Tuesday, July 31, 2018

Corporate Espionage Alert: Deep Portrait Videos – Not Just a Government Problem

The bad actors have stepped up their game with perhaps the most potentially devastating cyber ruse of all – the high-tech “Deepfake” videos...

Deepfake videos are the residue of new internet technology that supplies almost anyone the ability to alter reality so that subjects can be manipulated to say anything the hacker wants, from the ludicrous and inflammatory to the downright incriminating...appears so real it is almost impossible to spot the bogus video.

The potential security impact of these altered videos has both the federal government and the U.S. Intelligence community on high alert...

“This started several years ago with fake videos and then it turned into Deepfake videos and it’s currently progressing to deep portrait videos,” says Bob Anderson, who is a Principal in The Chertoff Group’s global Strategic Advisory Services and a former national security executive and former Executive Assistant Director with the FBI...

“This is a potentially huge national security threat for a variety of reasons. Picture telecommunication calls or video conference calls that an adversary could potentially interject a fake deep portrait video of a three-star general or CEO of a company directing members of that company or organization to partake in potential detrimental national security or criminal actions,” Anderson says. “Nation-states like Russia, China and Iran could potentially utilize this technology for a variety of counterintelligence, corporate espionage, economic espionage and political influence campaigns across the United States.” more

Monday, July 30, 2018

More Security Cameras Vulnerable to Spying

A popular wireless security camera designed to safeguard businesses and homes was vulnerable to a spying hack.

The flaw meant it was possible to hijack video and audio streamed from other people's properties by making a minor tweak to Swann Security's app.

Researchers found the problem after the BBC reported a case where one customer had received another's recordings.

Australia-based Swann and OzVision - the Israeli provider of its cloud tech - said the issue had now been fixed.

Swann said that the vulnerability had been limited to one model - the SWWHD-Intcam, also known as the Swann Smart Security Camera - which first went on sale in October 2017. Retailers including Maplin, Currys, Debenhams, Walmart and Amazon have sold them.

However, there are concerns that other companies' cameras supported by OzVision could have problems. more

It is argued that the company offers cloud service to around three million smart cameras and users rely upon its app to connect to their IoT devices, and if anyone can gain access to live stream then all the smart cameras stand at risk. These include the Flir FX smart camera and other brands apart from Swann. The problem lies in the tunnel protocol that is responsible for verifying is a particular viewer is authorized to access the live stream or not.  more

Saturday, July 28, 2018

Dad Charged With Felony Eavesdropping - Phone Ownership Irrelevant

MI - An Antrim County man faces two felony charges after authorities said he recorded conversations between his ex-wife and his 12-year-old daughter for nearly three years...

Carlson, who has custody of his daughter ... had been using a Voice Over Internet Protocol (VOIP) setting to record all telephone calls associated with his cellphone number, according to a report from the Michigan State Police.

Investigators contend Carlson let his daughter use the phone so she could talk to her mother, Kellie Poehner, who lives in Genesee County, but did not inform Poehner or his daughter that he was recording the calls, nor did he ask for their consent. Both believed the conversations were private, the report said.

Carlson is suspected of emailing some of the recordings in March to John Poehner, who is married to Kellie Poehner. That alleged action prompted an investigation that led to the distribution and dissemination charge... more

Friday, July 27, 2018

Silicon Valley – Den of Spies

Foreign spies have been showing up uninvited, to San Francisco and Silicon Valley for a very long time.

According to former U.S. intelligence officials, that’s true today more than ever. In fact, they warn—especially because of increasing Russian and Chinese aggressiveness, and the local concentration of world-leading science and technology firms—there’s a full-on epidemic of espionage on the West Coast right now. And even more worrisome, many of its targets are unprepared to deal with the growing threat.

Unlike on the East Coast, foreign intel operations here aren’t as focused on the hunt for diplomatic secrets, political intelligence or war plans. The open, experimental, cosmopolitan work and business culture of Silicon Valley in particular has encouraged a newer, “softer,” “nontraditional” type of espionage, said former intelligence officials—efforts that mostly target trade secrets and technology.

“It’s a very subtle form of intelligence collection that is more business connected and oriented,” one told me. But this economic espionage is also ubiquitous. Spies “are very much part of the everyday environment” here, said this person. Another former intelligence official told me that, at one point recently, a full 20 percent of all the FBI’s active counterintelligence-related intellectual property cases had originated in the Bay Area. (The FBI declined to comment for this story.) more

Auction: Some Remarkable Pieces of Telephone History

If you like old school gear that seems like it would kill you if you look at it wrong, well, we have an auction for you.
Click to Enlarge.

