Saturday, October 6, 2018

Print Centers Leak Information

These behemoth systems do far more than just make copies,
confusing their users, and opening up vulnerabilities to the company. Although copying may be the main business of the machines, they can also scan, fax, send and receive vital company information — all in one place. Essentially, these machines have become a networking hub within the workplace, where each new action or service provides a new opportunity for exploitation wirelessly, by ethernet cable, or by both.

Researchers have recently been investigating access on printer/copiers as a potential opportunity for information leakage or industrial espionage, or even sabotage. In a January 2017 Quocira survey of 200 US and European businesses, more than half reported some data loss through intercepted print jobs (50%), access and loss or theft of printer hard disk data (48%), documents emailed externally (44%), or outright hacking of the printer system to gain company network access (18%). Some hackers have been very clever in attacking these systems. more

Tech-Head Alert: Smartphone Anti-Spyware & Anti-IMSI Catcher Development


We are looking for recommendations of top tier stealthy Spyware Command and Control APKs to place on a testbed of Windows, iOS, Android, Ubuntu handsets and handsets carrying a modded version of the Google Android 7.0 Nougat OS for a test that we wish to conduct to measure the capture rate and automated counter measure response of a mobile adaptive threat defence suite.

We are also looking for a list of non-LE "StingRay" type cellphone-surveillance and cell-site simulators available publicly as part of our testing of our MITM detection, automated counter measures response, and triangulation software suite. more

Resources for Investigators

The Reporters Committee for Freedom of the Press serves the nation’s leading news organizations; thousands of reporters, editors, and media lawyers; and many more who use their online and mobile resources. Private and corporate investigators will find the resources below especially useful.

Friday, October 5, 2018

More Than 200 Companies Making Counter-Drone Systems

The ability of unmanned aerial vehicles to fly legally over fences, walls and property lines is disrupting more than just the few industries that use drones commercially. 

As the drone market grows, so does the anti-drone market. The market for products that track, trap or break unmanned aerial vehicles (UAV) is growing alongside the market for drones, much of it driven by fear that UAVs could be weaponized by terrorists or used as platforms for corporate espionage.

This is less far-fetched than it sounds. One tech industry executive told Semiconductor Engineering that he recently found a drone hovering outside his 45th-floor hotel room in Shanghai. He immediately closed his laptop computer.

“There is a laundry list, more than 200 companies, making counter-drone systems of one kind or another, and they do market mitigation capabilities that most people can’t use,” Michael Blades said. “But drones are cheap to get, easy to fly, and are not always easy to see. So if a company is concerned about trade secrets, or even just about the security to know if there’s anyone around taking pictures, they might look into countermeasures.more

Carvercon 2018 - Washington, DC - November 16

Security Management International (SMI) is pleased to host the inaugural CARVER Target Analysis and Vulnerability Assessment Convention in Washington, D.C. on Friday, November 16th, 2018 from 8am – 5pm. The event will be in Washington D.C. at the Washington Marriott Metro Center with a continental breakfast, lunch, and light fare in the afternoon.

This one-day event will cover a range of topics related to protecting critical infrastructure and key resources, utilizing the CARVER Target Analysis and Vulnerability Assessment Methodology as a foundation for discussion. The latest innovations in assessment technology, recent case studies, and best practices for identifying and minimizing security threats will all be addressed.

Featured speakers include retired CIA officer and the “Godfather of CARVER,” Leo Labaj, former Deputy Director of the FBI, William Esposito, former US National Security Advisor and Supreme Allied Commander, General James Jones, plus many more. more

Wednesday, October 3, 2018

Have Xfinity? Your Wi-Fi is Scared

"In addition to saying “Help” into your Voice Remote, you can directly ask for what you need.  For example, say “What’s my WiFi password?” and your WiFi network name and password will show up on the tv screen.

Keep exploring your WiFi information and you will find different ways to manage your network, including viewing WiFi usage across devices in your home. You can also do this on-the-go with the Xfinty xFi app." more

Wi-Fi security is important, especially if you are using it in a business environment. ~Kevin

Friday, September 28, 2018

"What, you're still on Facebook?!?!"

Today, Facebook says it recently discovered a security breach affecting nearly 50 million user accounts. more

Yesterday, Facebook confirmed that advertisers were privy to phone numbers given by members of the social network for enhanced security.

A study by two US universities, first reported by news website Gizmodo, found that phone numbers given to Facebook for two-factor authentication were also used to target advertising. more

Thursday, September 27, 2018

Recent Criminal Prosecutions for Trade Secret Theft

via Megan Mocho Jeschke, Holland & Knight LLP
Theft of trade secrets typically spurs civil actions against the offender, but theft of trade secrets can also be prosecuted criminally under the Economic Espionage Act, 18 U.S.C. § 1831 et seq. (the “Act”) and other related statutes. Several high-profile arrests, convictions, and indictments have come down in recent months highlighting the Department of Justice’s active enforcement in this area...

