Thursday, December 13, 2018

Federal Court Rules Cops Can't Arrest You for Secretly Filming Them

Contrary to popular belief, in many states, recording the police is a crime.

Laws in 38 states plainly allow citizens to openly film the police in public. However, there are 12 states–California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, and Washington–where wiretap laws prohibit citizens from secretly recording police. These states require “two-party consent,” which means every party must agree before they are recorded.

But in a victory against Boston’s police commissioner and district attorney, a federal judge ruled on Tuesday that a Massachusetts law used by Massachusetts police to target people who secretly recorded them was unconstitutional. more

Just Add One More Thing and The Counterespionage Law Works

The following sounds good, but as is, it is just more of what hasn't worked.
The missing element: requiring the victims to lock their doors. 

Pennsylvania was the first to get it right

U.S. Senator Kamala D. Harris (D-CA), a member of the Senate Judiciary Committee, introduced the Deterring Espionage by Foreign Entities through National Defense (DEFEND) Act, which would update the Economic Espionage Act (EEA) to better address the growing threat of economic and industrial espionage perpetrated by foreign actors. The legislation increases the damages available for victims of trade theft, extends the statute of limitations, and expands the scope of the EEA to encompass a broader range of offenses occurring outside of the United States, including cybercrime and hacking. more

Landlord Plants Spycams - Watches While Jetsetting

Australia - An accused pervert landlord who has been charged with hiding secret cameras in tenant bathrooms could allegedly spy on renters live from wherever he was jetsetting around the world.

Barbadian-born James Maxwell, who calls himself “Tiger”, allegedly installed tiny secret spy cameras in the male bathrooms and a bedroom of the apartments in Pyrmont, Sydney, which he managed.

When police allegedly uncovered the cameras they also allegedly found an app on Mr Maxwell’s phone which enables accessing video footage from anywhere in the world...

....also alleged that Mr Maxwell had had tiny cameras in his watch and key ring... understands the cameras included a black rectangular digital clock and wall clocks in a bedroom and two bathrooms. more

Your Mobile Device Could Spill Its Guts (and worse) Get You Arrested

Last year, over 29,000 travelers had their devices searched at the US border.

A new report by the Department of Homeland Security’s internal watchdog has concluded that the agency does not always adequately delete data seized as part of a border search of electronic devices, among other concerns.

According to a new 24-page document released Tuesday by DHS’ Office of Inspector General, investigators found that some USB sticks, containing data copied from electronic devices searched at the border, "had not been deleted after the searches were completed."...

Federal authorities do not need a warrant to examine a phone or a computer seized at the border. They rely on what’s known as the "border doctrine"—the legal idea that warrants are not required to conduct a search at the border. This legal theory has been generally recognized by courts... more

Spybuster Tip #841: Device searches occur (even more often) when entering (or leaving) certain foreign countries. If you need to take your mobile device on a trip you should consider doing a data extraction on your device, before you leave... and before they do it for you.
  1. To be sure you are not carrying data that you can't afford to loose.
  2. To be sure you are not carrying contraband data (porn, propaganda, etc.).
    Remember, even erased data can be exhumed by them.
  3. To document the actually data you are taking—to counter false accusations.
Learn more here. Upon returning a spyware detection inspection is also recommended.

Tuesday, December 11, 2018

A Spycam that Sucks

Blown by
Next time you're closing a big drug deal you may want to watch the cleaner. Or more specifically their vacuum cleaner. That's right, because thanks to publicly available federal acquisition records we now know that America's Drug Enforcement Agency (DEA) has planted cameras in cleaners. Canon cameras in Shop-Vacs appear to be the latest tool in the drug war.

To be fair, we don't know it's a Shop-Vac for certain because like the brand "Hoover," "Shop-Vac" has become a generic term for a heavy-duty vacuum cleaner. The DEA could be planting surveillance equipment in a Rigid, a Craftsman or even a Stanley. What we do know for sure is that is a Canon M50B.

And we know that because it lists "custom shop vac concealment with Canon M50B" in the contract, dated November 28.

It's a good choice: The Canon VB-M50B is a network camera so video can be live-streamed - presumably to agents parked in a van nearby – and it has a very large aperture ratio, meaning that you get good color and clarity out of it even in low-light situations. more

Saturday, December 8, 2018

FutureWatch: Tooth Bugs

Sonitus Technologies, creators of the Sonitus Sensory Interface Platform, is enabling real-time wireless communications and monitoring of physiological information of users in the most challenging defense, security and commercial environments.

The company’s initial sensory platform-based solution is Molar Mic, a novel personal communications device that snaps-easily to the back teeth of a user and creates an entirely new audio interface.

By creating a new audio path (bone conduction), it eliminates the need for ear pieces, microphones and wires on a user’s head.

Incorporating a miniaturized microphone and receiver into a dime-sized mouthpiece, Molar Mic sustains unbroken two-way voice connectivity in communications networks critical to personal safety and performance across defense, public safety, aerospace, power, oil & gas, and professional applications.

