Wednesday, June 20, 2018

Android Alert: Surveillance Malware Infects Telegram App

A new family of malware capable of comprehensive surveillance is targeting Android devices through the encrypted messaging app Telegram, according to research from antivirus vendor ESET.

The malware – which has mostly been distributed in Iran – ensnares its victims by posing as an application pledging more social media followers, bitcoin, or free Internet connections, according to ESET. Once downloaded, the malware can carry out surveillance tasks ranging from intercepting text messages to recording audio and screen images from devices, ESET researcher Lukas Stefanko explained in a blog post.

Each compromised device is controlled via a bot that the attacker commandeers via Telegram, which recently boasted 200 million monthly users.

Attackers can control victimized devices by simply tapping the buttons available in the version of the malware they are operating,” Stefanko wrote.

Such nefarious programs have been knocking on Google Play’s door in droves: With the help of machine learning, security specialists removed 700,000 malicious apps from the store last year. more

For Sale: Your Whereabouts

Verizon and AT&T have promised to stop selling their mobile customers' location information to third-party data brokers following a security problem that leaked the real-time location of US cell phone users.

Sen. Ron Wyden (D-Ore.) recently urged all four major carriers to stop the practice, and today he published responses he received from Verizon, AT&T, T-Mobile USA, and Sprint.

Wyden's statement praised Verizon for "taking quick action to protect its customers' privacy and security," but he criticized the other carriers for not making the same promise.

"After my investigation and follow-up reports revealed that middlemen are selling Americans' location to the highest bidder without their consent or making it available on insecure Web portals, Verizon did the responsible thing and promptly announced it was cutting these companies off," Wyden said. "In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers' private information to these shady middle men, Americans' privacy be damned." more

Tesla's Sabotage / Espionage Wake-Up Call

Tesla has routed out a saboteur who changed code on internal products and exfiltrated data to outsiders, damaging company operations and possibly causing a fire, CEO Elon Musk told employees in an email...

Musk wrote in an email obtained by CNBC. “This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.”

While Musk said Tesla doesn't know the full extent of the employee's actions, “what he has admitted to so far is pretty bad,”...

“Trusted users always pose the highest risk as they have the means and only lack the motivation. In this instance, the motivation sounds personal, and that is quite often the case in corporate sabotage,” said Chris Morales, head of security analytics at Vectra. “It is not clear how this event was detected, but it sounds like it was discovered after the damage already occurred and there is still work to uncover the extent of that damage.”

Whether addressing a rogue insider or an outsider who has gained access to employee credentials, he said, “enterprises benefit from internal monitoring that can detect suspicious behavior in order to prevent damage,” more

Thursday, June 14, 2018

World Cup Tip - Leave Your Electronics at Home

The top U.S. counterintelligence agent has warned Americans traveling to Russia for the 2018 World Cup against taking any electronics with them, saying soccer fans could be targeted by hackers.

William Evanina, an FBI agent and the director of the U.S. National Counterintelligence and Security Center, said in a Tuesday statement that even those who see themselves as insignificant could become victims of Russian spying.

“If you’re planning on taking a mobile phone, laptop, PDA, or another electronic device with you—make no mistake—any data on those devices (especially your personally identifiable information) may be accessed by the Russian government or cyber criminals,” Evanina said, according to Reuters. more

Three Tips for Protecting a Business's Passwords

One of the common areas we see companies and technology groups struggling to manage securely and effectively is… passwords.  We know we need them (passwords), we know they need to be “secure”, and we know they’re a pain in the neck to keep organized.  That’s exacerbated exponentially when you factor in shared passwords and accounts for teams.
Tip 1:  Quit Using Excel to Manage Your Passwords...
Tip 2:  Know All of Your Org’s Accounts...
Tip 3:  Know Your Password Security Options...

Read the full details about each tip at

Cell Phone Passcode of 1+2+3+4 = 18 Years in Prison

A man serving 18 years in prison in South Carolina for burglary was rightfully convicted in part because he left his cellphone at the crime scene and a detective guessed his passcode as 1-2-3-4 instead of getting a warrant, the state Supreme Court ruled Wednesday.

Lawyers for Lamar Brown argued detectives in Charleston violated Brown’s right to privacy by searching his phone without a warrant.

After storing the cellphone in an evidence locker for six days in December 2011, the detective guessed right on Brown’s easy passcode, found a contact named “grandma” and was able to work his way back to Brown.

The justices ruled in a 4-1 decision that Brown abandoned his phone at the Charleston home and made no effort to find it. The law allows police to look at abandoned property without a court-issued warrant allowing a search. more

X-Ray Vision Using Wi-Fi

The Machines now have X-ray vision. A new piece of software has been trained to use wifi signals — which pass through walls, but bounce off living tissue — to monitor the movements, breathing, and heartbeats of humans on the other side of those walls. The researchers say this new tech’s promise lies in areas like remote healthcare, particularly elder care, but it’s hard to ignore slightly more dystopian applications.

