Wednesday, December 26, 2018

German Football Club Caught Spying with a Drone

‘We didn‘t do anything illegal!‘
Spy games: German club admit to spying on rivals using drones

German football was stunned at the news that Werder Bremen one of the biggest clubs in the Bundesliga spied on training sessions of rivals Hoffenheim by using drones piloted by club officials...

And remarkably, Werder Bremen has issued a statement taking responsibility for the incident, admitting it was they who arranged for the drone to conduct surveillance of Hoffenheim‘s training session.

An official statement was released, explaining that the drone was piloted by a member of club staff, while the club‘s general manager Frank Bauman made a formal apology and took full responsibility for the incident. more

Spy Book Collection for Kids

Can an undercover nerd become a superstar agent? Ben Ripley sure hopes so—and his life may depend on it!

When Ben Ripley is recruited to the CIA’s Academy of Espionage, it’s a dream come true. But as soon as he gets on campus, Ben finds out that Spy School is way more deadly than debonair. And given his total lack of coordination and failure to grasp even the most basic spying skills, Ben begins to wonder what he’s doing here in the first place.

Luckily, through a series of hilarious misadventures, Ben realizes he could actually become a halfway decent spy…if he can survive all the attempts being made on his life! more

FutureWatch: Spy Technology of the Future

An Exciting Future for Spy Technology

1. Real-Time Facial Surveillance That Doesn't Require Clear, Unobstructed Images
2. Tools That Detect Activity Based on a Phone's Characteristics
3. Increased Uses for Artificial Intelligence
4. Technology to Detect Suspicious Body Language

Although it's not possible to know exactly how espionage experts will depend on the things on this list and others, it's evident that technology will help spies achieve their missions. It may also allow them to diversify their responsibilities as tech takes care of past tasks. more

Being Your Own Bodyguard, by Richard Roth (Kindle)

Click to enlarge.
Foreword by The Honorable Carlos C. Campbell

Rich Roth condenses over four decades of experience as a member of the United States Secret Service, and as a private security consultant and bodyguard.

His business portfolio includes cyber security, executive protection, aircraft and airport vulnerability, threat assessment and mitigation, training, perimeter detection and CCTV systems design and crisis management.

From the plazas of Paris, to dodging the guns in the Gaza strip, to the cafes in Caracas, Roth slips out of the shadows of surveillance to inform readers about how they can protect themselves through situational awareness, adaptation, and employ techniques and tactics for survival and mitigation.

Being Your Own Bodyguard deals with physical layouts and boundaries, psychological characteristics, and physiognomic [facial expressions] clues in assessing threats. Rich draws heavily on his experience with the USSS that includes over one hundred protection assignments. more

Monday, December 24, 2018

Security Director Alert - Well Produced Information Security Awareness Videos for Employees

Foreign intelligence entities, which may include foreign governments, corporations, and their proxies, are actively targeting information, assets, and technologies that are vital to both U.S. national security and our global competitiveness. 

Increasingly, U.S. companies are in the cross-hairs of these foreign intelligence entities, which are breaching private computer networks, pilfering American business secrets and innovation, and carrying out other illicit activities.

The National Counterintelligence and Security Center is dedicated to raising awareness among government employees and private industry about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard that which has been entrusted to their protection.

The following products will enable personnel to better understand these threats and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access. It will also serve to help them protect their personal, confidential information that may be used by others to gain their trust. more

Social Media Deception Trailer
Social Media Deception
Social Media Deception Full Video
Social Engineering
Spear Phishing (30 second trailer)
Spear Phishing 2017
Spear Phishing Full Video
Travel Awareness
Human Targeting
Supply Chain Risk Management
Economic Espionage  (True story.)

Infographic - Check Your Phone for Spies

There is a lot which can be done to check your phone for spyware. 
Everything from following instructions in a book to a full forensic inspection.

In the meantime, you can start with this...

You can find a slightly larger version here.

Yet another Spy Museum Opens

The KGB Spy Museum (in New York City) features the largest collection of USSR KGB espionage artifacts.

The KGB, an initialism for КГБ Komitet gosudarstvennoy bezopasnosti translated in English as Committee for State Security, was the main security agency for the Soviet Union. During the Cold War, KGB always wanted to compete with the CIA in all possible ways.

Interactive spy museum presents to visitors that era special technique: spy cameras, KGB concealment devices, secret recorders, crypto and cipher machines, spy radios, secure telephones...

The museum exhibition, much of which is only now being made public, presents a never-before-seen collection of items covering the activities of prominent KGB agents and revealing the strategies and methods that underlay many of history’s top secret espionage operations. more

Sunday, December 23, 2018

"Alexa, what’s my neighbor doing?"

Alexa, what’s my neighbor doing? ‘Human error’ allows user to eavesdrop on stranger’s life.

