Tuesday, January 30, 2018

The Allentown Wiretap Tapes

If you have never listened to a wiretap, you might find this interesting...

Wiretaps from the Allentown City Hall corruption case.

TSCM: African Union Headquarters China Built Found To Be Bugged

China has again been accused of state-sponsored espionage after several information backdoors were discovered in the African Union (AU) headquarters it built in the Addis Ababa, the capital of Ethiopia.

The AU is a bloc of the 55 countries in Africa, where China has been trying to spread it’s influence in quest of the natural resources the continent holds. As part of it’s African outreach, China had financed and built the AU headquarters at a cost of $200 million in 2012. The building was inaugurated with much fanfare as a symbol and was meant to be a symbol of Chinese-African partnership.

However, an investigation by the French newspaper Le Monde has revealed that data from the servers in the AU headquarters was being transferred to Shanghai every night since the last five years, starting 2012. A followup sweep of the building led to the discovery of microphones embedded in desks and walls of the building revealing major cracks in the building’s security.

The AU has since replaced the Chinese machines with it’s own servers and is moving to encrypt it’s data and communications. more

Secret Surveillance Of Fox News Women Changing Clothes Alleged

Former Fox News star Andrea Tantaros is alleging that the network's former chair and CEO, Roger Ailes, secretly watched female hosts changing clothes on company surveillance equipment and that the conservative channel spied on employees' electronic devices.

Tantaros made the claims in a proposed amended complaint she filed in US District Court on Monday as part of a nine-month lawsuit against her former employer.

Tantaros, who is now representing herself in the legal matter, said Ailes had a CCTV system that allowed him to see inside Fox News offices: "Fox offices are where most Fox female talent, including Ms. Tantaros, disrobed daily from their regular clothing into their on-air attire, sometimes multiple times a day... Upon information and belief Ailes was surreptitiously recording, both through audio and with hidden cameras, Tantaros (and others)." more

Corporate Alert...
If you do not have a Recording in the Workplace Policy and conduct periodic inspections of Expectation of Privacy areas, you are at risk. Get these two elements into your security program. Start here.

Monday, January 29, 2018

Dutch Treat, or Watching the Spies Spy

According to a report in the Dutch newspaper de Volkskrant, the General Intelligence and Security Service of the Netherlands (AIVD)—the Netherlands' domestic intelligence service—had hacked into the network of a building at a Russian university in Moscow some time in the summer of 2014. The building housed a group running a hacking campaign now known as "Cozy Bear," one of the "threat groups" that would later target the Democratic National Committee.

AIVD's intrusion into the network gave them access to computers used by the group behind Cozy Bear and to the closed-circuit television cameras that watched over them, allowing them to literally witness everything that took place in the building near Red Square, according to the report. Access to the video cameras in a hallway outside the space where the Russian hacking team worked allowed the AIVD to get images of every person who entered the room and match them against known Russian intelligence agents and officials.

Based on the images, analysts at AIVD later determined that the group working in the room was operated by Russia’s Foreign Intelligence Service (SVR). An information and technology sharing arrangement with the National Security Agency and other US intelligence agencies resulted in the determination that Cozy Bear’s efforts were at least in part being driven by the Russian Federation’s leadership—including Russian President Vladimir Putin. more

So, how do you feel about the security of your security cameras now?

Friday, January 26, 2018

Austria - Bugging, break-in at far-right leader's office.

The office of Austrian far-right leader and vice chancellor Heinz-Christian Strache was broken into this week, shortly after bugging devices were discovered there, and a criminal inquiry has been launched, prosecutors said on Thursday...

The spokesman said the electronic surveillance devices had been discovered last week behind a mirrored wall by intelligence service specialists. “This was a routine check after moving into a new office,” he said.  more

Routine checks can pay off big-time.

Better Secure Voice over Internet - Novel Solution

Researchers at the University of Alabama at Birmingham have developed a novel method to better protect Crypto Phones from eavesdropping and other forms of man-in-the-middle attacks.
Crypto Phones consist of smartphone apps, mobile devices, personal computer or web-based Voice over Internet Protocol applications that use end-to-end encryption to ensure that only the user and the person they are communicating with can read what is sent. In order to secure what is being communicated, Crypto Phones require users to perform authentication tasks.

