Saturday, December 16, 2017

Video Voyeurism: Carnival Cruise's Botched Investigation

A Florida family was shocked to discover a camera hidden among wires in their Carnival Cruise Line cabin. 

Click to enlarge.
The Pensacola couple, along with their 10-year-old son, found the device while searching undusted areas of the room after the father suffered an allergy attack during the second night of their journey from Mobile, Al., to Mexico, the Miami New Times reported.

According to the father, who was not identified by name, the camera was placed behind a TV in their room. The lens was sticking out a bit, pointing directly at the bed.

The man claimed the device was "warm to the touch" and appeared to have an antenna, which leads him to believe it may have been transmitting information to a third party. more

The couple reported the presence of the camera and transmitter in their cabin to the cruise ship’s security department. One of Carnival’s security personnel arrived in their cabin. He disconnected and removed the camera and transmitter with no gloves on and did not attempt to secure the room. In the video below, you can hear the passenger asking the officer why he was not wearing gloves.


The passenger thereafter communicated with the security staff to obtain an update. According to the passengers, the Carnival security personnel confirmed that the camera and transmitter: (1) were operational; (2) were typically the type of devices used on video drones: and (3) the transmitter was a long range device. To the passenger's knowledge, Carnival did not promptly report the incident to the Federal Bureau of Investigation (FBI). more

This is a cautionary tale. Video voyeurism can happen to any business which offers hospitality, restrooms, changing rooms, shower areas, etc., to customers, visitors or employees. 

Handling the situation properly when it arises is important, and easy to do. Visit spycamdetection.training to learn how. Mishandling an incident, or sweeping it under the rug, will likely result in expensive litigation. Litigation you will likely lose.

Are Google and Amazon Patently Eavesdropping?

Patent applications from Amazon and Google revealed how their Alexa and Voice Assistant powered smart speakers are 'spying' on you.
The findings were published in a report created by Santa Monica, California based advocacy group Consumer Watchdog.

The study warns of an Orwellian future in which the gadgets eavesdrop on everything from confidential conversations to your toilet flushing habits...

The study found that digital assistants can be 'awake' even when users think they aren't listening...

In fact, the devices listen all the time they are turned on – and Amazon has envisioned Alexa using that information to build profiles on anyone in the room to sell them goods. more

Letter Accuses Uber of Corporate Espionage and Wiretapping

The legal battle between Uber the ride-hailing behemoth and Waymo the self-driving unit of Alphabet reached a pivotal point this week as the Judge presiding over the case released a letter based on the account of a former employee at Uber.

The letter alleged that a division with Uber has been responsible for carrying out acts such as theft of trade secrets, corporate espionage, bribery of officials in foreign countries, and different types of unlawful surveillance.

The letter, given the name “Jacobs Letter,” was authored by an attorney who represents Richard Jacobs, a former employee at Uber who held the position of global intelligence manager prior to his firing last April.

In the highly detailed account accusations are leveled of systematic illegal activities inside the Strategic Services Group (SSG) of Uber, which allegedly sought out the trade secrets of other companies through data collection and eavesdropping. more

Quote from the letter...
Uber’s Marketplace Analytics team…fraudulently impersonates riders and drivers on competitor platforms, hacks into competitor networks, and conducts unlawful wiretapping. more 

Another version of the story...
Uber illegally recorded phone calls and wiretapped the phones of executives at rival companies in a global “intelligence gathering” operation that went on for years, a former employee has alleged.

In a 37-page letter made public in federal court on Friday, Richard Jacobs, a former security employee with the ride-hailing service, alleges Uber set up internal teams whose sole purpose was to spy on competitors. “Uber has engaged, and continues to engage, in illegal intelligence gathering on a global scale,” Jacobs wrote, according to The New York Times.

The teams allegedly infiltrated chat rooms, impersonated drivers of rival companies, and placed surveillance on executives of those companies, including by illegally recording phone calls, the letter claims.

Jacobs’ allegations stem from a trade secrets case against Uber filed by Waymo, Alphabet’s self-driving unit, which says Uber stole information about autonomous driving technology. more

Wednesday, December 13, 2017

For One Family - A New Christmas Gift Rule

Op-ed, NYT opinion
Click to enlarge.

During the holiday season, my husband and I tend to offer suggestions to those who are generous enough to insist on buying presents for our kids.

Things like “Don’t spend more than $50” and “No guns.” Or, for those with whom we can be comfortably blunt, “Just cash, please....

This year we’re adding a new rule to our list: No toys that can spy. The idea: to keep seemingly innocuous internet-connected devices that may compromise our privacy and security out of our home and especially out of our children’s hands. more

• CBS video report on holiday toys that can spy.

• All the cool gifts are made for spying on you.

FutureWatch: That Photo Can Now Be Traced to Your Phone

A University at Buffalo-led team of researchers has discovered how to identify smartphones by examining just one photo taken by the device.

The advancement opens the possibility of using smartphones—instead of body parts—as a form of identification to deter cybercrime.

"Like snowflakes, no two smartphones are the same. Each device, regardless of the manufacturer or make, can be identified through a pattern of microscopic imaging flaws that are present in every picture they take," says Kui Ren, the study's lead author. "It's kind of like matching bullets to a gun, only we're matching photos to a smartphone camera." 

The new technology, to be presented in February at the 2018 Network and Distributed Systems Security Conference in California, is not yet available to the public. However, it could become part of the authentication process—like PIN numbers and passwords—that customers complete at cash registers, ATMs and during online transactions. more

Security Director Alert: HP Laptops with Hidden Keyloggers

Researcher Michael Myng found a deactivated keylogger in a piece of software found on over 460 HP laptop models. A full list of affected laptops is here. The keylogger is deactivated by default but could represent a privacy concern if an attacker has physical access to the computer...