The Act makes it a crime to steal trade secrets or obtain trade secrets knowing them to have been stolen. 18 U.S.C. § 1831(a). The Act broadly defines trade secrets to include
all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing
provided that the owner takes “reasonable measures to keep such information secret” and the continued secrecy of the information has actual or potential “independent economic value.” 18 U.S.C. § 1839. Violators can be imprisoned and/or fined. Violators who intend to benefit a foreign government face higher penalties. more

Recent Spycam News

AR - A Northeast Arkansas man accused in a video voyeurism case pleaded guilty Monday. more

CA - Former Rancho Palos Verdes building inspector accused of secretly recording 89 people in City Hall, Starbucks restroom. more

DC - Fifty-two women secretly videotaped by an Orthodox rabbi in Georgetown between 2004 and 2014 as they undressed to immerse in a mikvah, a Jewish ritual bath, will get $25,000 each if a settlement reached between them and four Jewish organizations is approved by a D.C. judge. more

FL - Fort Myers Arthrex employee secretly recorded co-worker using bathroom. more

FL - A man who installs security systems for a living is accused of setting up hidden cameras in a home and recording hundreds of videos of women in the shower. more

Fl - A teacher and girls track coach left Bloomingdale High School in handcuffs on Tuesday after deputies said he admitted to secretly recording students in his fashion design class as they undressed. more
 
KY - A former teacher at Holy Rosary Catholic School in Evansville has pleaded guilty to six charges in a voyeurism case. more

PA - Philadelphia man sentenced to 20 years for secretly recording his girlfriend’s two daughters in bathroom. more

TX - A father suspicious of what was going on at his son's daycare sent the baby rigged with a spycam. His suspicions turned out to be right. more

UT - Salt Lake man charged in changing room voyeurism case. more

VT - There are new allegations against the former Rice Memorial High School teacher charged with secretly taking cellphone photos up students' skirts. more

WA - A Western Washington University employee, who committed suicide this week, had been accused of secretly video-recording two adult basketball players inside a locker room shower. more

WA - A man who videotaped a young girl as she was showering was sentenced to serve 90 days in jail for voyeurism. more

WV - Women's basketball players were photographed secretly in nude by assistant coach/residence hall director. more

Belgium - Every year, police records more acts of voyeurism. In 2016, 366 offenses were recorded, and even 857 in 2017, while in 2014 and 2015, the figures were respectively 108 and 112. more

Canada - Peterborough police have arrested a man on a warrant for several charges including voyeurism involving a woman he once had an intimate relationship with. more

Canada - A British couple vacationing in Toronto were horrified to discover a spy camera hidden in a digital clock at their rental apartment. more

Japan - Kumamoto Prefectural Police have arrested a male civic employee over the alleged illicit filming of a female high school student. more

Singapore - Apart from new laws to tackle the issue of voyeurism, various stakeholders such as malls and security companies should step up efforts to deter the use of hidden cameras in public toilets, said Members of Parliament (MPs) and activists. more   Finding spycams in the workplace.

South Korea - A spycam was discovered in the room for actress Shin Se-kyung and Apink’s Yoon Bo-mi while they were shooting for new variety program “Borderless Food Cart.” more

South Korea - Public toilets an issue of concern in South Korea for thousands of women. more

Monday, September 24, 2018

Corporate Espionage: Employees Solicited to Sell Company Secrets

There's a booming job market for corporate insiders willing to share secret info with cyber criminals.
  • Amazon said this week it's investigating whether company insiders have been selling proprietary information to buyers in Asia in order to give them a selling advantage.
  • Many companies, especially in big technology, banking and telecom, face heavy incentives overseas for employees to sell internal information or access.
  • The problem is so common that in some jurisdictions, criminal enterprises post "job ads" looking for specific insiders to aid in targeted schemes.
"The salaries listed are quite high, sometimes 10 times what the average salary for an average job at a bank would be...They look for people who can tell them how to log in and how to connect to certain accounts" ~Ziv Mador more

Saturday, September 22, 2018

Snake Eyes

A Pittsburgh woman is suing Rivers Casino, members of its security staff, her ex-husband, and his lawyer, claiming they used the casino’s video surveillance system to spy on her while she was gambling there last fall...

Clerici then alleges Rivers’ security staff handed the recordings over to her ex-husband’s lawyer, Dennis McCurdy, in compliance with a subpoena the casino should have known was invalid. more

Wiretep Fun Fact: Estonia Beats Sweden and Findland

According to weekly Eesti Ekspress, last year Estonia's security authorities eavesdropped on a total of 4,596 calls made in provider Telia's network.

The same company's Swedish network was accessed by the Swedish authorities 3,822 times. Taking into account the countries' populations as well as Telia's market share, this means that the Estonian state's phone surveillance is ten times that of Sweden, the paper wrote.

Telia also operate a phone network in Finland, where the state listened in on 3,640 calls last year. Taking into account market share and population, this is more than the number recorded in Sweden, but still five times less than in Estonia. more

Business Espionage: You Have a Friend in Philly

If someone is stealing your company's secrets, U.S. Attorney William M. McSwain wants to hear from you...

In the span of a couple weeks, McSwain's office secured two guilty pleas from two scientists who admitted taking part in a conspiracy to siphon cancer drug research from GlaxoSmithKline's Upper Merion offices, destined for a company that had financial backing from the Chinese government...

The pilfering of a company's proprietary work comes down to "economic warfare," McSwain said. "It's simply not fair for this information to be stolen and then for people to lose their jobs because of it." more sing-a-long

Smartphone Spying – All They Need is Your Number and You're Pegged

When an Israeli entrepreneur went into a meeting with the infamous spyware vendor NSO, company representatives asked him if it would be OK for them to demo their powerful and expensive spying software, known as Pegasus, on his own phone.

The entrepreneur, who spoke to Motherboard on condition of anonymity because he was not authorized to talk about the meeting, agreed, but said that NSO would have to target his other iPhone, which he brought with him and had a foreign phone number. He gave NSO that phone number and put the phone on the desk.

After “five or seven minutes,” the contents of his phone’s screen appeared on a large display that was set up in the meeting room, all without him even clicking on a malicious link, he said.