Click to enlarge.
 While it’s easy to think of this new technology as a futuristic Life Alert® monitor, it’s worth noting that at least one member of the research team at the Massachusetts Institute of Technology behind the innovation has previously received funding from the Pentagon’s Defense Advanced Research Projects Agency (DARPA). Another also presented work at a security research symposium curated by a c-suite member of In-Q-Tel, the CIA’s high-tech venture capital firm.

Inverse recently caught up with project’s leader Dina Katabi, a 2013 MacArthur “Genius Grant” Fellow who teaches electrical engineering and computer science at MIT, to talk about how the new tech may be used... more

Auction - Original artwork from Carry On Spying (1964)

Original artwork from Carry On Spying (1964) and Carry On Cowboy (1965) will go under the hammer with an estimate of £2,000 - 3,000 and £3,000 - 5,000 respectively

Both artwork pieces were illustrated by legendary British cinema poster designer, Tom Chantrell of Star Wars fame.

The auction will be live-streamed online for fans to track the bidding on auction day. Registration and bidding is now open. Bids can be placed online at, over the phone or in person.

Prop Store's Cinema Poster Live Auction is on Thursday 28th June.  more

Friday, June 8, 2018

U.S. Embassy in China Sends Alert About Mystery Health Issue

The U.S. Embassy in China sent its second alert in two weeks Friday to its citizens over unexplained health issues that have prompted the evacuation of a number of U.S. government employees working at a consulate in a southern city...

The incidents have raised fears the unexplained issues that started in Cuba in 2016 have expanded to other countries. China says it has uncovered no information that could point to a cause...

Friday's alert called for people to be attentive of symptoms including "dizziness, headaches, tinnitus, fatigue, cognitive issues, visual problems, ear complaints and hearing loss, and difficulty sleeping." It urged them "not to attempt to locate the source of any unidentified auditory sensation. Instead, move to a different location." more

Two theories. One solution.

A new theory.
Attackers can cause potentially harmful hard drive and operating system crashes by playing sounds...

The attacks use sonic and ultrasonic sounds to disrupt magnetic HDDs as they read or write data. The researchers showed how the technique could stop some video-surveillance systems from recording live streams. Just 12 seconds of specially designed acoustic interference was all it took to cause video loss in a 720p system made by Ezviz. Sounds that lasted for 105 seconds or more caused the stock Western Digital 3.5 HDD in the device to stop recording altogether until it was rebooted.

U.S. to Thwart Spying at Singapore Summit with TSCM Bug Sweeps

U.S. officials say they are preparing to counter the Chinese spies they expect to be all over Singapore next week seeking inside information on the talks.

The Chinese, who have been known to bug everything from hotel keys to the gifts given to American visitors, are expected to deploy their increasingly sophisticated repertoire of intelligence gathering techniques, both human and electronic, in Singapore.

Areas of concern for the U.S. at the summit include:
  • U.S. officials are concerned China has recruited informants among the waiters and other staff in Singapore’s restaurants and bars, who are paid to eavesdrop on American customers and report back to their Chinese handlers.
  • Officials also expect electronic surveillance of the summit meeting sites. Americans will sweep for bugs (TSCM) in rooms at the Capello Hotel that could be used for side discussions, and could erect tents inside hotel meeting rooms to block any concealed cameras from viewing classified documents.
  • Chinese intelligence agencies have shown the ability to penetrate mobile phones even when they are off, and U.S. officials are now told to take their batteries out when they are concerned about eavesdropping, according to a U.S. intelligence official.
According to three U.S. officials, in one recent case a top U.S. official working in China repeatedly had trouble with his hotel key card. He had to replace it several times at the front desk because it wouldn’t open his door.

He brought one of the key cards back to the U.S., where security officials found a microphone embedded inside, according to the U.S. officials.

The Chinese have placed listening and tracking devices in chips embedded in credit cards, key chains, jewelry, and even event credentials, the officials said, often with the intent of capturing secret conversations among American officials. more

You can be sure same eavesdropping techniques and technology are being used for economic espionage here in the U.S. 

Fortunately, savvy private sector businesses are successfully employing similar Technical Surveillance Countermeasures (TSCM) bug sweeps on a regular basis. Businesses that do not are getting their intellectual property pockets picked. ~Kevin

Woman Faces 4 Years in Jail, in Siberia, for GPS-Tracking Her Partner

Russia - A woman is facing up to four years in jail after trying to spy on her husband using a hidden GPS tracking and recording device.

The 33-year-old resident of Russia’s Siberian region of Omsk bought the GPS tracker online and installed the device in her husband's car as she suspected him of infidelity, according to a statement by Russia’s Investigative Committee.

