Thursday, April 26, 2018

Spycam Found in Starbucks Restroom... again.

GA - Police have launched an investigation after a camera was discovered last week inside a restroom at a Starbucks store in an Atlanta suburb.
A 25-year-old customer reportedly found the device Tuesday, taped under a baby changing station.

According to a police report, the woman removed the camera and alerted the manager. The manager then notified Starbucks’ corporate office...

The manager gave the camera to police for inspection. Authorities reportedly found 25 videos stored on the camera, including several that reportedly showed people using the restroom. more

N.B. Starbucks, you and any business with restrooms really need to read this.

Wednesday, April 25, 2018

A.I. vs. Human Spies - Guess who wins

Human spies will soon be relics of the past, and the CIA knows it. Dawn Meyerriecks, the Agency’s deputy director for technology development, recently told an audience at an intelligence conference in Florida the CIA was adapting to a new landscape where its primary adversary is a machine, not a foreign agent.

Meyerriecks, speaking to CNN after the conference, said other countries have relied on AI to track enemy agents for years. She went on to explain the difficulties encountered by current CIA spies trying to live under an assumed identity in the era of digital tracking and social media, indicating the modern world is becoming an inhospitable environment to human spies.

But the CIA isn’t about to give up...

Today’s spies have the same problem as yesterday’s: the need to be invisible. What’s changed is the adversary. Instead of fooling people with fake documents and well-told lies, agents have to fool computers capable of picking out a single face in a crowd.

According to Meyerriecks at least 30 countries have the capability to do this with current CCTV camera systems...

We’ve always thought spies, like James Bond, had the coolest gadgets. Now they’re being replaced by them. more

Politician: His Office Was Bugged and I am Really Pissed

Ghana - Maverick Politician and Member of Parliament for Assin South, Ken Agyapong has said he would have shot to death the Security Coordinator of Metro Mass Transit (MMT) Company if he were to be the Managing Director, Bennet Aboagye...

The Security Coordinator, Fusseini Lawal Laah has confessed to bugging the office of the MMT Boss, Bennet Aboagye by secretly installing a recording device.

“The Security Coordinator had the confidence to go and meet with the National Security Coordinator and other big men and has confessed that he bugged the MD’s office. What is going on in this country, and you entertain such person, that guy has to be arrested. He bugged the office and has transcribed all the recording and he’s moving about with it. The guy, I’m warning him, if this country were to be America, they would have taken care of him easily," Ken Agyapong said. more

Corporate Espionage: Spying on X-Ray Machines

A mysterious hacking group has been spying on the healthcare sector by going as far to infect computers that control X-ray and MRI machines with malware.

Fortunately, sabotage and patient data collection doesn't appear to be a motive behind the hacking. The attackers were probably focused on corporate espionage and studying how the medical software onboard the computers worked, the security firm Symantec said on Monday.

Evidence shows that the hackers were focused on collecting data about the infected computers and their networks. DiMaggio speculates this may have been done to learn how to pirate the medical software onboard. more

Digital Assistants: The Eavesdropping Attacks Begin

It's important not to overstate the security risks of the Amazon Echo and other so-called smart speakers. They're useful, fun, and generally have well thought-out privacy protections.

Then again, putting a mic in your home naturally invites questions over whether it can be used for eavesdropping—which is why researchers at the security firm Checkmarx started fiddling with Alexa, to see if they could turn it into a spy device. They did, with no intensive meddling required.

The attack, which Amazon has since fixed, follows the intended flow of using and programming an Echo. Because an Echo's mic only activates to send sound over the internet when someone says a wake word—usually "Alexa"— the researchers looked to see if they could piggyback on one of those legitimate reactions to listen in. A few clever manipulations later, they'd achieved their goal...

There are clear limitations to this eavesdropping approach. It would only have given attackers transcriptions, not audio recordings, of a target's conversations. more

Our advice to clients, "Keep these things out of offices and conference rooms where confidential discussions are held." ~Kevin

Saturday, April 21, 2018

Friday, April 20, 2018

FutureWatch: Coming Soon to a Surveillance Van Laptop Near You? EarthNow

Of interest to anyone in surveillance, anyone...

EarthNow LLC announces intent to deploy a large constellation of advanced imaging satellites that will deliver real-time, continuous video of almost anywhere on Earth...

According to EarthNow’s founder and CEO, Russell Hannigan, “EarthNow is ambitious and unprecedented, but our objective is simple; we want to connect you visually with Earth in real-time...