“I see clicking on all kinds of icons: email icon, SMS icon, and other icons,” he told Motherboard. “And suddenly I saw all my messages in there and I saw all the email in there and they were capable to open any information that was on my [iPhone].”

The entrepreneur added that the NSO representatives accessed the microphone and the camera on his iPhone. That demonstration highlighted the power of an increasingly popular product among governments: software for remotely hacking phones in order to access communications and other data from targets. more

UPDATE
Pegasus malware officially a global brand.


NSO Group's Pegasus surveillanceware has been on the market for around two years, and now researchers say the spyware has a global reach that would make most multinational corporations jealous.

CitizenLab reports that its latest analysis of the malware has found it operating in some 45 countries, usually in the hands of governments looking to keep tabs on its citizens. more
 

EU Fears its Brexit Talks Are Being Bugged

The European Union’s Brexit negotiators fear that they are being bugged by the British secret service after the UK obtained sensitive documents “within hours” of them being presented to a meeting of EU officials last month, The Telegraph understands.

A highly placed EU source revealed the security concerns as British negotiators were set to return to Brussels on Thursday to resume Brexit talks.

The two sides remain far apart on the key issues of customs arrangements and Ireland, with Latvia’s foreign minister warning on Wednesday that the risk of a ‘no deal’ outcome was now “50-50”. more

Thursday, September 20, 2018

Amazing: The World's Tiniest Camera Gets Smaller

Ultra Tiny Camera
Model: MD-B1000(UVC), MO-B1000(CVBS)
1/36" Color CMOS (OVM6948) sensor with 200x200 @30fps resolution and built-in 120-degree wide angle lens. The super tiny size is suitable for medical or industrial products.   Coming soon.... Video Demo

Wednesday, September 19, 2018

Royally Bugged - The CInderella Syndrome

Meghan Markle’s estranged half-sister Samantha Markle is reportedly living in fear, claiming that her house is bugged.

Markle’s status as a British Royal is reportedly wreaking havoc on her paternal family members
, at least according to her half-sister. On Tuesday, Samantha, who recently compared Prince Harry to a hamster, claimed on Twitter that her house is bugged and someone is watching her.

“To the morons sitting in the van running a mobile router to tap my phone, close your zippers, your shrinky dinks are visible," she wrote on her private account, according to Cosmopolitan, making good use of a classic GIF of Joey from Friends.

Although she failed to state who she believes is watching her, she did claim that this is not a one-time occurrence, as her previous home had reportedly been bugged as well. more

Weird: Wiretapper Causes Car Accident After Installation

Ukraine - The staff of the National Anti-Corruption Bureau of Ukraine (NABU) ran over a law enforcement officer and caused a car accident after installation of wiretapping in the building of the Specialized Anti-Corruption Prosecutor's Office (SAPO). Head of SAPO Nazar Kholodnytsky claimed this at the briefing.

It is noted that illegally installed wiretapping by the staff of NABU was discovered in the courtyard of SAPO, today. Also, a car with the personnel of NABU was detected near the administrative building.

‘Suddenly, the special forces of the Anti-Corruption Bureau appeared when the police arrived. The SAPO driver was forcibly taken out from the office car. My understanding is that the NABU employee took his seat, willfully ran the VAN over the personnel of the State Security Administration and the rest of the people. “Pajero” and two other cars were involved in the car accident. The accident is being registered,’ Kholodnytsky noted.

He added that the injured driver of SAPO is in a hospital right now with an initial diagnosis of a broken arm. more

Saturday, September 15, 2018

FutureWatch: Spying on a Computer Screen Via the Microphone

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia": a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."

The research, supported by the Check Point Institute for Information Security at Tel Aviv University (of which Schuster and Tromer are members) and funded in part by the Defense Advanced Research Projects Agency, examined what amounts to an acoustic form of Van Eck phreaking. While Van Eck phreaking uses radio signal emissions that leak from display connectors, the Synesthesia research leverages "coil whine," the audio emissions from transformers and other electronic components powering a device's LCD display. more

Friday, September 14, 2018

The Cold Boot Attack is Back – Don't Leave Laptops Unattended

Credit: F-Secure
Cybersecurity vendor F-Secure announced today that "nearly all modern computers" are vulnerable to a cold boot attack (via a USB stick) that overrides existing safeguards. This attack can give someone access to laptop firmware and, therefore, encryption keys and other private data...

This vulnerability is particularly worrisome for organizations that regularly handle sensitive information, such as banks or government agencies, because the information gathered from a compromised laptop could let hackers work their way into other systems...

Because the attack requires physical access, it's also hard to know if someone has already discovered and used it. F-Secure characterized the attack as something that a low-level hacker might not discover but that anyone interested in corporate espionage or the like would be very interested in. Organizations have to decide if they want to proceed as if they were affected, which could be costly, or if they'll ignore the issue.

F-Secure advised concerned organizations to require Bitlocker PIN entry when a laptop powers up or restarts, to make sure employees force the laptops to shut down or hibernate instead of going into sleep mode and to keep laptops safe and have a plan for if they go missing. Aside from those steps, however, it's up to the laptop industry to make sure their products aren't susceptible to this modified attack. more

Q.v. USB Stick Warnings

Thursday, September 13, 2018

FutureWatch: The AI Eye of Providence, or Silcon Santa Surveillance

NICE Actimize, a NICE business and the leader in Autonomous Financial Crime Management, is hosting a series of global events to educate financial services organization (FSO) professionals on the challenges of electronic communications (eComms) surveillance and which are designed to demonstrate how its innovative Intelligent eComms Surveillance solution can transform compliance and conduct risk management, while avoiding reputational damage and fines...