Auction Starts
Aug 4, 2018 11am EDT

The Telephone Pioneers of America was a group founded by various employees and bigwigs at telecom companies back in 1911. Alexander Graham Bell, the man Americans are often taught invented the telephone, was an early member.

At first, it was a way to create a community around the various people who pioneered the tech of telephony, then it shifted to a philanthropic mission. These days, it functions as a network of volunteers that help out in their community. Along the way, the non-profit set up a bunch of little museums around the U.S. dedicated to preserving old equipment and ephemera related to the history of the telephone.

Now, two of those branches are closing and you can buy their goods in an auction online or IRL on August 4th. Bruneau & Co, an auction house based in Cranston, Rhode Island, will handle the bidding. more

How Not to Write Your Name Electronically on Your Hotel Room Door

Reprint of LinkedIn post by Brian Creter...
"At my hotel last week in Los Angeles, I walked up and down my hallway and was able to identify multiple hotel guests who used their full and very unique legal names on their phones, which shows on personal wifi hotspots (see below). 
This is essentially like writing your name on a stickie and putting on your hotel door, or wearing a name tag while sitting in the airport. Range is typically 25 to 50 ft. so you can usually narrow down to one of several rooms. 
Go to Settings > General > About > Name OR change in iTunes. Also, remove any info that identifies the device (i.e. iPhone, iPad, etc.)."

Thursday, July 26, 2018

The Telephone Unmasked - The New York Times - October 13, 1877

The Telephone Unmasked

Published:  October 13, 1877

It is time that the atrocious nature of the telephone should be fully exposed, and its inventors, of whom there are any quantity, held up to execration.

When this nefarious instrument was first introduced, it was pretended that its purpose was an innocent one. We were told that the telephone would enable a man in New-York to hear what a man in Philadelphia might say; and though it was difficult to understand why anybody should ever want to listen to a Philadelphian’s remarks - which, notoriously, consist exclusively of allusions to the Centennial Exhibition and an alleged line of American steam-ships - there was nothing necessarily immoral in this possible use of the telephone.

Then it was claimed that by means of the telephone conversations could be carried on with other than Philadelphians, and that political speeches delivered in Washington could be heard in any city of the continent.

As the President was at that time making speeches in Vermont instead of Washington, the public was not alarmed by this announcement, and it was not until the telephonic conspirators mentioned that the uproar of a brass-band could be transmitted to any distance through the telephone that any general feeling of uneasiness was developed.

Nevertheless, the vast capabilities for mischief of the telephone, and the real purpose of its unprincipled inventors have been studiously concealed, and it is only by accident that the greatness and imminence of the danger to which the public is exposed have suddenly been revealed.

Suspicion ought to have been awakened by the recent publication of the fact that if the lamp-posts of our City were to be connected by wires, every confidential remark made to a lamp-post by a belated Democratic statesman could be reproduced by a telephone connected with any other lamp-post. It is true that this publication was ostensibly made in the interest of the Police force, and it was recommended that patrolmen should use the lamp-posts as means of communication with Police Head-quarters. It was evident, however, that the result would be to make every lamp-post a spy upon midnight wayfarers.

Men who had trusted to friendly lamp-posts for years, and embraced them with the upmost confidence in their silence and discretion, would find themselves shamelessly betrayed and their unsuspecting soliloquies literally reported to their indignant families; strange to say this suggestive hint of the powers of the telephone attracted no attention, and has ere this been in all probability forgotten.

A series of incidents which has lately occurred in Providence has, however, clearly shown the frightful capabilities of the telephone. Two men, to whom, so far as is known, no improper motive can be attributed, were recently experimenting with a telephone, the wire of which was stretched over the roofs of innumerable buildings, and was estimated to be fully four miles in length. They relate that on the first evening of their telephonic dissipation they heard men and women singing songs and eloquent clergymen preaching ponderous sermons; and that they detected several persons in the act of practicing upon brass instruments. This sort of thing was repeating every evening, while on Sunday morning a perfect deluge of partially conglomerated sermons rolled in upon them.

These are the main facts mentioned by the two men in what may be called their official report of their experiments, but it is asserted that they heard other things which they did not venture to openly repeat.

The remarks of thousands of midnight cats were borne to their listening ears. The confidential conversations of hundreds of husbands and wives were whispered through the treacherous telephone, and though the remarks of Mr. and Mrs. Smith were sometimes inextricably entangled with those of Mr. and Mrs Brown, and it was frequently impossible to tell from which particular wife came the direful threat, “O! I’ll just let you know,” or from what strong husband in his agony came the cry, “Leggo that hair!” the two astonished telephone experimenters learned enough of the secrets of the leading families of Providence to render it a hazardous matter for any resident of that city to hereafter accept a nomination for any office.

