly structured for activists supporting social movements.

Participants need not wield technical expertise to attend this session, which is geared towards regular smartphone and laptop users. EFF's Shahid Buttar will facilitate a teach-in and skill-share on surveillance, some immediate and practical steps you can take to protect your communications, and how to work with neighbors to inform surveillance policy at the state and local level. An EFF staff technologist will remotely join for a question & answer session. more

Laker Rookie Secretly Filmed Teammate Admitting Cheating

A shocking video surfaced of Los Angeles Lakers forward Nick Young,

filmed by his rookie teammate D’Angelo Russell, admitting that he cheated on his fiancée Iggy Azalea.

The video shows Russell talking to Young saying, “You was 30 and she was 19?” referencing a woman the 30-year-old Young met in a nightclub...

According to the 25-year-old Azalea plans to now call off their wedding plans. more

Security Director Alert: Update Your HID Card Reader Software - NOW

Let Me Get That Door for You: Remote Root Vulnerability in HID Door Controllers

If you’ve ever been inside an airport, university campus, hospital, government complex, or office building, you’ve probably seen one of HID’s brand of card readers standing guard over a restricted area. HID is one of the world’s largest manufacturers of access control systems and has become a ubiquitous part of many large companies’ physical security posture.

Each one of those card readers is attached to a door controller behind the scenes, which is a device that controls all the functions of the door including locking and unlocking, schedules, alarms, etc...

Technical details...
...if we send a Linux command wrapped in backticks, like `id`, it will get executed by the Linux shell on the device. To make matters worse, the discovery service runs as root, so whatever command we send it will also be run as root, effectively giving us complete control over the device.

Since the device in this case is a door controller, having complete control includes all of the alarm and locking functionality. This means that with a few simple UDP packets and no authentication whatsoever, you can permanently unlock any door connected to the controller. And you can do this in a way that makes it impossible for a remote management system to relock it. On top of that, because the discoveryd service responds to broadcast UDP packets, you can do this to every single door on the network at the same time! Needless to say, this is a potentially devastating bug. The Zero Day Initiative team worked with HID to see that it got fixed, and a patch is reportedly available now through HID’s partner portal. more

Covert Recording: Governor of Alabama, Robert Bentley, Says He Won’t Quit

“I have no intentions of resigning,” said Mr. Bentley, a Republican in his second term...

Within hours, Rebekah C. Mason, the governor’s senior political adviser and the woman with whom he engaged in suggestive conversations, captured on tape, said she had quit. And by day’s end, it was uncertain whether it would be politically feasible for Mr. Bentley, 73, to remain in office in this state, which has a gaudy history of scandal but has been in something of a morals-driven meltdown since the governor’s admission last Wednesday.

Spencer Collier, head of the Alabama Law Enforcement Agency until he was fired today, said this afternoon he has seen and investigated text messages and audio recordings "of a sexual nature" between Gov. Robert Bentley and his chief advisor, Rebekah Caldwell Mason...

...former Bentley security officer Ray Lewis... brought a laptop to Collier and played an audiotape of conversations between the governor and Mason, Collier said. The tape, purportedly created by a Bentley family member hoping for an "intervention," left no doubt about the relationship, he said. more

Friday, March 25, 2016

And you thought bugging the coffin stories were outrageous...

CA - For the second time in less than six months, defense attorneys are crying foul over the placement of hidden recording devices outside Bay Area courthouses. 

Lawyers for a group of real estate professionals facing antitrust charges on Wednesday asked the judge overseeing the case to toss evidence gained from recording devices located outside the Alameda and Contra Costa County courthouses.

"The government's unauthorized use of recording devices to capture private conversations at the Alameda and Contra Costa County courthouses violated the defendants' Fourth Amendment rights to be secure against unreasonable searches and seizures," defense lawyers wrote in U.S. v Marr, 14-580. more

Bugged coffin story #1.
Bugged coffin story #2.
Bugged coffin story #3.
Bugged coffin story #4.