Powered by artificial intelligence and automation, NICE Actimize’s Intelligent eComms Surveillance solution is a comprehensive platform for automating employee surveillance and investigations. The solution provides a single platform for monitoring 100 percent communications across all communication channels, including voice, so analysts can easily uncover hidden conduct risks, collusion, and insider trading...

...it supports hundreds of data types and can connect to, ingest and index data from storage vaults containing emails, instant messages, chat room communications, social media threads, text messages and voice calls...

NICE Actimize’s Intelligent eComms Surveillance solution uses Natural Language Understanding (text analytics and linguistics), machine learning and intelligent analytics (all fine-tuned for financial markets) to comprehend the true context of conversations and accurately identify risk...

This systematic approach enables firms to identify suspicious communications with unprecedented accuracy... more

Keep in mind, the financial world had the initial need and means to develop this. Once evolved and rolled-out you can bet it will be customized for other uses. Eventually... click here.  ~Kevin

Feds Charge 4 State-Owned Companies with Economic Espionage

U.S. Four Chinese state-owned companies were arraigned in federal court in California on charges of economic espionage, prosecutors announced Friday.

Pangang Group Company, Ltd. and three of its subsidiaries allegedly conspired with Chinese nationals Hou Shengdong and Dong Yingjie to acquire stolen or misappropriated trade secrets involving the production technology for chloride-route titanium dioxide, also known as TiO2, from the DuPont company...

TiO2 is commonly used as a white pigment in paints after the use of lead oxide was banned several years ago...It is also used as a pigment in inks, plastics, cosmetics, soap, toothpaste and food.

"DuPont had developed the technology and controlled a significant amount of the world's TiO2 sales," prosecutors said. "The defendants are alleged to have obtained confidential trade secret information including photographs related to TiO2 plant technologies and facilities."

The Pangang companies, along with Hou and Dong, are also accused of paying an Oakland company $27,000,000 between 2006 and 2011 for assistance in obtaining DuPont's trade secrets. more Official Press Release

Couple Find Spycam in Vacation Rental Unit

A British couple vacationing in Toronto were horrified to discover a spy camera hidden in a digital clock at their rental apartment.

Dougie Hamilton, 34, from Glasgow, realized that the clock was “connected to a wire like a phone charger”.

He now fears whoever planted the camera at the Airbnb may have recorded clandestine footage of him and his girlfriend.

Hamilton told Scotland’s Daily Record that the property’s host had at least half a dozen other properties for lease on Airbnb, accompanied by numerous reviews.

“I just happened to be facing this clock and was staring at it for about 10 minutes. There was just something in my head that made me feel a bit uneasy.”

A recent video he saw on social media about spy cameras made him increasingly concerned. more

Lesson: Trust your instincts. The thought would never have occurred to you if everything were fine. This applies to all electronic surveillance devices: bugs, taps, smartphone and computer spyware, spy cameras, and corporate espionage. ~Kevin

In other news... (You can't make this stuff up.)

A woman accused of gunning down her chef husband is a self-published romance writer who once penned an essay titled "How to Murder Your Husband."

She has also written such titles as "The Wrong Husband," a 2015 novel about a woman who escapes an abusive spouse during a shipwreck in the Mediterranean and falls in love with one of the men sent to find her.

"Divorce is expensive, and do you really want to split your possessions?" she wrote in a section about financial motives. more

Apparently, others have had similar thoughts...

Spycam Conviction — Chalk One Up for the Good Guys

Roger Wallach, 38, of Philadelphia, PA was sentenced today to 240 months in federal prison for manufacturing videos and images of two girls, ages 10 and 11, over a period of three months.

Wallach previously pleaded guilty to nine counts of manufacturing and attempting to manufacture child pornography, and one count of possession of child pornography. As part of his guilty plea, Wallach admitted that he concealed a spy watch in a bathroom and surreptitiously recorded the 10- and 11-year-old girls as they undressed, used the bathroom, and showered. He also used the webcam on his laptop computer to record them undressing and in various states of nudity. All total, he had hundreds of sexually explicit images of both girls that he saved on his cell phone, in his iCloud account, on his laptop, and on the memory of his spy watch.

In addition to the term of imprisonment, the court imposed a 20-year term of supervised release and ordered that the defendant undergo a sex offender evaluation and treatment after his release from federal prison. more

Wednesday, September 12, 2018

Industrial Espionage: The Deafening Sounds of a Rip-Off

Apple designed an iPhone. 

Motorola wanted one, too. 

Industrial espionage?!?! 

You decide.

Welcome to the business zoo.

Spybuster Security Tip #748: The Lost Smartphone Recovery Trick

Chances are, if you lose your smartphone the screen will look like this to whoever finds it. 
(If your phone is not password protected do that now.)

This presents a problem to the good Samaritan who finds it. They don’t know to whom the phone should be returned.

Sure, you could call the phone and hope they answer, or try using the ‘find my phone feature’, but that takes time and a positive result is iffy.

Solution…

Give the finder a helpful clue as to who you are. Customize your background wallpaper to include some information about you.

Including an email address is a very good start. Now they know how to contact you. If you want to keep your real email address private, create a nondescript google/yahoo/hotmail account just for this purpose.

If your email address also contains a company URL they might be close enough to drop the phone off at the reception desk for you.