Research has shown that these tasks are prone to human errors, making these VoIP applications and devices highly vulnerable to man-in-the-middle and eavesdropping attacks... more

A long, technical, interesting read.

Extra Credit... The 4 Best Phones for Privacy & Security

Wednesday, January 24, 2018

Tinder Hackers May Find Out How Desperate You Are

Eavesdroppers could be able to peek in on mobile flirts.

A lack of security protections in Tinder's mobile app is leaving lonely hearts vulnerable to eavesdropping.

That's according to security biz Checkmarx this week, which claimed Android and iOS builds of the dating app fail to properly encrypt network traffic, meaning the basic actions of peeps looking to hookup – such as swipes on profiles – could be collected by anyone on the same Wi-Fi or carrying out similar snooping. more

Monday, January 22, 2018

"I'm sorry, Dave. I'm afraid I can't do that."

Logitech's $180 Circle 2 wired security camera is easy to set up and works with Amazon Alexa, Apple HomeKit and Google Assistant for a wide variety of smart home/voice control applications.


Sunday, January 21, 2018

White Marsh Mall Spycam Man Suspect Charged - Day job... runs business that installs security cameras.

Baltimore County police say they are analyzing electronic items seized from the Abingdon home of a man charged with secretly recording people in a bathroom at White Marsh Mall.

The suspect, 40-year-old Mussawwir Sterrett, is general manager of a company that provides technology services including security camera installation, police said.

Sterrett is accused of placing a small camera, pointed toward a toilet, in the family bathroom near the mall’s food court on Dec. 23. The camera recorded 11 people, both children and adults, according to police spokeswoman Officer Jennifer Peach.

Sterrett faces charges of “peeping Tom” and visual surveillance with prurient intent. more

Vineyard Owners Arrested for Eavesdropping... didn't hear it through the grapevine.

The owners of a Monroe County winery accused of recording customers and employees without their knowledge say they were surprised by their arrests and subsequent criminal charges.

Randy and Linda Rice, who own and operate Mountain View Vineyards in Hamilton and Jackson Townships, were arrested Thursday and charged with interception of oral communications and possession of devices utilized to surreptitiously record oral communications.

The Monroe County District Attorney's Office said it was tipped off in December that there was illegal wiretapping at the winery part of the business at 2332 Walters Road in Hamilton Township.

Detectives on Thursday found wireless surveillance cameras in the new winery, but no signs indicating the cameras were recording video and audio. Prosecutors say only two employees knew audio was being recorded and monitored. more sing-a-long

Economic Espionage, Theft of Trade Secrets - 5 Year Sentence

A former software engineer for IBM in China has been sentenced to five years in prison for stealing the source code for highly valuable software developed by the tech company, the U.S. Justice Department announced Friday.

Xu Jiaqiang, 31, was sentenced Thursday by a federal judge in White Plains, New York, months after he pleaded guilty to three counts of economic espionage and three counts of theft, possession and distribution of trade secrets. 

Prosecutors said Xu stole the source code for computer performance-enhancing software while working for IBM from 2010 and 2014, with the intent to benefit China's National Health and Family Planning Commission.

Acting Assistant Attorney General Dana J. Boente of the Justice Department's national security division said the agency “will not hesitate to pursue and prosecute those who steal from American businesses.” Xu, a Chinese national, “is being held accountable for engaging in economic espionage against an American company,” Boente said in a statement. more

PI Sued for Planting Tracking Device... on a politician's pick-up truck.

An Oklahoma lawmaker who found a tracking device attached to his pickup truck last month is suing a private investigation company and an investigator who works for the company over the device.
Click to enlarge.
 Discovery of the tracking device has shocked Oklahoma politicians, who are wondering who was spying.

Rep. Mark McBride, a Republican from the Oklahoma City suburb of Moore, is suing Eastridge Investigations and Asset Protection and Eastridge investigator H.L. Christensen for unspecified damages of more than $10,000, according to an attorney for Eastridge. more

Tuesday, January 16, 2018

Hawaiian Emergency Management - Passwords on Post-it Notes on Computer Screens

The Hawaii Emergency Management false alarm mess was not caused by pressing the wrong button. It was caused by poor design.