A German Amazon customer was able to access hours of audio files from a stranger‘s Alexa device that included recordings of him in the shower thanks to a “mistake” by one of Amazon‘s human employees.

Amazon sent the customer a link that included 1,700 recordings of another man and his female companion when he asked to play back the recordings from his own Alexa voice assistant.

He reported the anomaly to Amazon, but the company did not immediately reply, except to delete the files. By then, he had already downloaded them. After weeks of no response from Amazon, the customer notified German trade c‘t, worried the company would just cover up the incident otherwise.

Using the information contained in the recordings, which included their first and last name, the name of their partner, where they lived – even audio of the person in the shower – c‘t was able to locate and the victim, who was... more

Yup, like I said two years ago. ~Kevin

Happy Birthday World's First Spy Musuem

The Spy Museum in Tampere, Finland opened to the public in the summer of 1998. It was the world's first spy museum dedicated exclusively to espionage. This year, the Spy Museum celebrated its 20th anniversary. 

Two years later, in 2000, a sister museum, the International Spy Museum, opened its doors in Washington, D.C.  more

The Case of the Eavesdropping Boyfirend - Settled

"Wonderful fun. Hundreds of practical uses."
A New York City accountant agreed to pay the Securities and Exchange Commission more than a half-million dollars to settle insider trading charges related to the merger of Alaska Airlines and Virgin America. Peter Cho was accused of listening in on his investment banker wife’s* phone calls to glean sensitive information, allowing him to earn over $250K through a series of perfectly timed investments. more   * At the time his fiancée.

Saturday, December 22, 2018

The Surprising Spy Story Behind Lafayette Radio

by Rich Post KB8TAD 

Lafayette's three owners
Sometimes when you look closely at a company, a surprise pops up. Such was the case with Lafayette. The change in corporate names in 1939-40 and the separate catalogs in 1942 as well as the sudden and permanent disappearance of Lafayette from Atlanta and Chicago in 1951 triggered the question of why. Was there a rift among partners?

Searching on the names of the three owners as stated in the Federal Trade Commission action against Wholesale Radio in 1935 turned up nothing until... A search on the correctly-spelled names of Samuel J. Novick and Max H. Krantzberg came up with Krantzberg as the Executive Vice President of Lafayette with stock holdings just a bit less than President and Chairman Abraham Pletman in a Securities and Exchange Commission report in 1961. Each owned roughly a third of the outstanding shares...

The communist connection
Novick was not actually the author of "A Plan for America at Peace" but his company sponsored and paid for the publication. He had immigrated to the US from Czarist Russia in 1914 at age 17. One of his early jobs in the US was radio telegrapher. He became an excellent business man. He was also an avowed communist who allegedly paid the bills for radio commentators from the American Communist Party on the Blue radio network. He supported a variety of organizations later deemed to be underground communist groups according to FBI reports. Some labor unions at the time were also controlled by communists allegedly including the one that had honored him. Of course, in free speech America, this was allowed.

Spies and Lies
However, it was after the FBI uncovered a Russian spy that Samuel Novick came to their attention.

Arthur Adams was a high-ranking undercover GRU (Soviet Military Intelligence) operative under the code named "Achilles" and was assigned along with others in the NKVD (forerunner of the Russian KGB) to obtain US corporate and military technology secrets.

In 1937 Novick had written a letter to the US Immigration and Naturalization Service vouching that Adams was a highly skilled radio engineer who had worked for him for 10 years at Wholesale Radio as its Canadian representative and was needed in the US. It was a lie.  more

Extra Credit: Explore old Lafayette catalogues here, and later ones here. Old issues of Monitoring Times may be obtained here.

Friday, December 21, 2018

This Month in... Bots Gone Wild

Sneaky parrot uses Amazon Alexa to shop while owner is away. more

GPS signals across far northern Norway and Finland failed. Civilian airplanes were forced to navigate manually, and ordinary citizens could no longer trust their smartphones. more

Virgin Australia is under investigation after two engines on one of its aircraft "flamed out" during descent and had to be manually re-ignited before the aircraft hit the tarmac. more

Drone shatters passenger jet’s nosecone and radar during landing. more

Uber manager in March: “We shouldn’t be hitting things every 15,000 miles.” "They told me incidents like that happen all of the time," whistleblower wrote. more

New Zealand courts banned naming Grace Millane’s accused killer. Google just emailed it out. more

She'd just had a stillborn child. Tech companies wouldn't let her forget it. A woman pleads with tech companies like Facebook and Twitter to stop serving her ads to intensify her grief. more

Microsoft is sending users who search for Office 2019 download links via its Bing search engine to a website that teaches them the basics about pirating the company's Office suite. more

Delivery robot bursts into flames at UC Berkeley. more

Rudy Giuliani Says Twitter Sabotaged His Tweet (not true) more
Mystery Drone Still on the Loose at Gatwick Airport, But Flights Resume Anyway more

Thousands of people trusted Blind, an app-based "anonymous social network," as a safe way to reveal malfeasance, wrongdoing and improper conduct at their companies. But Blind left one of its database servers exposed without a password, making it possible for anyone who knew where to look to access each user's account information and identify would-be whistleblowers. more

...and a cautionary tale.