After listening to her partner's comings and goings for “several months,” the woman, whose name has not been released by authorities, decided to sell the device online for 1,000 rubles ($16). It was during the money handover that police arrested the woman and charged her with “illegal acquisition and sale of special technical equipment intended for secretly receiving information," state news agency RIA Novosti reported. more

Click-bait headline, of course. The woman was already in Siberia. Which, reminds me of a 12 year old cut-up classmate in my math class. Teachers would try to give him a detention because of his antics, but for the longest time he wiggled out of them. "My mother is coming home from the hospital today. I can't stay." He fooled a lot of teachers, for many months, until they learned his mother was a nurse. ~Kevin

Tuesday, June 5, 2018

136 Old NSA Security Posters

In the 1950s and 1960s, the NSA made a bunch of posters to remind its employees that security is the most important thing, and that they must work hard to protect the country’s most important secrets.

Thanks to a Freedom of Information Act request by the transparency site Government Attic, we can now see these quaint, sometimes hilarious, but also menacing, posters.

Here are all the 136 posters the NSA released. We’ve chosen a few that we thought were the best ones. Some of them are cutesy, some are kind of lame, others are dark and dystopian, and others are straight up incredible. more

Don't it just give you, "The locking pneumonia and floppy-copy flue."

Sunday, June 3, 2018

Stingrays in Washington DC Attacking Cell Phones – How they Work

A federal study found signs that surveillance devices for intercepting cellphone calls and texts were operating near the White House and other sensitive locations in the Washington area last year...

The discovery bolsters years of independent research suggesting that foreign intelligence agencies use sophisticated interception technology to spy on officials working within the hub of federal power in the nation’s capital. Experts in surveillance technology say that IMSI catchers — sometimes known by one popular brand name, StingRay — are a standard part of the tool kit for many foreign intelligence services, including for such geopolitical rivals as Russia and China...

 The devices work by simulating cell towers to trick nearby phones into connecting, allowing the IMSI catchers to collect calls, texts and data streams. Unlike some other forms of cellphone interception, IMSI catchers must be near targeted devices to work.

When they are in range, IMSI catchers also can deliver malicious software to targeted devices for the purpose of stealing information stored on them or conducting longer-term monitoring of communications. more
Smartphone Security Tips

Thursday, May 31, 2018

Fred Kovaleski, International Tennis-Playing CIA Spy Dies

Just coincidence?

Fred Kovaleski, whose international tennis-playing career became his cover in the 1950s while he was working as a spy for the C.I.A., died on Friday at his home in Manhattan. He was 93.

Mr. Kovaleski was well into his career on the tennis circuit, having played at Wimbledon and in tournaments abroad and in the United States, when he joined the C.I.A. in 1951 and began training in spycraft at Camp Peary, near Williamsburg, Va.

Within three years, his ability to play tennis and his Russian-language training with the C.I.A. became essential when Yuri Rastvorov, a K.G.B. lieutenant colonel and avid tennis player, defected to the United States. more

Wednesday, May 30, 2018

Randy Tanning Salon Spycam'er Nailed

WI - A man was arrested here Wednesday, May 23, after police discovered he had used a “spy camera” to view clients undressing in a tanning salon.

Randy J. Schamberger, 42, was being held in the Barron County Jail on a misdemeanor charge and a felony charge, according to a press release.

Police know of eight victims caught on camera at Sunshine Fitness and Tanning Salon in Cumberland. There could be more victims, as Schamberger admitted to viewing and deleting up to 70 other files, police said.

On April 5, a client noticed what she thought was a USB phone charger plugged into one of the wall outlets in the tanning room. When she looked closely, she realized it was actually a covert digital video camera with a memory card inside.

She turned it over to police, who found 67 video files showing numerous persons undressing and in stages of full or partial nudity inside the tanning room.

Police discovered Schamberger had used his wife’s customer key fob to gain access to the room. He admitted to buying the spy camera from Amazon in October. more
Fight back!

Drones: For Criminals and Corporate Spies, the Sky’s the Limit

Switzerland - A rogue drone found on Credit Suisse HQ’s roof; fears of acid drops into data centres: drones are the latest security threat for businesses...

Besides carrying missiles or capturing images on powerful cameras, drones are now known to carry sophisticated computers too. These can be used to hack into mobile devices – and wi-fi networks...
Up in Zurich, alarms were raised at Credit Suisse’s HQ because of a rogue drone that was found lying on the office’s rooftop 12 months ago, a source tells Spear’s. The episode was presented as a potential security breach in a confidential conference at the bank, when the drone’s hacking abilities were revealed to some of its employees worldwide. The Swiss multinational declined to comment.

As well as stealing data potentially worth millions, these drones can drop acid into data centres to achieve a complete system shutdown... more

War-Flying Drone - WiFi Hacking video

Micro HD Video Camera

Just a reminder about how small spycams can be...

Tuesday, May 29, 2018

Amazon Echo/ Google Home/ HomePod spying on you? Fight Back!

The recent incident of a smart speaker secretly recording a couple’s conversation and sending it to one of their contacts has implanted a seed of doubt in every smart speaker’s user. 

While manufacturers assure their customers of protecting their privacy, it often gets tough to believe in their claims.

Following some simple steps can ensure you aren’t spied by your smart speaker.
  • Mute the microphone/camera when not needed...
  • Turn up the volume to the max...
  • Keep it disconnected from the Wi-Fi...
  • Don’t give access to contacts...
  • Turn off calling and messaging...
  • Lastly, don’t buy one, if you are suspicious... more
Need some smartphone security tips?
Check here.