Molar Mic is in its final field testing with the US Air Force. more

Friday, December 7, 2018

Flashback: "Green You're Clean - Red You're Dead"

Detecting landline telephone taps was never as easy as this, but that didn't stop the hucksters and their magazine ads. Over thirty years ago, they preyed on people seeking cheap magic bullets to protect their privacy. Here are some of these bullets.

Most of these devices will tell you if someone picks up an extension phone (assuming basic phone service). Decently constructed wiretaps remain invisible, however.

One of these devices is totally bogus. (I tested and dissected it.)

The Technical Surveillance Countermeasures (TSCM) hucksters are still out there, these days with "professional looking" websites and even more blinky light gadgets.

Need a reality check, or second opinion, before you buy?
Ask away!


Some of these gadgets date back to the 1970's. Some are still being sold today!


Detecting smartphone spyware is another story.

Thanks for viewing this collection of anti-eavesdropping mental band-aids.

Thursday, December 6, 2018

Fob-U-Less Auto Theft on the Rise ...and a solution!

As predicted in 2011, and documented in previous Security Scrapbook posts, it is time to remember where to keep your car key fob overnight... in a closed tin (cost $0.93). ~Kevin

CA - Auto theft on the rise in Toronto area, and a security expert thinks he knows why...
According to Markham automotive security specialist Jeff Bates, owner of Lockdown Security, wireless key fobs have a role to play in many recent car thefts, with thieves intercepting and rerouting their signals — even from inside homes — to open and steal cars.

...many of these thieves are using a method called "relay theft."

Key fobs are constantly broadcasting a signal that communicates with a specific vehicle, he said, and when it comes into a close enough range, the vehicle will open and start.

"The way that the thieves are getting around this is they're essentially amplifying that low power signal coming off of the push start fob," he said.

"They will prey upon the general consensus that most people are leaving their key fobs close to the front door of their home and the vehicle will be in the driveway."

The thief will bring a device close to the home's door, close to where most keys are sitting, to boost the fob's signal.

They leave another device near the vehicle, which receives the signal and opens the car.

Many people don't realize it, Bates said, but the thieves don't need the fob in the car to drive it away. more

Many thanks to our Canadian Blue Blaze Irregular (WM) for this latest alert!

Wednesday, December 5, 2018

Extortionography: Hilton Facing $100 Million Lawsuit Over Spycam Incident

A Chicago woman says she's traumatized for life because of what happened to her inside an Albany hotel room. That woman is suing the hotel chain for $100 million. 

The alleged incident happened in July 2015, but the alleged victim didn't find out about it until about two months ago. Now, she's scared for her life.

The woman had just graduated from Albany Law School. She was staying in town so that she could take the New York State Bar Exam.

Inside her hotel room, someone allegedly placed a hidden camera in her bathroom that recorded her taking a shower. The video was then posted on numerous X-rated websites.

Later there were blackmail attempts. The emailer wanted thousands of dollars to remove the video from the internet. more

Note to Hilton: A proactive due diligence defense costs about $25.00 per hotel, a price Hilton cannot afford... to pass up.

Friday, November 30, 2018

13 Members Sue Gym Over Ceiling Spycam

MI - Members of a Clinton Township gym have sued the former owner who is accused of spying on members with a hidden camera.

Thirteen members filed the lawsuit in Macomb County Circuit Court earlier this month against Matthew Krakowski, who ran Switch Crossfit gym, alleging he invaded their privacy by filming gym-goers while changing their clothes and possibly using the bathroom in private areas...

Krakowski also faces criminal charges. He initially was charged with one count of surveiling an unclothed person last May after a woman reported seeing a camera in a ceiling tile in April while she changed in a private area. Police sifted through thousands of other images garnered from Krakowski’s computer or devices and found victims to produce 13 more charges. more

Like most of these cases which hit the courts, this camera was found serendipitously, by the victim. 

Businesses involved this way have no defense. In court, the case is viewed as a respondeat superior issue—the business is responsible for the actions of their employees. Defense is costly, as are the financial penalties

A proactive due diligence defense costs about $25.00, a price your business cannot afford... to pass up.

No Matter Where You Go, There You Are

Global automakers are feeding real-time location information and dozens of other data points from electric vehicles to Chinese government monitoring centers, potentially adding to China’s rich kit of surveillance tools as President Xi Jinping steps up the use of technology to track Chinese citizens.

Generally, it happens without car owners’ knowledge, The Associated Press found.

More than 200 automakers selling electric vehicles in China — including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed start-up NIO — send at least 61 data points to government-backed monitoring platforms, under rules published in 2016. Automakers say they are merely complying with local laws, which apply only to alternative energy vehicles. more

What's Up With Taps?!?!

Thursday, November 29, 2018

A First Step Toward Making Counterespionage Actually Work

Pennsylvania High Court Finds Duty to Safeguard Employee Information

In Dittman et al. v. UPMC, the Pennsylvania Supreme Court ruled that employers have an affirmative legal responsibility to protect the confidential information of their employees. In reversing two lower court decisions, the justices ruled that by collecting and storing employees' personal information as a pre-condition to employment, employers had the legal duty to take reasonable steps to protect that information from a cyber attack. more

It's a small step, but... My cunning plan to really protect sensitive information may be catching on. The plan is explained in these two posts from about five and a half years ago...