Wednesday, December 19, 2018

FutureWatch: 2019 - Stricter Privacy Regulation (we hope)

After decades of complacency, the regulatory tide is finally turning against the unchecked personal data collection that powers the ad-revenue machines at Google, Facebook, and other big tech firms. 

In Europe, the General Data Protection Regulation (GDPR) is an unprecedented leap forward in privacy regulation, with strict rules and harsh penalties designed to limit personal data collection.

Though the US has been slower to act, there is a growing demand for an Internet Dodd-Frank, a sweeping federal legislation designed to protect the privacy of US citizens.

The recently passed California Protection Act (AB 375) is one potential, though imperfect, template for a federal consumer privacy law. This new law affords California residents new privacy rights that entitle them more insight into, and more control over, the personal data companies collect on them...

Google already commented that they "...look forward to improvements to address the many unintended consequences of the law," which could easily translate to prioritizing the protection of the practices that have allowed these companies to make billions at the expense of consumer privacymore

Government Spying... Outsourced

New Zealand - The State Services Commission delivered a damning report into the use of companies like Thompson and Clark (Investigations Limited) to carry out surveillance on protestors, activists and other members of the public, as well as inappropriately close relationship between investigators and some public servants.
The Commissioner described the way some agencies allowed some New Zealanders to be targeted by investigators as an affront to democracy.

The report has already claimed its first casualty.

Ross Butler quit as chair of the government insurance agency Southern Response last night before his meeting with the Greater Christchurch Regeneration Minister Megan Woods.

The insurer broke its code of conduct, and possibly the law, when it used security firm Thompson and Clark to secretly record meetings of earthquake victims. more & more

When Technical Surveillance Countermeasures Warnings Are Met With a Shrug

Hackers infiltrated the European Union’s diplomatic communications network for years, downloading thousands of cables that reveal concerns about an unpredictable Trump administration and struggles to deal with Russia and China and the risk that Iran would revive its nuclear program...

The cables were copied from the secure network and posted to an open internet site that the hackers set up in the course of their attack, according to Area 1, the firm that discovered the breach...

Asked on Tuesday about the hack, the National Security Agency said it was still examining the discovery of the European trove. But the former senior intelligence official said that the European Union had been warned, repeatedly, that its aging communications system was highly vulnerable to hacking by China, Russia, Iran and other states.

The official said the warnings were usually received with a shrug...

The Europeans appear, belatedly, to be waking up to the threat. Its senior staff members increasingly use encrypted telephones, and isolated “speech rooms” of Lucite are being installed in key posts... more

When Customs and Border Protection Wants to See Your Cell Phone

Last Thursday's post: Your Mobile Device Could Spill Its Guts (and worse) Get You Arrested  

Today: Man sues feds after being detained for refusing to unlock his phone at airport 

A Southern California man has become the latest person to sue the federal government over what he says is an unconstitutional search of his phone at the Los Angeles International Airport.

According to his lawsuit, which was recently filed in federal court in Los Angeles, Haisam Elsharkawi had arrived at LAX on February 9, 2017 and was headed to Saudi Arabia to go on a hajj, the Muslim religious pilgrimage...

Officer Rodriguez, began searching Elsharkawi’s pockets and discovered his phone. Rodriguez asked Elsharkawi to unlock his phone, which he declined to do. He then also refused to answer further questions without having an attorney present...

Elsharkawi was taken to a holding cell...

Yet another officer entered the scene, identified in the civil complaint as "Officer Jennifer," who again began questioning Elsharkawi. Eventually, after some back-and-forth, Elsharkawi "felt he had no choice but to acquiesce and unlocked his phone."

Officer Jennifer began searching his phone and asked Elsharkawi about his eBay and Amazon accounts, and "where he got merchandise for his e-commerce business, and what swap meets he frequents. more

Tuesday, December 18, 2018

El Chapo Got Wiretapped Because the IT Guy Screwed Up

It only took five weeks, but jurors in the trial of Joaquín “El Chapo” Guzmán finally got hear the infamous drug lord speak. Chapo's voice filled the courtroom Thursday as prosecutors played a taped phone call between the alleged Sinaloa cartel leader and members of the FARC guerrilla group. The two sides could be heard negotiating a six-ton cocaine deal. The exchange was damning...

It’s still unclear exactly how U.S. authorities obtained the recording, but witness Jorge Cifuentes seemed to have a pretty good idea. He blamed the cartel’s IT guy...