The bottom line? Update your HP laptop as soon as possible. If you are on HP’s list of affected laptops you can download the fix heremore

Tuesday, December 12, 2017

33 Years Late, or You'll Never be a Stranger Here

China has been building what it calls "the world's biggest camera surveillance network".

Across the country, 170 million CCTV cameras are already in place and an estimated 400 million new ones will be installed in the next three years.

Many of the cameras are fitted with artificial intelligence, including facial recognition technology. The BBC's John Sudworth has been given rare access to one of the new hi-tech police control rooms. excellent video demo

Monday, December 11, 2017

Mickey With the Big Ears - RIP

Mickey Gurdus was always a good listener.

Click to enlarge
For decades he commanded a battery of shortwave and FM radios, UHF and VHF receivers, tape recorders and other devices from a swivel chair in his Tel Aviv apartment, all to intercept and record foreign news broadcasts, secret satellite transmissions, confidential military messages and diplomatic conversations.

He was no vicarious eavesdropper, however. Mr. Gurdus listened for a living.

He monitored the airwaves for the state-run Israel Radio and tipped his editors — and, sometimes, intelligence agents — to hijackings, invasions and revolutions. In one instance he intercepted a telephone call between the White House and Air Force One. more

Amazingly, there was a time when anyone could eavesdrop on the radio-telephone calls from Air Force One. All one needed was a radio which could receive shortwave and/or frequencies around 409 MHz. More detailed instructions are still floating around the net. These days, communications are encrypted, and are mostly routed via satellite. ~Kevin

Saturday, December 9, 2017

Seminar in Information Security and Cryptography

Seminar in Information Security and Cryptography
Zurich Switzerland, June 11-13, 2018

Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

Information Security and Cryptography. A full description of the seminar, including all topics covered, is available at infsec.ch/seminar2018.

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects. The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography.

The seminar takes place in Zurich, Switzerland. The lectures and all course material are in English.

Friday, December 8, 2017

Hedy Lamarr - The Spread Spectrum Lady


“Bombshell” (Alexandra Dean’s timely documentary) explores, Lamarr, in collaboration with avant-garde composer George Antheil, of all people, came up with a way to ensure secure radio signals, a frequency-hopping technology that has been called the basis for such up-to-date innovations as Wi-Fi, Bluetooth and GPS.
Though one of the most recognized faces in the world, Lamarr, executive producer Susan Sarandon has said, “was never seen for who she was.”
Yet what makes “Bombshell” intriguing is not just Lamarr’s gift for invention, it’s also what a fiery individualist she was, someone who had no regrets about her eventful life (”You learn from everything”), not even its racy, tabloid elements. more

Wednesday, December 6, 2017

Russia Accuses Pepsi of Espionage - “Gotta Have It” / ”Chill Out”

A Russian state watchdog is accusing U.S. soda giant Pepsi of espionage, after receiving word that the soft drinks company had a copy of an internal agency document that was apparently never sent out.

Russia’s Rosselkhoznadzor, the Kremlin’s watchog specializing in agricultural products, released a statement alleging that Pepsi Co. orchestrated a cyber attack on its database to obtain a copy of an industry document, intended only for the watchdog's consumption. The statement, released on Monday, reveals nothing about the document’s contents.

The watchdog claims that the company cited the document during a union meeting with Rosselkhoznadzor. more

PepsiCo denied the accusations

Guests Keep Finding Spycams in their Airbnb Bedrooms

An Airbnb guest discovered a hidden camera inside his rental property in another disturbing example of the service's users being spied upon.

Jason Scott, an internet activist from the US, tweeted pictures of what he claims was a spy camera hidden in a burglar alarm motion sensor. Scott says he was sent the images by a concerned friend who found the item during a recent stay in an Airbnb property.

According to Scott, the device was an IP camera that was likely connected to the internet and used for surveillance

He wrote: "In "oh, that's a thing now" news, a colleague of mine thought it odd that there was a single "motion detector" in his AirBNB in the bedroom and voila, it's an IP camera connected to the web. (He left at 3am, reported, host is suspended, colleague got refund.)" more

Extra Credit Reading:
 Education is the best prevention against becoming a victim of spy cameras.

Eavesdropping App Lawsuit Allowed to Proceed

A federal judge denied the Golden State Warriors’ motion to dismiss an amended lawsuit 
alleging that the NBA champions recorded private conversations through their mobile app.

Jeffrey White, a judge for the Northern District of California, originally dismissed the class action complaint, which was filed by New York resident LaTisha Satchell last year, but ruled recently that the revised suit can proceed against the Warriors and beacon-technology company Signal360 for a possible violation of the Wiretap Act. more

DIY PI - What could possibly go wrong?

PI - Two school employees in Monroe County could face wiretapping charges.

A grand jury is recommending charges against Joshua Krebs and Alex Sterenchok.

Krebs is the supervisor of support staff and Sterenchok is the technology supervisor for the Pleasant Valley School District.

Both are accused of setting up a camera in April of 2016 in a break room at Pleasant Valley Elementary School to see if they could catch a janitor not doing his job.
Teachers and other staff members argue their privacy was being violated. more

Monday, December 4, 2017

After Seven Years of Hacking an Indictment - Will it Make a Difference?