In other news...
Facebook is now delaying the release of its smart speaker, based on widespread fears of eavesdropping and unauthorized audio recording. Those fears appeared in a recent focus group conducted by the social network... or, Because There’s No Way In Hell Any Sane Person Is Buying That Right Now. more

World's First Ultrasound 'Firewall' for Smartphones

Scientists have developed the first ultrasound-firewall that can prevent hackers from eavesdropping on hidden data transmission between smartphones and other mobile devices.

The permanent networking of mobile devices can endanger the privacy of users and lead to new forms of monitoring. New technologies such as Google Nearby and Silverpush use ultrasonic sounds to exchange information between devices via loudspeakers and microphones.

More and more of our devices communicate via this inaudible communication channel. Ultrasonic communication allows devices to be paired and information to be exchanged. It also makes it possible to track users and their behavior over a number of devices, much like cookies on the Web. Almost every device with a microphone and a loudspeaker can send and receive ultrasonic sounds. Users are usually unaware of this inaudible and hidden data transmission.

Researchers from the St Polten University of Applied Sciences in Austria has developed a mobile application that detects acoustic cookies, brings them to the attention of users and if desired, blocks the tracking. The app is, in a sense, the first available ultrasound-firewall for smartphones and tablets... more

Saturday, May 26, 2018

The Great Seal Bug Story - 58 Years Ago Today

In 1946, Soviet school children presented a two foot wooden replica of the Great Seal of the United States to Ambassador Averell Harriman.

May 26, 1960 – Ambassador Henry Cabot Lodge, Jr. displays the Great Seal bug at the United Nations.
The Ambassador hung the seal in his office in Spaso House (Ambassador’s residence). During George F. Kennan’s ambassadorship in 1952, a secret technical surveillance countermeasures (TSCM) inspection discovered that the seal contained a microphone and a resonant cavity which could be stimulated from an outside radio signal.
The cavity resonator ‘bug’ microphone found inside.

On May 26, 1960, U.S. Ambassador to the United Nations Henry Cabot Lodge, Jr. unveiled the Great Seal Bug before the UN Security Council to counter Soviet denunciations of American U-2 espionage. The Soviets had presented a replica of the Great Seal of the United States as a gift to Ambassador Averell Harriman in 1946.

The gift hung in the U.S. Embassy for many years, until in 1952, during George F. Kennan’s ambassadorship, U.S. security personnel discovered the listening device embedded inside the Great Seal.

Lodge’s unveiling of this Great Seal before the Security Council in 1960 provided proof that the Soviets also spied on the Americans, and undercut a Soviet resolution before the Security Council denouncing the United States for its U-2 espionage missions. – U.S. Department of State... 

Read the fascinating full history here.

Thursday, May 24, 2018

Alexa - Busted for Eavesdropping

A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list.

"My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name.

Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system.

But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. "'You're being hacked.'"

That person was one of her husband's employees, calling from Seattle.

"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" more

General Data Protection Regulation (GDPR), or D-Day for Data

Effective, Friday, May 25, 2018

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. more
  • This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
  • This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
  • The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. more
GDPR in a nutshell.
GDPR explanation from Mozilla.

How to encrypt your entire life in less than an hour

Quincy Larson has written an excellent article on how to protect your digital privacy. Worth reading. Worth doing. ~Kevin

“Only the paranoid survive.” — Andy Grove

And Grove isn’t the only powerful person urging caution. Even the director of the FBI — the same official who recently paid hackers a million dollars to unlock a shooter’s iPhone — is encouraging everyone to cover their webcams.

But you obey the law. What do you have to worry about? As the motto of the United Kingdom’s surveillance program reminds us, “If you’ve got nothing to hide, you’ve got nothing to fear.”

Well, law-abiding citizens do have reason to fear. They do have reasons to secure their devices, their files, and their communications with loved ones.
“If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” — Cardinal Richelieu in 1641
In this article, I will show you how you can protect yourself by leveraging state-of-the-art encryption. In a single sitting, you can make great strides toward securing your privacy. more

Wednesday, May 23, 2018

Dumpster Diving…A Treasure Trove

From the book, What You Don't Know... Your Guide to Achieving "Knowledge Advantage" in the Information Age!

"Valuable Open Source information is thrown away every day, waiting to be collected by the thoughtful researcher. Dubbed “dumpster diving,” or “trash picking” a wastebasket becomes a friend to researchers and a foe of anyone you are collecting on...

How useful dumpster diving is can be readily seen by the fact that a highly-placed US intelligence official was convicted and sentenced to life in prison for working with Moscow operatives. He had thoughtlessly thrown away key clues to his betrayal, not thinking they would end up on a prosecutor’s desk. Expecting anything to be buried forever in a trash heap can be a major mistake...

In the United States the Supreme Court has said that, as a general rule, things left in trash cans curbside are considered “abandoned” and are there for the taking."