A Cunning Plan to Protect Us from Business Espionage - March 21, 2012

Espionage Outrage Reaches the Boiling Point ...and a solution. - April 5, 2012

Dawn of the Vocal Fingerprint

The vast majority of people in developed countries now carry a smartphone everywhere. And while many of us are already well aware of privacy issues associated with smartphones, like their ability to track our movements or even take surreptitious photos, an increasing number of people are starting to worry that their smartphone is actually listening to everything they say.

There might not be much evidence for this but, it turns out, it isn’t far from the truth. Researchers worldwide have begun developing many types of powerful audio analysis AI algorithms that can extract a lot of information about us from sound alone. While this technology is only just beginning to emerge in the real world, these growing capabilities – coupled with its 24/7 presence – could have serious implications for our personal privacy.

Instead of analyzing every word people say, much of the listening AI that has been developed can actually learn a staggering amount of personal information just from the sound of our speech alone. It can determine everything from who you are and where you come from, your current location, your gender and age and what language you’re speaking – all just from the way your voice sounds when you speak.

If that isn’t creepy enough... more

Tuesday, November 27, 2018

"A Tough Year for the GRU"

Igor Korobov, head of the Russian military intelligence agency GRU, which has been accused of meddling in U.S. elections, has died in Moscow. He was 62.

The Defense Ministry said Thursday in a statement that Korobov, who led the GRU since 2016, died Wednesday of "a lengthy and grave illness," a usual Russian euphemism for cancer. His predecessor had died two years earlier, at 58.

Russian President Vladimir Putin offered condolences to Korobov's family but did not immediately name his successor...

This has been a tough year for the GRU, which has faced a series of exposures that revealed its inner workings. more

Multiple Audio/Video Eavesdropping Devices Found in Boardroom, Office and Records Room

South Africa - Science and technology minister Mmamoloko Kubayi-Ngubane has filed a complaint with the State Security Agency (SSA) after cameras were found in her office, the Sunday Times reports.

Police found multiple cameras which could record both video and sound, and could be accessed remotely.

The cameras were were reportedly placed within the minister’s boardroom, records room, and office.

According to the report, the cameras were discovered when senior managers confronted junior staff about discussions they had with the minister in her office. more

Note: The devices were only discovered when the eavesdroppers let on that they knew more than they should. Dumb on their part. 

Dumber, however, is they were not found sooner with a routine Technical Surveillance Countermeasures (TSCM) sweep, a standard practice at many organizations these days.

Can AI be Trusted with Surveillance Tasks?

China's war on jaywalking went to the next level last spring when AI-based facial recognition systems were integrated into some crosswalks, to punish jaywalkers by squirting them with water, sending them texts warning them about legal consequences of jaywalking, and/or publicly shaming them by displaying their pictures and names on large digital billboards.

Last week, this system entered a new and exciting failure mode when a traffic-cam in the port city of Ningbo captured a face displayed on the side of a passing bus, correctly identified it as belonging to Dong Mingzhu, CEO of Chinese AC giant Gree Electric Appliances, and then plastered Ms Dong's face all over a giant billboard, falsely accusing her of jaywalking. more

This Week in Spycam News

AZ - A Phoenix-based American Airlines flight attendant was sentenced to five years of probation for taking videos of men and boys using public restrooms. more

WA - Ex-South Seattle College director Gene Baker 52 was arrested last Tuesday after a teenage tenant of his told police that he had planted a camera in an alarm clock in her bedroom and that it had captured footage of her in various states of dress. more

Japan - An analysis of 406 patients who visited a sex addiction clinic here for treatment for camera voyeurism showed that they took 1,000 peeping shots on average before seeking medical help, a clinic official reported. more

S. Korea - Police recently busted a website that was used to share pornographic pictures -- including spycam porn -- arresting the suspected owner and booking 86 others without detention. more

UK - A man who took covert video footage of young women in a state of undress has been jailed for six months and placed on the sex offenders register. Jonathan Thomas Watson, 21, from Harrogate, videoed one woman as she was getting changed in a cubicle at Knaresborough Swimming Pool...Watson filmed six other females at a property in Knaresborough using similar covert means. more

FL - Investigators say a Florida teacher confessed to secretly videotaping a high school student as she changed her shirt. more

S. Korea - After a months-long investigation into Yang Jin-ho, the owner of the nation's two biggest file sharing sites, police have confirmed the existence of a million-dollar cartel for the production and distribution of spycam porn videos. Apart from owning WeDisk and Filenori, file sharing platforms where spycam clips and revenge porn were circulated, police found Yang had a hand in virtually every stage of the profitable operation. more

Monday, November 26, 2018

When VPN means Very Poor Network

Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.

"Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal.

"Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support," Migliano said.

The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. more

Kevin's Spybuster Tip # 724 - Check out Outline.

IT Director Alert - Patch Those Printers... now

Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers.
Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fax capabilities simply by sending a fax.

In July, Positive Technology shared a proof-of-concept attack that shows how attackers can compromise a corporate network via installing a customized Xerox printer firmware on a targeted printer. 