Cifuentes appeared to be vigilant about digital security. Prosecutors showed the jury his detailed accounting records, which included items like "cellular inhibitors" and "microphone searchers" among his expenses. "You turn it on during a meeting and there's no way anyone can tape it or send out anything," Cifuentes said, describing one of the devices...

The irony was that authorities were only able to obtain the call because the men were forced to use conventional cellphones while their secure network was down. Cifuentes called Cristián "an irresponsible person," and said the engineer screwed up by forgetting to renew the license on the software they had purchased. more

Note: This also reveals what can happen when someone with a little knowledge (Jorge Cifuentes) tries to play TSCM expert... "You turn it on during a meeting and there's no way anyone can tape it or send out anything,"

Be careful who you hire to advise you on corporate technical counterespionage.

Quote of the Week

"It’s generally the government’s view that corporations are as responsible for their own information technology security as they are for their own physical security." — Dick Fadden, former national security adviser to Stephen Harper and past director of the Canadian Security Intelligence Service (CSIS)

National Security Agency (NSA) - 136 issues of its internal Cryptolog periodical spanning 1974 through 1997.

Five years ago, the National Security Agency (NSA) released 136 issues of its internal Cryptolog periodical spanning 1974 through 1997. The collection offered a look into the some of the discussions being held within one of America’s most secretive intelligence agencies. Today the GWU-based National Security Archive is providing a complete index of all 1,504 items in the declassified collection, including but not limited to articles, interviews, and puzzles. more

Man's IoT Security Camera Starts Giving Him Advice

An Arizona real estate agent was shocked when a voice started broadcasting from his Nest security camera recently, addressing him directly.

Andy Gregg was in his backyard when he heard the voice, belonging to someone who claimed to be a “white hat hacker” from Canada, Gregg told the Arizona Republic. A white hat hacker is a hacker who exposes security vulnerabilities for the greater good, rather than their own benefit.

Gregg recorded the conversation that followed. In the video, a voice can be heard over the speaker telling Gregg that he was contacting him in the creepiest way possible to warn him about the security risks of his internet-connected camera. more

Thursday, December 13, 2018

Federal Court Rules Cops Can't Arrest You for Secretly Filming Them

Contrary to popular belief, in many states, recording the police is a crime.

Laws in 38 states plainly allow citizens to openly film the police in public. However, there are 12 states–California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, and Washington–where wiretap laws prohibit citizens from secretly recording police. These states require “two-party consent,” which means every party must agree before they are recorded.

But in a victory against Boston’s police commissioner and district attorney, a federal judge ruled on Tuesday that a Massachusetts law used by Massachusetts police to target people who secretly recorded them was unconstitutional. more

Just Add One More Thing and The Counterespionage Law Works

The following sounds good, but as is, it is just more of what hasn't worked.
The missing element: requiring the victims to lock their doors. 

Pennsylvania was the first to get it right

U.S. Senator Kamala D. Harris (D-CA), a member of the Senate Judiciary Committee, introduced the Deterring Espionage by Foreign Entities through National Defense (DEFEND) Act, which would update the Economic Espionage Act (EEA) to better address the growing threat of economic and industrial espionage perpetrated by foreign actors. The legislation increases the damages available for victims of trade theft, extends the statute of limitations, and expands the scope of the EEA to encompass a broader range of offenses occurring outside of the United States, including cybercrime and hacking. more

Landlord Plants Spycams - Watches While Jetsetting

Australia - An accused pervert landlord who has been charged with hiding secret cameras in tenant bathrooms could allegedly spy on renters live from wherever he was jetsetting around the world.

Barbadian-born James Maxwell, who calls himself “Tiger”, allegedly installed tiny secret spy cameras in the male bathrooms and a bedroom of the apartments in Pyrmont, Sydney, which he managed.

When police allegedly uncovered the cameras they also allegedly found an app on Mr Maxwell’s phone which enables accessing video footage from anywhere in the world...

....also alleged that Mr Maxwell had had tiny cameras in his watch and key ring... understands the cameras included a black rectangular digital clock and wall clocks in a bedroom and two bathrooms. more

Your Mobile Device Could Spill Its Guts (and worse) Get You Arrested

Last year, over 29,000 travelers had their devices searched at the US border.

A new report by the Department of Homeland Security’s internal watchdog has concluded that the agency does not always adequately delete data seized as part of a border search of electronic devices, among other concerns.

According to a new 24-page document released Tuesday by DHS’ Office of Inspector General, investigators found that some USB sticks, containing data copied from electronic devices searched at the border, "had not been deleted after the searches were completed."...