Federal prosecutors indicted three Chinese nationals last week. It accusing them of hacking over the past seven years into at least three multinational corporations.

reported this is for nakedsecurity.sophos.com last week and was kind enough to ask my opinion for background.

---

China warned it would retaliate if the US pressed the issue. And that was pretty much that.

Which is the way Kevin Murray, director at Murray Associates, a counter espionage consultancy, sees this case playing out. Does the indictment mean anything significant will happen? “No,” he said, offering a brief history lesson.
Go back 1,000 years, remembering that the Chinese invented things like silk, gunpowder, paper. All this intellectual property was stolen from them. At that time, the law in China was that if you engaged in it, that was your life. But it still got stolen. So now they’re getting back at us. And we’re trying to replicate what they did by punishing the criminal. Is it going to help? No.
Murray said if those responsible for protecting IP faced charges, “then you’d see some changes.” more

Wednesday, November 29, 2017

When Do People Use Keystroke Loggers Legally

According to PInow.com...
  • Employers monitoring of company computers used by employees to ensure they are working as required and to prevent fraud and other criminal activities.
  • Parents monitoring the use of computers for children below 18 years.
  • Companies monitoring use of company resources like internet.
  • Collection of forensic evidence from the computers being monitored for security reasons with a legitimate investigation cause. more

Intelligence Bureau to Soldiers – Delete These Apps

India - In a fresh advisory issued to the troops posted at the international border, the Intelligence Bureau (IB) has warned that China could be collecting vital information about the Indian security installations through its popular mobile phone apps and devices...

The IB advisory contains a list of about 42 popular Chinese apps, including: WeChat, Truecaller, Weibo, UC Browser and UC News, which pose a grave threat to India's security. more

Serious Mac Security Flaw - Simple Temporary Fix

A serious security flaw in mac OS High Sierra has been discovered.

It allows anyone to access high level security areas on an iMac or MacBook without the need for a password.

Apple has warned Mac users after a serious macOS High Sierra root bug was discovered and ahead of a fix being released you can take these steps to protect your iMac and MacBook immediately.

Apple said: “We are working on a software update to address this issue." In the meantime, setting a root password prevents unauthorized access to your Mac.

To enable the Root User and set a password, please follow the instructions here. 

If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section. more

UPDATE — THE FIX IS IN
Apple issues the software update. more

Industrial Espionage – Uber Spy Team – Former CIA Agents

A former Uber security manager says an espionage team inside the ride-hailing service used former CIA agents to help the company spy on its rivals overseas.

The testimony in a San Francisco courtroom Tuesday comes amid revelations that federal prosecutors are investigating allegations that Uber deployed an espionage team to plunder trade secrets from its rivals. That has triggered a delay in a high-profile federal trial over whether the beleaguered ride-hailing service stole self-driving car technology from a Google spinoff.

Under questioning, Richard Jacobs, Uber's manager of global intelligence, said that Uber hired several contractors that employed former CIA agents to help the ride-hailing service infiltrate its rivals' computers. Jacobs said the surveillance occurred overseas. more

Tuesday, November 28, 2017

Netflix Documentary - The Motel Owner Who Spied on Guests

 But first... A bit of history.

A pair of filmmakers thought they’d be capturing celebrated writer Gay Talese taking a literary victory lap in their new documentary. Instead, they got something more like a journalistic car crash.

In the intriguing and thoughtful “Voyeur,” Myles Kane and Josh Koury explore the 30-year relationship between Gerald Foos, a former Colorado motel owner who spied on his guests, and Talese, known for his novelistic profiles and bespoke suits.

The Netflix film, which debuts Friday, follows Talese as he reports and writes about his creepy friend for the 2016 book, “The Voyeur’s Motel,” only to see the story fall apart after publication when Foos’ account unravels...

Talese and Foos first connected in 1980 when the motel owner sent the journalist a letter hoping he would share his story of secretly watching guests for years through ceiling vents — in the interest of science, of course. more

Artifical Intelligence for Smartphones Catches Shoulder Surfers

Video Google researchers claim to have developed an "electronic screen protector" that can alert you when nosy parkers are looking over your shoulder at your phone.

Essentially, it's machine-learning-powered software that can use the front-facing camera on a smartphone to pick out faces, identify anyone who isn't the owner, and if they are gazing at the screen, alert the user that there's someone behind them snooping on their texts or web browsing, and so on, all in real time.

The Googlers' work on this technique – which appears to be just an academic project at this stage rather than an upcoming feature – will be presented at the Neural Information Processing Systems (NIPS) conference next week in California. more

Sony and a few other companies were working on this about seven years ago. (see the patent)

Sunday, November 26, 2017

KRACK Attack Leaves WPA2 WiFi Encryption Hacked - Do this...

The video below explains Key Reinstallation Attacks (aka KRACK), for the technically curious. 

The short story is your communications privacy over WiFi is at risk. This includes your:
  • emails, 
  • texts,
  • photos,
  • log-in ID's and passwords, 
  • credit card numbers, 
  • and even your communications to websites which normally use https:// encryption. 
In short, anything you assume is encrypted is up for grabs.

Solutions
  • Update your system software to the latest version. This includes all your devices which use WiFi.)
  • Update software on WiFi appearance points (APs) which implement the standard 802.11r (a.k.a. Fast-BSS Transition). This affects business WiFi more than residential WiFi.
  •  Upon connecting to a website make sure you see https:// and the locked symbol. 
Check here for additional information about KRACK solutions.

Risk Levels
Your risk of being a victim is highest whenever you use a public WiFi system. Risk is also high in densely populated areas.