Just Don't Hold this "Cell Phone" to Your Head

Created by a Minnesota company called Ideal Conceal, the first product created by the startup is a handgun that can be disguised as a smartphone inside a case. 

Built into a single frame, the grip of the double barreled, .380 caliber pistol folds down and locks into place when opened. When closed, the trigger and trigger guard are completed covered by the grip, thus offering up the appearance of a standard smartphone case. There’s also a clip to attach the handgun to a belt, but in the disguised smartphone form.

Similar to the size and shape of a smartphone, the folded Ideal Conceal can be easily slipped into a pants pocket or purse when not in use....

At this time, the pistol is still being developed by Ideal Conceal and isn’t in production as of yet. more

Thursday, March 24, 2016

The Puzzling Case of Corporate Espionage

Chris Wirth started Liberty Puzzles just over a decade ago as a sort of homage to his childhood and to the original wooden puzzles of the 1930s...

...Liberty’s sales back up the idea that puzzles are popular again. Liberty has grown considerably every year since it opened up shop. Lately, though, its puzzles have been so popular it’s “overwhelming,” says Wirth. But when we asked him how many puzzles the company sells each year, he declined to reveal anything. “We’ve been the victim of corporate espionage,” he says. Like people scouting out its Boulder, Colorado factory operations and stealing precious information. Who knew puzzle intelligence operatives were a thing? more

Brussels Suicide Bombers Planted Hidden Camera...

...At Home Of Top Belgium Nuclear Official

...Belgium’s federal prosecutor confirmed that on November 30, police seized footage that appeared to show a high-ranking Belgian nuclear official in an anti-terror raid. The surveillance video was discovered in a bust that resulted in the arrest of Mohamed Bakkali, who was charged with terrorist activity and murder in connection with the Paris attacks. His home in Auvelais may have been used as a hideout...

On Thursday, we get still more chilling evidence to suggest that this is all the work of the very same Belgium-based terror cell. According to Dernier Heure, it was the Bakraoui brothers that planted a hidden camera in the bushes and captured the 10-minute surveillance video of the senior Belgian nuclear official coming and going from his home. more

A European security official told the AP the terror squads are being trained in battleground strategies, explosives, surveillance techniques and countersurveillance — “next-level” methods Stewart said will help them avoid capture and kill scores of innocents.

“They’re doing pre-operational surveillance, attack planning and clandestine communications,” Stewart said. “That kind of 
advanced tradecraft gives them capabilities that are beyond what we’ve seen.” more

Apple Concerned About Spy Tech Being Added to Servers

Apple's huge success with services like iTunes, the App Store, and iCloud has a dark side.

Apple hasn't been able to build the all the data centers it needs to run these enormous photo storage and internet services on its own. And it worries that some of the equipment and cloud services it buys has been compromised by vendors who have agreed to put "back door" technology for government spying... more

Tuesday, March 22, 2016

The Future of Eavesdropping – Mind Reading

Imagine a world where all of your thoughts are visible – including to government agencies. This scenario might sound like it’s been plucked straight from the pages of a sci-fi novel, but it’s not as far-fetched as you might think.

Devices that measure and interpret electrical signals from our brains can already detect things like whether we are drowsy while driving.

In this video for the World Economic Forum, Nita A. Farahany, Professor of Law and Philosophy at Duke University, discusses the potential but also the legal and ethical risks of these emerging technologies.

“We are not yet at the point where a little thought bubble above your head is something we can see, but we’re getting there,” she says. more

Weird Craig's List Employment Ad - "Receptionist / File Clerk / Spy"

Can you be loyal to the boss? 
Can you spy on the other employees?

Well, not literally spy, but you need to active keep a record of all employee work activity and report to the boss and be loyal to the boss only.

If you are capable of keeping track of the other workers and reporting the details of their tardiness, or punctuality etc. then do apply.