Federal authorities do not need a warrant to examine a phone or a computer seized at the border. They rely on what’s known as the "border doctrine"—the legal idea that warrants are not required to conduct a search at the border. This legal theory has been generally recognized by courts... more

Spybuster Tip #841: Device searches occur (even more often) when entering (or leaving) certain foreign countries. If you need to take your mobile device on a trip you should consider doing a data extraction on your device, before you leave... and before they do it for you.
  1. To be sure you are not carrying data that you can't afford to loose.
  2. To be sure you are not carrying contraband data (porn, propaganda, etc.).
    Remember, even erased data can be exhumed by them.
  3. To document the actually data you are taking—to counter false accusations.
Learn more here. Upon returning a spyware detection inspection is also recommended.

Tuesday, December 11, 2018

A Spycam that Sucks

Blown by
Next time you're closing a big drug deal you may want to watch the cleaner. Or more specifically their vacuum cleaner. That's right, because thanks to publicly available federal acquisition records we now know that America's Drug Enforcement Agency (DEA) has planted cameras in cleaners. Canon cameras in Shop-Vacs appear to be the latest tool in the drug war.

To be fair, we don't know it's a Shop-Vac for certain because like the brand "Hoover," "Shop-Vac" has become a generic term for a heavy-duty vacuum cleaner. The DEA could be planting surveillance equipment in a Rigid, a Craftsman or even a Stanley. What we do know for sure is that is a Canon M50B.

And we know that because it lists "custom shop vac concealment with Canon M50B" in the contract, dated November 28.

It's a good choice: The Canon VB-M50B is a network camera so video can be live-streamed - presumably to agents parked in a van nearby – and it has a very large aperture ratio, meaning that you get good color and clarity out of it even in low-light situations. more

Saturday, December 8, 2018

FutureWatch: Tooth Bugs

Sonitus Technologies, creators of the Sonitus Sensory Interface Platform, is enabling real-time wireless communications and monitoring of physiological information of users in the most challenging defense, security and commercial environments.

The company’s initial sensory platform-based solution is Molar Mic, a novel personal communications device that snaps-easily to the back teeth of a user and creates an entirely new audio interface.

By creating a new audio path (bone conduction), it eliminates the need for ear pieces, microphones and wires on a user’s head.

Incorporating a miniaturized microphone and receiver into a dime-sized mouthpiece, Molar Mic sustains unbroken two-way voice connectivity in communications networks critical to personal safety and performance across defense, public safety, aerospace, power, oil & gas, and professional applications.

Molar Mic is in its final field testing with the US Air Force. more

Friday, December 7, 2018

Flashback: "Green You're Clean - Red You're Dead"

Detecting landline telephone taps was never as easy as this, but that didn't stop the hucksters and their magazine ads. Over thirty years ago, they preyed on people seeking cheap magic bullets to protect their privacy. Here are some of these bullets.

Most of these devices will tell you if someone picks up an extension phone (assuming basic phone service). Decently constructed wiretaps remain invisible, however.

One of these devices is totally bogus. (I tested and dissected it.)

The Technical Surveillance Countermeasures (TSCM) hucksters are still out there, these days with "professional looking" websites and even more blinky light gadgets.

Need a reality check, or second opinion, before you buy?
Ask away!


Some of these gadgets date back to the 1970's. Some are still being sold today!


Detecting smartphone spyware is another story.

Thanks for viewing this collection of anti-eavesdropping mental band-aids.

Thursday, December 6, 2018

Fob-U-Less Auto Theft on the Rise ...and a solution!

As predicted in 2011, and documented in previous Security Scrapbook posts, it is time to remember where to keep your car key fob overnight... in a closed tin (cost $0.93). ~Kevin

CA - Auto theft on the rise in Toronto area, and a security expert thinks he knows why...
According to Markham automotive security specialist Jeff Bates, owner of Lockdown Security, wireless key fobs have a role to play in many recent car thefts, with thieves intercepting and rerouting their signals — even from inside homes — to open and steal cars.

...many of these thieves are using a method called "relay theft."

Key fobs are constantly broadcasting a signal that communicates with a specific vehicle, he said, and when it comes into a close enough range, the vehicle will open and start.

"The way that the thieves are getting around this is they're essentially amplifying that low power signal coming off of the push start fob," he said.

"They will prey upon the general consensus that most people are leaving their key fobs close to the front door of their home and the vehicle will be in the driveway."

The thief will bring a device close to the home's door, close to where most keys are sitting, to boost the fob's signal.

They leave another device near the vehicle, which receives the signal and opens the car.

Many people don't realize it, Bates said, but the thieves don't need the fob in the car to drive it away. more

Many thanks to our Canadian Blue Blaze Irregular (WM) for this latest alert!

Wednesday, December 5, 2018

Extortionography: Hilton Facing $100 Million Lawsuit Over Spycam Incident

A Chicago woman says she's traumatized for life because of what happened to her inside an Albany hotel room. That woman is suing the hotel chain for $100 million. 

