Tuesday, August 20, 2019

Wiretap Found at Office of Deputy Prosecutor General of Ukraine

Nazar Kholodnytsky
The Head of the SAPO* claimed a “device similar to a tapping device has been found”, adding that he did not know whom it belonged to...

Ukrainska Pravda wrote that the “bugs” had been planted on the acquiarium (sic) in Kholodnytsky’s office and reminded of rumors regarding the possible voluntary resignation “due to health reasons”.

Ukrainski Novyny, citing sources in the Prosecutor General’s Office, said that Kholodnytsky may be detained and arrested as the result of “the wiretapping case”.

Reacting to the resignation rumors, the SAPO head encouraged “not to count on it.” more

Extra Credit: Ukraine's Security Service denies allegations of wiretapping presidential candidates. more

*Ukraine's Specialized Anti-Corruption Prosecutor's Office

How to Drive Artificial Intelligence Surveillance Cameras Nuts



In order to deceive surveillance cameras, a fashion designer and hacker has developed a new clothing line that allows people camouflage themselves as a car in the recordings.

The garments are also covered with license plate images that trigger automated license plate readers, or ALPRs, to inject junk data into systems used to monitor and track civilians. more

Phone Phreaking - The Next Frontier - Elevator Eavesdropping

Next time you’re in an elevator, be advised that someone – besides building security and fellow elevator riders – might be listening.
 
A recent Wired article exposed the hidden world of elevator phreaking. By calling an unsecured elevator phone, a third party can expose a person, and potentially an enterprise, to a major security and privacy risk. 
 
Since elevator phones don’t require anyone to pick up the phone to open the circuit, a third party can make a call and be connected – allowing them to eavesdrop on conversations happening inside the elevator. 
 
Given the competitive nature of industries like banking and technology, it isn’t completely unthinkable for a hacker to eavesdrop this way. more

I know of a hotel in Miami which has bugged elevator—the one nearest the Boardroom; located on the Conference Floor level.

But, if bugged elevators aren't freaky enough, eavesdrop on elevators that talk! ~Kevin

Eye Spy

Spectacles are a camera that you wear on your face. Tap a record button near the temple, and they capture video in intervals of 10 seconds, which automatically uploads to the Snapchat app. The first two generations of the sunglasses, released in 2016 and 2018 respectively, were bulky, plastic, and multicolored—almost toylike.



Spectacles 3, to be released later this fall, are a much more appealing species. Sleeker, slimmer, and made in lightweight stainless steel, they signal the company’s move into elevated design. The style—exaggerated round lenses with a brow bar across the top—comes in just two minimal hues: matte black (the Carbon) and rose gold (the Mineral). more

The Peregrination of a Childhood Promise

Finally, another childhood fantasy becomes reality. Hard on the heals of wall screen TVs; Dick Tracy's wrist radio.

  • The now iconic 2-way wrist radio premiered in 1946 and was replaced with a 2-way wrist TV in 1964.
  • 1952 prototype wrist radio.
  • 1960's wrist radio.
  • Apple watch Walkie-Talkie.
  • FutureWatch: A "Real" Dick Tracy wrist radio watch. (Bluetooth)
  • Wrist radios on ebay.
  • Wrist radios on Amazon.
  • In June of 1954, the radio was upgraded to increase the range from 500 miles to 1,000 miles, then again in 1956 to 2,500 miles. 
Chester Gould’s idea of Tracy wearing something like this on his wrist in the comic strip was actually turned down by his employer because it was thought to be too much of a cheat, so-to-speak, an easy way out for the detective who had been written into a scene where he was held captive with no possible way of escaping from the criminals.


It was then that Gould decided to call an inventor he had met, Al Gross (pictured above).

Al Gross was a man way ahead of his time with inventions such as the walkie-talkie. When Gross was just 16 years old, he already had an amateur radio operator's license and had built a ham radio going on to invent the first telephone pager in 1949.

When Gould stopped by, Al Gross had just recently invented a two-way radio that people could wear on their wrists, just like a watch. Gould asked Gross if he could use his idea and that’s where Dick Tracy’s wrist watch radio came into being. Gould was so appreciative that as a Thank You, he gave Gross the first four panels of the cartoon where Tracy is seen wearing and using the soon-to-be infamous gadget. The device proved to be the exact answer for Dick Tracy to rescue himself from the seemingly impossible situation.

Still on my list...