Anyone applying needs to have a very professional, well groomed appearance, since they will be the face of the office. Pics are not required to apply but they do help show if the candidate has the organizational skills to be well put together.

You would be the upfront receptionist, however, you would also be able to perform the following... more

Leaks at Water Department Prompt TSCM Sweep - They came up dry.

Charleston police have conducted a search for wiretaps at the West Virginia Water Development Authority building amid allegations of ethics violations.

The Charleston Gazette-Mail reports that police did not find any hidden listening devices during last week's wiretap sweep.

Water Development Authority Executive Director Chris Jarrett says he asked detectives to search the offices for wiretaps to check for unauthorized electronics.

The sweep comes after a dispute between the agency's geographic information system manager Michael Duminiak and two agency employees including Jarrett and Water Development Authority Executive Assistant Carol Cummings...

According to emails obtained by the newspaper, Duminiak says Cummings accused him of hacking employees' computers and tampering with the security system. Duminiak also accuses Cummings of secretly recording conversations on her smartphone. more

Thursday, March 17, 2016

How a Tapped Phone Sparked a Mass Protest

In the latest of a series of explosive revelations that could bring down the Brazilian government, a secretly recorded phone call between former president Luiz Inácio ‘Lula’ da Silva and his successor, Dilma Rousseff, suggests his appointment to a ministerial position on Wednesday was motivated by a desire to avoid prosecution in Brazil’s worst-ever corruption scandal.

Judge Sergio Moro, the lead prosecutor in Operation Lava-jato, a two-year investigation into corruption at the state-run oil company, Petrobras, released nearly 50 audio recordings to the media on Wednesday evening, prompting chaotic scenes in congress as opposition deputies demanded Rousseff’s resignation.

On Wednesday night tens of thousands of Brazilians began gathering in São Paulo, Brasília, Belo Horizonte and other major cities to demand the president’s resignation. In the capital Brasilia, riot police fired tear gas and stun grenades at more than 5,000 demonstrators outside the presidential palace and Congress building. Many waved banners calling for Lula’s arrest. Thousands more demonstrators packed the main Avenue Paulista in São Paulo. more

When was the last time you had your phones checked for taps? Call me. ~Kevin

Wednesday, March 16, 2016

Art Imitates Life at AB Surveillance Solutions, LLC... well, maybe not your life.

"This House Has People In It" showcases the CCTV products of AB Surveillance Solutions, LLC in a very bizarre way...

Some things can't wait until the month ends. ~Kevin

Tuesday, March 15, 2016

Can Pro-Level Spy Gadgets Get Any Cheaper?!?!

 I was just alerted to this by one of our Blue Blaze Irregulars. ~Kevin

from the website ad...
Conduct your own espionage or just take some spontaneous home videos with this Spy Watch. Disguised as a chronograph style watch, the 8GB Spy Camcorder can take AVI video and photos. The watch features push button control video and camera settings, and a USB connector disguised with a screw-down crown. When you’ve gathered your evidence, upload to your computer with the included USB cable. No one will ever guess that your watch was really a Spy Camcorder!

Records Audio and Images - Built-in microphone - Camera lens at 6 o’clock position - Records AVI video and takes still JPEG pictures - 720x480 or 640x480 video resolution

Functioning Timepiece - Analog display - Decorative sub-dials - Secure buckle clasp - Band dimensions: 20mm x 7.5” - Case dimensions: 40mm x 15mm

Good to Know - USB port for easy uploading to a PC or Mac - 8GB of storage - Rechargeable lithium ion battery - Full product dimensions: 40mm x 7.5”
Memory: 8GB Internal
Diameter: 40mm
Limit of 5 per person more

Is Your Wireless Keyboard & Mouse Vulnerable to Eavesdropping? Better check...

Some of the computer dongles that come with wireless keyboards and mouses may offer hackers a fairly simple way to remotely access and take over your computer, according to a new report from Internet-of-things security startup Bastille.