The alleged incident happened in July 2015, but the alleged victim didn't find out about it until about two months ago. Now, she's scared for her life.

The woman had just graduated from Albany Law School. She was staying in town so that she could take the New York State Bar Exam.

Inside her hotel room, someone allegedly placed a hidden camera in her bathroom that recorded her taking a shower. The video was then posted on numerous X-rated websites.

Later there were blackmail attempts. The emailer wanted thousands of dollars to remove the video from the internet. more

Note to Hilton: A proactive due diligence defense costs about $25.00 per hotel, a price Hilton cannot afford... to pass up.

Friday, November 30, 2018

13 Members Sue Gym Over Ceiling Spycam

MI - Members of a Clinton Township gym have sued the former owner who is accused of spying on members with a hidden camera.

Thirteen members filed the lawsuit in Macomb County Circuit Court earlier this month against Matthew Krakowski, who ran Switch Crossfit gym, alleging he invaded their privacy by filming gym-goers while changing their clothes and possibly using the bathroom in private areas...

Krakowski also faces criminal charges. He initially was charged with one count of surveiling an unclothed person last May after a woman reported seeing a camera in a ceiling tile in April while she changed in a private area. Police sifted through thousands of other images garnered from Krakowski’s computer or devices and found victims to produce 13 more charges. more

Like most of these cases which hit the courts, this camera was found serendipitously, by the victim. 

Businesses involved this way have no defense. In court, the case is viewed as a respondeat superior issue—the business is responsible for the actions of their employees. Defense is costly, as are the financial penalties

A proactive due diligence defense costs about $25.00, a price your business cannot afford... to pass up.

No Matter Where You Go, There You Are

Global automakers are feeding real-time location information and dozens of other data points from electric vehicles to Chinese government monitoring centers, potentially adding to China’s rich kit of surveillance tools as President Xi Jinping steps up the use of technology to track Chinese citizens.

Generally, it happens without car owners’ knowledge, The Associated Press found.

More than 200 automakers selling electric vehicles in China — including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed start-up NIO — send at least 61 data points to government-backed monitoring platforms, under rules published in 2016. Automakers say they are merely complying with local laws, which apply only to alternative energy vehicles. more

What's Up With Taps?!?!

Thursday, November 29, 2018

A First Step Toward Making Counterespionage Actually Work

Pennsylvania High Court Finds Duty to Safeguard Employee Information

In Dittman et al. v. UPMC, the Pennsylvania Supreme Court ruled that employers have an affirmative legal responsibility to protect the confidential information of their employees. In reversing two lower court decisions, the justices ruled that by collecting and storing employees' personal information as a pre-condition to employment, employers had the legal duty to take reasonable steps to protect that information from a cyber attack. more

It's a small step, but... My cunning plan to really protect sensitive information may be catching on. The plan is explained in these two posts from about five and a half years ago...

A Cunning Plan to Protect Us from Business Espionage - March 21, 2012

Espionage Outrage Reaches the Boiling Point ...and a solution. - April 5, 2012

Dawn of the Vocal Fingerprint

The vast majority of people in developed countries now carry a smartphone everywhere. And while many of us are already well aware of privacy issues associated with smartphones, like their ability to track our movements or even take surreptitious photos, an increasing number of people are starting to worry that their smartphone is actually listening to everything they say.

There might not be much evidence for this but, it turns out, it isn’t far from the truth. Researchers worldwide have begun developing many types of powerful audio analysis AI algorithms that can extract a lot of information about us from sound alone. While this technology is only just beginning to emerge in the real world, these growing capabilities – coupled with its 24/7 presence – could have serious implications for our personal privacy.

Instead of analyzing every word people say, much of the listening AI that has been developed can actually learn a staggering amount of personal information just from the sound of our speech alone. It can determine everything from who you are and where you come from, your current location, your gender and age and what language you’re speaking – all just from the way your voice sounds when you speak.

If that isn’t creepy enough... more

Tuesday, November 27, 2018

"A Tough Year for the GRU"

Igor Korobov, head of the Russian military intelligence agency GRU, which has been accused of meddling in U.S. elections, has died in Moscow. He was 62.

The Defense Ministry said Thursday in a statement that Korobov, who led the GRU since 2016, died Wednesday of "a lengthy and grave illness," a usual Russian euphemism for cancer. His predecessor had died two years earlier, at 58.

Russian President Vladimir Putin offered condolences to Korobov's family but did not immediately name his successor...

This has been a tough year for the GRU, which has faced a series of exposures that revealed its inner workings. more

Multiple Audio/Video Eavesdropping Devices Found in Boardroom, Office and Records Room

South Africa - Science and technology minister Mmamoloko Kubayi-Ngubane has filed a complaint with the State Security Agency (SSA) after cameras were found in her office, the Sunday Times reports.