Adding an alternate phone number where you can be reached, or adding the old enticing phrase, Reward if Found, are additional options.

It is easy to change wallpapers on smartphones. Just google “[your smartphone manufacturer] change wallpaper” and the directions will pop up.

Creating a customized wallpaper is almost as easy. You can do it with any photoshop type app, or by using a free on-line service.

Resources…

https://mashable.com/2013/08/12/wallpaper-iphone/
https://datarecovery.wondershare.com/best-iphone-wallpaper-maker.html
https://www.makeuseof.com/tag/make-custom-wallpaper-android/
https://www.picmonkey.com/blog/make-your-own-phone-wallpaper
https://www.canva.com/create/wallpapers/
https://spark.adobe.com/make/background-maker/

Business Espionage Info-Theft: When they can't hack it, they grab the employees.

Investigators discovered what they believed to be a major infiltration campaign.

Two years before Equifax Inc. stunned the world with the announcement it had been hacked, the credit-reporting company believed it was the victim of another theft...

In the previously undisclosed incident, security officials feared that former employees had removed thousands of pages of proprietary information before leaving and heading to jobs in China. Materials included code for planned new products, human-resources files and manuals...

According to the people familiar with the probe, the investigators, by talking to Equifax employees and examining email accounts and LinkedIn messages sent to them, saw indications that recruiters purporting to represent Ant affiliate Alibaba had offered to triple salaries for certain ethnically Chinese Equifax employees—and provided instructions on specific Equifax information they should bring along if they jumped ship. more

Friday, September 7, 2018

Downer of the Day – Paranoia Is Now a Best Practice

Bust out the tinfoil—the data security crisis is worse than you ever imagined...

he 2010s will be remembered as the first decade in which we, the people, paid for the pleasure of welcoming Big Brother into our lives.

When George Orwell depicted an inescapable surveillance state — telescreens in every room monitoring every move, recording every sound, and reporting it all to the authoritarian leader — in his classic novel 1984, he probably never imagined that in 2018, folks would pay $600 (plus a recurring monthly fee) for the privilege of carrying a telescreen in their pockets. more

Buy yours now.

Thursday, September 6, 2018

Computer Screens Emit Sounds that Reveal Data

Computer scientists from Tel Aviv University, the University of Pennsylvania and the University of Michigan have discovered a computer version of synesthesia that allows them to determine what’s being displayed on a monitor by listening to sounds emitted by the monitor.

As you might suspect, those sounds are very faint and not easily detected by human hearing. But they are there as tiny high-pitched tones produced by a monitor’s power supply in response to the varying demands of the screen display. But special equipment isn’t required to exploit the vulnerability that’s produced by this characteristic of most monitors.

In their paper, which was released on Aug. 21, the scientists showed that those sounds could be recorded using the microphone in a standard consumer webcam, by a smartphone or by a digital assistant such as an Amazon Echo or Google Home device.

Furthermore, this exploit does not require the presence on site of the attacker. They can record the sounds over a remote call, such as one from Google Hangouts. The amount of information that the researchers were able to discern using their method was remarkable... more

mSpy Goes Platinum - Leaks 2 Million Records

mSpy, a commercial spyware solution designed to help you spy on kids and partners, has leaked over 2 million records including software purchases and iCloud usernames and authentication tokens of devices running mSky.

The data appears to have come from an unsecured database that allowed security researchers to pull out millions of records.

mSpy is a platform that allows parents to see what their children are doing online and, presumably, allow partners to keep tabs on each other. more

This is the second time mSpy has been hacked... that we know of.

Neutralizer for Car Infotainment Systems

Privacy4Cars, a mobile app designed to help erase Personally Identifiable Information (PII) from modern vehicles, recently was released as a free download on iOS and Android devices.

The Privacy4Cars app, according to the company, enables consumers and businesses to quickly and efficiently delete personal data retained by modern vehicle infotainment systems. The app was developed by Andrea Amico, an expert in vehicle privacy and cybersecurity.


Privacy4Cars' patent-pending process provides customized, visual step-by-step tutorials to help users quickly erase personal information such as phone numbers, call logs, location history and garage door codes from vehicle infotainment systems. more

Eavesdropping — at the Ian Potter Museum of Art Melbourne

WHAT: Eavesdropping — Tue, 24. July–Sun, 28. October 2018
WHERE: Ian Potter Museum of Art, Melbourne, Australia
ADMISSION: Free

Eaves­drop­ping is a unique col­lab­o­ra­tion between Liquid Archi­tec­ture, Mel­bourne Law School and the Ian Potter Museum of Art, com­pris­ing an exhi­bi­tion, a public pro­gram, series of work­ing groups and tour­ing event which explores the pol­i­tics of lis­ten­ing through work by lead­ing artists, researchers, writ­ers and activists from Aus­tralia and around the world.

EAVES­DROP­PING used to be a crime. Accord­ing to William Black­stone, in his Com­men­taries on the Laws of Eng­land (1769): ​‘eaves­drop­pers, or such as listen under walls or win­dows, or the eaves of a house, to hear­ken after dis­course, and there­upon to frame slan­der­ous and mis­chie­vous tales, are a common nui­sance and pre­sentable at the court-leet.’