EarthNow represents a dramatic leap forward in capability compared to other Earth observation satellite systems which deliver pictures and sometimes video clips to users many minutes, hours and even days after they are requested. Hannigan said, “With existing systems, users can see only what has happened in the past. With EarthNow’s constellation of satellites, you will see events unfold as they happen in real-time.” ...

Initially, EarthNow will offer commercial video and intelligent vision services to a range of government and enterprise customers...

In parallel, EarthNow plans to create compelling “live Earth video” mass market applications that can be accessed instantly from a smartphone or tablet. “We are excited by the prospect of giving everyone a stunningly-beautiful real-time window on your world from space. With EarthNow, we will all become virtual astronauts,” said Hannigan. more

What is the resolution?

"The native video resolution, combined with image enhancement techniques, is designed to enable event monitoring and tracking applications consistent with existing and future customer requirements." hummmm

Quote of the Week - Made-in-China Warning

From the Congressional study: Supply Chain Vulnerabilities from China in U.S. Federal Information and Communications Technology - APRIL 2018

"The supply chain threat to U.S. national security stems from products produced, manufactured, or assembled by entities that are owned, directed, or subsidized by national governments or entities known to pose a potential supply chain or intelligence threat to the United States, including China. These products could be modified to (1) perform below expectations or fail, (2) facilitate state or corporate espionage, or (3) otherwise compromise the confidentiality, integrity, or availability of a federal information technology system." more

Detective Science: Fingerprinting Text to Discover Data Leakers

Fingerprinting text; the ability to encode hidden data within a string of characters opens up a large number of opportunities.

Spybuster Tip: For example, someone within your team is leaking confidential information but you don’t know who. Simply send each team member some classified text with their name encoded in it. Wait for it to be leaked, then extract the name from the text — the classic canary trap.

Here’s a method that hides data in text using zero-width characters. Unlike various other ways of text fingerprinting, zero width characters are not removed if the formatting is stripped, making them nearly impossible to get rid of without re-typing the text or using a special tool. In fact you’ll have a hard time detecting them at all – even terminals and code editors won’t display them. more

Thursday, April 19, 2018

Denny Hatch is Pissed at 451 Privacy Sucking Companies... under one roof!

Denny Hatch* warns... Verizon's OATH is a consortium of 451 "marketing partners" engaged in massive snoop operations to steal every scintilla of data about you, your family, your children, friends, business associates, enemies, even your pets.

Click to enlarge.
Up for grabs: your most intimate secrets, correspondence, searches, downloads, purchases, trysts, travels, travails and browsing.

Any and all Internet intercourse by and about you is captured and spread...

For 27,679 words describing the details of Oath, click here.
Be sure to click on all permutations. more

* Denny's Note to Readers: May I send you an alert when each new blog is being published? If so, kindly give me the okay by sending your First Name, Last Name and e-mail to me. I guarantee your personal information will not be shared with anyone at any time for any reason. I look forward to being in touch! Cheers!

Wednesday, April 18, 2018

Butt Dialing Causes a Stink

Former state employee James Stephens, from Cedartown, Georgia, accidentally butt-dialed his boss and now he has a new job and is suing his ex-boss...

"His boss called my client's private cell phone from his own private cell phone," Guldenschuh said. "They were both at home when the conversation took place, which tangentially was work related. When the conversation ended, my client walked into the kitchen and, after a time, touched his phone and pocket-dialed his boss.

"The boss determined my client was not talking to him but listened for about 12 and a half minutes," Guldenschuh said. "James and his wife spoke about the phone call he just had with his boss. Mrs. Stevens made some unflattering comments about his boss which the boss took negatively. So the boss ended up firing my client."...

It was shortly after that that Stephens decided to sue his ex-boss for eavesdropping and invading his privacy. more

School Super Suspended over Eavesdropping on Testimony Against Him

MI - The superintendent of Hale Area Schools (HAS) is facing one felony count of eavesdropping, which is punishable by up to two years of incarceration and/or fines of $2,000...

...the HAS Board of Education placed Vannest on paid administrative leave, following allegations that he had recorded a closed session meeting of the board in a manner contrary to Michigan law.

...a formal complaint had been filed against Vannest by the parent of a student.

...the recording begins as the meeting is called into a closed session. None of the recording takes place during the “open” portion of the meeting.

Vannest’s phone was allegedly left in the room, recording the testimony of witnesses and board members’ questions to those witnesses.