Saturday, November 25, 2017

Spy Plants, or Mr. Potato Head Goes to Washington

DARPA’s Biological Technologies Office (BTO) is hosting a Proposers Day to provide information to potential proposers on the objectives of the upcoming Advanced Plant Technologies program.

The program aims to control and direct plant physiology to detect chemical, biological, radiological, and/or nuclear threats, as well as electromagnetic signals.

Plant sensors developed under the program will sense specific stimuli and report these signals with a remotely recognized phenotype detectable by existing hardware platforms. more

The Proposers Day will be held on Tuesday, December 12, 2017, from 8:00 AM – 4:30 PM ET at the Westin Arlington Gateway Hotel, Arlington, VA 22203; potential proposers also have the option of participating via webcast. Advance registration is required. The registration deadline to attend in person is Wednesday, December 6, 2017, at 12:00 PM ET, and the deadline for the webcast is Monday, December 11, 2017, at 12:00 PM ET. Please register at: https://events.sa-meetings.com/APTProposersDay. There will be no on-site registration.

Extra Credit: Robot-Plant Biohybrids Growing in European Laboratories

Buy an App - Bug a Phone

Commercial spying apps for Android devices are being openly advertised on Google and – upon installation – can be used to snoop on text messages, calls and Facebook chats.

While they are advertised as a way for parents to keep track of their children, or businesses to watch employees, experts warn they could be used for more nefarious – potentially illegal – purposes. According to security firm Kaspersky Lab, the popularity of such services is spiking.

Now, there is often no need for the dark web or sophisticated hacking attacks – surveillance software can be quickly discovered with a simple Google search and purchased online for well under £100 ($133.00)...

One company, FlexiSpy, was even advertising 20% off its services for 2017's Black Friday. more

There is also an app to detect this.

EU: Spying Technology Export Control

EU lawmakers overwhelmingly backed plans on Thursday to control exports of devices to intercept mobile phone calls, hack computers or circumvent passwords that could be used by foreign states to suppress political opponents or activists...

The EU has felt that spyware or malware and telecom of Internet surveillance technologies are increasingly threatening security and human rights and proposed a modernization of its export control system to cover cyber-surveillance. more

Meanwhile, on Alibaba.

Friday, November 24, 2017

Netflix Spy Movies for the Holiday Weekend

Click for the trailers...
  1. Spy Hard
  2. The Spy Who Went Into the Cold
  3. Tinker Tailor Soldier Spy
  4. Inglourious Basterds
  5. Burn After Reading
  6. The Debt
  7. XXX
  8. and elsewhere for a few cents more one of my favorites... Top Secret

Check Your Local Laws Before Recording

PA - A Franklin County jury took just seven minutes to return a guilty verdict against Chambersburg man William Alexander Himchak III on felony counts of illegal wiretapping. Himchak, 50, recorded two phone calls with tax officials, then posted them online, violating the wiretap act laws that require both people to consent to a recording before the recording has started. more

Spybuster Tip #105: In the United States, federal law requires that only one party to a conversation has to consent to the recording of the conversation. Some states, however, require two parties (meaning ALL parties) need to consent. Pennsylvania is a two party state. You can discover what the legal requirements are in your state here.

Thursday, November 23, 2017

Google Android Tracking You - Bad News / Good News / Bad News

Bad News...
Your phone knows where you are at pretty much all times. This is no surprise—that's part of the appeal. But while there are options to disable GPS and Location Services in the settings of Android phones, this won't stop Google from knowing where you are. Short of turning off your phone, there's actually no real way.

New details about the length to which Google tracks Android phones surfaced today from Quartz, which reports that Android phones will track your location even if you disable location services and even if you aren't logged into the phone...

Good News...
The practical effect of this is that, so long as your Android phone is on and not inside a Faraday cage, your location data is being communicated. Google told Quartz that this practice has existed for 11 months, but that the information was never stored or used and furthermore that the process will now be ended.

Bad News...
While the practice is just generally creepy, it also can have profound legal implications. Loose restrictions allow law enforcement in many states to obtain cell tower location information without a warrant until an upcoming Supreme Court case will ultimately decide if this will remain legal. In the meantime, there's nothing much to do besides be aware of how much and how easily your phone may be tracking you. If you really want privacy, you'll just have to turn the thing all the way off. more

Wednesday, November 22, 2017

Voyeur Hides Spycam in Starbucks Toilet

A hidden camera recorded customers using the toilet in a branch of Starbucks for up to a month. 

The small device was found in the ceiling of the coffee shop close to the headquarters of MI6 in south London.

Police believe the camera was planted by a voyeur who apparently captured himself on film in the process.

It had recorded several video files of members of the public using the only customer toilet at the store in Vauxhall, detectives revealed.

They believe the camera had been installed for a maximum of four weeks "for the purpose of voyeurism".
 It was seized by police after a member of the public discovered it in a ceiling grate. more

It is surprising how many spycam'ers are caught because they captured themselves during the installation. This guy gets our Darwin Award. 

Spybusters Tip #361: Do-it-yourself Technical Surveillance Countermeasures (TSCM) for spy cameras by "members of the public" can be very effective. One just needs to know where to look, and what to look for. Learning the wheres and whats is easy. Check here for more information.

Video voyeurism is a foreseeable issue. Any business offering customers, visitors, and employees access to expectation of privacy areas (restrooms, changing areas, showers, etc.) has a duty of care to protect them against spycams.

Spybuster Tip #362: Management, train your security and facilities personnel how to conduct and document due diligence video voyeurism inspections to detect spycams on a regular basis. Just think of the legal fees, and PR damage this will save you.