Monday, August 12, 2019

Ultrasound Talk Gives a Whole New Meaning to Defcon

Researchers have long known that commercial speakers are also physically able to emit frequencies outside of audible range for humans. At the Defcon security conference in Las Vegas on Sunday, one researcher is warning that this capability has the potential to be weaponized...

Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

Those aural barrages can potentially harm human hearing, cause tinnitus, or even possibly have psychological effects.

And while it is still unclear whether acoustic weapons played a role in the attack on United States diplomats in Cuba, there are certainly other devices that intentionally use loud or intense acoustic emanations as a deterrent weapon... more

Sunday, August 11, 2019

Tesla Mod Creates a Mobile Surveillance Station - Possible Bad News for PIs on Surveillance

At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras—the same dash and rearview cameras providing a 360-degree view used for Tesla's Autopilot and Sentry features—into a system that spots, tracks, and stores license plates and faces over time.

The tool uses open source image recognition software to automatically put an alert on the Tesla's display and the user's phone if it repeatedly sees the same license plate. When the car is parked, it can track nearby faces to see which ones repeatedly appear.

Kain says the intent is to offer a warning that someone might be preparing to steal the car, tamper with it, or break into the driver's nearby home. more

FutureWatch: Your Voice Can Give Away What You Look Like

Spying is multifaceted. It includes everything from plain old audio eavesdropping, to spycams (thus adding the visual element), to aggregating all the telltale data about us. Once science fiction, even facial recognition is coming to airports. Is it possible to squeeze more from a spy's cornucopia of tricks?

What if you want to know what a person is thinking, or what they look like?
These two challenges are the future of spying, and they are being worked on today.

We started covering mind reading advancements in 2006. And now, how to tell what a person looks like—and even their environment... just from the sound of their voice.

Friday, August 9, 2019

Warshipping - The Next Corporate Espionage Headache

Hackers looking to gain access to your Wi-Fi network don’t necessarily have to lurk around your home or office, warns IBM X-Force Red.

Instead, writes Charles Henderson, global head of that security unit, they could simply ship you a package with a tiny, concealed device they can remotely control.

“In fact, they could ship multiple devices to their target location thanks to low build cost,” Henderson writes. “The device, a 3G-enabled, remotely controlled system, can be tucked into the bottom of a packaging box or stuffed in a toy (a device no bigger than the palm of your hand) and delivered right into the hands or desk of an intended victim.”...

Scheduled TSCM inspections find electronic surveillance items like this. Dead or alive.
Such a device could even set up a rogue wireless network of its own to sniff login credentials to use on the real target network, according to the post. Devices made for the technique, which IBM has dubbed warshipping, can be built for under $100, the company says.

To avoid such attacks, Henderson’s team recommends companies set up policies to inspect and isolate packages and potentially discourage employees from getting personal shipments at work. more

How to Desensitize the World to Spying — Start Young

(For children ages 4 to 6.)


iPhone iMessage iHacked

When you think about how hackers could break into your smartphone, you probably imagine it would start with clicking a malicious link in a text, downloading a fraudulent app, or some other way you accidentally let them in.

It turns out that's not necessarily so—not even on the iPhone, where simply receiving an iMessage could be enough to get yourself hacked.

At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched six of them, a few have yet to be patched...

The six vulnerabilities Silvanovich found—with more yet to be announced—would potentially be worth millions or even tens of millions of dollars on the exploit market. more

Our 41 Smartphone Security Tips.

The Avaya Phone Bug – Back From the Dead

Experts at McAfee Advanced Threat Research say they were just doing general studies of Avaya desk phone security when they stumbled on the reincarnated bug.

An attacker could exploit it to take over the phone’s operations, extract audio from calls, and even essentially bug the phone to spy on its surroundings.
 
“It was kind of a holy crap moment,” says Steve Povolny, McAfee's head of advanced threat research...

Though a fix is now available (again), the McAfee researchers note that it will take time for the patch to distribute out to all the corporate and institutional environments where vulnerable phones are lurking on every desk. more

My past posts about Avaya eavesdropping vulnerabilities. 

Update: Avaya is second only to Cisco in the enterprise VoIP market, and is used by almost all of the Fortune 100. The company's response and advisory notice can be found here.

