Friday, March 31, 2017

Privacy Tips for the New Post-Privacy Internet

10 practical privacy tips for the post-privacy Internet.

  1. Educate yourself about cookies and clean them out regularly.
  2. Use two, or even three, browsers.
  3. Disable Flash or option it.
  4. Change your DNS serve.
  5. Lose search engines that track you. Now.
  6. Use the Tor browser(s).
  7. Remove your information on websites.
  8. If you have the luxury, change ISPs.
  9. Use virtual machines.
  10. Modify your browser as little as possible. more

Operation Ivy Bells — Cold War, Cold Water Wiretapping

Secrets haunt the still-classified Operation Ivy Bells, a daring Cold War wiretapping operation conducted 400 feet underwater.

It's the summer of 1972 and the U.S. is in the middle of pulling off the most daring, covert, and dangerous operation of the Cold War. Only a few months before, the signing of SALT I (Strategic Arms Limitations Treaty) limited the number of nuclear missiles of the world's two largest superpowers. Yet even with this well-publicized US/Soviet détente in place, a submerged American submarine rests mere miles from the Russian coastline.

At the bottom of the Sea of Okhotsk, the U.S. nuclear submarine Halibut silently listens to the secret conversations of the Soviet Union. With the Kremlin completely unaware, Navy divers emerge from a hidden compartment (referred to as the "Bat Cave") and walk along the bottom of the sea in complete darkness, wiretapping the Soviet's underwater communications line.

America wiretapped this particular Soviet communications cable for maybe a decade or more—and many details remain classified. It was the U.S.'s most ambitious wiretapping operation, until this point, in its entire history. This was Operation Ivy Bells. more

Economic Espionage: Declining, or just more stealthy?

by Taylor Armerding 
Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage... 

So, with Xi due to meet with President Trump in early April, an obvious question is: Has the agreement been effective?...

The reviews on that are mixed...

Robert Silvers, writing on the Lawfare blog, called the statement, “a landmark concession” by the Chinese, and said in the months since, multiple researchers and analysts had concluded that the agreement, “coincided with a significant downturn in Chinese hacking activity.”...

FireEye iSIGHT Intelligence, concluded that while “unprecedented action by the US government” was a factor in the decline, it actually began in the middle of 2014 – more than a year before the Obama/Xi agreement...

John Quinn, former Far East specialist for the CIA, a more tempered view of the impact of the agreement. “I would characterize it as a work in progress, but a good start,” he said....

Israel Barak, CISO of Cybereason, means the conclusion that economic espionage has decreased is “problematic.” “Fewer attempts might mean they already have access,” he said. “The amount attributed to cyber crime in manufacturing, health care and other industries is constantly on the rise.”...

As Kevin Murray, director at Murray Associates, put it, “once someone starts closely watching the cookie jar, the thief is forced to become more crafty.”

Murray, however, contended that the private sector needs to be much more effective in protecting itself. He pointed CSO to a 2015 blog post in which he declared: “We fight like hell for our freedom, but we let the world pick our intellectual pockets.”

Murray said the “punish-the-spy” model isn’t enough – that corporations should be held accountable as well, for failure to protect their assets.

We need a law creating business counterespionage security standards, with penalties for inadequate protection,” he said, arguing that the US already, “successfully employs the same concept with medical and financial record privacy.more

Electronic Eavesdropping Confirmed: CEO's Car Was Bugged During Takeover Talks

The head of Stada, the German drugmaker at the centre of a takeover battle, confirmed his car had been bugged last year but reassured investors that the company had not suffered as a result. "I have no reason to assume that any confidential business information went into the wrong hands," Chief Executive Matthias Wiedenfels told a news conference on Wednesday after the group announced annual financial results.

The disclosure comes at a sensitive time as Stada is the subject of a 4.7 billion euro ($5.1 billion) takeover fight between two rival private equity consortia. It was not clear who was responsible for the bugging and no suggestion that it was connected to the takeover battle.

Germany's Manager Magazin reported last week that Wiedenfels found a listening device in his car and that he was also anonymously sent photographs taken of him in confidential business situations and outside of the office.  more

Did you expect him to say, "Oh yes, confidential business information went into the wrong hands. The company has suffered as a result."

When was the last time you checked? Check here.

Tuesday, March 28, 2017

Nixon Watergate Era Poster

Vintage (1973) Waterbug Workshop, Boston.

Poster by David Campion.

The Cold War’s Least Believable Surveillance Strategy

In an effort to gather information from behind the Iron Curtain, the U.S. Air Force launched hundreds of spy balloons to float over the Soviet Union, collect photographic coverage, and hopefully reappear in friendly airspace for midair recovery...

In the days before reconnaissance satellites, balloons were seen as a safer alternative to proposals for manned overflights, and less provocative than plans to attach cameras to cruise missiles. But the audacity of the balloon program also reflected the tremendous appetite for recon information in Washington. In his 1991 history of the Moby Dick program, as it was known, Curtis Peebles describes how “the reconnaissance balloon had the highest national priority of 1-A. The only other project to share this priority was the hydrogen bomb. Knowledge is power.”