Now is has been ascertained that the wire of this telephone was not in contact with any other wire, and thus the hypothesis that the sounds heard by the two men were messages in process of transmission by the usual telegraphic wires is untenable. Moreover, a little reflection will show that cats do not send telegraphic messages, and that leading citizens do not transmit by telegraph petitions to their wives advocating a policy of conciliation in respect to hair.

The scientific persons whom the two men have consulted have no hesitation in saying that the telephonic wire picked up all the sounds in its neighborhood by the process of induction.

When the wire passed over a church, it took up the waves of sound set in motion by the preacher and reproduced them on the telephone. In like manner it collected the sounds from the concert-halls and dwelling-houses over the roofs of which it passed, and the peculiar distinctness with which is transmitted the remarks of cats was due to the fact that it must have passed in close proximity to several popular feline resorts.

We can now comprehend the danger of the telephone. If any telephonic miscreant connects a telephone with one of the countless telegraphic wires that pass over the roofs of the City there will be an immediate end of all privacy. Whatever is said in the back piazza by youthful students of the satellites of Mars will be proclaimed by way of the house-top to the eavesdropping telephone operator. No matter to what extent a man may close his doors and windows, and hermetically seal his key-holes and furnace-registers with towels and blankets, whatever he may say, either to himself or a companion, will be overhead.

Absolute silence will be our only safety. Conversation will be carried on exclusively in writing and courtship will be conducted by the use of a system of ingenious symbols. An invention which thus mentally makes silence the sole condition of safety cannot be too severely denounced, and while violence even in self-defense, is always to be deprecated, there can be but little doubt that the death of the inventors and manufacturers of the telephone would do much toward creating that feeling of confidence which financiers tell us must precede any revival of business.

Trust No One, or Life-locked

via Kreb's on Security...
Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. 

The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. more

If you use LifeLock carefully check future emails using their name before clicking on anything. Also, check occasionally to make sure you haven't been unsubscribed. ~Kevin

Sunday, July 22, 2018

Richard Simmons: P.I. Who Allegedly Planted Bugging Device Charged

The private investigator who allegedly planted a tracking device on Richard Simmons' car has been charged with a crime.

Scott Brian Matthews was charged with 2 counts of the crime of unlawfully using a tracking device.

Prosecutors say Matthews planted the device on the car Richard bought for his housekeeper, Teresa Reveles. They say he planted it so he could shadow Simmons and see if he was going to doctors or hospitals. more

A New Type Of Inductor - Last Barrier To Ultra-Miniaturized Electronics Is Broken

For those keeping an eye on the future of electronic surveillance, this is really interesting news. Others may find the story a bit technical and dry. ~Kevin

In the race for ever-improving technology, there are two related technical capabilities that drive our world forward: speed and size...

But at the same time these advances have comes in leaps and bounds, one fundamental circuit element — the inductor — has had its design remain exactly the same...

The breakthrough... a phenomenon known as kinetic inductance...
Click to enlarge.
That’s where the work of Banerjee’s Nanoelectronics Research Lab and their collaborators comes in. By exploiting the phenomenon of kinetic inductance, they were able to, for the first time, demonstrate the effectiveness a fundamentally different kind of inductor that didn’t rely on Faraday’s magnetic inductance.

Instead of using conventional metal inductors, they used graphene — carbon bonded together into an ultra-hard, highly-conductive configuration that also has a large kinetic inductance — to make the highest inductance-density material ever created. more

High School Coach Caught Spying

An investigation by the Florida High School Athletic Association (FHSAA) and Sarasota County Schools, has led to more fallout for the Braden River High School Football Program.

...the district was alerted in May to alleged improper use of HUDL, a national online football management database where teams and players put their highlight reels and can playback games and review old plays.

Through an investigation, it was determined that there was an improper recruit account used to access video footage...

The Sarasota School District says that recruit account was tracked back to the coaching staff at Braden River High School. more

Thursday, July 19, 2018

Economic Espionage: Hackers X-Ray X-Rays and Other High-Tech Medical Devices

A mysterious hacking group has been spying on the healthcare sector by going as far to infect computers that control X-ray and MRI machines with malware.
Fortunately, sabotage and patient data collection doesn't appear to be a motive behind the hacking. The attackers were probably focused on corporate espionage and studying how the medical software onboard the computers worked, the security firm Symantec said on Monday.