Wednesday, August 7, 2019

Security Director Alert: Check for Unsecured Wi-Fi Printers

A group of hackers linked to Russian spy agencies are using "internet of things" devices like printers and internet-connected phones to break into corporate networks, Microsoft announced on Monday. more

We see this vulnerability at approximately a third of the corporations where we conduct inspections. It is a very common issue. Very dangerous. 

Q. "So, why does this happen so often?"

A. When initially outfitting the office the IT Department usually does a good job of turning on encryption for Wi-Fi Access Points, and the things connecting to them. 

Later, someone decides they need their own printer. It arrives. It is plugged in. Nobody thinks about turning on the encryption.

Often, the Wi-Fi feature of the printer is not even used, but it's on by default. The company network is now subject to compromise.

The only way to know if you have this issue is to look for it. Have your IT Department check periodically, or have us do it, but do it. ~Kevin


Business Security Trend: Proactive Information Security... Legislated by law!

via Brian G. Cesaratto, Epstein Becker Green
New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information.

New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. 

Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020.

Notably, New York’s law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.

In order to achieve compliance, an organization must implement a data security program that includes:
  • reasonable physical safeguards that may include detection, prevention and response to intrusions, and protections against unauthorized access to or use of private information during or after collection, transportation and destruction or disposal of the information.
 

AT&T Employees Took Bribes to Plant Malware

 One AT&T employee made $428,500.

AT&T employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network, the Department of Justice said yesterday...

The bribery scheme lasted from at least April 2012 until September 2017...

The two recruited AT&T employees by approaching them in private via telephone or Facebook messages. Employees who agreed, received lists of IMEI phone codes which they had to unlock for sums of money. more


Remember this survey from 2016? "One in five employees said they would sell their passwords."

The Point: Quarterly Technical Information Security Surveys mitigate this risk, and prove due diligence.

Monday, August 5, 2019

Spy Tip: How to Break Out of Automated Phone Trees

Tired of Talking to a Voice Robot?
Want to Talk with a Human?
Skip the cue.
Try...
  1. Dial O, or try multiple zeros.
  2. You can add the # key or the * key before and after a 0.
  3. Dial multiples of other numbers 1111, 2222, 3333, 4444, etc.
  4. Being silent sometimes works (believe it or not some people still have rotary phones).
  5. Speak non-sensible phrases to confuse computer.
  6. Try speaking and repeating "Operator" or "Customer Service".
  7. If there is a company directory, press just one letter and then try to connect to that person and then may transfer you or give you an inside phone number.
  8. Make sure once you get a human, ask for the direct line to call.
 More listings here.

Wallet, Keys, Bag Packed... Ooopps, Forgot the Post-it Notes

When airline seatback entertainment systems started to come bundled with little webcams, airlines were quick to disavow their usage, promising that the cameras were only installed for potential future videoconferencing or gaming apps, and not to allow the crew or airline to spy on passengers in their seats.

Enter Hong Kong's Cathay Pacific, the country's flagship airline, which has just amended its privacy policy to reveal that it is recording its passengers as they fly, as well as gathering data on how individual passengers spend time in airport terminals, and even brokered data on their use of rivals' hotel and airplane loyalty programs.

But don't worry, the company promises it will take "commercially reasonable" cybersecurity measures to keep all that data from leaking. more

Amazon Alexa's New Dump the Human Eavesdropping Switch

Alexa users who don’t want their recordings reviewed by third-party contractors finally have an option to opt-out...

Unfortunately, Amazon has never made opting-out of data collection on its devices particularly easy, and this new policy doesn’t buck that trend.

According to Bloomberg, users need to dig into their settings menu, then navigate to “Alexa Privacy,” and finally tap “Manage How Your Data Improves Alexa” to see the following text: “With this setting on, your voice recordings may be used to develop new features and manually reviewed to help improve our services. Only an extremely small fraction of voice recordings are manually reviewed.” more

A Brief History of Surveillance in America


For the last several years, Brian Hochman has been studying electronic surveillance—both the technological developments that have made eavesdropping possible and the cultural and political realities that have made it a part of American life for more than 150 years...

How far back do we have to go to find the origins of wiretapping?
It starts long before the telephone. The earliest statute prohibiting wiretapping was written in California in 1862, just after the Pacific Telegraph Company reached the West Coast, and the first person convicted was a stock broker named D.C. Williams in 1864. His scheme was ingenious: He listened in on corporate telegraph lines and sold the information he overheard to stock traders...