The balloons carried a 150-pound metal box with the approximate dimensions of an old television. Inside, a camera, film, and electronics were shielded from the conditions by several inches of styrofoam. Two additional tubs of ballast provided the balloons with rudimentary navigational aids. If sensors indicated a drop in altitude, magnetic valves inside the tubs could gradually release its steel dust to lighten the load. more

ISPs May Soon be Selling Your Browsing Data – Privacy Tips...

Recently, the United States Senate saw fit to allow Internet Service Providers to sell your web browsing history and other data to third parties. The action has yet to pass the House, but if it does, it means anyone concerned about privacy will have to protect themselves against over zealous data collection from their ISP.

Some privacy-conscious folks are already doing that—but many aren’t. If you want to keep your ISP from looking over your shoulder for data to sell to advertisers, here are three relatively simple actions you can take to get started.

1. The Electronic Frontier Foundation’s HTTPS Everywhere browser extension is one of the first things you should install. This extension requires that all website connections to your browser occur using SSL/TLS encryption...

2. Your next step is to subscribe to a paid virtual private network service—not a free one that collects your data and sells it to third parties for analytics, or uses ads to support its free service, because that would negate the entire point of all this...

3. The Domain Name System is how your computer translates a human readable website name, such as NYTimes.com, into a machine-friendly numerical Internet Protocol address. It’s like the telephone book of the Internet.

The problem is that your PC is usually configured to use your ISP’s DNS, which means your ISP sees all your browser requests. VPNs typically configure your PC to use their DNS, and there is usually a DNS leak protection feature that makes sure your PC doesn’t ignore the VPN and use your default DNS settings.Nevertheless, to be doubly sure you’re not using your ISP’s DNS, it’s a good idea to set your PC to use a third-party DNS provider such as OpenDNS... more

Smartphone Malware Up 400% in 2016

Mobile device malware infections reached an all-time high last year, according to a new Nokia Threat Intelligence Report, released Monday.

Smartphones were by far the most vulnerable devices, with infections that rose nearly 400% in 2016. Attacks on smartphones represented 85% of all mobile device infections in the second half of the year, according to the report. more

Monday, March 13, 2017

Another Leak of Security Clearance Files (WTF?!?!)

via zdnet.com...
An unsecured backup drive has exposed thousands of US Air Force documents, including highly sensitive personnel files on senior and high-ranking officers.

Security researchers found that the gigabytes of files were accessible to anyone because the internet-connected backup drive was not password protected.

The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess "top secret" clearance, and access to sensitive compartmented information and codeword-level clearance.

Phone numbers and contact information of staff and their spouses, as well as other sensitive and private personal information, were found in several other spreadsheets.

The drive is understood to belong to a lieutenant colonel... more

The device has since been taken offline and it is unclear if anyone other than members of the MacKeeper Research Team had access to the files or how long they were available. more

Enough is enough!!! 
Make information security a top priority, wherever you work, right now! 
(My security clearance info was stolen during the OMB hack of 2015. I'm still pissed.) ~Kevin

Anti-Surveillance Sunglasses – Q Would Be Proud

via... digitaltrends.com
...there’s a new set of spectacles on Kickstarter that might help you bamboozle even the most sophisticated facial recognition tech.

The Eko shades, as they’re called, are rimmed with a type of retro-reflective material that bounces light back to exactly where it came from. Most surfaces reflect light by diffusing or scattering it in all directions, but this material is specially designed to reflect light back at the exact same angle as it arrived.

If caught in flash photography, retro-reflective material will send most of the light back to the camera’s sensor. This will put the dynamic range of the camera’s sensor to the test, and likely result in an image that’s underexposed for everything but the rims of your glasses.

Of course, this won’t help much for any camera that doesn’t require a flash, but it’s still a pretty interesting concept. more

...and the DIY hat to go with them!
1937 prototype anti-mind control device.
(Ok, who said, "Too late. She has already lost hers.")

Friday, March 10, 2017

Hotel Spying Fears

Last week, New York’s famed Waldorf Astoria hotel closed for two years of renovations amid ongoing concerns that the Chinese government could be spying on guests. 

For decades, US government officials stayed at the hotel during the United Nations General Assembly. But in 2015, after the Waldorf was sold to the Chinese Anbang Insurance Group Ltd, President Obama and State Department officials moved elsewhere, citing security concerns.

Last month, New York Post gossip columnist Cindy Adams speculated that the reason for the renovations is that the hotel “is getting hardwired”...

Worries about espionage could lead not just political officials but also business executives to steer clear of properties owned by Anbang and other foreign companies. It’s common knowledge that governments —including the US, France and China — spy on foreign businesses. more

Extra Credit Reading: Who's Watching You In Your Hotel Room? ...and more


Education.

One New Solution to the USB Port Vulnerability

The USG is a small, portable hardware USB firewall that isolates a potentially harmful device from your computer. It's designed to prevent malicious USB sticks and devices laden with malware from infecting your computer...

The problem is that most computers automatically trust every USB device that's plugged in, which means malicious code can run without warning.