Over the past three years, the hacking group Orangeworm has been secretly delivering the Windows-based malware to about 100 different organizations, said Jon DiMaggio, a security researcher at Symantec. He speculates this may have been done to learn how to pirate the medical software onboard. more

Spycam'er Arrainged on New Charges

An Idaho Falls man arrested in late June for reportedly hiding a camera in a teenage girl’s room was arraigned Friday on new charges.

Eric Kidman, 23, was charged with five counts of sexual exploitation of a child, in addition to the charge of sexual abuse of a child by making an electronic recording of a minor under 16. The charges come from a cache of child pornography discovered in a Dropbox account.

The 13-year-old victim from the original charge found a camera hidden in a plant in her room while she was watering it. Kidman initially denied hiding the camera but later admitted to police he had placed it in her room and destroyed the micro SD card to cover his tracks.

A video of the victim in her room from a different angle was discovered on his laptop. Another spy camera was delivered to Kidman’s address via the United States Postal Service on July 25, after Kidman had been arrested. more

Wednesday, July 18, 2018

Bed Bugger of Multiple Beds Arrested

TN - Metro police on Wednesday arrested a man after they say he used a baby monitor to spy on a female coworker in her Sylvan Heights home.

Christopher G. Neel, 35, is charged with wiretapping and aggravated burglary in connection with the incident involving a female victim, according to an arrest affidavit.

According to the affidavit, the woman found the baby monitor underneath her bed in her home in February and suspected Neel was the person who put it there.

The report states that when Neel was confronted by the woman he admitted he placed the monitor in her home. Neel, the affidavit continues, also told the woman that he entered her home after he watched someone enter the keycode to her front door at a party in November.

Police also reported Neel also placed a baby monitor in other co-workers' homes, and that when confronted by his co-workers in March he wrote letters to at least one of them apologizing for his actions. more

Liechtenstein Protects Geneva Airport Against IMSI Catchers

Telecom Liechtenstein (FL1) announced a contract to protect Geneva Airport against electronic eavesdropping and disruptions to mobile networks.

FL1 Overwatch is a service specifically designed to protect companies or information-sensitive individuals. The system reports any detected attempts at espionage directly to the Mobile Security Alarm Centre in Liechtenstein, which triggers alerts and countermeasures.

Specifically, so-called IMSI catchers (fake mobile communication base stations) or jamming transmitters can be identified, located and analyzed before countermeasures are taken...

By using FL1 services, Geneva is the first airport to offer its visitors full integrity of mobile networks in critical areas and can therefore ensure enhanced protection of mobile communications as well as mobile devices used by passengers, employees and security personnel against electronic attacks. more

Walmart Awarded Eavesdropping Patent

Walmart this week was awarded a US patent for a new listening system for its stores that could raise serious privacy concerns from its shoppers and workers.

According to the filing, the system would capture a variety of sounds in the store to figure out employees' performance and effectiveness at checkout.

For instance, the system can be used to capture beeps produced by a scanner and the rustling of bags at checkout to find out the number of items in a transaction or even the number of bags used.

More alarmingly, the patent mentions that the system could be used to listen to guests' conversations to determine the lengths of checkout lines.

"Additionally, the sound sensors can capture audio of conversations between guests and an employee stationed at the terminal," the patent states. "The system can process the audio of the conversation to determine whether the employee stationed at the terminal is greeting guests."

The new concept hasn't been implemented in Walmart stores and Walmart didn't say whether it ever will be. more

How Everyone (in the world) Could Vote in a U.S. Election

Remote-access software and modems on election equipment 'is the worst decision for security short of leaving ballot boxes on a Moscow street corner.'

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. more

Older News (July 30, 2017)...
Several hackers reportedly managed to hack into multiple United States voting machines in a relatively short period—in some cases within minutes, and in other within a few hours—at Def Con cybersecurity conference held in Las Vegas this week.

Voting Machine Village provided 30 different pieces of voting equipment used in American elections in a room, which included Sequoia AVC Edge, ES&S iVotronic, AccuVote TSX, WinVote, and Diebold Expresspoll 4000 voting machines. more

Tuesday, July 17, 2018

Council President Accused of Planting Hidden Cameras in Borough Hall and Reaping Kickbacks

PA - Republican Mitchell, 75, of Fourth Street in Upland, is accused of orchestrating a $133,000 kickback scheme, which included allegations of planting hidden cameras in borough hall when he served as borough council president. In addition to felony theft, he is charged with ethics and wiretapping offenses...

Arrested along with Mitchell and charged with similar offenses was Thomas Willard of Downingtown, the owner of the Eddystone-based Logan Technology Solutions...

According to the charges, Mitchell and Willard received up to $133,000 in kickbacks for covert recording devices, cameras and security systems installed at inflated costs throughout borough buildings in Upland. Whelan previously said he believed Mitchell went to Willard with the idea for the scam.