The statement in support reads that it is believed that Vannest intentionally left the device in the room to record/eavesdrop on the conversation and testimony of the witnesses and teachers who were called in for the complaint filed against him.

When police interviewed Vannest, he allegedly stated that he felt the recording was gathered by himself in error. more

Senators Demand More Information About DC Mobile Snooping Devices

A bipartisan group of four Senate privacy hawks are demanding the Department of Homeland Security publish more information about the evidence of mobile snooping devices in Washington and surrounding areas.

"The American people have a legitimate interest in understanding the extent to which US telephone networks are vulnerable to surveillance and are being actively exploited by hostile actors," Sens. Ron Wyden, D-Oregon, Cory Gardner, R-Colorado, Ed Markey, D-Massachusetts, and Rand Paul, R-Kentucky, wrote in a letter Wednesday to Christopher Krebs, the top infrastructure and cybersecurity official at the Department of Homeland Security...

"These things have the capability of tracking. So, if you want to pick a person and say, let's see where they go and who they talk to during the day, that might give you just enough intelligence to make some decisions without even doing the eavesdropping," Kevin D. Murray, a counter espionage expert, told CNN in an interview. more

"Did." "Did not."

U.S. and U.K. intelligence agencies said Russian cyberattackers are targeting critical internet infrastructure to spy on Western companies and governments, the latest salvo in a diplomatic crisis that has brought relations between Moscow and the West to their lowest level in decades.

In a rare joint alert, the U.S. Department of Homeland Security, the Federal Bureau of Investigation and the U.K.’s National Cyber Security Centre said Russian state-sponsored hackers had penetrated devices and software programs world-wide, ranging from routers to switches to firewalls, in order to steal corporate secrets and conduct espionage. more


NZ - There are signs New Zealand organisations have been directly threatened by Russian state-sponsored hacking, GCSB director-general Andrew Hampton says.

"Attributing cyber incidents to particular countries is something that is carefully considered and is a step not taken lightly," he added. more

Russia denied accusations from the United States and Britain that its agents have planted malware on key components of the internet to spy on rivals, steal trade and potentially launch cyberattacks.

A Kremlin spokesman on Tuesday called the claim unfounded and "feeble." more

Monday, April 16, 2018

A Snitch on the Foreign Spy Website ...what could possibly go wrong?

China has launched a new website that allows citizens to report people they suspect of being foreign spies or separatists.

The Ministry of State Security reporting platform even offers rewards to citizens who report those who are trying to “overthrow the socialist system,” the South China Morning Post reported.

Accessible in both English and Mandarin, the website ( was launched on April 15 as part of China's National Security Education Day.

The new website details an exhaustive list of offenses that can be reported, including collusion with foreign countries, plotting to “dismember the state” and “fomenting subversion of state power” through “rumor, libel or other ways.” more

USS Pueblo & Crew Remembered 50 Years Later

USS Pueblo (AGER-2) is a Banner-class environmental research ship, attached to Navy intelligence as a spy ship, which was attacked and captured by North Korean forces on 23 January 1968, in what is known today as the "Pueblo incident" or alternatively, as the "Pueblo crisis".

The seizure of the U.S. Navy ship and her 83 crew members, one of whom was killed in the attack, came less than a week after President Lyndon B. Johnson's State of the Union address... The taking of Pueblo and the abuse and torture of her crew during the subsequent 11-month prisoner drama became a major Cold War incident...

Pueblo, still held by North Korea today, officially remains a commissioned vessel of the United States Navy. Since early 2013, the ship has been moored along the Potong River in Pyongyang, and used there as a museum ship at the Pyongyang Victorious War Museum. Pueblo is the only ship of the U.S. Navy still on the commissioned roster currently being held captive. more

PA - Fifty years ago, Frank Ginther of Bethlehem was one of scores of American sailors held captive for nearly a year after their ship, the USS Pueblo, was attacked and seized by North Korea. 

Ginther and 81 shipmates — one other in the crew of 83 died in the attack — survived months of interrogations and beatings. They were finally released after the U.S. agreed to sign a false statement saying the ship had illegally entered North Korean waters...

Today, Ginther, 74, is struggling to recover from brain surgery he underwent shortly before Thanksgiving. He is unable to speak, is being fed through a tube and requires around-the-clock care, according to a friend who is trying to raise money to help Ginther’s wife with expenses. more 

A Law to Allow Parents to Eavesdrop on their Kids

"Next bill on the floor, MI-342, The School Days Hickory Switch Act."