Related: Confidential Paperwork Security

Infographic - The History of Privacy

Click to enlarge.

Tuesday, May 22, 2018

How Domestic Abusers Use Smartphones to Spy on Their Partners

There’s more creepy spyware out there than you think — and regulating it is a legal and technological challenge.

More and more people who commit violence against their intimate partners are using technology to make their victims’ lives worse...

News media, academic researchers, and victim advocates have long acknowledged the threat of spyware in domestic abuse situations. But our research (conducted with our students) brings to light the ease with which spyware can be deployed by abusers, and the broad scope of software usable as spyware...

Installing powerful spyware is just a few clicks away. Search on the web for “track my girlfriend” and you’ll find plentiful links to software, how-to guides, and forums all aimed at making it easy for abusers to spy on victims. (Protection advice is also available.) All the tools an abuser needs are present on Google and Apple’s app stores; installation is as simple as grabbing the victim’s device, typing the password (possibly stolen), and downloading an app. Many such apps require a fee, but in some cases, you can spy free of charge.

And our research shows that current anti-malware programs most often don’t identify such software as problematic. (ours does) more

Click the "our research" link above for the research paper. ~Kevin

Secretly Recording a Witness Gets Two Arrested

NH - Two Tolles Street residents were arrested Monday morning, charged with secretly recording a witness’ private conversation from a previous investigation, police said.

The charges stem from Aug. 3, 2017, when members of the Special Investigations Division learned a witness's private conversation from a previous investigation involving Bellino and Madison may have been recorded without the witness's consent.

Zachary Madison, 27, was charged with wiretapping, a Class B felony, Brittney Bellino, 25, was charged with conspiracy to commit wiretapping during their arrest about 9:40 a.m. Both charges are Class B felonies. more

Darwin Award to Another Spycam'er Who Shot Himself

MA - A Taunton man faces allegations that he placed a small recording device in a preschool bathroom with the intent of filming the women who worked there.

Darin McNeil, 48, was arrested at the Learning Experience on Main Street on May 18 by Foxborough Police and charged with possession of a device for wiretapping, attempting to conduct secret sexual surveillance, and unlawful wiretapping...

Police responded to a report of a shiny object found in a hat placed on a shelf across from a toilet in a staff bathroom at the preschool around midday on May 18. Once officers were given the item, it was determined that it was an audio and video recorder with a small USB connection that is designed to look like a pen, according to a police report.

Video from the pen allegedly showed a worker at the Learning Experience in the bathroom and a man placing the device where it was found. The man was identified as McNeil, who was an electrician doing some work at the daycare. more

Security Installer Turned Spycam'er... again

LA - Police are looking for Jules Chauvin, the owner of Telecom Security Solutions in West Monroe.

Chauvin allegedly installed cameras in the victim's business in West Monroe.

According to police, a victim contacted them on May 7th saying she was being watched without her consent by the man who installed her security system. Police say the victim fears that Chauvin may be watching other people as well.

Police ask that anyone who feels that they may be a victim of video voyeurism to contact the police department. more

This isn't the first time a security installer got caught installing spycams...

Largest Ever Women’s Rally Protests Spycam Pornography

Some 12,000 women gathered in Seoul on Saturday to protest against the “discriminatory treatment” of cases involving male and female victims of digital and online sexual violence, including spy-cam pornography. The event was the biggest women’s rights rally in Korea’s recent history...

According to 2016 data from the Korean National Police Agency, some 5,184 sexual harassment cases including those that involved spy-cam footage -- illegally uploaded video footage created using hidden cameras in public spaces such as public toilets -- were reported that year. More than 80 percent of the victims were women.

Furthermore, more than 7,300 requests were made to remove revenge porn that was uploaded by victims’ ex-romantic partners. more

Phone Companies Know Your Location 24/7 - and they're selling it.

via Krebs on Security 
Your mobile phone is giving away your approximate location all day long.

This isn't exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location.

But now, the major mobile providers in the United States -- AT&T, Sprint, T-Mobile and Verizon -- are selling this location information to third party companies -- in real time -- without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected. 

It may be tough to put a price on one's location privacy, but here's something of which you can be sure: The mobile carriers are selling data about where you are at any time, without your consent, to third-parties for probably far less than you might be willing to pay to secure it. more

Monday, May 21, 2018

"Secure" Cell Phone Spyware Springs a Leak

At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children.

The mobile app, TeenSafe, bills itself as a "secure" monitoring app for iOS and Android, which lets parents view their child's text messages and location, monitor who they're calling and when, access their web browsing history, and find out which apps they have installed.

Although teen monitoring apps are controversial and privacy-invasive, the company says it doesn't require parents to obtain the consent of their children. more

Tuesday, May 15, 2018

IBM Bans Removable Drives and Shows World's Smallest Computer

IBM has allegedly issued a worldwide ban against the the use of removable drives, including Flash, USB, and SD cards, to transfer data.

This new policy is being instituted to prevent confidential and sensitive information from being leaked due to misplaced or unsecured storage devices.