According to invoices and bank records reviewed during the investigation, Willard and his company were paid almost $1 million between 2009 and 2015 for various security-related projects.

According to authorities, video and audio equipment were installed sometime in 2013. A covert camera system installed in Upland’s borough hall was being disguised as the motion sensors for the building’s alarm system. There were three cameras – one in the secretary’s office and two in borough council chambers- brought to the attention of law enforcement by then-Upland Mayor Michael Ciach. more

If You Live With a Housemate – Check for Spycams

IN - A 23-year-old man was arrested Thursday on a voyeurism charge.

On June 26, a woman saw a camera in her bathroom vent... then called Tippecanoe County sheriff's officers.

After investigating, the police concluded Di Fu, the woman's housemate, was responsible for the act.

Fu is charged with voyeurism using a camera or video device. He posted bond and was released from the Tippecanoe County Jail Thursday night.

The Purdue University directory lists Fu as a graduate research assistant at its biomedical engineering department. more

If you live with housemates you need to know how to check for spycams.

Nine Years After the First Smart TV Debuted Congress Goes "Hummmm"

Smart TVs are invading privacy and should be investigated, senators say

Two Democratic US senators have asked the Federal Trade Commission to investigate privacy problems related to Internet-connected televisions.

"Many Internet-connected smart TVs are equipped with sophisticated technologies that can track the content users are watching and then use that information to tailor and deliver targeted advertisements to consumers,"

Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) wrote in a letter yesterday to FTC Chairman Joseph Simons. "Regrettably, smart TV users may not be aware of the extent to which their televisions are collecting sensitive information about their viewing habits." more

This is normal. Legislation generally lags new technologies by about ten years. ~Kevin

Friday, July 13, 2018

Hackers Selling Access to Law Firm Secrets

...a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files, and was willing to send screenshots as evidence he had broken in.

The price for the access was $3,500...

“If you're a law firm that's involved in major transactions, [mergers & acquisitions] of publicly traded companies, you're going to have a lot of sensitive information, inside information before it becomes publicly available,” Dominitz said. “If I'm able to access that, I can trade around that and manipulate stocks and make a lot of money. more

Note: Hacking is only one method used to collect inside information. Close and lock the IT door, but don't leave your other doors and windows open. Engage the services of a Technical Information Security Consultant who also has TSCM expertise.

Thursday, July 12, 2018

New Jersey: Wiretap, Spycam & GPS Tracking Laws

This is an excellent article covering phone recording, video surveillance and GPS tracking in New Jersey...

As technology rapidly advances and becomes more sophisticated, attorneys, litigants and the courts must grapple with the use of modern surveillance in the context of litigation in family matters.

Surveillance can be useful in some situations, and litigants often resort to surveillance of their spouse to gather what they perceive to be valuable evidence. That evidence, whether it be video footage, recorded telephone calls, GPS tracking, digital copies of hard drives or other forms of surveillance, may be used at trial or simply to gain leverage in settlement negotiations. Nevertheless, this type of activity does not come without risk.

Without careful guidance and an understanding of the legal implications, surveillance can place attorneys in jeopardy of legal or ethical violations, and could also undermine the client’s position (e.g., something of limited evidential value could backfire on the client).

This article explores three surveillance techniques and analyzes the risks and rewards of each. more

U.S. Wiretap Report - 2017

This report covers intercepts (also known as wiretaps) concluded between January 1, 2017, and December 31, 2017, as reported to the AO, and provides supplementary information reported to the AO on arrests and convictions resulting from intercepts concluded in prior years.

Click to enlarge
Forty-eight jurisdictions (the federal government, the District of Columbia, the Virgin Islands, Puerto Rico, and 44 states) currently have laws that authorize courts to issue orders permitting wire, oral, or electronic surveillance. Table 1 shows that a total of 30 jurisdictions reported using at least one of these types of surveillance as an investigative tool during 2017. more

Sunday, July 8, 2018

TSCM During Construction Projects

In the world of business espionage there is a golden time to install bugs, taps, and other electronic surveillance items.
  • It is a time when nobody is checking. 
  • It is a time when these devices become completely hidden from future detection.
  • It is construction time.
TSCM During Construction

The Bugged Embassy Case: What Went Wrong, is a well-documented story of eavesdropping devices planted so deeply the building had to be abandoned.

The Attack on Axnan Headquarters: An Espionage Operation, is a fictionalized true story of exactly how corporate construction penetrations are accomplished.

Both accounts are a fascinating read, and are true cautionary tales for our times.
“You really don’t want electronic surveillance
to become the hidden feature of
your new Boardroom, C-suite, or other sensitive area.”