In August, HP Inc. patched hundreds of inkjet models vulnerable to two vulnerable remote code execution flaws (CVE-2018-5924, CVE-2018-5925).

Printers, security researchers say, are the Achilles Heel for network management. They sit on the network like a PC and need regular updating like any other network endpoint – but often don't. more

Tuesday, November 20, 2018

From the Don't Poop Where You are Going to Eat Files

For a century, Vienna has been the world capital of espionage.

It’s a city of world-class mystery and intrigue, as depicted in countless spy novels and films. Vienna has it all: lovely vistas, great food and wine, affordable prices, and an extraordinarily permissive environment for espionage.

In Austria, you’re free to spy on nearly whomever you want, and there are plenty of targets. Everybody has an embassy in Vienna, plus it’s the second city of the United Nations. When it comes to espionage, the only way to get in trouble in Vienna is by spying on your hosts—and that’s just what the Russians got caught doing. more

Spy Rule #629 - Don't Order Bugs Using Company Email

Eavesdropping charges have been filed against a central Illinois schools administrator who allegedly planned to secretly record a closed session of the school board.

The News-Gazette reports Champaign County State's Attorney Julia Rietz alleged Thursday that Samuel Byndom used a device disguised as a pen to record an Oct. 28 closed session of the school board. The 35-year-old Byndom is Urbana District 116's assistant superintendent of learning and instruction.

Click to enlarge.
Rietz said Urbana police have been investigating Byndom since a school district employee found an email order confirmation on a school district computer for a voice-activated recorder pen from a company called "SpyGuy."

Members of the school board members went forward with the closed session after learning about the recording device order, but searched the room before starting. They found the device and removed it. more

A New EU Spy School... with some possible strings attached.

The defense ministers of 25 EU member countries agreed Monday on a joint EU intelligence school, along with 16 other new projects, as part of their military pact...

The establishment of a joint EU spy school would be a big step forward for the bloc’s intelligence community. Until recently, a significant deepening of intelligence cooperation in the Union was blocked by the U.K., which viewed it as unwelcome competition to the Five Eyes intelligence alliance... With Brexit approaching, London no longer stands in the way.

However, eyebrows will be raised by the proposal to have Greece lead the academy, with help from Cyprus, meaning two of the EU’s members with the closest ties to Moscow would run the project. more

"So, uh, what's your Social Security number, kid?"

It's the cute toy tipped to be a Christmas hit, but there are fears ‘Dino’ the dinosaur may be vulnerable to hackers who could steal information about its young owners.

The ‘smart toy’, which is able to ‘learn’, answer questions and read bedtime stories, is among a series of technology gifts that have failed to win approval from the Mozilla Foundation...said it had been unable to determine if Dino – an internet-connected toy...uses sufficient encryption to guard against hackers.

It was also critical of the complexity of its privacy policy which includes an admission in the small print that, when a child plays with Dino, it automatically collects information about a child’s ‘likes and dislikes, interests, and other educational metrics’. more

Spybuster Tip #720 - iPhone Knows What You Did Last Summer... and how to stop it.

Your iPhone knows where you go and how often.

The feature is called Significant Locations, and it is buried deep within iPhone's reptilian brain. 

Want a peak?
  • Open Settings
  • Open Privacy
  • Open Location Services
  • Scroll to the very end and open System Services
  • Keep scrolling until you hit Significant Locations
  • At this point, you will need to sign in again.
If the feature hasn't been turned off, prepare for an eye opening surprise.

Significant Locations may include the locations of, and frequency of visits to, significant others, whom you would rather not have your other significant others know about. 

Or, if you are an investigator, it just might help you crack a case!


Monday, November 19, 2018

Renters: Beware of Creepy Landlords and their Alarm Clocks - Part II

WA - A former South Seattle College employee is in jail after allegedly putting a spy camera in an exchange student’s bedroom.

The 52-year-old man is being held in King County Jail in lieu of a $500,000 bond on suspicion of voyeurism. Q13 News is not naming the suspect because he has not yet been charged.

According to Seattle police: On Nov. 11, a foreign exchange student from South Seattle College contacted police. She said she is one of five women renting a house in the 5000 block of 16th Ave SW. The home is owned by a 52-year-old college employee who lives there. All of the renters are young women who attend the college.

The victim told police she moved into the home in September. When she moved in the suspect offered her an alarm clock. The victim accepted it. more

Note to Spies: Get a retainer.

A former employee at UBS Group AG’s French unit whose spying helped build a $6 billion tax case against the bank found the value of her work after she lost her job: 3,000 euros ($3,400).

The relatively paltry sum is all Stephanie Gibaud -- who organized events for wealthy UBS France clients before she was fired in 2012 -- got from a lawsuit she filed last year against the government to obtain 3.5 million euros. The court made its decision Thursday.

The Paris administrative court acknowledged her contribution and recognized the “stress”  she suffered for it. Gibaud, 53, was also given an official status as “an occasional assistant to the public service” seven years after she aided investigators during a surveillance mission of UBS bankers and clients at an event organized around the 2011 Roland-Garros tennis tournament. more

The Gloves are off in Thefts of U.S. Technology Secrets

 It was the great microchip heist — a stunning Chinese-backed effort that pilfered as much as $8.75 billion in patented American technology.