Click to enlarge.
Atlanta-based Bastille says it has determined that a number of non-Bluetooth wireless keyboards and mouses from seven companies—including Logitech, Dell, and Lenovo—have a design flaw that makes it easy for hackers from as far as about 90 meters away to pair with the dongle that these devices use to let you interact with your computer. A hacker could do things like control your computer or add malware to the machine.

In tests, the company found around a dozen devices that were susceptible to the flaw, which it’s listing online. more

PS - In addition to stealing keystrokes, this technique can also be used to inject keystrokes into the victims keyboard.  ~Kevin

Goverment Level TEMPEST Hack Keeps Dropping in Price

Researchers from Tel Aviv University and Technion have...found a way to steal data from air-gapped machines while their equipment is in another room.

“By measuring the target's electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall,” Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer write in a recently published paper...

“The attack in its current form uses lab equipment that costs about $3000...
“The attacks are completely non-intrusive, we did not modify the targets or open their chassis"

The equipment used included an antenna, amplifiers, a software-defined radio, and a laptop. This process was being carried out through a 15cm thick wall, reinforced with metal studs, according to the paper. more

Police Training Eagles to Intercept Drones

UK - The Metropolitan Police has confirmed it is considering using eagles to capture unauthorised remote controlled drones following a successful trial by Dutch police... 

A 2014 inquiry led by Sir David Omand, the former head of intelligence agency GCHQ, highlighted the serious risks posed by the devices. "Crowds at sporting events or rallies could be vulnerable if a future terrorist group were to look for means of dispersing chemical or biological agents," the report said.

Dutch police teamed up with Guard From Above, a raptor-training security firm, to teach the birds how to hunt and intercept drones. "It's a low-tech solution to a high-tech problem," Dennis Janus, a spokesman for the Netherlands' national police, said. more

Monday, March 7, 2016

Erin Andrews Awarded $55 Million in Spycam Lawsuit

The jury has awarded Erin Andrews $55 million in her civil lawsuit over the secret recording and release of a video showing her naked during a hotel stay.

The sportscaster's original suit asked for $75 million from the owner and operator of the Nashville, Tennessee, hotel where she was staying, and Michael David Barrett, the stalker who used a hacksaw to tamper with her room's peephole and record the video in 2008.

The jurors took photos with Andrews after the amount was announced, and she signed autographs, according to reports from inside the courtroom. more

This puts ALL organizations with "expectation of privacy areas" on notice. 

Due diligence inspections for spy cameras, and having a Recording in the Workplace Policy, are your defense. 

Train your security and facilities people how to conduct and document spycam detection inspections today.
 or contact me directly.  Kevin

Friday, March 4, 2016

Security Director Alert: Upgrade Your Alarm System Cellular Backup Units

via Talkaphone...
That’s it, the end of 2G. It has been a fun ride but as of December 31, 2016 Verizon and GSM 2G cellular data will be switched off, making all product usage of the cellular signal obsolete.

For those who have yet to upgrade their emergency and security equipment, it’s time to make the switch.

The upgraded data options consist of 3G and 4G cellular data usage, as well as a Wi-Fi option is available for the impending cross over. Keep in mind that the higher the speed of your network can directly affect the reliability of your previously installed security products.

Spy Rumor Mill: Next iPhone iOS may let you know your boss is watching you.

...the next Apple update you get - iOS 9.3 – could see you getting a message on your device, which will tell you if your iPhone is being supervised.

According to the whispers in tech-world, you’ll get a prominent message on your phone, and on your lock screen, if someone is snooping around your business.

A message on the lock screen will say ‘this iPhone is managed by your organization’ and it’ll have something on the About screen which will give you more detail, including text that says your iPhone’s supervisor can monitor your internet traffic and locate your device...