Designing Information Security into Construction Projects

Electronic eavesdropping and information attacks can be stopped, but there is a catch; timing. Technical Surveillance Countermeasures (TSCM) needs to be included in the planning and construction phases of your project. Learn how.

South Korean Women Protest Against Spy Cam Porn

Thousands of South Korean women gathered in Seoul on Saturday to demand stronger government action to fight the spread of intimate photos and footage taken by hidden cameras, which they say has women living in constant anxiety and distress.

Police said about 18,000 took part in the all-women protest, with demonstrators calling for stronger investigations and punishments against male offenders who photograph or film women without their knowledge and post the material online...

Since 2004, South Korea has required smartphones to make large shutter sounds when taking pictures and videos to prevent such crimes. However, phone cameras can be silenced through apps and there’s also an abundance of miniaturized cameras that can be hidden inside bags, shoes and toilets or small holes drilled into bathroom walls and doors...

The national government plans to spend 5 billion won ($4.5 million) to equip local governments with more camera detecting equipment, and strengthen inspections of bathrooms in public spaces and private buildings. There are also plans to widen inspections to elementary, middle and high schools. more

Friday, July 6, 2018

Spycam Quote of the Week

~Christopher Falkenberg, president of security consulting firm Insite Risk Management and former U.S. Secret Service special agent discussing the ease of hotel room spycam bugging...

"Assuming someone has access to the room before and after the customer uses it, I think it’s quite easy because there are many devices available to the public that can be inserted into a room and retrieved after. It’s not high-speed stuff, and it’s not hard to get." more

Israeli Cyber Warfare Firm Employee Caught Selling Eavesdropping Software...

...which is why we say there is no such thing as a secure 'back door'.

Israel’s cyber warfare giant, NSO’s former employee stole company’s ‘Pegasus’ eavesdropping program software and tried to sell it on the ‘dark web’. 

The Pegasus is a classified security tool that can eavesdrop on any person in the world without their knowledge, Globes reported Friday.

The accused is believed to have stolen NSO products and the program worth hundreds of millions of dollars. An indictment filed against the employee last week charged him with security offenses, in addition to theft from his employer. more

What is Dumber than Spycaming a Police Station Restroom?

Not much. Give this dude a double Darwin!

A 28-year-old clerk has been accused of secretly recording other employees inside a restroom at the Long Beach Police Department’s headquarters, authorities said. 

Sergio Nieto of Downey was arrested late last month after he allegedly photographed and videotaped people inside a restroom at the department’s downtown offices...

Nieto was suspended pending further investigation... Investigators are trying to determine the scope of Nieto’s alleged misconduct, and how many people may have been illegally filmed. more

Infographic - Countries Where Private Security Outnumber Police

Whether they're patrolling shopping malls, conducting screening at airports or protecting VIPs, private security guards have become an increasingly common sight across the world. 

In many countries, they are armed with handguns and even dress in uniforms similar to the police.

The sector has experienced huge growth in recent years and today there are an estimated 20 million private security workers worldwide while the industry is worth approximately $180 billion. That is expected to grow even further to $240 billion by 2020, greater than the GDP of 100 countries including Portugal, Romania and Hungary.

According to research conducted by The Guardian, half of the planet's population lives in countries where there are more private security workers than police officers. more

Click to enlarge.
It is likely these are very conservative statistics, as they don't include security specialists, like: professional security consultants, Technical Surveillance Countermeasures (TSCM) specialists, private investigators, computer security specialists, and people working in the alarm and video surveillance sectors. ~Kevin

The Spy Who Dumped Me

Looks like a fun spy movie.
In theaters August 3, 2018.

Wednesday, July 4, 2018

Without Spies There May Have Been No 'Fourth of July'

By Nina Strochlic, for National Geographic magazine.

In 1777, the American colonies were badly losing their fight for independence from Great Britain. The British Army had captured New York City’s crucial port. Expecting further advances, the Continental Congress was evacuated from Philadelphia. It seemed that the war was lost.
Then George Washington, then Commander-in-Chief of the Continental Army, wrote a letter that changed the course of the war.

Washington was desperate to discover what was happening inside New York, but military scouts couldn’t get close enough. The general needed someone to penetrate enemy lines, but when he asked for volunteers, few of his troops raised their hands.

“Spying wasn’t seen as gentlemanly,” says Vince Houghton, resident historian at the International Spy Museum in Washington, D.C.

Finally, a young army captain named Nathan Hale volunteered for the dangerous assignment. He was caught a week later and hanged, the first known American spy to be executed on the job. (He’s memorialized with a statue outside CIA headquarters.)