U.S. officials say the theft took a year to pull off and involved commercial spies, a Chinese-backed company, a Taiwanese chipmaker and employees affiliated with Micron Technology, a U.S.-based microchip behemoth.

Yet what Micron called “one of the boldest schemes of commercial espionage in recent times” is most notable because it’s not unusual. more

Renters: Beware of Creepy Landlords and their Alarm Clocks - Part I

UK - An apartment unit manager was arrested on Friday after a tenant found a secret camera hidden in their bathroom.

Police found two more hidden cameras after they detained a 49-year-old man, who works at the unit.

The resident, who is one of ten occupants living in the apartment building, called police after finding the camera in their digital alarm clock.

Police executed a search warrant and located a hidden camera, hard drive and other devices, they said on Saturday.

The man allegedly had more than 50 intimate videos of the occupants of the two units. more

Monday, November 5, 2018

Business Espionage: Ex-Employees Allegedly Steal Trade Secrets Valued At Over $400 Million

Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.

Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor was two employees with legitimate access to the data.

A federal indictment unsealed this week in the US District Court for the Northern District of California described Micron as the victim of economic espionage involving a Taiwanese semiconductor company, a state-owned company in China, and three individuals who previously worked for Micron. more

Friday, November 2, 2018

This Fortnight in Spycam News

WA - A pastor and teacher at a Christian school in Washington state was arrested earlier this week and charged with filming hundreds of voyeurism videos of female staff and students. more

UK - A voyeur was locked up after being caught with 169 video clips taken by a spy camera set up to film an unsuspecting woman. The penalties were imposed when he appeared before magistrates in the city. They were told the offence came to light when the camera was discovered and police were alerted. more

ID - A Ketchum man has been charged with one felony count of video voyeurism. A recording device found in the bathroom of a residence at the Wildwood condominium complex. The recording device was found by a guest who was staying at the residence at points between April and June, with her daughter.    The woman told Lundergreen that the device was located in the bathroom wall outlet and disguised as a USB charger. more
Japan - The secretary general of a local assembly in Yamagata Prefecture, northwest Japan is fired for voyeurism in a women's bathroom at town hall. more

PA - A West Chester University student was arrested after police said he hid a cellphone in public bathrooms in several locations, including one at West Chester University, and recorded women in various stages of undress. more

LA - A former WAFB employee who secretly recorded two female station employees using the restroom in 2017 was sentenced to four months in prison Tuesday. He was immediately handcuffed and led to prison. more

New Zealand - The man who filmed women using the shower in his Airbnb homestay then uploaded the videos to a porn site has lost name suppression and has been sent to prison for four years and four months. more

New Zealand - A home handyman who used his position of trust to spy on a female friend in her bedroom has been sentenced to three months of community detention. The offending...involved Williamson hiding a camera inside a toolbox that he left in the woman's bedroom, which he left there after performing maintenance duties in her home. The device was discovered by the woman, who contacted the police. more

FL - In a case involving allegations that a man placed hidden cameras in his adult stepdaughter’s bedroom, an appeals court Friday overturned a conviction on video-voyeurism charges because police improperly obtained evidence from a laptop computer. more

CT - A man who entered a neighbor's home through an unlocked door and allegedly installed video cameras in four spots in the home has been arrested by police. An investigation revealed that Pelgrift had entered the home and installed the videos cameras while the woman was not home. She happened to notice a camera and called the police, state police said. more

FL - Investigators say they have uncovered an extensive amount of videos and images of under-age students secretly filmed while undressing by a Bloomingdale High School teacher who was arrested last month on a video voyeurism charge. Mark Ackett, 50, who resigned as a fashion design teacher, now faces an additional 353 charges. He was first arrested on Sept. 11 — the same day a 17-year-old student in his class discovered two cell phones hidden in the classroom changing area where she and her classmates disrobed for fashion assignments. more

 S. Korea - South Korea is in the grip of a 'spycam' epidemic, with covert footage of sex, nudity and urination posted online in what amounts to a "social death penalty" for thousands of women forced to live with a pornographic shadow. The footage may be taken surreptitiously by boyfriends or captured on covert devices as small as car keys. Daily camera checks are now part of life for cleaners in many public toilets. more

FL - A massage therapist was arrested over the weekend and charged with video recording a female customer disrobing prior to an appointment. ... Further investigation indicates that Scott had placed a cellphone in the massage room to video record the customer while she was undressing. more

NM - A Dona Ana County man is facing time behind bars for hiding video cameras in bathrooms and capturing video of victims using the restroom, showering, and changing clothes. ... Police say Ikard's face was even seen on some of the videos as he worked to set up the cameras. more

UK - A retired company director who covertly filmed a young woman getting changed at his luxury home has been jailed for eight months. Allan Austin, 66, installed a hidden spy camera at his home in Cheshire because he 'liked the figure' of the victim. When officers searched Austin's £500,000 detached house in the village of High Legh, near Knutsford, Cheshire they found the hidden camera which was linked to his computer and iPad. more

The above cases represent only the failures, the ones that got caught. The problem is much larger. Learn how to protect yourself and your children.