This is most likely to affect people who work for companies that give a number of phones and devices out to their staff, as a company phone... It’ll be utilized on supervised devices set up through Apple’s Device Enrollment Program, and will offer a feature called MDM (or Mobile Device Management). more

Top 20 Spy Gadgets from the Cold War

(More photos here.)
1. Dual cyanide gun: This gun fires a dual cyanide charge that can kill a person almost instantly. A KGB officer, Bogdan Stashinsky, assassinated two Ukrainian dissidents who were living in Germany by hiding the weapon inside a rolled-up newspaper.
2. Dead drop spy bolt: The dead drop spy bolt was hollow on the inside so that men and women could carry secret messages safely to others. If someone searched the pockets of these people no one would expect anything dangerous about a bolt.
3. Decoder lock picks: These lock picks were generally used for some of the tougher, more sophisticated locks. The devices proved to be real handy for those breaking into enemy quarters.
4. Lipstick gun: Women were some of the most successful spies during the war. They were able to carry around this little 4.5 millimeter single-shot gun in the 1960s. Like the spy bolt, it seemed harmless and was easy to conceal.
5.Telephone monitoring equipment: Spies carried this around and hacked into telephone conversations. The equipment includes a batter, stethoscope and rubber bands.
6. Disappearing ink pen: If someone needed to send a secret message, they would resort to writing it with the disappearing ink. That way, if they were caught with the message only a blank piece of paper would be seen. In order to reveal the hidden message on the paper, the recipient would’ve needed vinegar and a heat source.
7. Document photographing: If a spy found useful documents, they would photograph the papers for their records without actually removing them. The piece of equipment they used had two long lights on both sides and a cross member the camera screws on to for straight and steady photos.
8 .Glove pistol: Although the glove pistol was originally made by the United States Navy, it was eventually copied by the KGB. You had to push the plunger into the enemy’s body for it to shoot. The glove is inconspicuous, especially if a jacket covers the pistol part on top of the glove.
9. Key copying kit: This small kit came in a small, convenient tin with a brick of clay to be used for copying any key the soldiers or spies might need.
10. Hollow coin: Spies used hollowed-out coins to transfer film to others. If stopped, no one would suspect a coin to be useful in passing information from person to person.
11. Camera hidden in the coat jacket: The person wearing the jacket would have a little button on the inside of the pocket to click whenever they needed to take a photo.
12. Pen camera: All the spy needed to do was click the top of the ball point pen and they would take a photo. Once again, thanks to the item being so inconspicuous, it was easy to bring around without looking suspicious.
13. A gun case: A special kind of silver gun case was able to hide a larger gun such as the AK-47.
14. Cufflinks: These 1950s cufflinks had small holes in them for hiding microfilm.
15. Button compass: A majority of spies went to foreign countries during the time of the Cold War. These compasses were hidden in the buttons on their jackets in case they got lost or needed to go in a different direction.
16. Shoe transmitting device: The easiest way to keep track of spies was a transmitting device on the inside of a shoe heel. The men’s shoe heel was thick enough to hold all of the necessary parts of the device.
17.The passive bug:These bugs were planted on the inside of a large wooden replica of the Great Seal of the United States. The Great Seal was given by the Soviets to the U.S. Ambassador to the USSR in 1945. The bug wasn’t discovered until eight years later.
18. Parachuting/civilian shoes: Spies had to parachute from planes, and they had to wear special boots. But they also had to blend into the crowd. This resulted in zip-off boot tops on regular civilian shoes. All the spies would have to do after jumping was zip off the boot part.
19. Steineck ABC wristwatch camera: The wristwatch was made in 1949 by the Germans but was used by the KGB for more than telling time.On the the bottom part of the watch there is a shutter and buttons for taking photos.
20. Poison dart umbrella: This umbrella was actually used to kill Bulgarian dissident writer Georgi Markov in London in 1978. Markov was waiting for the bus to take him to work when was murdered with a sting in the back of his leg. He died three days later in the hospital of ricin poisoning. His autopsy showed a small hole in the back of his leg.