MI - In a 105-3 vote, lawmakers passed the bill that adds parental exemptions to Michigan’s eavesdropping prohibition. Eavesdropping is defined as overhearing, recording, amplifying or transmitting conversations intended to be private.

Under current Michigan law, snooping on a child’s phone could lead to a felony sentencing of up to two years of imprisonment.

Supporters say parents should be allowed to monitor their children’s conversations until they turn 18 to best protect them. The bill would not allow parents to monitor such conversations with the child’s attorney, a custody investigator or, if there’s a reasonable fear of danger, the other parent.

The bill now heads to the Senate. more

Business Espionage: RadRAT Hid Behind Windows... for 3 years!

Bucharest-headquartered cybersecurity company Bitdefender has flushed out "RadRAT", a powerful all-in-one toolkit for complex espionage ops that was apparently unnoticed since 2015.

This advanced remote access tool -- which offers full control over seized computers was operating since at least 2015, the company said in a statement.

The tool has been used in targeted attacks aimed at exfiltrating information, or monitoring victims in enterprises or large businesses running Windows. more

Listening In: Cybersecurity in an Insecure Age (book)

A compelling case for the need to secure our data, explaining how we must maintain cybersecurity in an insecure age.

Tufts University professor Susan Landau has a long and distinguished background in computer security and policy that includes several books on wiretapping and surveillance...

In Listening In: Cybersecurity in an Insecure Age, Landau considers the changing world in which law enforcement must operate with exceptional clarity. She begins with a brief history of cybersecurity. The first known cyberattack was in 1986, when Clifford Stoll began trying to understand a 75-cent discrepancy in computer time; he told the story in detail in his book The Cuckoo's Egg.

The next, and the first proper internet attack -- although it wasn't really intended as such -- was the 1988 Internet Worm. Despite these early warnings, Landau writes, quoting from a US government report, "security lost to convenience in the 1980s. And then it kept on losing". It wasn't until 2008 that cyber-threats began to be taken seriously. more

The Latest Office Surveillance Devices ...with 2-digit price tags

Three good reasons 
for periodic professional 
bug sweeps of your offices.

This spy recorder boasts one of the highest bit rates on the market today; crystal clear CD quality recording.

VOICE ACTIVATED - Set the device where you want it, and then forget it. It'll turn on the next time it hears sound thanks to it's voice-activation feature. When the sound stops, the covert audio recorder goes into a sleep mode to save battery life and disk space - A Complete Audio Listening / Recording Device.

PROFESSIONAL GRADE FEATURES - Date and Time Stamp | 94 Hours Recording Capacity | Long Lasting Listening "Bugging" Device / "Spy Bug" | 15 Hour Battery | Capable of recording while plugged in for charging provides unlimited covert recording of rooms offices etc.

Spy Mini USB Cable Digital Voice Recorder looks just like a USB Cable.

Also works as a regular USB Charge Cable for Android or Apple.

The spy voice recorder offers a long play recording mode.

Memory: Support Up to 32GB (Micro SD Card not Included)

Recording time:
4GB Recording up to 48 hours
8GB Recording up to 96 hours
16GB Recording up to 192 hours
32GB Recording up to 384 hours

Micro hidden camera records video in exceptional 1920X1080P HD at 30 frames per second!

✔ [SUPER MINI METAL COMPACT SMALL CAMERA] - The portable hidden nanny cam is (only) 25*25*20mm/1.0*1.0*0.8in, Finger size! It's great for recording sneaky pictures and videos without attracting attention.

✔ [EASY TO USE - Just insert the T-Flash card] (free 8GB Sandisk Included) and start recording. Use at the office, home surveillance, store, trolley, baby monitor, your pocket or on your collar with the clip provided.

✔ [MOTION DETECTION SPY CAMERA] - When motion detector mode is activated, it will record any moving objects within 3 meters of its sight. Enhanced night vision with 4pcs IR led lights for crisp display in low light conditions.


A Tale of Corporate Espionage in Silicon Valley

...The computer that was funneling information, therefore, didn’t register on the roster of machines controlled and owned by the I.T. department. This left the security team with one definitively old-school option: they literally followed the wire that ran from the server to the rogue computer.