A video spycam (with audio recording) we found last Friday at a corporate location...

Now, on to the Extortionography cases. Hey, the elections are here, and the tech fists are flying.

ND - James O'Keefe's Project Veritas released a new undercover video on Tuesday night showing vulnerable Sen. Heidi Heitkamp's (D-ND) campaign staff exposing her as being a far-left candidate while she has tried to portray herself as being centrist, saying, "when she gets elected she's going to be super liberal." more

VA - A conservative group that creates undercover “sting” videos infiltrated the campaign of Abigail Spanberger, a Democrat in a tight race with Rep. Dave Brat in Virginia’s 7th District. more

AZ - A right-wing operation that creates secretly recorded videos targeted Democratic U.S. Rep. Kyrsten Sinema, who's running a tight race for U.S. Senate, releasing a video Monday with several clips of the representative and her campaign workers making candid off-the-cuff comments. more

MO - An undercover video exposed a Democrat senator's re-election campaign for secretly taking donations from Planned Parenthood. The video, from conservative activist group Project Veritas, shows campaign workers for Democrat Sen. Claire McCaskill of Missouri talking about how Planned Parenthood funnels money to McCaskill's campaign through other organizations. more

CA - New undercover video appears to show signature gatherers pitching falsehoods to voters get them to sign petitions that would force the massive Newland Sierra development to a public vote. more

Thanks for subscribing to Kevin's Security Scrapbook (see top right column). ~Kevin 

Security Director IT Alert: New Corporate Network Attack Vulnerability

Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies. 

Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments (and used in millions of wireless access points) open corporate networks to crippling stealth attacks.

Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable devices. A compromised access point can then lead to an attacker taking control of the access point, capturing all traffic, and then using the compromised device as a springboard for further internal attacks.

The issue impacts Wi-Fi access points made by Cisco, Cisco Meraki and Hewlett-Packard Enterprise’s Aruba, accounting for a large percentage of hardware used in corporations, according to researchers at Israeli security firm Armis. The firm discovered the two bugs earlier this year and publicly disclosed them on Thursday.

Attacks can be devastating and carried out by unauthenticated users who can exploit these bugs and break into enterprise networks undetected while sitting in the company’s lobby,” said Ben Seri, head of research at Armis.

...there is concern that the BleedingBit vulnerabilities could impact a larger universe of BLE devices, such as smart locks used in hotel chains and point-of-sale hardware.

Last year, Armis discovered a nine zero-day Bluetooth-related vulnerabilities, dubbed BlueBorne, in Bluetooth chips used in smartphones, TVs, laptops and car audio systems. The scale of affected devices was massive, estimated to impact billions of Bluetooth devices. more

Recommendation: If your company uses devices made by the manufacturers mentioned, contact them for software patches. ~Kevin

Thursday, November 1, 2018

Spy Shop Bat Man Shows No Brotherly Love

NJ/PA - The superintendent of a Cumberland County school district is facing criminal charges after allegedly attacking a Philadelphia surveillance equipment store employee with a baseball bat.
Michael Knox, the superintendent of the Fairfield Township School District, faces charges of aggravated assault, possessing an instrument of crime, making terroristic threats and simple assault, court records show.

According to NBC 10 Philadelphia, Knox allegedly had a business arrangement with the shop to spy on his wife for an unknown matter. He thought the store was doing a bad job with the surveillance, NBC reported, leading him to attack an employee inside the store. more

Apple's New T2 Chip - An Eavesdropper Stopper

At a recent event in New York, Apple finally refreshed its MacBook Air lineup, and the new laptops come with a refreshing new capability — warding off hackers or spies from eavesdropping on your microphone.

According to Apple’s new T2 security guide, both, the new MacBook Air, and the MacBook Pro use the new T2 chip, which helps protect the device’s encryption keys, storage, fingerprint data, and secure boot features.

Per the guide, the T2 chip comes with a hardware microphone disconnect feature, which physically cuts the device’s microphone from the rest of the hardware whenever the lid is closed. more

Is Your Boss Spying on You?

(Modern workplace "spying" began with the time clock back in 1888.)

New numbers show almost every single employer is spying on employees.

From keeping an eye on your internet usage to tracking your car, NBC Charlotte found out how they're doing it and if it's legal.

"It's getting to a point people are realizing they don’t have much privacy in the workplace," said Kevin Murray. more

P.S. Make sure your employees are not spying on you.

Thursday, October 25, 2018

Business Espionage: "A Sellout and a Spy"

Delaware's Incyte Corp. is in court this week seeking hundreds of millions of dollars from a former-Silicon Valley competitor.

The Wilmington pharmaceutical company argues in a lawsuit that its rival, Flexus Biosciences, in 2014 stole trade secrets for a drug that at the time was thought to have enormous potential for the treatment of tumors. 