Overlooked Espionage - The Sounds of Manufacturing

3D printers have opened up all kinds of possibilities when it comes to turning digital blueprints into real word objects, but might they also enable new ways to pilfer intellectual property?...

While the source code for 3D printed designs can be guarded through encryption and regular means, once the machine is swung into action that sensitive information may be compromised, researchers at the University of California Irvine (UCI) have discovered.

Led by Mohammad Al Faruque, director of the Advanced Integrated Cyber-Physical Systems lab, the team found that placing a smartphone alongside the machine as it printed objects layer-by-layer enabled them to capture the acoustic signals. It says that these recordings contain information about the precise movement of the nozzle, and that information can later be used to reverse engineer the item being printed. more

Tuesday, March 1, 2016

McTesla Might be a Good Name

A Chinese company is currently working on an electric supercar to compete directly with the likes of Tesla.

The company, which is called Windbooster Motors, has its sights set on Tesla, the biggest name in the electric car segment. While not much is known about the car they are producing, we have been sent two spy shots of the car as it undergoes development.

From what we can tell, the car appears to be fairly far along in the development process.

Styling wise, the car seems to take a lot of cues from the current crop of cars from McLaren as well as Tesla. (Just coincidence? You decide.) more

SeaWorld Admits Employees Spied

SeaWorld admits employees posed as animal activists to spy on critics...

Multiple SeaWorld employees posed as animal-welfare activists so they could spy on critics, the company admitted Thursday.
The acknowledgment comes seven months after People for the Ethical Treatment of Animals accused SeaWorld of spying. The animal-welfare group, which has waged an intense campaign against SeaWorld, went public with evidence that a San Diego employee attended protests and made incendiary comments on social media while posing as an activist.

Reading from a statement while speaking with analysts, Chief Executive Officer Joel Manby said SeaWorld's board of directors has "directed management to end the practice in which certain employees posed as animal-welfare activists. more

Corporate Espionage: British American Tobacco Accused in South Africa

Lawyers investigating bribery and corruption allegations against one of the world’s leading tobacco firms have been urged to expand their investigation after fresh international accusations emerged.

British American Tobacco, BAT, has been accused of corporate espionage against rival cigarette makers in South Africa.

According to court documents seen by The Independent on Sunday, two former police officers who went to work for private corporate investigation companies paid cash to South African law enforcement officials to disrupt BAT’s competitors’ business operations.

Mr Hopkins (a BAT whistleblower) said he... ran a corporate spying operation, and conducted “black ops” to put rivals out of business. more

Looking to Rent a Bedroom Without a Spy Camera?

$850 Room and bath in an Irvine condo without spying camera

In my two bedroom two bathroom brand new luxury condo, you rent a room and bath without any crazy person watching your every move in the name of security.

Also, im not poor so i dont have to charge you a huge deposit to pay for my mortgage and then file bankruptcy and not return your deposit. I dont have to check your credit by illegally getting your social security number. I am not a creepy home owner and will not deny you access to kitchen and laundry.

The only requirement is if you are decent, are respectful and considerate and we meet and find each other acceptable. No age, race, culture requirement but women are preferred. If interested email me so we meet like two adults that we are. You need a room and i need money. (Craigslist)

Politician Promises Surveillance Transparency - Guess what happened.

TN - Memphis Mayor Jim Strickland confirmed Monday that the city is using cell phone eavesdropping technology with court approval, but said he couldn't discuss specifics.
Not Strickland.

Strickland said while campaigning last year that he would be transparent about the city's use of the "cell-site simulator" device known as StingRay, which lets law enforcement gather information from any phones that connect to a cellular network.

But as mayor, he said, he's legally bound to silence by the terms of the city's contract with Florida-based Harris Corporation. more (A Memphis phone call sing-a-long.)