One by one, they plucked up the tiles in the server room, followed the Cat-5 cable as it swam alongside hundreds of other cables, inside the walls, past yellow and white power wires, and through the labyrinthine office, until they found themselves at the end of the cord, which terminated inside a small closet. There, seated behind a laptop, was a young Chinese woman.

The security specialists searched her personal computer and immediately discovered more than 30 pieces of malware that were funneling information out of the servers and back to dozens of computers in China....

Spies and corporate espionage are a fixture of Silicon Valley. Employees at companies from Twitter to SpaceX have privately told me they suspect spooks work within their walls, stealing corporate secrets, plans for new technologies, or entire servers full of code to replicate back home...

The C.E.O. of one of the big tech companies in Silicon Valley once confided in me that not only was there “no question” that Russian and Chinese agents worked at the company, but that it was impossible to know who they were or prove that they were indeed foreign agents. more

Tuesday, April 10, 2018

Thumbs Down, or How to Delete Your Facebook Account Permanently

Presented as a service to our privacy conscious readers and clients...

If you are looking for how to delete your Facebook account permanently or deleting anything from your Facebook account here is a 2018 guide.

Facebook has remained the primary and most commonly used social networking platform for users across the world. At the same time, the social network giant has been in the news lately amid Cambridge Analytica scandal and for archiving personal data of users including call and text logs of its Android app users.

But, the fact is that unauthorized use of user content like posts, messages, pictures, and videos by Facebook is nothing new. However, it is a relatively new revelation that even the content that we believe is removed is actually not permanently deleted. So, what can be done in this situation? more

Monday, April 9, 2018

Dutch Treat Espionage Seriously - You Should Too

The Netherlands - The foreign affairs ministry has advised travelers to China to take ’empty’ laptops and mobile phones with them to avoid their data being compromised by the government. 

The advice was contained in a letter circulated to 165 businesses and knowledge institutions accompanying prime minister Mark Rutte on a trade mission this week.

The letter says: ‘The Chinese government will want to know everything about you and your business or organisation. You should presume that all computers and phones that enter China are constantly being monitored to obtain this information.’ 

Sources told the Volkskrant that the cabinet is taking similar precautions for trips to Russia, Iran and Turkey. The last is particularly sensitive because the country is a NATO ally. more

Spies Target US Colleges, Universities

via VOA...
Colleges and universities are not the first places most people would think to find government spies. But reporter Dan Golden said that is not the case.

“There’s an awful lot more international students, international professors at American universities. Some of them are here to gather information for their countries."

Golden recently spoke with VOA about his book “Spy Schools.” In the book, he gives examples of spying at U.S. colleges and universities. He says the free exchange of ideas and mix of cultures at universities increase the chances for spying to take place.

Charlie McGonigal leads the counterintelligence division at the Federal Bureau of Investigation in New York. He said spying at universities is a big problem.

“There’s a lot of research and development at major universities in the United States that a foreign government would look to exploit by sending students to study at these universities.” more

HACK NYC 2018 - May 8-10

May 8th - 10th Time Square, New York City
Join other information security decision makers, developers, penetration testers, cryptographers, analysts, engineers, and risk professionals. Influence the conversation and sharpen your technical skills. Bring your laptop and get your hands dirty with the latest tools and techniques.
Each training session and presentation offers attendees real-world skill building on technical topics ranging from the latest hunting strategies to malware analysis and reverse engineering processes. Visit the conference website for a full list of briefings, workshops and training sessions.
Content in support of The NIST Cyber Security Framework is aligned to five functional areas;
  • Identify - "Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities."
  • Protect - "Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services."
  • Detect - "Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event."
  • Respond -"Develop and implement the appropriate activities to take action regarding a detected cybersecurity event."
  • Recover - "Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event."
Because the difference between a hard target and a soft target … is everything.

Women Prompted Early Surveillance Photography

Click to enlarge.
Modern day surveillance photography started in Britain in 1913 with an unassuming prison van parked in the exercise yard of Holloway Prison.

We only know the occupant of the van as Mr. Barrett, a professional photographer who had been employed by Scotland Yard to snap paparazzi-style shots of the women in the yard.

His long-lens photography equipment — the purchase of which was authorized by the then Home Secretary — was rudimentary, but effective.

And who were these women Barrett was photographing? 

Members of the Women’s Social and Political Union (WSPU), also, and perhaps better, known as the suffragettes. Suffrage campaigns were ongoing in both Europe and the United States in the early part of the 20th century, with Finland being the first country to grant women the right to vote and stand for office in 1906. more