During opening statements on Tuesday, Incyte attorney Steve Wood told jurors that Flexus employed the services of "a spy and a sellout" to steal information about blood tests and about how the drug metabolizes in a patient's body. more

Ex-employee Accuses Huawei of 'Corporate Espionage'

A former employee of Huawei Technologies Co has accused the company of using a lawsuit against his Silicon Valley startup as part of a strategy to steal intellectual property and help China achieve technological dominance over the US. more

M, I, See... see you real soon...

The park around Lake Eola offers a great view of the downtown skyline, but Orlando police said someone's been peeping into some of the apartments closer than the naked eye can see with either a super high-powered camera or a drone.

"I don't even think about people watching me or anything like that. So, to me, that's just mind-blowing, honestly,” said downtown resident Mary Pericles.

Women who live in The Waverly and Post Parkside apartments say they've seen a drone flying outside their windows at least three times. more

File Under: You Can't Do That in the Private Sector

UK - A former Royal Marine carried out body searches on his girlfriend, placed bugging devices in her bedroom and installed a tracking device on her mobile phone due to his paranoia over her alleged infidelity.

In the first conviction of coercive and controlling behaviour offences secured at Grimsby Crown Court, Lee Jensen received a 12-month suspended sentence.

The prosecutor said bugging devices were concealed under cushions in her bedroom by Jensen, so he could listen to her. He subjected her to body checks. He prevented her from visiting her own GP.

After the relationship ended he made "futile threats to burn her house down". more sing-a-long

Making Security Grate Again - Part II

China has jokingly suggested that US President Donald Trump should swap his Apple iPhone for a Chinese model, as it denied a report claiming Beijing was bugging his private calls. more

Making Security Grate Again

When President Trump calls old friends on one of his iPhones to gossip, gripe or solicit their latest take on how he is doing, American intelligence reports indicate that Chinese spies are often listening — and putting to use invaluable insights into how to best work the president and affect administration policy, current and former American officials said.

Mr. Trump’s aides have repeatedly warned him that his cellphone calls are not secure, and they have told him that Russian spies are routinely eavesdropping on the calls, as well. But aides say the voluble president, who has been pressured into using his secure White House landline more often these days, has still refused to give up his iPhones. White House officials say they can only hope he refrains from discussing classified information when he is on them. more

Saturday, October 6, 2018

Print Centers Leak Information

These behemoth systems do far more than just make copies,
confusing their users, and opening up vulnerabilities to the company. Although copying may be the main business of the machines, they can also scan, fax, send and receive vital company information — all in one place. Essentially, these machines have become a networking hub within the workplace, where each new action or service provides a new opportunity for exploitation wirelessly, by ethernet cable, or by both.

Researchers have recently been investigating access on printer/copiers as a potential opportunity for information leakage or industrial espionage, or even sabotage. In a January 2017 Quocira survey of 200 US and European businesses, more than half reported some data loss through intercepted print jobs (50%), access and loss or theft of printer hard disk data (48%), documents emailed externally (44%), or outright hacking of the printer system to gain company network access (18%). Some hackers have been very clever in attacking these systems. more

Tech-Head Alert: Smartphone Anti-Spyware & Anti-IMSI Catcher Development

We are looking for recommendations of top tier stealthy Spyware Command and Control APKs to place on a testbed of Windows, iOS, Android, Ubuntu handsets and handsets carrying a modded version of the Google Android 7.0 Nougat OS for a test that we wish to conduct to measure the capture rate and automated counter measure response of a mobile adaptive threat defence suite.

We are also looking for a list of non-LE "StingRay" type cellphone-surveillance and cell-site simulators available publicly as part of our testing of our MITM detection, automated counter measures response, and triangulation software suite. more

Resources for Investigators

The Reporters Committee for Freedom of the Press serves the nation’s leading news organizations; thousands of reporters, editors, and media lawyers; and many more who use their online and mobile resources. Private and corporate investigators will find the resources below especially useful.

Friday, October 5, 2018

More Than 200 Companies Making Counter-Drone Systems

The ability of unmanned aerial vehicles to fly legally over fences, walls and property lines is disrupting more than just the few industries that use drones commercially. 

As the drone market grows, so does the anti-drone market. The market for products that track, trap or break unmanned aerial vehicles (UAV) is growing alongside the market for drones, much of it driven by fear that UAVs could be weaponized by terrorists or used as platforms for corporate espionage.

This is less far-fetched than it sounds. One tech industry executive told Semiconductor Engineering that he recently found a drone hovering outside his 45th-floor hotel room in Shanghai. He immediately closed his laptop computer.

“There is a laundry list, more than 200 companies, making counter-drone systems of one kind or another, and they do market mitigation capabilities that most people can’t use,” Michael Blades said. “But drones are cheap to get, easy to fly, and are not always easy to see. So if a company is concerned about trade secrets, or even just about the security to know if there’s anyone around taking pictures, they might look into countermeasures.more

Carvercon 2018 - Washington, DC - November 16

Security Management International (SMI) is pleased to host the inaugural CARVER Target Analysis and Vulnerability Assessment Convention in Washington, D.C. on Friday, November 16th, 2018 from 8am – 5pm. The event will be in Washington D.C. at the Washington Marriott Metro Center with a continental breakfast, lunch, and light fare in the afternoon.