Ever select the wrong thing from a drop-down menu? Sure, it happens all the time.

The Washington Post reports...
The menu, which triggers alerts, contains a jumble of options, ranging from Amber alerts to Tsunami warnings to road closures. Some of them, such as “High Surf Warning North Shores,” are in plain English.

Others, including the one for a missile attack, “PACOM (CDW)-STATE ONLY,” use shorthand initials. (PACOM refers to the United States Pacific Command based in Hawaii.)

And the menu contained no ballistic missile defense false alarm option — which has now been added at the top of the image, marked up by officials for explanatory purposes. more
1. Separate the messages into smaller groups: Routine Tests | Advisories | Life Threatening
2. Drop the jargon. Say what you mean, clearly.
3. Do not use instant-select dropdown menus.
4. Use radio buttons to select the message, plus a CONFIRMATION and CANCEL button to activate the selected alert, or not. Two extra seconds of thought can prevent a lot of mistakes.

If you need help with design, call on the master, John McWade. He can teach you.

And, what's with posting the passwords to an emergency management computer screen?!?!
If the personnel can't memorize a password as lame as this, they shouldn't be allowed anywhere near a keyboard. more

Password: Warningpoint2

Monday, January 15, 2018

Spy Drone Filming - Detection Method Developed

The first technique to detect a drone camera illicitly capturing video is revealed in a new study published by Ben-Gurion University of the Negev (BGU) and Weizmann Institute of Science cyber security researchers.

The study addresses increasing concerns about the proliferation of drone use for personal and business applications and how it is impinging on privacy and safety.

In a new paper, "Game of Drones - Detecting Captured Target from an Encrypted Video Stream," the researchers demonstrate techniques for detecting if a targeted subject or house is being recorded by a drone camera. "The beauty of this research is that someone using only a laptop and an object that flickers can detect if someone is using a drone to spy on them," says Ben Nassi... more video

"Listening In: Cybersecurity in an Insecure Age" (book)

A cybersecurity expert and former Google privacy analyst’s urgent call to protect devices and networks against malicious hackers​.

New technologies have provided both incredible convenience and new threats. The same kinds of digital networks that allow you to hail a ride using your smartphone let power grid operators control a country’s electricity—and these personal, corporate, and government systems are all vulnerable.

In Ukraine, unknown hackers shut off electricity to nearly 230,000 people for six hours. North Korean hackers destroyed networks at Sony Pictures in retaliation for a film that mocked Kim Jong-un. And Russian cyberattackers leaked Democratic National Committee emails in an attempt to sway a U.S. presidential election.

And yet despite such documented risks, government agencies, whose investigations and surveillance are stymied by encryption, push for a weakening of protections. In this accessible and riveting read, Susan Landau makes a compelling case for the need to secure our data, explaining how we must maintain cybersecurity in an insecure age. more

Saturday, January 13, 2018

Ikea Spying Trial Recommended by French Prosecutors

French prosecutors are recommending that Ikea France and 15 people, including police officials, be put on trial on charges of spying on employees and customers.

Three former senior Ikea executives including two ex-chief executive officers (CEOs) are among those charged after an investigation that dates back to 2012. more

40 Second Spy Chase... commercial

Creepy Peeper Spied 1000+ Computer Mics and Cameras... for 13+ years!

The technical description of the “Fruitfly” malware is “spyware.” But given the way it has allegedly been used, a better label would be creepware...

According to a 16-count indictment unsealed on Wednesday in US District Court for the Northern District of Ohio, its creator, Phillip R. Durachinsky, 28, used it to spy on thousands of victims for more than 13 years. Durachinsky spent this time not only collecting personal data but also watching and listening to victims through their webcams and microphones, and using some of what he collected to produce child abuse imagery...

The victims ranged from individuals to companies, schools, a police department and government entities including one owned by a subsidiary of the US Department of Energy.