Click to enlarge
Two hun­dred and fifty years later, eaves­drop­ping isn’t just legal, it’s ubiq­ui­tous. What was once a minor public order offence has become one of the most impor­tant politico-legal prob­lems of our time, as the Snow­den rev­e­la­tions made abun­dantly clear. Eaves­drop­ping: the ever-increas­ing access to, cap­ture and con­trol of our sonic worlds by state and cor­po­rate inter­ests. But eaves­drop­ping isn’t just about big data, sur­veil­lance and secu­rity... more


Wednesday, September 5, 2018

"New" Theory on the Cuba / China Sonic Headaches

The mystery illness afflicting American diplomats in Cuba and China could be a side effect of bugging or surveillance rather than a sonic weapon attack, according to a US researcher.

Dr Beatrice Golomb, professor of medicine at the University of California San Diego, said the reported symptoms strongly matched the known effects of radio frequency and microwave radiation.

Surveillance is my lead hypothesis, as opposed to something like attacks or weaponry,” said Golomb, whose research will be published in the journal Neural Computation on September 15. more

Security Scrapbook fans already knew this might be a botched spying attempt, and how it worked, back in August 2017. ~Kevin

Drive-by Hackers Can Spy on Millions of Chrome Users Through Their Webcams

Drive-by hackers can spy on millions of Chrome users through their WEBCAMS experts claim, after finding a security glitch in the browser.
  • According to UK cyber-security experts, hackers could attack entire streets.
  • They might be able to steal passwords and activate webcams in an attack.
  • Experts reported the issue to Google earlier this year but was told that it was working fine.

The glitch affects people who have logged onto their router as admin and saved details in their browser. more

Smart Home Technology Being Used by Abusers to Control and Terrorize

Imagine the temperature changing on your thermostat without you doing it, or seeing your lights turn off and on without you touching the switch.

Or your Alexa blaring music in the middle of the night. Or finding hidden cameras placed in your home -- without your knowledge or consent.

These are the sort of things abusive partners and exes can use to try to control their loved ones and if it's happening to you, you need to report it.

"It was awful, absolutely awful," said Aubrey, a Houston woman who spoke with News 6 sister station KPRC about her fiancé secretly watching her in her home. "Everywhere I went, everything I did, he could hear it. He could see it. It was awful."

Aubrey says after she and her fiancé moved in together, she discovered he had installed cameras throughout the house without her knowledge or consent. She said she discovered it by accident while using his cellphone...

"Every time we get an advance in technology, the bad guys seem to take advantage of it," Oviedo police Lt. Travis Cockcroft said.

So what are some things you can do to break free of an abuser's digital trap?
  • Make sure you change your passwords on all of your accounts.
  • Reset your Wi-Fi settings to something only you would know.
  • Educate yourself about what your smart home devices can do.
  • Reset privacy settings.
  • Keep a journal of any peculiar activity with dates and times and description of what happened. 
more and more

Ex-boyfriend Faces Jail - Concealed Hidden Listening Devices in Her Bedroom

An "evasive and dishonest" ex-boyfriend faces jail after spying on his lover by concealing hidden listening devices in her home.

Wayne Bamford, 47, mounted a stalking campaign after being spurned by mother-of-one Joanna Dawson, a court heard.

He hid two secret listening devices in her bedroom in what was described as a "highly sophisticated" covert operation. She found a twin dual adapter plug - which had a hole in it - in her bedroom next to her bedside cabinet.

Experts revealed it was, in fact, a listening device and Bamford was arrested and then bailed by police.

Bamford called the second listening device at least 1,600 times in a bid to hear what was happening in Miss Dawson's house over 15 days from March 1, 2017, to March 16, 2017, the court heard.

But Bamford's surveillance op was foiled after Miss Dawson sought advice... more

The Implications of Recording in the Workplace

Workplace recordings have made headlines in recent weeks. For example, Omarosa Manigault-Newman publicly played a recording of a meeting with her then-boss, White House Chief of Staff John Kelly, to bolster her claim that he threatened her during the meeting.

White House officials quickly fired back that the recording was a breach of protocol and possibly illegal.

Given the controversies in the news, employers might be wondering when recording is legal and what policies they can lawfully implement on recording in the workplace.

Although recordings can be useful to resolve disputed facts about a conversation, surreptitious recording in the workplace can create both legal and business risks for employers. Both employers and employees may violate state and federal wiretap laws by recording without consent. Even with consent, employers should hesitate before taping employees, because pervasive surveillance in the workplace can put workers on edge and damage their morale.

Similarly, employee recording may discomfit employees and customers, and put the employer’s confidential information at risk. Some employers respond to these risks by outright prohibiting recording in the workplace. more

Seoul to Inspect Public Toilets Daily to Tackle 'Spy-Cam Porn' Crisis

South Korea’s capital and largest city, Seoul, is set to begin daily checks for hidden cameras in public toilets in response to growing public outrage over an epidemic of “spy-cam porn”.

South Korea is in the middle of a battle against videos secretly filmed in places such as toilet stalls and changing rooms. Police have said more than 26,000 victims between 2012 and 2016 have been identified, but many cases go unreported...

Record numbers of women have held a monthly protest on the streets of Seoul calling for the government to do more, with last month’s demonstration drawing 70,000 protesters, according to the organizers.

At present, the Seoul government checks each toilet about once a month, and employs only 50 inspectors to monitor more than 20,000 public bathrooms, according to news agency Yonhap. The new plan will call for the 8,000 city workers who maintain and clean the bathrooms to conduct daily checks. more

Monday, August 27, 2018

Pittsburgh Steelers vs. Drone Stealers

In what might be the most 2018 news story ever, head coach Mike Tomlin and the Pittsburgh Steelers have erected a tarp near one of their practice facilities.