This one-day event will cover a range of topics related to protecting critical infrastructure and key resources, utilizing the CARVER Target Analysis and Vulnerability Assessment Methodology as a foundation for discussion. The latest innovations in assessment technology, recent case studies, and best practices for identifying and minimizing security threats will all be addressed.

Featured speakers include retired CIA officer and the “Godfather of CARVER,” Leo Labaj, former Deputy Director of the FBI, William Esposito, former US National Security Advisor and Supreme Allied Commander, General James Jones, plus many more. more

Wednesday, October 3, 2018

Have Xfinity? Your Wi-Fi is Scared

"In addition to saying “Help” into your Voice Remote, you can directly ask for what you need.  For example, say “What’s my WiFi password?” and your WiFi network name and password will show up on the tv screen.

Keep exploring your WiFi information and you will find different ways to manage your network, including viewing WiFi usage across devices in your home. You can also do this on-the-go with the Xfinty xFi app." more

Wi-Fi security is important, especially if you are using it in a business environment. ~Kevin

Friday, September 28, 2018

"What, you're still on Facebook?!?!"

Today, Facebook says it recently discovered a security breach affecting nearly 50 million user accounts. more

Yesterday, Facebook confirmed that advertisers were privy to phone numbers given by members of the social network for enhanced security.

A study by two US universities, first reported by news website Gizmodo, found that phone numbers given to Facebook for two-factor authentication were also used to target advertising. more

Thursday, September 27, 2018

Recent Criminal Prosecutions for Trade Secret Theft

via Megan Mocho Jeschke, Holland & Knight LLP
Theft of trade secrets typically spurs civil actions against the offender, but theft of trade secrets can also be prosecuted criminally under the Economic Espionage Act, 18 U.S.C. § 1831 et seq. (the “Act”) and other related statutes. Several high-profile arrests, convictions, and indictments have come down in recent months highlighting the Department of Justice’s active enforcement in this area...

The Act makes it a crime to steal trade secrets or obtain trade secrets knowing them to have been stolen. 18 U.S.C. § 1831(a). The Act broadly defines trade secrets to include
all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing
provided that the owner takes “reasonable measures to keep such information secret” and the continued secrecy of the information has actual or potential “independent economic value.” 18 U.S.C. § 1839. Violators can be imprisoned and/or fined. Violators who intend to benefit a foreign government face higher penalties. more

Recent Spycam News

AR - A Northeast Arkansas man accused in a video voyeurism case pleaded guilty Monday. more

CA - Former Rancho Palos Verdes building inspector accused of secretly recording 89 people in City Hall, Starbucks restroom. more

DC - Fifty-two women secretly videotaped by an Orthodox rabbi in Georgetown between 2004 and 2014 as they undressed to immerse in a mikvah, a Jewish ritual bath, will get $25,000 each if a settlement reached between them and four Jewish organizations is approved by a D.C. judge. more

FL - Fort Myers Arthrex employee secretly recorded co-worker using bathroom. more

FL - A man who installs security systems for a living is accused of setting up hidden cameras in a home and recording hundreds of videos of women in the shower. more

Fl - A teacher and girls track coach left Bloomingdale High School in handcuffs on Tuesday after deputies said he admitted to secretly recording students in his fashion design class as they undressed. more
KY - A former teacher at Holy Rosary Catholic School in Evansville has pleaded guilty to six charges in a voyeurism case. more

PA - Philadelphia man sentenced to 20 years for secretly recording his girlfriend’s two daughters in bathroom. more

TX - A father suspicious of what was going on at his son's daycare sent the baby rigged with a spycam. His suspicions turned out to be right. more

UT - Salt Lake man charged in changing room voyeurism case. more

VT - There are new allegations against the former Rice Memorial High School teacher charged with secretly taking cellphone photos up students' skirts. more

WA - A Western Washington University employee, who committed suicide this week, had been accused of secretly video-recording two adult basketball players inside a locker room shower. more

WA - A man who videotaped a young girl as she was showering was sentenced to serve 90 days in jail for voyeurism. more

WV - Women's basketball players were photographed secretly in nude by assistant coach/residence hall director. more

Belgium - Every year, police records more acts of voyeurism. In 2016, 366 offenses were recorded, and even 857 in 2017, while in 2014 and 2015, the figures were respectively 108 and 112. more

Canada - Peterborough police have arrested a man on a warrant for several charges including voyeurism involving a woman he once had an intimate relationship with. more

Canada - A British couple vacationing in Toronto were horrified to discover a spy camera hidden in a digital clock at their rental apartment. more

Japan - Kumamoto Prefectural Police have arrested a male civic employee over the alleged illicit filming of a female high school student. more

Singapore - Apart from new laws to tackle the issue of voyeurism, various stakeholders such as malls and security companies should step up efforts to deter the use of hidden cameras in public toilets, said Members of Parliament (MPs) and activists. more   Finding spycams in the workplace.

South Korea - A spycam was discovered in the room for actress Shin Se-kyung and Apink’s Yoon Bo-mi while they were shooting for new variety program “Borderless Food Cart.” more

South Korea - Public toilets an issue of concern in South Korea for thousands of women. more