Police found multiple cameras which could record both video and sound, and could be accessed remotely.

The cameras were were reportedly placed within the minister’s boardroom, records room, and office.

According to the report, the cameras were discovered when senior managers confronted junior staff about discussions they had with the minister in her office. more

Note: The devices were only discovered when the eavesdroppers let on that they knew more than they should. Dumb on their part. 

Dumber, however, is they were not found sooner with a routine Technical Surveillance Countermeasures (TSCM) sweep, a standard practice at many organizations these days.

Can AI be Trusted with Surveillance Tasks?

China's war on jaywalking went to the next level last spring when AI-based facial recognition systems were integrated into some crosswalks, to punish jaywalkers by squirting them with water, sending them texts warning them about legal consequences of jaywalking, and/or publicly shaming them by displaying their pictures and names on large digital billboards.

Last week, this system entered a new and exciting failure mode when a traffic-cam in the port city of Ningbo captured a face displayed on the side of a passing bus, correctly identified it as belonging to Dong Mingzhu, CEO of Chinese AC giant Gree Electric Appliances, and then plastered Ms Dong's face all over a giant billboard, falsely accusing her of jaywalking. more

This Week in Spycam News

AZ - A Phoenix-based American Airlines flight attendant was sentenced to five years of probation for taking videos of men and boys using public restrooms. more

WA - Ex-South Seattle College director Gene Baker 52 was arrested last Tuesday after a teenage tenant of his told police that he had planted a camera in an alarm clock in her bedroom and that it had captured footage of her in various states of dress. more

Japan - An analysis of 406 patients who visited a sex addiction clinic here for treatment for camera voyeurism showed that they took 1,000 peeping shots on average before seeking medical help, a clinic official reported. more

S. Korea - Police recently busted a website that was used to share pornographic pictures -- including spycam porn -- arresting the suspected owner and booking 86 others without detention. more

UK - A man who took covert video footage of young women in a state of undress has been jailed for six months and placed on the sex offenders register. Jonathan Thomas Watson, 21, from Harrogate, videoed one woman as she was getting changed in a cubicle at Knaresborough Swimming Pool...Watson filmed six other females at a property in Knaresborough using similar covert means. more

FL - Investigators say a Florida teacher confessed to secretly videotaping a high school student as she changed her shirt. more

S. Korea - After a months-long investigation into Yang Jin-ho, the owner of the nation's two biggest file sharing sites, police have confirmed the existence of a million-dollar cartel for the production and distribution of spycam porn videos. Apart from owning WeDisk and Filenori, file sharing platforms where spycam clips and revenge porn were circulated, police found Yang had a hand in virtually every stage of the profitable operation. more

Monday, November 26, 2018

When VPN means Very Poor Network

Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.

"Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal.

"Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support," Migliano said.

The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. more

Kevin's Spybuster Tip # 724 - Check out Outline.

IT Director Alert - Patch Those Printers... now

Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers.
Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fax capabilities simply by sending a fax.

In July, Positive Technology shared a proof-of-concept attack that shows how attackers can compromise a corporate network via installing a customized Xerox printer firmware on a targeted printer. 

In August, HP Inc. patched hundreds of inkjet models vulnerable to two vulnerable remote code execution flaws (CVE-2018-5924, CVE-2018-5925).

Printers, security researchers say, are the Achilles Heel for network management. They sit on the network like a PC and need regular updating like any other network endpoint – but often don't. more

Tuesday, November 20, 2018

From the Don't Poop Where You are Going to Eat Files

For a century, Vienna has been the world capital of espionage.

It’s a city of world-class mystery and intrigue, as depicted in countless spy novels and films. Vienna has it all: lovely vistas, great food and wine, affordable prices, and an extraordinarily permissive environment for espionage.

In Austria, you’re free to spy on nearly whomever you want, and there are plenty of targets. Everybody has an embassy in Vienna, plus it’s the second city of the United Nations. When it comes to espionage, the only way to get in trouble in Vienna is by spying on your hosts—and that’s just what the Russians got caught doing. more

Spy Rule #629 - Don't Order Bugs Using Company Email

Eavesdropping charges have been filed against a central Illinois schools administrator who allegedly planned to secretly record a closed session of the school board.

The News-Gazette reports Champaign County State's Attorney Julia Rietz alleged Thursday that Samuel Byndom used a device disguised as a pen to record an Oct. 28 closed session of the school board. The 35-year-old Byndom is Urbana District 116's assistant superintendent of learning and instruction.

Click to enlarge.
Rietz said Urbana police have been investigating Byndom since a school district employee found an email order confirmation on a school district computer for a voice-activated recorder pen from a company called "SpyGuy."

Members of the school board members went forward with the closed session after learning about the recording device order, but searched the room before starting. They found the device and removed it. more

A New EU Spy School... with some possible strings attached.