According to the DoJ:
(It) enabled him to control each computer by accessing stored data, uploading files, taking and downloading screenshots, logging a user’s keystrokes, and turning on the camera and microphone to surreptitiously record images and audio.

(He) used the malware to steal the personal data of victims, including their logon credentials, tax records, medical records, photographs, banking records, internet searches, and potentially embarrassing communications.
It said he saved millions of images, kept detailed notes on what he observed, and designed it to alert him if a user typed words associated with pornography. more

Spycam Found in Mall Family Restroom

MD - Authorities say a man set up a spy camera that recorded both children and adults in the family restroom of a Baltimore-area mall.

The Baltimore Sun reports a patron at White Marsh Mall found the camera Dec. 23, and the incident was made public Thursday, when Baltimore County police released footage of the suspect. The camera was found at a restroom located near the food court. more

Like most spycamers, this guy gets our Darwin Award... for taking a video of himself while installing the camera. 

Do you offer restrooms to employees, visitors and the public. A spycam incident will put you at risk of being sued. Proactive due diligence is your best defense. Click here for the complete solution.

Telephone Eavesdropping Prevention - Then and Now

1920's - Hush-A-Phone...
Click to enlarge. Video. More.
2018 - Hushme...

1960 v 2018...

Thursday, January 11, 2018

TSCM History: Wiretapped Phone Found at Nuclear Regulatory Commission’s Predecessor

According to the FBI file, a few months before it was abolished, a bug was discovered in the Honolulu offices of the Atomic Energy Commission. The device would not only let someone listen in on phone calls, but any conversations held around the phone - even when it wasn’t in use.

According to the file, the bug was discovered by one Lt. Colonel Harry Tear Jr., assigned to Army counterintelligence at Fort Shafter. While performing a regular electronics sweep in June of 1974, Tear discovered a modification to the phone of Williams Hills, who was the Director for the Atomic Energy Commission’s Pacific Area Support Office, reporting to the Nevada Operations Office.

When it was discovered, the phone wasn’t being used to monitor the room. The file notes, however, that it easily could be. When connected, the phone wouldn’t just transmit the conversation being held, but every conversation in the room that happened to be in range of the phone’s receiver. They were unable to determine when it had been installed or how often it had been used, but noted that the wiring appeared to have been done professionally. They were also able to confirm that the device could pick up conversation in the room in practice, not just in theory...
And now for some good advice if you find an electronic surveillance device...
...Simply knowing what information has gotten out does little good without an idea of who will have it, and it’s next to impossible to judge how information will be used without knowing who has it. This is one of the primary reasons for law enforcement to leave a bug in place. While counterintelligence officers would also be interested in the same information, a clever officer or group of officers would use the bug as a way of feeding the listener specific information and misinformation in order to manipulate them in various ways. more

Wednesday, January 10, 2018

Krebs Arraigned for Wiretapping (Joshua, not our esteemed Brian.)

What a teacher's lounge should look like.
Pleasant Valley School District Director of Support Services Joshua Krebs was arraigned on wiretapping charges...

Court papers allege Krebs electronically eavesdropped on conversations in the elementary school faculty break room in April 2016...

On April 5, 2016, it is alleged that Krebs, with the assistance of Pleasant Valley School District Technology Supervisor Alex Sterenchock planted a video and audio recording device in the teacher’s lounge, in order, Krebs later said, to catch a custodial staff member in dereliction of their duties.

The device, was discovered a day later, positioned to capture audio and video in the seating area of the lounge. more

Tuesday, January 9, 2018

The Case of the Spying Judge, or Your Honor's Poor Judgement

Two state judges have sued the New Mexico Judicial Standards Commission, demanding secret surveillance recordings they say were made by another judge who was spying on them.

Plaintiffs Trudy Reed-Chase and Barry Sharer are magistrate court judges in Aztec, New Mexico, the seat of San Juan County. Aztec, a town of about 6,000 is in a remote area of northeastern New Mexico. The nearest large town is Farmington.