Washington realized that the mission was too big for untrained volunteers, so he set about building an espionage organization.

John Jay, later the first Chief Justice of the Supreme Court, had been running counterintelligence as head of the New York State Committee and Commission for Detecting and Defeating Conspiracies. One of Jay’s operatives, a merchant named Nathaniel Sackett, had experience in secret writing and codes. 

In February 1777, Washington wrote a letter to Sackett in which he offered him $50 a month—out of his own pocket—to establish the first formal apparatus for the “advantage of obtaining the earliest and best Intelligence of the designs of the Enemy.” “Without the organization that Sackett set up, it would have been very difficult for us to win the war,” says Houghton. “We had a ragtag army and [the British] had the greatest army, greatest navy, and greatest economy in the world. We had no real business winning this war.”

But America’s spy service got off to an inglorious start. Most of Sackett’s agents failed at their jobs—including Sackett himself, who was fired after just six months.

Fortunately for the infant nation, Sackett’s replacement, 26-year-old Benjamin Tallmadge, created what is considered one of America’s greatest espionage operations: the Culper Spy Ring. Comprised of childhood friends from Long Island, the group included a shop owner inside New York City who gathered information, a traveling trader who smuggled it out of the city, and a whale boat captain who delivered it to Washington’s camp.

Employing the tools and tricks of the 18th-century spy trade—hiding secret messages in hollow feather quills, using “dead drops” to transport letters—the Culper operatives unmasked enemy spies, busted a money counterfeiting plan, and stopped the British from sabotaging a French aid mission to the colonies.

After important letters were lost during an enemy raid, Tallmadge invented a “numerical dictionary” code that matched 763 cities, names, and words to numbers. (Washington’s code name was Agent 711.) Washington also asked physician James Jay (brother to John) to invent an invisible ink that could be revealed only with another chemical and would “relieve the fears of such persons as may be entrusted in its conveyance.

Washington’s espionage experiment paid off. In 1781 the British surrendered, thanks in part to the intelligence gathered by the Culper Ring and their networks. “Washington didn’t really out-fight the British. He simply out-spied us,” a British intelligence officer allegedly said after the war.

None of the Culper spies were ever caught, and even Washington himself never learned exactly who was in the group. The ring’s very existence wasn’t discovered until the 1900s, and to this day no one knows for certain how many members it had.

After the war Washington asked Congress to reimburse him $17,000—nearly half a million dollars today—for his espionage expenses. The lawmakers obliged.

Tuesday, July 3, 2018

Washington Policymakers Bluster About High-Tech Foreign Surveillance (again)

Washington policymakers are growing increasingly worried about the threat of high-tech foreign surveillance, a development complicated by U.S. spy agencies' use of similar technologies.

Lawmakers are stepping up their demands for more information from the Trump administration about foreign efforts to spy on Americans' cellphones. more

Facebook Promises Not to Use Tech in Phone Eavesdropping Patent

In an attempt to assuage concerns raised by Facebook's filing for a patent for software that could turn the mics of smartphones on in order to record secret messages in TV ads, the social networking giant has ruled out using the technology in any of its products.

The patent had been filed "to prevent aggression from other companies," Facebook Vice President and Deputy General Counsel Allen Lo told Engadget in a statement this week. The technology in this patent has not been included in any of Facebook's products, "and never will be", Lo said. more

No Formal Process for Protecting a Trade Secret in Canada ?!?!

Canada - At the annual Uniform Law Conference of Canada in 1989, there was proposed legislation drafted that was called the Uniform Trade Secrets Act.

It provided for potential civil remedies against anyone who acquired a trade secret improperly, including through commercial espionage or electronic means. Courts could grant injunctions, award damages and determine who could make future use of the trade secret.

The proposed legislation was put forward one year after the Supreme Court of Canada issued its ruling in R. v. Stewart on the issue of whether “confidential information” can be the subject of theft under the Criminal Code. The court, in a unanimous decision, concluded that it could not, since confidential information on its own is not property...

Three decades later, there are still no criminal offences specific to this area and the Uniform Trade Secrets Act was never enacted into law by any province. In fact, the current website of the federal Canadian Intellectual Property Office states flatly that there is “no formal process” for protecting a trade secret. more

Meanwhile... Australia has passed new laws to get tough on spying. more

Monday, July 2, 2018

Sign Up - Hackers On Planet Earth (H.O.P.E.) - 3 Days & Nights in NYC

The Circle of HOPE will take place on July 20, 21, and 22, 2018 at the Hotel Pennsylvania in New York City. H.O.P.E. stands for Hackers On Planet Earth, one of the most creative and diverse hacker events in the world. It's been happening since 1994.