Tuesday, November 21, 2017

The Patek Philippe Wiretapping Device

Patek Philippe is known for making some of the highest quality (and most expensive) watches in the world. But at some point, it also turned out an unexpected device: a wiretapping machine.

Auction Page
One of the lots in Antiquorum’s recent watch auction in Geneva was the Patek Philippe ZL 4 N and ZG 4, two desktop modules which the listing describe as “a fine and very rare, electronic wiretapping device and clock used by the Swiss police.” Hodinkee’s Jack Forster points out that it looks not unlike a clock synchronizing apparatus: the higher unit could be used to set the time, while the lower one has plugins for four coordinating timepieces.

But with all the testing, research, and verification that goes into high-end auctions (the units sold for CHF 11,250, about $11,366 at current exchange), this thing probably was used for what Antiquorum says it was: to listen in on the conversations of whoever was committing high crime in the world’s most famous neutral nation. As for having the Patek Philippe name attached, well, at least the Swiss police could count on knowing exactly what time any espionage they overheard was going to occur. more

Additional Information from a 2009 auction...
Description: Two Patek Philippe Master Clocks A. Electronic Master Clock Patek Philippe, Genève, Model L4031. Made circa 1975. Very fine, Electronic Center Seconds Master Clock. B. Digital Time Display Master Clock Patek Philippe, No. 841637 & No. 851900, Model ZG 4 & ZL 4. Made in the 1970s. Fine and rare, electric 110/220v aluminium and blue coated LED digital master clock display with day and month indication and control unit. To be sold without reserve C. Rectangular with two handles, wood-effect sides. D. Black with Arabic numerals, outer minute divisions, outer Arabic fivesecond numerals and divisions, brushed fascia with buttons for adjusting the 1/10 and 1/1000 seconds. White baton hands. M. Electronic, a very powerful Master Clock System capable of controlling an almost unlimited number of "slave" clocks and can be regulated to 1/1000th of a second. Dial and case signed. more

Now Playing - The Science Behind Spying

The Science Behind Spying is a 1960's documentary to educate viewers on the past history of the US and how spying played a role in it. more
Runtime: 50 minutes, Amazon Prime

Corporate Espionage: Beware the Cupid Spy

Between oversharing about their job and workplace with dating matches and divulging trade secrets, 25% of business leaders using dating apps may be accidentally threatening their workplace's security, according to new research from Kaspersky Lab...

Of those using dating apps, 19% of business leaders have had their device infected via a dating app, including malware, spyware, or ransomware...

The work-related bragging can lead to infected devices and corporate espionage if trade secrets fall into the wrong hands, the report said. If malware allows a match access to a work device, the attacker may have access to work documents stored on that device. more sing-a-long

Monday, November 20, 2017

Foreign Agent Man

A new report by a U.S. government panel has called for staff members of Chinese state-run media groups in the U.S. to be made to register as foreign agents.

The U.S. China Economic and Security Review Commission alleged Wednesday that journalists at some Chinese media organizations engage in spying activities, feeding information back to the Chinese government.

The report comes just days after the production company behind the American version of the Russian state-funded network RT officially filed as a foreign agent following pressure from the Department of Justice. more

The concerns are justified. I've seen proof. ~Kevin

Wiretapper's "Suicide" - Update

Greek officials did not adequately investigate the death of a telephone company executive found hanging in his apartment a day before lawmakers and the prime minister learned their cellphones had been tapped, the European Court of Human Rights ruled Thursday.

Costas Tsalikidis, a Vodafone Greece executive, was found hanging in his Athens apartment...

An investigation into the wiretaps revealed another telecom had planted spyware into Vodafone’s equipment, and that Tsalikidis had allowed the spyware’s placement and met regularly with the other telecom. The wiretaps went live in June 2004 and were removed a day before Tsalikidis’ death.

Tsalikidis’ family refused to accept the man had taken his own life and hired their own investigators, who uncovered several inconsistencies to the suicide theory.
  • a lack of injuries common during hanging, contradictions as to the rope marks on Tsalikidis’ neck,
  • and an extremely complex sailing knot used for the noose that would have been quite impossible given Tsalikidis’ complete lack of sailing experience...
Investigators ... did find...
  • Tsalikidis’ hyoid bone was broken – an indication he’d been strangled. 
  • Tsalikidis’ personality was not compatible with a suicide profile...
The court ordered the Greek government to pay Tsalikidis’ family $59,000 in damages.

After years of investigating, the Greek government issued an international arrest warrant for a CIA official they believe was at the heart of the wiretapping affair while he was stationed in Athens. more

Remember The Fugs?

Quote of the Week – Bob Woodward on J. Edgar Hoover

"FBI director J. Edgar Hoover didn’t object to Nixon’s wiretapping because it was illegal, he objected because wiretapping was his job!" — legendary journalist Bob Woodward, who spoke Thursday night to a packed house at the University of Utah’s Kingsbury Hall.

Saturday, November 18, 2017

Corporate Espionage: Spies Have a Deep Black Bag of Tricks

A Toronto-based private equity firm is alleging that its employees were targeted in a covert corporate espionage operation involving an agency with operations in London, Paris and Tel Aviv staffed by former members of the Israeli Defense Force and former agents of intelligence agency Mossad.

The agency cited in court documents filed by West Face Capital Inc. is Black Cube, the same one reportedly retained on behalf of former Hollywood mogul Harvey Weinstein to investigate women who had accused him of sexual misconduct...

Some, including the former general counsel of West Face, were wined and dined, and flown to England on the false pretense that they were being courted for employment with international companies, the court documents allege...