According to a report by TheRegister, IBM's global chief Information security officer Shamla Naidoo issued an advisory stating that the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).” This advisory further stated that this policy is already in effect for some departments, but will be further enforced throughout the entire company. more


Today, IBM will be showing off the world's smallest computer at its Think 2018 conference. This computer is the size of a grain of salt, contains a million transistors, and only costs .10 to manufacture.

This micro computer is being unveiled as part of IBM's crypto-anchors initiative, which are digital fingerprints that can be embedded in products such as medicine, cell phones, toys, watches, and even wine to detect counterfeit products. With product fraud costing the global economy $600 billion dollars a year, IBM is hoping crypto-anchors can help stem the tide of fraudulent products and counterfeit drugs...

FutureWatch: Within the next five years, cryptographic anchors — such as ink dots or tiny computers smaller than a grain of salt — will be embedded in everyday objects and devices. more

Friday, May 11, 2018

Cell Phone Problems Predicted in 1919

Click to enlarge.
The Pocket Telephone: When Will it Ring?
Published in The Daily Mirror Mar. 5, 1919

Social Meddling on Social Media

The massive trove of Facebook ads House Intelligence Committee Democrats released Tuesday provides a stunning look into the true sophistication of the Russian government’s digital operations during the presidential election. 

...a swath of empirical and visual evidence of Russia’s disinformation campaign, in the form of more than 3,000 incredibly specific and inflammatory ads purchased by an Internet troll farm sponsored by the Kremlin.

The ads clearly show how Russia weaponized social media, the senior Democrat on the panel investigating Moscow’s interference in the presidential election said. more

Beware the Venmo

Nicole found out the guy she was dating was already in a committed relationship. Abby learned that her ex had most likely hooked up with someone new, and Ben discovered that a long-ago casual fling had apparently developed a drug habit.

The sleuthing tool that cracked these relationship mysteries was not a private investigator, but the peer-to-peer payment app Venmo.

The mobile payment service, which processed more than $35 billion in payments last year, is a no-fuss solution for splitting the dinner bill after a night out with friends.

But Venmo users have found it’s also an extremely effective tool for keeping tabs on friends, partners and exes, researching crushes, and in some cases, uncovering infidelity. Some even say Venmo is a better method for watching people than more explicitly public social media platforms like Facebook or Instagram.

Some users seem to forget that their transactions are public by default, and their payment activity provides an unfiltered paper trail of what’s really happening in their lives. more

The Skim Reaper - Detects Credit Card Skimmers

After three years of study, Patrick Traynor and two Florida graduate students invented a device they call the “Skim Reaper,” a credit-card thin gadget that slides into card reader slots and can easily and quickly detect if an ATM or gas pump has been compromised. The New York Police Department is testing the Skim Reaper with some early success in its effort to rid the streets of the pervasive devices...

Most credit card skimmers work by installing an extra “read head” inside or outside a machine. This extra read head allows criminals to make a copy of the card’s information as a consumer swipes it. Skim Reaper was built to detect when more than one read head is present, Traynor said...

The device looks like a long credit card that can be slid into a card slot in a gas pump or ATM. It’s attached by a wire to a cellphone-sized box with a small readout screen that says “possible skimmer!” when multiple read heads are detected...

Right now, it costs about $50 to make each Skim Reaper, Traynor said, but his team is working daily to get that number down...
Nolen Scaife, one of the graduate students who designed the device with Traynor, said the team is working to improve the Skim Reaper’s design so that it is wallet-sized. Then, consumers would be able to carry the device and dip it into a card reader before they get gas or use the ATM to ensure they aren’t being skimmed. more

FontCode: Embed Secret Messages Within Text

Click to enlarge.
Computer scientists have invented FontCode, a way to embed hidden information in ordinary text by imperceptibly changing the shapes of fonts in text. 

The hidden information persists even when documents or images with perturbed texts are printed or converted to another file type. Method could prevent document tampering, protect copyrights, as well as embed QR codes and other metadata without altering the look or layout of a document.

"While there are obvious applications for espionage, we think FontCode has even more practical uses for companies wanting to prevent document tampering or protect copyrights, and for retailers and artists wanting to embed QR codes and other metadata without altering the look or layout of a document," says Changxi Zheng, associate professor of computer science and the paper's senior author.  more

Thursday, May 10, 2018

Hidden Smart Device Commands: Manchurian Candidate, or "Yes, master."

Many people have grown accustomed to talking to their smart devices, asking them to read a text, play a song or set an alarm. But someone else might be secretly talking to them, too.

Over the past two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant.

Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites.  

In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio. more

Monday, May 7, 2018

Spycam: Aurora Cop Caught Spying on Ex-wife

An Aurora police officer will not be reinstated after he was fired for spying on his ex-wife through three cameras hidden in her Sugar Grove home, a judge has ruled. 

The decision by Kane County Judge David Akemann also cancels an arbitrator's ruling that would have reinstated Daniel Wagner to the Aurora Police Department this past January...