The defense ministers of 25 EU member countries agreed Monday on a joint EU intelligence school, along with 16 other new projects, as part of their military pact...

The establishment of a joint EU spy school would be a big step forward for the bloc’s intelligence community. Until recently, a significant deepening of intelligence cooperation in the Union was blocked by the U.K., which viewed it as unwelcome competition to the Five Eyes intelligence alliance... With Brexit approaching, London no longer stands in the way.

However, eyebrows will be raised by the proposal to have Greece lead the academy, with help from Cyprus, meaning two of the EU’s members with the closest ties to Moscow would run the project. more

"So, uh, what's your Social Security number, kid?"

It's the cute toy tipped to be a Christmas hit, but there are fears ‘Dino’ the dinosaur may be vulnerable to hackers who could steal information about its young owners.

The ‘smart toy’, which is able to ‘learn’, answer questions and read bedtime stories, is among a series of technology gifts that have failed to win approval from the Mozilla Foundation...said it had been unable to determine if Dino – an internet-connected toy...uses sufficient encryption to guard against hackers.

It was also critical of the complexity of its privacy policy which includes an admission in the small print that, when a child plays with Dino, it automatically collects information about a child’s ‘likes and dislikes, interests, and other educational metrics’. more

Spybuster Tip #720 - iPhone Knows What You Did Last Summer... and how to stop it.

Your iPhone knows where you go and how often.

The feature is called Significant Locations, and it is buried deep within iPhone's reptilian brain. 

Want a peak?
  • Open Settings
  • Open Privacy
  • Open Location Services
  • Scroll to the very end and open System Services
  • Keep scrolling until you hit Significant Locations
  • At this point, you will need to sign in again.
If the feature hasn't been turned off, prepare for an eye opening surprise.

Significant Locations may include the locations of, and frequency of visits to, significant others, whom you would rather not have your other significant others know about. 

Or, if you are an investigator, it just might help you crack a case!


Monday, November 19, 2018

Renters: Beware of Creepy Landlords and their Alarm Clocks - Part II

WA - A former South Seattle College employee is in jail after allegedly putting a spy camera in an exchange student’s bedroom.

The 52-year-old man is being held in King County Jail in lieu of a $500,000 bond on suspicion of voyeurism. Q13 News is not naming the suspect because he has not yet been charged.

According to Seattle police: On Nov. 11, a foreign exchange student from South Seattle College contacted police. She said she is one of five women renting a house in the 5000 block of 16th Ave SW. The home is owned by a 52-year-old college employee who lives there. All of the renters are young women who attend the college.

The victim told police she moved into the home in September. When she moved in the suspect offered her an alarm clock. The victim accepted it. more

Note to Spies: Get a retainer.

A former employee at UBS Group AG’s French unit whose spying helped build a $6 billion tax case against the bank found the value of her work after she lost her job: 3,000 euros ($3,400).

The relatively paltry sum is all Stephanie Gibaud -- who organized events for wealthy UBS France clients before she was fired in 2012 -- got from a lawsuit she filed last year against the government to obtain 3.5 million euros. The court made its decision Thursday.

The Paris administrative court acknowledged her contribution and recognized the “stress”  she suffered for it. Gibaud, 53, was also given an official status as “an occasional assistant to the public service” seven years after she aided investigators during a surveillance mission of UBS bankers and clients at an event organized around the 2011 Roland-Garros tennis tournament. more

The Gloves are off in Thefts of U.S. Technology Secrets

 It was the great microchip heist — a stunning Chinese-backed effort that pilfered as much as $8.75 billion in patented American technology.

U.S. officials say the theft took a year to pull off and involved commercial spies, a Chinese-backed company, a Taiwanese chipmaker and employees affiliated with Micron Technology, a U.S.-based microchip behemoth.

Yet what Micron called “one of the boldest schemes of commercial espionage in recent times” is most notable because it’s not unusual. more

Renters: Beware of Creepy Landlords and their Alarm Clocks - Part I

UK - An apartment unit manager was arrested on Friday after a tenant found a secret camera hidden in their bathroom.

Police found two more hidden cameras after they detained a 49-year-old man, who works at the unit.

The resident, who is one of ten occupants living in the apartment building, called police after finding the camera in their digital alarm clock.

Police executed a search warrant and located a hidden camera, hard drive and other devices, they said on Saturday.

The man allegedly had more than 50 intimate videos of the occupants of the two units. more

Monday, November 5, 2018

Business Espionage: Ex-Employees Allegedly Steal Trade Secrets Valued At Over $400 Million

Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.

Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor was two employees with legitimate access to the data.

A federal indictment unsealed this week in the US District Court for the Northern District of California described Micron as the victim of economic espionage involving a Taiwanese semiconductor company, a state-owned company in China, and three individuals who previously worked for Micron. more