Reed-Chase, Sharer and nine other court employees sued Magistrate Court Judge Connie Lee Johnston, her husband and sister-in-law and the state in February 2016, claiming that Johnston had planted listening devices around the Aztec Municipal Courthouse, including in the offices of Reed-Chase and Sharer. They claimed that electronic surveillance equipment also was placed in the court manager’s office and other workspaces, in inmate holding facilities and in at least one bathroom. more

One Million License Plates Misread by Spy Cameras in UK... every day!

UK - A network of ‘Big Brother’ spy cameras is misreading 1.2million number plates a day – meaning innocent motorists could be caught up in police investigations while criminals and terrorists escape scot-free.

A bombshell report by Britain’s surveillance tsar has warned of problems with Automatic Number Plate Recognition (ANPR) technology, which senior officers insist is invaluable in preventing and solving serious crimes

Around 9,000 cameras across the country take photos of up to 40million number plates each day. more

Unresolved Bugging of Employees Haunts Accused CEO

The newly-appointed acting CEO of the Passenger Rail Association of South Africa (Prasa), Cromet Molepo, was facing disciplinary proceedings for bugging telephones — including that of a senior shop steward — when he resigned as the head of Umgeni Water... attorney Julian von Klemperer,  was tasked by the board to investigate the phone tapping allegations.... The “bugging” scandal received widespread publicity at the time... Von Klemperer found that the telephones of three people — two former employees and the shop steward — were bugged on the instructions of Molepo...
Payments — totaling R51 000 — for the illegal surveillance were made through an attorney’s office in order to conceal them. When the attorney discovered the truth, he withdrew his services and blew the whistle. more

Reward if Found?

Lost in Space: Highly Classified Spy Satellite

An expensive, highly classified U.S. spy satellite is presumed to be a total loss after it failed to reach orbit atop a Space Exploration Technologies Corp. rocket on Sunday, according to industry and government officials.

Lawmakers and congressional staffers from the Senate and the House have been briefed about the botched mission, some of the officials said. The secret payload—code-named Zuma and launched from Florida on board a Falcon 9 rocket—is believed to have plummeted back into the atmosphere, they said, because it didn’t separate as planned from the upper part of the rocket. more

What Becomes of Industrial Espionage?

Ever wonder what happens to all the intellectual property that is collected by corporate espionage snoops? An article in Wired Magazine gives some clues in Tesla's Latest Chinese Competitor Takes Screens to an Extreme...

Chinese car startup Byton unveiled an SUV... if the company manages to sell for the quoted $45,000 price, will excite people who can’t wait for a Tesla Model 3...

What’s significant here is they seem to have done a thorough job of answering all the questions,” said Stephanie Brinley, Senior Analyst at IHS Markit, as we pushed through the crowds trying to take pictures of the crazy interior through the windows. “They seem to have learnt from some of the others who had more ideas, and less detail.”...

The SUV should be good for over 300 miles of range from a 71- or 95-kwh battery back, quite similar to what Tesla offers. The battery can be fast charged to 80 percent in 30 minutes, totally plausible with current technology. It will come with single, or dual motors, just like Tesla cars.
Ostensibly, this is an article about a new car, but the espionage undertones are obvious.

Keep an eye out to see where your intellectual property is popping up. Better yet, keep an eye out for the easiest-to-spot, early warning sign you are under attack, electronic eavesdropping.

Smart businesses conduct regularly scheduled Technical Surveillance Countermeasures bug sweeps, aka TSCM. It's a standard security practice. You can learn more about it, here.

Sunday, January 7, 2018

Corporate Espionage Alert - Whale Phishing in 2018

Phishing scams are becoming ever more sophisticated...

We need to focus on people patching and the human firewall,” said Anthony Dagostino, global head of cyber risk at Willis Towers Watson. “This requires more effective training and awareness campaigns to make sure people aren’t clicking on things...

We will see more whale phishing in 2018, where cyber criminals will target individuals based on things like their LinkedIn or Facebook profiles,” Dagostino told Insurance Business. “General counsel, chief financial officers and even board members are being very specifically targeted just for hackers to get certain information they have.

“It doesn’t necessarily have to be for a data breach – it’s really corporate espionage driven. They either want to get information on an up-coming acquisition, or future business plans that they can use for insider trading.” more

UPDATE - PA State Police Investigating Possible Wiretapping... of them.