Three full days and nights of activities, including more of the provocative and enlightening speakers that the HOPE conferences are known for. In addition, they will have access to a massive amount of space to put together all sorts of hacker projects and assorted fun stuff.

In the past they've had huge hackerspace villages, film festivals, Segway rides, lock picking villages, a wide variety of vendors, art installations, live video, vintage computers, robots, an amateur/ham radio station, electronics workshops, book signings, and the country's biggest supply of Club-Mate.

All of that happening right in the middle of New York City, across the street from Penn Station and down the block from the Empire State Building. more

Be sure to check out the amazing list of speakers and topics!

Ah, Gee. Not LTE.

Vulnerabilities have been discovered in LTE that would make it possible for an attacker to tap into 4G networks for the purposes of spying on and hijacking 4G browsing sessions.

Security researchers from Ruhr-Universität, Bochum and New York University, Abu Dhabi show how three different attacks can be launched on the second layer of LTE -- also known as the data link layer. Two passive attacks allow for identity mapping and website fingerprinting, while the active cryptographic aLTEr attack allows for DNS spoofing and network connection redirection.

The researchers, David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper, are due to share their findings at the 2019 IEEE Symposium on Security & Privacy next year, but has published a paper in the meantime. Their findings mean that all three protocol layers of LTE (physical, data link, and network) have been found to be problematic.

Current 4G networks are vulnerable, and it is thought that 5G networks could be as well. In the name of responsible disclosure, the group informed the likes of the GSM Association (GSMA), the 3rd Generation Partnership Project (3GPP), and telephone companies of its findings. more

Whataburger - Toilet Spycam - 13 Unidentified Victims

TX - The man accused of placing a video camera in the restroom of a Whataburger restaurant has now been arrested, according to Abilene police...

Abilene police released footage of the suspect placing the camera inside a bathroom stall.

Last Friday, a woman called police after finding the device inside the toilet lid at a south Abilene Whataburger.

A woman, who said she wishes to remain anonymous, told KTAB/KRBC that when she went to the restroom, she flushed the toilet and noticed an unusual small circle under the rim of the toilet lid. She said she looked closer and found what appeared to be a camera lens. The woman said she then followed the camera to 'a bunch of wires connected to the device' under the lid of the tank.

The woman said she then ripped the device out of the tank and and ran to her car where she called police...

Whataburger said it had launched its own investigation... more

Abilene police are seeking information about potential victims from last week's Whataburger video voyeur case.

Police said 13 unidentified victims need to be identified.
Anyone who was at Whataburger at 4241 South 1st Street on Friday, June 22 between 8:50 a.m. and 1:18 p.m. and used the women's restroom as asked to call police at 325-676-6610. more

Sunday, July 1, 2018

Could Your Smartphone Battery Spy on You? (unlikely, but...)

Most batteries in today’s smartphone are intelligent enough to detect how people use their phones and employ power-saving technologies that result in longer battery life. That advantage sounds excellent all around, but...

The researchers who authored a paper [PDF] on the subject of smartphone batteries capable of spying on people pointed out that this hack would be quick to implement and difficult to detect. They say smartphone owners may even participate in helping the hacks happen by installing malicious batteries themselves.

It could happen in a scenario where a hacker sets up an online store and entices users with promises of extra-long battery life and low prices, sends a purchaser the battery and waits for it to become installed in the phone to begin the tracking segment of the hack.

Plus, the battery could be capable of continuous monitoring, giving hackers the opportunity to see almost all the things the targets do with their phones, whether that’s browsing the internet, typing on the phone’s keyboard or receiving calls. more

A bug made to look like a cell phone battery...

The Search Engine That Didn't Snitch... and other disasters

Hey gang, it's almost Independence Day here in America. Yup, July 4th is just around the corner.

Fireworks are in America's bloodstream... but, did you know your on-line curiosity could get you in trouble with the terrorist chasers? Your fireworks search engine inquires might start popping red flags...

"Ludlow Kissel and the Dago Bomb That Struck Back"
"What is a Dago Bomb?"
"How can I build a Dago Bomb?"
"Dago Bomb ingredients"
"What was blown up by the Dago Bomb?"

(Knock, Knock)
"We're from Homeland Security..."

"Excelsior, you fathead!" Next time, don't use a search engine that captures your IP address. Search privately. Go to https://www.ixquick.com
ixquick is the only search engine which gives you anonymity.

Oh, and Ludlow... he had his 15 minutes of fame... about 2:17 into this Great American Fourth of July video. ~Kevin

UPDATE - NEW URL. Startpage.com