The court documents filed by West Face Wednesday say different approaches were used for each employee or former employee approached, but that there were common elements, including “using false businesses, websites, identities, LinkedIn profiles, and business cards.more

Wiretapper's "Suicide" Revisited for Foul Play

An appeals court prosecutor in Athens has asked to see the case file concerning the death of a telecoms engineer in 2005 shortly before the outbreak of a scandal involving the wiretapping of Greece’s political leadership...

The decision to revisit the case came after the European Court of Human Rights (ECHR) deemed on Thursday that Greece had failed to fully investigate the circumstances surrounding the death of former Vodafone employee Costas Tsalikidis, 38, who was found hanged in his apartment.

The investigating prosecutor at the time, Ioannis Diotis, had ruled out foul play, concluding that Tsalikidis had committed suicide.

Tsalikidis’s death occurred the day after the spyware planted in Vodafone’s network was removed...

The spyware diverted phone conversations made by Vodafone’s subscribers to 14 “shadow” pay-as-you-go mobile phones, allowing calls to be monitored. more sing-a-long

Spy Store Helps You Be Big Brother

You're not paranoid: Someone may be watching you. Friday's opening of Spysite.com's first New Jersey store, on Route 23, is the proof.

The new location specializes in covert surveillance. Got an overbearing boss? They'll sell you a pen that will secretly record him. Suspect your neighbors are stealing your packages? Owner Grant Huber can sell you a camera and tell you where to hide it so no one suspects...

Employees will show buyers how to use all the gadgets they sell. more

Fun fact: Radio Shack employees were not allowed to instruct customers how to spy using their merchandise. For the answer as to why, click here. ~Kevin

Germany to Parents - Destroy Your Child's Smartwatch

Germany's regulatory arm for electricity, gas, telecommunications, post, and railway markets, has issued a ban on smartwatches designed for children over concerns that they can be used by parents to spy on their kids and teachers.

Furthermore, the regulatory office is urging parents to go a step further and physically destroy these smartwatches, should their children own one. The agency has also taken action against several firms that offer smartwatches designed for children.

"Via an app, parents can use such children's watches to listen unnoticed to the child's environment and they are to be regarded as an authorized transmitting system," said Jochen Homann, president of the Federal Network Agency. "According to our research, parents' watches are also used to listen to teachers in the classroom." more

Wednesday, November 15, 2017

TSCM Security Tip: Check Hotel Ownership

Many hotels, conference centers and resorts are controlled or owned by governments engaging in business espionage. Checking the ownership before booking your off-site meetings and general business travel can significantly reduce your risk of electronic surveillance.

Click for interactive map.
From a New York Times article, Foiling Cyberspies on Business Trips...
Evan Anderson, chief executive of Invnt/IP, a group dedicated to combating nation-sponsored intellectual property theft...said he created a map of Chinese-owned hotels around the world in 2016 and was surprised by how many they were, including some in Silicon Valley where technology companies hold meetings. “Most people don’t realize that an individual Four Seasons hotel, Ritz-Carlton, or many other brands can be owned by a Chinese company with close ties to the Chinese government,” he said.

---

Checking venue ownership is the first step to reducing the risk of intellectual property theft. The second step is hiring a Technical Surveillance Countermeasures (TSCM) specialist. They will search for all types of electronic surveillance (i.e., audio bugging, video voyeurism, and data cybersecurity), before and during your stay.

Security directors from Fortune 1000 companies are invited to receive my free Off-Site Meeting Security Checklist — 25 recommendations / 5-page report. ~Kevin

Tuesday, November 14, 2017

Sports Espionage: Honduras Accuses Australia of Spying by Drone

Honduras accused Australia of spying on their training sessions with a drone on Monday, as tensions heated up ahead of Wednesday's decisive World Cup playoff match.

The Honduran National Football Federation (FENAFUTH) posed 18 seconds of footage of a drone flying above Sydney's Olympic Stadium, where the team trained on Monday after their long flight from central America.


"Australia spied on Honduras's official training session from a drone, causing discomfort among the Honduran team and delegation," FENAFUTH said on its Twitter feed. more

Industrial Espionage “can be done cheaply and at scale”

The admonitions to business travelers headed to other countries should be familiar by now: Keep your laptop with you at all times. Stay off public Wi-Fi networks. Don’t send unencrypted files over the internet...

“There’s a difficult intersection between convenience and security,” said Samantha Ravich, who studies cyber-enabled economic warfare at the Foundation for Defense of Democracies, a policy institute focusing on national security...
The problem of intellectual property theft is not new, but it is now much more widespread. “Placing listening devices in conference rooms, hotels and restaurants is traditional Espionage 101,” Ms. Ravich said. But with tools like tiny inexpensive cameras and microphones or compromised Wi-Fi networks, corporate or state-sponsored industrial espionage “can be done cheaply and at scale,” she said. more

Monday, November 13, 2017

How Pinkerton laid the foundation for the CIA and FBI

Allan Pinkerton, the grandaddy of American private eyes, has a “true detective” story made for the binge-watch era.

Pinkerton (left). Restored image. Click to enlarge.
The organized investigation of suspicious behaviors has evolved in two directions. One is in the case of detective work, dealing with activities that endanger individual citizens. The other, integrally linked avenue is in intelligence, investigating threats to the state.

Flowing out of the same font, the modern incarnation of these entwined investigative avenues are largely the creation of two people.