It's not just computers: Cars, cash registers, and some ATMs also come with USB ports (desk phones and printcenters, too), all of which can be vulnerable to cyberattacks from a single USB stick.

While the USG will protect against low-level USB attacks, it won't protect against malware stored on the flash drive itself.

Fisk explained on his Github page, where the code is available, that the project is "particularly useful for individuals and organizations that face advanced threats including corporate espionage or state sponsored attacks." more

Toshiba Nixes Foxconn - Business Espionage Fears

Taiwan’s Foxconn, the world’s largest contract electronics maker, is not a favored bidder for Toshiba memory chip business because it is too close to China.

Apparently the Japanese government has told Tosh that flogging its flash business to China would be opposed because it means the transference of key technology.

Foxconn has plants in China, and the Japanese fear that putting the tech close to the Chinese would result in the tech leaking out due to industrial espionage and internal corruption. more

Tuesday, March 7, 2017

Consumer Reports Adds Privacy to its Checklists

Consumer Reports announced Monday it would begin considering data security in its comprehensive product reviews. 

Consumer Reports will use new standards to evaluate the quality of "internet of things" gadgets based criteria such as how secure products are and what sorts of disclosures are made when a device is collecting your data. The goal: For consumers to feel safer, and to not have to worry about the real threat of (for example) hackers taking over their baby monitor. more

Electronic Surveillance: Trust Your Instincts - Don't Wait 10 Years

A Craig, Iowa man will spend up to ten years behind bars for spying on a family in their home over the course of a decade. A judge sentenced 67-year-old James Grasz on five charges including sexual exploitation of a minor, and invasion of privacy.

Prosecutors say Grasz videotaped adults, and juveniles, in various states of nudity, without their consent, for ten years, or more. Authorities started investigating, last March, after a woman complained that she felt like she was being spied onmore

Pole Cam Issue Flagged as Possible Spy Tool

Pakistan has raised concerns that India’s tallest ever flag, which can be seen from Lahore, could be used for “spying”.

India erected a 110 metre (360 feet) high flag at the Attari Border in the northern state of Punjab, prompting Pakistan to accuse its neighbour of violating international treaties.

Pakistan has complained to the Border Security Force and raised suspicions that hidden cameras may be installed on the flag pole for spying purposes. more

High Flying Corporate Espionage Lawsuit

Panasonic Avionics plans to seek immediate dismissal of a lawsuit filed by software company CoKinetic Systems, which claims PAC employed unlawful means to monopolize the market for IFE software and media services on the IFE hardware it supplied to airlines...

The firm’s suit, filed in the US District Court for the Southern District of New York, alleges that Panasonic Avionics willfully violated open source licensing requirements, breached contractual obligations to CoKinetic, abused FAA regulatory processes, conducted corporate espionage, and defamed CoKinetic and sabotaged its products...

Separately, Panasonic Corp on 2 February revealed in a stock exchange filing that the DOJ and SEC are probing PAC’s sales activities, and said it had begun talks with authorities to try to resolve the matter... PAC’s CEO and CFO departed the company last month. more

Thursday, March 2, 2017

Spycam News: A Darwin Award to Another Spy Who Shot Himself

OH - Judge Robert Peeler sentenced a former Deerfield Township maintenance man to four years in prison, for putting hidden cameras in women's apartments. 

Gerald Rowe will also have to register as a Tier 1 sex offender. Rowe worked at the Steeplechase Apartments in Deerfield Township. A woman called police after finding one of his hidden cameras in the vent of her bathroom in May 2016, according to Prosecutor David Fornshell.

Warren County Sheriff's Office detectives found videos from four other apartments from February through May.

Rowe mounted the cameras to get video of the women undressed. One of the videos shows Rowe's face while installing the camera. more

FutureWatch: Cheap, difficult to detect, short-range, long-term bugs.

Researchers at the University of Washington (UW) have pioneered a technique where everyday objects can be embedded with transmitters that piggyback ambient FM signals to send data to nearby smartphones and radios using almost no power. 

The technique makes used of backscattering, which is the reflection of waves, particles, or signals back in the direction they came from. The system uses a low-power reflector to encode specific audio or data on top of reflected signals from an existing FM broadcast, with the data sent on an adjacent band so as not to interrupt any current radio transmissions.

The key benefit of the technology is that it has an extraordinarily low level of power consumption, meaning that it can easily be incorporated into everyday objects at a low cost...



The antennas are made of thin copper tape and can be simply embedded into objects like advertising posters or articles of clothing. Initial demonstrations of the technique showed the total power consumption of a transmitter embedded into a poster to be as little as 11 microwatts – an output that could run uninterrupted off a small coin-cell battery for two years...

The UW team has produced two working proof-of-concept prototypes demonstrating the technology. The first was dubbed a "singing poster" that transmitted portions of a band's music to a smartphone up to 12 ft (3.6 m) away, or a car up to 60 ft (18 m) away more

FutureWatch: Cheap, difficult to detect, short-range, long-term bugs. The traditional police "wire" invisibly woven into undercover investigators' clothing.  ~Kevin