Why is this news? Well, said tarp is meant to protect the Steelers from being spied on with drones. more

Why Vienna Is the Spy Capital of the World

via  
A former chief in the Austrian intelligence service once told the Telegraph that more than 7,000 spies operated in Vienna, a city of nearly 1.8 million people. It’s “a nice place for spies to live and bring their families,” he added. Although there are many reasons to visit Vienna for tourists and spies alike, Austria’s famous chocolate cake (sachertorte) and the city’s perfectly preserved Habsburg palaces are not the reason intelligence services still flock to the city.

Austria has some of the most relaxed laws on spying of any country in the world and those laws have not been updated since the Austro-Hungarian empire fell, even with two world wars and the Cold War since then. In fact, the only spying activities that are illegal in the country are the kind that directly target Austria. Vienna also hosts one of four headquarters of the United Nations and is home to about 40 other important international organizations that have delegations from all over the world, including the International Atomic Energy Agency (IAEA), the Organization of Petroleum Exporting Countries (OPEC), and the Organization for Security and Cooperation in Europe (OSCE). With approximately 320 bilateral and multilateral diplomatic representations operating in Vienna, nearly 4,000 diplomats, and more than 6,000 international officials, Vienna is brimming with information foreign intelligence services want to collect.

But it is in wandering the streets of Vienna that you really start to see why the city lives up to its cloak and dagger history. Vienna’s famous coffee houses have played an important role as meeting places for writers, musicians, artists and philosophers throughout history. At Café Central in the heart of Vienna, you can dine on Apfelstrudel in the same place where Leo Trostky and Sigmund Freud sat. You can also take advantage of the seemingly endless coffeehouse chatter to meet your sources under the radar and to mask any clandestine conversations you need to have. more hum-a-long

Apple Smacks Down Facebook's VPN Spying App

Back in 2013, Facebook acquired Israel-based Onavo, a small mobile analytics company that offered a virtual private network (VPN) app called Onavo Protect. In general, VPN apps seek to give users greater privacy and control around their data by routing traffic through a secure network. In this case, Onavo Protect started sending all that user data back to the Facebook mothership...

In its ongoing quest to protect user privacy, Apple just told Facebook to pull Onavo Protect from its App Store. more

Business Espionage: Fish Settlement Flounders

National Fish & Seafood and Kathleen A. Scanlon, the former employee the seafood processor is suing for allegedly stealing trade secrets for her new employer, had appeared to be heading for a settlement.

Now, not so much.

The Gloucester-based seafood processor last week amended its complaint against Scanlon, its former head of research and development and quality assurance, and her new employer, Tampa Bay Fisheries, by adding more defendants and more details of the alleged conspiracy and corporate theft.

The complaint accuses Scanlon of spending most of her final days at NFS feverishly downloading company trade secrets and emails onto two portable storage devices, video-recording the clam processing line and "granting Tampa Bay's IT director unauthorized access to NFS' computers through remote access software."

The filing includes screen grabs of text conversations from Scanlon's company-issued smart phone, including one from Scanlon to Paterson that read: "I am on my way will be there in 30 minutes. Feel like I need to go to confession. More like a hypocrite."

It also states that on July 10, Scanlon was observed on video surveillance and by other NFS employees "taking video and photographic recordings of the clam production process, including the machinery and ingredient-mixing processes used in producing NFS' clam products, including its Matlaw's Stuffed Clams."

The next day, according to NFS, Scanlon resigned after more than 20 years with the company. more

Business Espionage: Quote of the Week

"We must recognize that we now live in an era of uneven, ruthless, state-sponsored global competition. Many executives do not understand the totality of the new forces they are forced to deal with." ~T. Casey Fleming  more 

Auction: Apple I on the Block

A piece of computer history that helped launch a trillion dollar company is hitting the auction block.

A fully functioning Apple-1 being auctioned by Boston-based RR Auction in September is one of only 60 or so remaining of the original 200 that were designed and built by Steve Jobs and Steve Wozniak in 1976 and 1977...

The Apple 1 originally sold for about $666. It could get $300,000 or more at auction. more

Thursday, August 23, 2018

2018 ERII Annual Counterespionage Conference Espionage Research Institute International (ERII)

ERII today announced registration for the 2018 Annual ERII Counterespionage Conference, a gathering of worldwide technical surveillance countermeasures (TSCM), counterintelligence and counterespionage professionals, is now open to ERII members and non-members. The conference will be held September 20-22, 2018, at the Embassy Suites Old Town in Alexandria, Virginia. Three-day, two-day and single-day conference tickets are available to ERII members and non-members. Special government ticket pricing is also available. more

Sperm Bank Espionage Case Moves Forward

via  
Who are these sperm bank spies, and what secrets are they accused of stealing?

The area of assisted reproductive technology doesn’t just involve difficult family law questions. It also involves intrigue! Did you know that sperm banks have trade secrets that are closely guarded? Apparently, they do. And they are now the subject of a fierce lawsuit between Seattle Sperm Bank and Cryobank America.