Wagner's now ex-wife found a hidden camera in her home in September 2016 and called police to investigate. Officers found a total of three cameras.
Records show she had filed for divorce in 2015, and Wagner installed the cameras during the divorce proceedings and reactivated them after it was final. more

Eavesdropping: Former Police Official Charged

A recently retired city police captain is now facing a felony charge of eavesdropping.

Brian Wentland, a former training captain who left the Lockport Police Department in February, was charged Friday, according to Niagara County District Attorney Caroline A. Wojtaszek.

The charges relate to a May 6, 2013 phone call involving his ex-wife and another person.

The timing of the charges was critical in the case.Wentland’s arrest was just two days before the five-year statute of limitations expired on the charge. more

Technical Surveillance Countermeasures (TSCM) and Cell Phone Security Presentation

As part of the New Jersey Association for Justice Boardwalk Seminar, Murray Associates president Kevin D. Murray will present a session entitled, “Technical Surveillance Countermeasures (TSCM) and Cell Phone Security.”

Eavesdropping, wiretapping, snooping, voyeurism, and espionage are covert activities. The victim rarely knows when it happens. Kevin D. Murray explores the world of corporate espionage, explaining how many companies are bleeding profits for lack of a counterespionage strategy. 

Regularly scheduled TSCM inspections narrow the window-of-vulnerability, spot new security loopholes, identify decaying security measures and practices, disrupt the spy’s intelligence collection phase, and keep counterespionage awareness levels elevated.

"Success-to-failure ratios are similar… most airplanes don’t crash; most people don’t drown in their baths; most houses don’t burn to the ground whenever the stove is used… and, most spying goes undiscovered." ~Kevin   more

Thursday, May 3, 2018

Audio Adversarial Examples: Targeted Attacks on Speech-to-Text

We construct targeted audio adversarial examples on automatic speech recognition. 

Given any audio waveform, we can produce another that is over 99.9% similar, but transcribes as any phrase we choose (recognizing up to 50 characters per second of audio).

We apply our white-box iterative optimization-based attack to Mozilla’s implementation DeepSpeech end-to-end, and show it has a 100% success rate.

The feasibility of this attack introduces a new domain to study adversarial examples. more audio examples

From one of our Blue Blaze irregulars... "Audio Adversarialism is the practice of fooling voice-to-text and voice recognition systems by effectively embedding ‘hidden’ commands in audio files which are inaudible to human ears but which are picked up by speakers and mean, in theory, that we might hear the telly saying “Should have gone to Specsavers!” where instead our Amazon Echo is in fact hearing “Alexa, lock all the doors, turn on the gas and start sparking all the bogs in 00:59, 00:58…”. This is...not scary at all, oh no. Hi Siri! Hi Alexa!"

Thursday, April 26, 2018

Spycam Found in Starbucks Restroom... again.

GA - Police have launched an investigation after a camera was discovered last week inside a restroom at a Starbucks store in an Atlanta suburb.
A 25-year-old customer reportedly found the device Tuesday, taped under a baby changing station.

According to a police report, the woman removed the camera and alerted the manager. The manager then notified Starbucks’ corporate office...

The manager gave the camera to police for inspection. Authorities reportedly found 25 videos stored on the camera, including several that reportedly showed people using the restroom. more

N.B. Starbucks, you and any business with restrooms really need to read this.

Wednesday, April 25, 2018

A.I. vs. Human Spies - Guess who wins

Human spies will soon be relics of the past, and the CIA knows it. Dawn Meyerriecks, the Agency’s deputy director for technology development, recently told an audience at an intelligence conference in Florida the CIA was adapting to a new landscape where its primary adversary is a machine, not a foreign agent.

Meyerriecks, speaking to CNN after the conference, said other countries have relied on AI to track enemy agents for years. She went on to explain the difficulties encountered by current CIA spies trying to live under an assumed identity in the era of digital tracking and social media, indicating the modern world is becoming an inhospitable environment to human spies.

But the CIA isn’t about to give up...

Today’s spies have the same problem as yesterday’s: the need to be invisible. What’s changed is the adversary. Instead of fooling people with fake documents and well-told lies, agents have to fool computers capable of picking out a single face in a crowd.

According to Meyerriecks at least 30 countries have the capability to do this with current CCTV camera systems...

We’ve always thought spies, like James Bond, had the coolest gadgets. Now they’re being replaced by them. more

Politician: His Office Was Bugged and I am Really Pissed

Ghana - Maverick Politician and Member of Parliament for Assin South, Ken Agyapong has said he would have shot to death the Security Coordinator of Metro Mass Transit (MMT) Company if he were to be the Managing Director, Bennet Aboagye...

The Security Coordinator, Fusseini Lawal Laah has confessed to bugging the office of the MMT Boss, Bennet Aboagye by secretly installing a recording device.

“The Security Coordinator had the confidence to go and meet with the National Security Coordinator and other big men and has confessed that he bugged the MD’s office. What is going on in this country, and you entertain such person, that guy has to be arrested. He bugged the office and has transcribed all the recording and he’s moving about with it. The guy, I’m warning him, if this country were to be America, they would have taken care of him easily," Ken Agyapong said. more

Corporate Espionage: Spying on X-Ray Machines

A mysterious hacking group has been spying on the healthcare sector by going as far to infect computers that control X-ray and MRI machines with malware.