A New Milford man suspected of listening in to phone calls in the Gibson barracks had an assault-style rifle and bombs at home, state police said.  

Nathan J. Grover, 28, 512 Old Route 11, is sought on charges of weapons of mass destruction, prohibited weapons and drug-related crimes. Capt. Christopher Paris, commander of Troop R, which includes the Gibson barracks, confirmed Friday that Grover was not in custody.

State police became aware that Grover, who worked for North-Eastern Pennsylvania Telephone Co., may have been using his position to listen to phone calls at the Gibson barracks, according to a criminal complaint filed Thursday by Sgt. Michael Joyce...

Anyone with information on his whereabouts should contact the Gibson barracks at 570-465-3154. more

Amazon Echo ‘Drop In’ Feature - Easy Eavesdropping?

As voice-based “personal assistants” are becoming ubiquitous in modern, connected American homes, so is the feeling they might be listening in on people when they least expect it or want it.

Amazon Echo, Dot and Show users know that Alexa is always listening. With a simple command she can turn on your lights, play music and even order pizza.

But do you know who else might be listening in to everything going on in your home? more

Saturday, January 6, 2018

Workplace Spycam Man Pleads Guilty

PA - A Douglass man faces court supervision after he admitted to invading the privacy of a female co-worker by planting a camera under her desk and recording her at their Montgomery Township workplace.

Anthony Joseph DePaul, 35, of the 100 block of Chalet Road, was sentenced in Montgomery County Court to four years’ probation after he pleaded guilty to misdemeanor charges of invasion of privacy in connection with the incidents...

Lens on a typical key-fob spy camera.
The device was attached to the bottom of her desk with Velcro and was pointed in the direction of her chair,” Montgomery Township Police Officer James T. Matlack alleged in the criminal complaint...

The device, which was provided to police, was small with a lens at one end, court documents indicate...several employees stated they had observed DePaul near the desk of the female victim in the weeks leading up to the discovery of the camera...

When detectives interviewed DePaul about the matter he admitted to placing the camera under the woman’s desk four to five times and to recording the victim as she sat at her desk, according to the criminal complaint. more

Friday, January 5, 2018

Counter-Espionage For Business Travelers Course

The Counter-Espionage for Business Travelers Course is a two-day seminar designed to educate those individuals in your organization who may become targets of espionage, whether knowingly or unknowingly, from an economic competitor or a hostile intelligence service.

Unfortunately, most business travelers are untrained, and thus unprepared, to handle even the most common espionage tactics, such as:
  • Elicitation
  • Bribery
  • Blackmail
  • Extortion
  • Electronic Surveillance
  • Electronic Exploitation
  • Physical Surveillance
  • Hotel/Office Covert Intrusions
A small sample of the topics covered include:
  • Economic vs. Industrial Espionage
  • Foreign Intelligence Collection Methods
  • How to Recognize Elicitation and Recruiting Techniques
  • Operational Security (OPSEC) Awareness
  • Communication Security (COMSEC) Awareness
  • Data Attack and Intrusion Methodologies
  • How to become an "Invisible Traveler"
  • Surveillance Detection Techniques
If you can't go for the course, at least go for some good books on the subject:

Among Enemies: Counter Espionage for the Business Traveler by Luke Bencie.

Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World by Edward L. Lee

Court Rules: Agricultural Spying is Free Speech

A federal appeals court panel says Idaho’s ban on spying at farms, dairies and slaughterhouses violates free speech rights. 

The 9th U.S. Circuit Court of Appeals on Thursday ruled that sections of the law illegally targeted free speech and investigative journalism. However, the panel also ruled the law correctly criminalized those who made false statements to obtain records at an agricultural facility.

Idaho lawmakers passed the law making it a crime to surreptitiously videotape agriculture operations in 2014 after the state’s $2.5 billion dairy industry complained that videos of cows being abused at a southern Idaho dairy unfairly hurt their businesses. more

Digital Spying And Divorce In The Smartphone Age

Typical magnetic mount GPS tracker.
...from a lengthy, well written, NPR report...