Earlier this month, a Washington federal court made a ruling in the case, in which it denied in part, and granted in part, Cryobank America’s motion to dismiss. The court granted the motion to dismiss on a vague claim of unfair competition under Washington law. But it denied the motion — and let the lawsuit proceed, in other words — on two other claims: a federal claim under the federal Defend Trade Secrets Act, and a state claim under the Washington Uniform Trade Secrets Act. more

Wednesday, August 22, 2018

Salted Peanuts: Spy News Clips

Denny Hatch: All your emails are being stolen and sold all over the world. (a must read) more
---Israel-based Bosco, an app that lets parents monitor their children’s smartphone activities, has raised $4 million in a Series A funding round... more
---
A woman’s encounter with a man accused of spying on her 12-year-old daughter is going viral. Salt Lake City police arrested 36-year-old Jorge Leon-Alfaro, Saturday, after witnesses said he tried to record the girl from an adjacent dressing room stall inside the Rue 21 store at Brickyard Plaza. The girl’s mother tracked the man down and recorded her comments toward him as she waited for police to arrive. more
---
Israeli researchers attached a surveillance device onto a seagull's leg in order to track its route. During its flight, the innocent bird landed in Tripoli where locals caught it and transferred the bird to the authorities on suspicion of spying for Israel; The ornithologist who attached the device: 'Let the bird live and set it free.' more
---
Ufologist Scott Waring has published photographs of a UFO spying on deer peacefully grazing. An interesting phenomenon happened in the U.S. in Mississippi. more
---
SC - An upstate couple is under investigation after Greenville County Deputies say a camera was discovered in a room they rent out to the public through Airbnb. more
---
Scotland - Scientists eavesdrop on disappearing sea trout. They have positioned a total of 40 acoustic receivers at various locations around Loch Laxford, near Scourie, on the far north-west coast. more
---
Austria’s far-right ordered a raid on its own intelligence service. Now allies are freezing the country out. more
---
Mozilla has removed 23 Firefox add-ons that spy on user activity. more
---
WA - A judge has awarded a couple $1 million in damages after they sued a former lifeguard and city employee who admitted to videotaping women while they used a staff changing area at an aquatic center. more
---
South Korean woman given rare jail term for spycam crime. more 
---
Secretly filming women in motel rooms or toilet stalls to upload online is a multimillion-dollar business operation in Korea. more
---
Study from Vanderbilt professor finds Google tracking is even creepier than you thought. more
---
It is remarkably easy to buy “Spy Pens” if you were inclined to record secret conversations at the White House. more (but you knew that :)

Hollywood Spy News

Let’s get this out of the way first.
As a title, The Spy Who Dumped Me suggests a parody of The Spy Who Loved Me, one of Roger Moore’s outings as James Bond. However, those expectations are misplaced. The Spy Who Dumped Me has little to do with Ian Fleming’s creation or his cinematic representations. Instead, this film is about an ordinary woman whose ex is, well, a spy. more trailer
--- 
Aston Martin is creating a limited edition version of the definitive James Bond car, the 1964 Aston Martin DB5. 

In collaboration with James Bond film producer EON Productions, the automaker will build 25 "Goldfinger DB5s," with a straight-six, 282 horsepower, 3,995cc motor that will allow a top speed of 145 mph and 0 to 60 time of 7.1 seconds.

It will even sport the famous revolving license plate and other gadgets, built by Oscar-winning James Bond effects supervisor Chris Corbould. ...if you can find a spare £2.75 million ($3.5 million) plus tax between the couch cushions, you can have one of your own. more & more
---
"Mile 22 a fast-paced spy thriller." more trailer
---
Danny Boyle no longer directing James Bond 25, due to 'creative differences'. Sadly, it looks like Daniel Craig's James Bond will need to find another director. more

The Line between Security and Privacy can be a Thin One

At the Zelzate Psychiatric Centre, patients’ conversations in the most secure wing are often eavesdropped. The issue emerges from a report by the Flemish Care Inspectorate, echoed by De Morgen, on Tuesday. Conversations with loved ones, mediators and lawyers are monitored in this way... Various sources instanced surveillance cameras and recordings in private rooms, where patients meet their families... The report stipulates, “Conversations between patients and visitors can be eavesdropped and routinely are.more

Throwing Money at Cyber Security Solutions is a False Economy

Andy Miles via Finextra...
With the option to wield large budgets in the fight against cyber crime there is, however, a tendency for financial service IT leaders to be drawn to the latest, shiniest technology solution of the moment...

What needs real investment, and not necessarily in cash terms is the trinity of People, Process and Technology (PPT). A security vulnerability can appear in any element of the business and a holistic approach that covers all colleagues and operations is vital for a good active defensive strategy.

Technology cannot answer all issues and won’t always work together with the culture and processes already instilled in an organization.

That is why it is so important to have a holistic approach that encompasses a security-first culture, enables constant review of processes and understands the importance of investment in technologies that evolve to combat emerging vulnerabilities and threats. more

Friday, August 10, 2018

Corporate Espionage: GM Skunks Ford

When you think of corporate espionage, you think of documents exchanging hands in dark parking garages, or hackers breaking into company mainframes. But GM is better than all that, and instead opted to walk in the front door in their attempts to best the Ford F-150, the best-selling truck in America. That meant GM engineers joining public factory tours of Ford’s Dearborn plant.

The engineers studied Ford’s production methods and said, yeah, we can do better. ... armed with stopwatches and trained eyes, the GM engineers believed they saw problems.



“They had a real hard time getting those doors to fit,” Tim Herrick, the executive chief engineer for GM truck programs told Reuters. His team did more intelligence gathering. They bought and tore apart Ford F-series doors sold as repair parts. Their conclusion... more

The idea of giving plant tours ended years ago, just for this reason. It has been 32 years since you could watch a freakin' corn flake being made. If you give plant tours, STOP. ~Kevin

1986 - "They have stopped the public tours at the Kellogg Company...
The company says it had no choice. Spies from rival manufacturers were sneaking in with the tourists, it said. In fact, according to Joseph M. Stewart, a vice president, engineers from a foreign competitor took the tour 20 times before setting up a rival manufacturing operation." more