In Europe, Eugene-Francois Vidocq may be considered the godfather of the former criminal turned secret agent who is largely responsible for the development of the modern, entwined arts of intelligence-gathering and criminal investigation. But stateside, his parallel, no less influential, was Lincoln’s spy master during the Civil War, Allan Pinkerton.

Born to an impoverished family in Glasgow in 1819... more

Saturday, November 11, 2017

Takeaway: Don't Spy on Your Girlfriend's Affair

MI - A 43-year-old man was shot Friday while spying on a woman as she had an affair on Detroit's west side, police said. The man was spying on the 28-year-old woman around 2:20 a.m. in the 12000 block of Winthrop Street when she got caught having an affair, according to officials.

Police said when the man tapped on the window, the woman opened the window and fired shots. The man was shot in the arm, police said. He drove himself about two miles to the 8500 block of Lauder Street, where he called police. more

Friday, November 10, 2017

Economic Espionage: Web of Brain Sucking Spiders

For Lt. Gen. Paul Nakasone, USA, commanding general, U.S. Army Cyber Command, one important perspective “is that our adversaries are antagonists,” he said. “Their capabilities are ever increasing.”

At first it was exploitation of data, then disruption and after that destruction. Before it was attacks on networks or a series of networks, now it also is data and critical infrastructure and key resources.

"I think that we are starting to see the trailers [preview] of the future war," Gen. Nakasone warned. Actors that the United States has not thought of, non-nation states, anonymous, proxy adversaries, will have an impact as antagonists against countries, the general predicted. They are not only going after military networks, they are going after the economic might of that nation. “They are going after the key terrain that they know is fundamental to how a country operates.” more

Suspended Sentence for Swiss Spy Snooping

Rarely has a spy case attracted as much attention in Germany as that of Daniel M. The bungling double agent passed on troves of bank data to German tax officials while allegedly gathering info on them for the Swiss.


A German court has handed a suspended sentence of one year and 10 months to the former Zurich police detective for spying on the German state of North Rhine-Westphalia's (NRW) tax authority and some of its staff for nearly four years up to February 2015.

The regional court in Germany's financial capital, Frankfurt, also slapped a fine of €25,000 ($29,000) on the 54-year-old Swiss double agent. more

Thursday, November 9, 2017

Former Governor Wanted Wife Arrested for Eavesdropping

AL - The former director of the Alabama Law Enforcement Agency (Spencer Collier) said former Governor Robert Bentley wanted to know why his wife, Dianne shouldn't be arrested after he discovered she had been secretly recording his conversations with the aide suspected of being his mistress.

Collier said, "Once I become confident that Ms. Dianne was responsible for recording him, I told him and ended the investigation.

He wanted to know why she couldn't be arrested for planting an eavesdropping device.

I explained that in my opinion, no [District Attorney] in AL or the [Attorney General] was willing to prosecute a wife for recording her spouse caught in the act of adultery... He became upset and stated that if she or anyone disseminated the information that he would demand that they be arrested." more

Eavesdropper: The coding mistake that may be in your phone.

A simple coding error made in hundreds of apps may have exposed as many as 180 million smartphone users to having their text messages and phone conversations intercepted by hackers, security researchers warned.

The warning comes from experts at the cybersecurity firm Appthority, who spotted an error plaguing as many as 685 mobile apps—including one used for secure communications by a federal law enforcement agency...

The issue, which has been dubbed Eavesdropper...

Eavesdropper is an especially troublesome problem for a number of reasons. First, most users are likely unaware of what API their mobile apps use to handle certain features like texts and calls so it is unlikely the average person would be able to spot if an app they are using is vulnerable. more

Wednesday, November 8, 2017

Attorney Suspended for 4 Years for Eavesdropping

The state Supreme Court has suspended a northern Indiana attorney for at least four years after finding that he eavesdropped on private conversations between homicide suspects and their attorneys when he was a deputy prosecutor.

The court's disciplinary commission recommended Robert Neary be disbarred. But the justices instead issued an order Monday prohibiting him from working as a lawyer for four years...

They found that when Neary was a LaPorte County deputy prosecutor, he committed attorney misconduct by listening to two homicide suspects' confidential attorney-client conversations in incidents in 2012 and 2014 involving an audio feed and a video recording made in a police interview room. more

End-to-End Encryption App for Business Customers

End-to-end encrypted messaging app Wire has introduced a version of its service for business customers...

Wire CEO Alan Duric told ZDNet that the company had 300 firms on the Teams pilot and that businesses were using the service for their top managers or M&A teams and issues like crisis communications.

Wire is also eyeing the Internet of Things, arguing that end-to-end encryption could be applied to messages to devices as well as chats with your colleagues.

"There is quite a bit of awareness that industrial espionage is not a myth and that they need to protect their data," he said. more

Sunday, November 5, 2017

Video Voyeur Drones Grab Headlines – Business Espionage Drones Don't

A growing number of women in Port Lincoln, South Australia, have reported being woken at night by a drone spying on them in their homes.

One woman was sleeping alone on her remote hobby farm when she was woken up by an object banging into her window, only to realize it was a drone with a camera attached.

Another woman told the ABC of the anxiety and panic she now experiences at night due to a similar encounter, saying, “You’ll hear a noise and even if it’s not a drone you just get paranoid…

Two of the victims no longer shower at night for fear of the drone capturing them while naked.

In May this year, a Sydney woman reported having been spied on by a drone while she was getting out of the shower.

These disturbing instances reflect the growing problem of the law being ill-equipped to deal with fast-developing technology, such as drones and revenge porn — with women constituting the largest proportion of victims to cyber-crimes. more

Spybusters Tip #519 - Video voyeur drones are headline grabbers. Business espionage drones go unnoticed. 