Fortunately, sabotage and patient data collection doesn't appear to be a motive behind the hacking. The attackers were probably focused on corporate espionage and studying how the medical software onboard the computers worked, the security firm Symantec said on Monday.

Evidence shows that the hackers were focused on collecting data about the infected computers and their networks. DiMaggio speculates this may have been done to learn how to pirate the medical software onboard. more

Digital Assistants: The Eavesdropping Attacks Begin

It's important not to overstate the security risks of the Amazon Echo and other so-called smart speakers. They're useful, fun, and generally have well thought-out privacy protections.

Then again, putting a mic in your home naturally invites questions over whether it can be used for eavesdropping—which is why researchers at the security firm Checkmarx started fiddling with Alexa, to see if they could turn it into a spy device. They did, with no intensive meddling required.

The attack, which Amazon has since fixed, follows the intended flow of using and programming an Echo. Because an Echo's mic only activates to send sound over the internet when someone says a wake word—usually "Alexa"— the researchers looked to see if they could piggyback on one of those legitimate reactions to listen in. A few clever manipulations later, they'd achieved their goal...

There are clear limitations to this eavesdropping approach. It would only have given attackers transcriptions, not audio recordings, of a target's conversations. more

Our advice to clients, "Keep these things out of offices and conference rooms where confidential discussions are held." ~Kevin

Saturday, April 21, 2018

Friday, April 20, 2018

FutureWatch: Coming Soon to a Surveillance Van Laptop Near You? EarthNow

Of interest to anyone in surveillance, anyone...

EarthNow LLC announces intent to deploy a large constellation of advanced imaging satellites that will deliver real-time, continuous video of almost anywhere on Earth...

According to EarthNow’s founder and CEO, Russell Hannigan, “EarthNow is ambitious and unprecedented, but our objective is simple; we want to connect you visually with Earth in real-time...

EarthNow represents a dramatic leap forward in capability compared to other Earth observation satellite systems which deliver pictures and sometimes video clips to users many minutes, hours and even days after they are requested. Hannigan said, “With existing systems, users can see only what has happened in the past. With EarthNow’s constellation of satellites, you will see events unfold as they happen in real-time.” ...

Initially, EarthNow will offer commercial video and intelligent vision services to a range of government and enterprise customers...

In parallel, EarthNow plans to create compelling “live Earth video” mass market applications that can be accessed instantly from a smartphone or tablet. “We are excited by the prospect of giving everyone a stunningly-beautiful real-time window on your world from space. With EarthNow, we will all become virtual astronauts,” said Hannigan. more

What is the resolution?

"The native video resolution, combined with image enhancement techniques, is designed to enable event monitoring and tracking applications consistent with existing and future customer requirements." hummmm

Quote of the Week - Made-in-China Warning

From the Congressional study: Supply Chain Vulnerabilities from China in U.S. Federal Information and Communications Technology - APRIL 2018

"The supply chain threat to U.S. national security stems from products produced, manufactured, or assembled by entities that are owned, directed, or subsidized by national governments or entities known to pose a potential supply chain or intelligence threat to the United States, including China. These products could be modified to (1) perform below expectations or fail, (2) facilitate state or corporate espionage, or (3) otherwise compromise the confidentiality, integrity, or availability of a federal information technology system." more

Detective Science: Fingerprinting Text to Discover Data Leakers

Fingerprinting text; the ability to encode hidden data within a string of characters opens up a large number of opportunities.

Spybuster Tip: For example, someone within your team is leaking confidential information but you don’t know who. Simply send each team member some classified text with their name encoded in it. Wait for it to be leaked, then extract the name from the text — the classic canary trap.

Here’s a method that hides data in text using zero-width characters. Unlike various other ways of text fingerprinting, zero width characters are not removed if the formatting is stripped, making them nearly impossible to get rid of without re-typing the text or using a special tool. In fact you’ll have a hard time detecting them at all – even terminals and code editors won’t display them. more

Thursday, April 19, 2018

Denny Hatch is Pissed at 451 Privacy Sucking Companies... under one roof!

Denny Hatch* warns... Verizon's OATH is a consortium of 451 "marketing partners" engaged in massive snoop operations to steal every scintilla of data about you, your family, your children, friends, business associates, enemies, even your pets.

Click to enlarge.
Up for grabs: your most intimate secrets, correspondence, searches, downloads, purchases, trysts, travels, travails and browsing.

Any and all Internet intercourse by and about you is captured and spread...

For 27,679 words describing the details of Oath, click here.
Be sure to click on all permutations. more

* Denny's Note to Readers: May I send you an alert when each new blog is being published? If so, kindly give me the okay by sending your First Name, Last Name and e-mail to me. I guarantee your personal information will not be shared with anyone at any time for any reason. I look forward to being in touch! Cheers!