It was the summer of 2016, and M was worried her ex-husband was stalking her. She would get out of town and stay with friends. But, as she noted in court documents, her ex seemed to know exactly where she was and whom she visited — down to the time of day and street...

Welcome to divorce in the 21st century — when what it means to be safe and how much privacy you're entitled to are open questions.

M's case is not unique. NPR talked with dozens of marital experts. They say digital spying is changing divorce as we know it. The tools are abundant. Clients use it in an effort to stay in control after a separation or to gather evidence of extra-marital affairs or drug abuse. But the laws are murky, and law enforcement is lagging far behind. more

Multiple Bathroom Spy Cameras = 30 Days in Jail

Typical air freshener spy camera.
A man charged after “multiple covert and hidden” cameras were found inside bathrooms of a Maine vacation home he rented with family and friends has been sentenced to 30 days in jail.

Joseph J. McGrath, 32, of East Longmeadow, Mass., was charged in September with 10 counts of violation of privacy after police in York were called to the home, where hidden cameras – some disguised as air fresheners – were found in four bathrooms, according to the York Police Department...

The cameras allegedly placed by McGrath targeted both children and adults staying at the home while on vacation with him, police said. more

Thursday, January 4, 2018

The White House West Wing Bans Personal Mobile Phones

The White House is banning its employees from using personal mobile phones while at work in the West Wing... White House chief of staff John Kelly imposed the ban, citing security concerns...

There are too many devices connected to the White House wireless network, and personal phones aren’t as secure as those issued by the federal government, said an official who spoke on condition of anonymity to discuss an internal White House matter.

Aides who opposed the ban said they cannot use their work phones for personal use, and that work phones can’t accommodate texting. They believe the ban will be a hardship because texting is often the easiest way for their families to reach them in the middle of a busy day of meetings. more

"How are they going to enforce that!" I hear you say. 
 Most likely with AirPatrolTM for Security

TV Producer Accused of Using Unauthorized Camera

NY - A Pleasantville CNBC-TV producer accused of spying on his teenage nanny with a secret camera he placed in the bathroom of his home is due to appear in village court Tuesday evening.
From a Walmart on-line ad.
Dan Switzen, 44, who was arrested by Pleasantville Police in November, allegedly hid a camera inside a tissue box on the counter of the bathroom, according to authorities.

The camera was discovered when his 18-year-old live-in nanny and two friends discovered the camera and took it to police. more

PA State Police Investigating Possible Wiretapping... of them.

PA - Newswatch 16 has learned state police in Susquehanna County have been investigating a possible case of eavesdropping on their own barracks.

The man they've been investigating was one of the lead network techs at the phone company until recently.

At the Gibson state police barracks in Susquehanna County, all kinds of calls come in and out, and many of the phone conversations relate to active criminal investigations.

Back in September, troopers were investigating an alleged assault at Nathan Grover's home near New Milford. That's when someone told them Grover, 28, a self-proclaimed hacker, was eavesdropping on state police...

There are questions over two suspicious "trouble tickets" found during NEP Telephone's internal investigation. One was a request that didn't come from troopers that could essentially route a phone call made to state police anywhere.

Another was trouble on a phone line registered to a man near Nicholson that somehow was connected to the Gibson barracks account. more

Wednesday, January 3, 2018

Counterespionage Tip # 022: The Encryption & Password Mistake

An excerpt from the Forever 21 press release last week...
...After receiving a report from a third party in mid-October 2017 suggesting there may have been unauthorized access to data from payment cards that were used at certain Forever 21 stores, we immediately began an investigation. We hired leading payment technology and security firms to assist. The investigation determined that the encryption technology on some point-of-sale (POS) devices at some stores was not always on... more
The setting to enable encryption may never have been set to on. If it was, the setting may not have been password protected, thus allowing the encryption to be turned on and off.  Costly mistakes.

This happens frequently on devices which are introduced after the initial set-up of similar devices. It's similar to the not changing the default password syndrome.