If your office has a window, you have an information security vulnerability. One quick high resolution drone camera flyby and visible paperwork and whiteboard information is theirs. 

Close curtains, or angle blinds downward when you leave. 

No curtains? Develop the "clear desk" habit. ~Kevin

Private Eye Charged with Illegally Spying on Politicians

FL - ...It was only after all three politicians discovered mysterious GPS trackers under their vehicles and turned them over to the Florida Department of Law Enforcement that a criminal investigation began...Now, nearly a year after election day, the State Attorney’s Office has charged Victor Elbeze with illegal tracking after FDLE agents found his fingerprints on one of trackers...


Elbeze and his boss at the time, Steve Cohen, who owns the Hallandale Beach firm General Investigative Services, denied following any politicians...Cohen, a shadowy Russian national who recently changed his name from Stanislav Doudnik, refused to speak on camera and wouldn’t say who hired his firm, citing client confidentiality. But he said he never ordered Elbeze, who has left his employ, or anyone else to do anything illegal.   more

Spycam Found at Condo Building - Florida Legislators Targeted

FL - For at least three days in the final week of the 2017 legislative session, a covert surveillance camera recorded the comings and goings of legislators and lobbyists living on the sixth floor of the Tennyson condominium near the Capitol.

Click to enlarge.
Weeks later, in a dark parking lot of an Italian restaurant in Tallahassee, Sen. Jack Latvala of Clearwater, a Republican candidate for governor, was also being spied upon. Grainy photos show him standing and planting a kiss on the cheek, then the mouth, of a female lobbyist on the last night of the Legislature’s special session.

These weren’t routine smartphone photos captured for fun. They were the work of private investigators whose research has fueled an escalating barrage of rumors in the last week about sexual harassment in Tallahassee and infidelity among the state’s elected legislators.

Incoming Senate Democrat Leader Jeff Clemens of Lake Worth abruptly resigned Friday after admitting to an affair with a lobbyist. Politico Florida was the first to report on Tuesday that private investigators had documented at least four separate incidents involving Latvala dining with female lobbyists and that state law enforcement officers investigated the covert camera at the Tennyson. more

The Secret Shoe, or The Bonded Sole

(via maxim.com)
We're not suggesting that you infiltrate an enemy's ranks to take down a hostile foreign power, but if you ever want to dabble in some international espionage, have we got the shoe for you.

A dressy Derby Shoe made from fine deerskin may seem less critical than a working knowledge of close quarters combat or Russian. Still, "The Secret Shoe" from Oliver Sweeney is here to satisfy all your covert spy needs... and then some.

The luxury footwear provider teamed with VeryFirstTo.com to stash inside this unsuspecting-looking shoe two hidden compartments that can each hold three gadgets at a time.

Derby Shoe has provided 12 for you to pick from: the world's smallest phone, a tiny video camera, a mini Swiss army knife, a tracking device, a money capsule, "the world's most advanced contactless payment ring" and more.

There's also room for a house key.
Click to enlarge.


Another badass feature you'll make use of if you're ever zip-tied and about to be tossed off a helicopter (there's a chance) is the laces. They're made of Kevlar, which means they can double as a friction saw that's strong enough to cut through wood and plastic. more

If your organization isn't picking up the tab for this, you'll probably be interested in the selling price. $1307.50

Still interested?

That's $1307.50 
...per shoe. ~Kevin

Tuesday, October 31, 2017

Not So Covert Video Cam Sunglasses

Today is probably the only day a spy could get away with these...
Dorkier than Google Glass? You decide. more

TSCM Alert - Keylogger Used to Hack School Grades

Former University of Iowa student Trevor Graves was arrested last week and charged...with hacking into the school's system to change grades.

...Graves allegedly attached a keylogger to several university computers in order to compromise faculty, staff and student information. In January 2017 the scheme was identified when a keylogger was discovered and reported by a staff member...

The school estimated that about 250 people had their HawkID and password stolen.

The court documents state that Graves allegedly used the information taken to escalate his privileges within the school's computer system enabling him to change grades, an ability given only instructors. more

This school was lucky. They discovered the spying device almost by accident. 

Most electronic surveillance and subsequent information loss is never discovered, because... "If you don't look, you don't find."

Typical keystroke logger attached to keyboard cable.
Technical Surveillance Countermeasures (TSCM) inspections are not just about finding bugs and wiretaps. These exams also discover keyloggers, optical surveillance (spycams) and other methods of information loss.

Periodic TSCM exams are as vital to an organization's health as medical exams are to people. Think about that for a second... both can spot a cancer while it can still be cured.

Need a TSCM exam, or a local referral? Contact me. ~Kevin

Monday, October 30, 2017

USB Stick Security, or God Save the Queen

UK - Heathrow Airport officials have launched an internal investigation into how a USB memory stick containing the airport's security information was allegedly found on a London street...

The USB stick, which apparently held details such as the route which the Queen takes when using the airport and maps pin-pointing CCTV cameras and a network of tunnels and escape routes, was not given to police but instead was handed to a national newspaper, the Sunday Mirror.

The Sunday Mirror reported that an unemployed man said he was on the way to the library to search the internet for jobs when he found the USB stick in the leaves... he plugged the USB stick into a library computer a few days later and was amazed at what he found... more

Take away security tips...
• Encrypt information you put on a USB memory stick. Assume it will be lost or stolen.
• If you find a USB stick, don't plug it in. It may contain a virus. Dropping virus laden sticks in company parking lots is a simple spy trick.