Counterespionage Tip # 022: When installing new devices:
  1. Change the default password.
  2. Review all the settings. Turn off all the eavesdropper and espionage friendly settings.
  3. Pay particular attention to security-related settings.
  4. Enable encryption.
  5. Change the administrator's password if the device has one.
  6. Deter physical access to internal memory and components using security tape. Check often for tampering.
Removing an unencrypted printer drive for covert duplication.
Murray Associates case history photo.
You may be surprised how many devices offer password protection and encryption these days...
  • Point-of-sale (POS) devices.
  • Wi-Fi Access Points.
  • Audio and video teleconferencing equipment.
  • Networked print centers.
  • Stand-alone printers with Wi-Fi capabilities.
  • VoIP telephone systems.
  • Interactive white boards.
  • Fax machines with memory vaults.
  • Computers, tablets, mobile phones.
  • Manufacturing equipment.
  • Medical devices.
  • CCTV cameras and recording systems.
Your list of vulnerable devices may have additional items. All are hacker/espionage/criminal catnip. 

Security settings on items in your environment should be checked periodically. A knowledgeable Technical Surveillance Countermeasures (TSCM) team can do this for you. It should be part of their inspection for electronic surveillance devices and information security loopholes. 

If you don't have a TSCM team already, or are not sure of their capabilities, give me a call. ~Kevin

Carl Størmer - 1890's Spy Cam Man

These days, when it's so easy to sneak a hidden photo with your phone, we can forget just how unusual candid photography was during the 19th century. 

With technological limitation, our first photographs are mainly seated posed images that somehow give the impression that everyone in the 1800s was elegant and composed. But, thanks to one clever Norwegian student, we have a hidden glimpse of life in the 1890s.

Carl Størmer (1874-1957) was a young student of mathematics when he purchased his first hidden camera. It was so small that the lens fit through the buttonhole in his vest with a cord that led down to his pocket, allowing him to secretly snap away.

In his biography for the Fellows of the Royal Society, he revealed it was actually a secret crush that led him toward photography. “When he was a young man at Oslo University he fell in love with a lady whom he did not know and with whom he was too bashful to become acquainted,” writes his biographer. “Wishing at least to have a picture of her, he decided that this was possible only by taking a photograph of her himself, without her knowing.more

Tuesday, January 2, 2018

Stop Your Apps from Spying on Your TV Viewing

That innocent-looking mobile game you just downloaded might just have an ulterior motive. Behind the scenes, hundreds of different apps could be using your smartphone's microphone to figure out what you watch on TV, a new report from The New York Times reveals...

Basically, a bunch of apps with innocuous names like "Pocket Bowling 3D" include extra software that's designed to listen for recognizable audio from your TV, including specific shows and commercials...

All of these apps need to get your permission before they can record in the background. So the easiest way is just to deny that permission. However, it's possible that you might approved the request without realising it, or your kid might do it while playing with your phone. In that case, switching it off is pretty easy...

Just head into Settings on your device and check the permissions for the app in question. If the app has microphone access when it doesn't need to (why would a bowling game need to use your microphone?), just toggle that permission off. more

Ex-DA Disbarred for Illegal Tapping

The former Brooklyn district attorney convicted of setting up an illegal wiretap on a romantic target and forging judges' signatures to get secure cellphone warrants has been disbarred by a New York appeals panel.

The Dec. 29 order against Tara Frances Lenich comes about nine months after she admitted in New York federal court to using her position as a DA and investigator to illicitly create judicial orders authorizing cellphone intercepts.

One of her targets was reportedly a New York City Police Department detective... more

Proof 2018 will be a Great Year for TSCM Teams

The cost of eavesdropping, espionage, spying, and general snooping has gone the way of "long-distance" phone bills. For the cost of a visit to Starbucks, a few bucks can make everyone an eavesdropper, and apparently it's happening. Just look at the ad below for an FM wireless bug. China can't produce them fast enough. They are sold out! (more)

Click to enlarge.
But, fear not dear buggers, you can still obtain GSM USB charger plug bugs. Unlike the FM bug, you don't have to be somewhere nearby to listen-in. Just call it from your cell phone, anywhere in the world. (more)

Click to enlarge.
Happy New Year. Be safe... Support your favorite Technical Surveillance Countermeasures team.