It’s only in the 1920s that ordinary Americans start to take notice of wiretapping and it's not really until the 1950s that it's seen as a national problem...

The House Intelligence Committee looked into illegal wiretapping in 1975 as part of its investigation of risks of U.S. intelligence operations. Michael Hershman (holding a 'plug bug') explaining surveillance and counter-surveillance technology. (AP Photo/Charles Gorry)
FutureWatch...
Historians are not in the business of prognostication, but the one thing that I can say with some certainty is that electronic surveillance and dataveillance are going to scale. They will be more global and more instantaneous. I can say with much more certainty that that public attention to these issues will wax and wane. more

Millions Of Chinese-Made Cameras Can Be Hacked To Spy On Users

Despite more awareness of the risks associated with Chinese surveillance equipment, the news this week that cameras from the world's second-largest manufacturer of such devices can be used to secretly listen in to users still comes as a shock.

Put simply, the newly disclosed backdoor vulnerability means that millions of cameras have been carrying the potential to be used as eavesdropping devices—even when the audio on the camera is disabled.

"Essentially," warned Jacob Baines, the researcher who first disclosed the vulnerability with cameras used by both consumers and enterprises, "if this thing is connected directly to the internet, it’s anyone’s listening device."...

Baines initially shared this latest issue with Dahua OEM Armcrest two months ago, reporting that he could "remotely listen" to a tested camera "over HTTP without authentication." The vulnerability can be seen in action in a video shared by Baines on YouTube. more

Tuesday, July 23, 2019

The ‘Golden Age of SIGINT’ May Be Over

The US government cannot control the skyrocketing use of encrypted communications that allow adversaries, terrorists, criminals — and ordinary folks who care deeply about privacy, including journalists — to block eavesdropping by national security agencies, says a new study funded by DARPA and the Center for Advanced Studies on Terrorism (CAST).

The ‘golden age of SIGINT’ may be over, particularly within the next five or ten years,” the study, “Going Dark: Implications of an Encrypted World,” finds. The traditional methods of collecting signals intelligence and eavesdropping on communications used by the Intelligence Community (IC) will no longer be effective. “End-to-end encryption of all communications and data, differential privacy, and secure communications for all users are likely to be the new reality,” the study says. more

Android Smartphone Alert: Spearphone Eavesdropping

A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses. 

A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android devices’ on-board accelerometers (motion sensors) to infer speech from the devices’ speakers.

An acronym for “Speech privacy exploit via accelerometer-sensed reverberations from smartphone loudspeakers,” Spearphone was pioneered by an academic team from the University of Alabama at Birmingham and Rutgers University.

They discovered that essentially, any audio content that comes through the speakers when used in speakerphone mode can be picked up by certain accelerometers in the form of sound-wave reverberations. And because accelerometers are always on and don’t require permissions to provide their data to apps, a rogue app or malicious website can simply listen to the reverberations in real time, recording them or livestreaming them back to an adversary, who can analyze and infer private data from them. more

Apple Watch Walkie-Talkie is Fixed

The latest release fixes a security flaw in the Walkie-Talkie app that could potentially allow users to listen in on others’ conversations. Apple disabled the app until it could fix the problem, which watchOS 5.3 apparently does. more


Spycam Report from China

Sales of spy cameras are rampant at Shenzhen’s gadget paradise, Huaqiangbei, according to a report by state broadcaster CCTV. The report, secretly filmed (ironically) by CCTV reporters, found vendors selling secret cameras disguised as pens, lighters and alarm clocks, among a number of other things. This is in spite of the fact that it's illegal in China to sell “espionage equipment” that can be used for secretly monitoring and photographing people.


In one case, the CCTV reporter bought a fake power socket with a camera hidden in one of the holes and double-sided tape on the back to allow for mounting on a wall. It included an SD card socket and a charging port at the bottom...

In another example from the report, one shop demonstrated a different power socket that hides the camera in a small hole in the bottom-right corner. The video can also be watched in real time from a smartphone app.

In recent months, a series of events that show just how easy it is to secretly film people in hotels has unnerved people in China. The apparent prevalence of the practice has raised concerns about people’s privacy and safety...

In another case, a couple found a hidden camera in the TV in their hotel room in the city of Zhengzhou. Police later determined one person had installed hidden cameras in at least five rooms. Then they detained a manager at the hotel when he claimed more than 80% of the hotels in the city have hidden cameras. more

Google: Wi-Spy Case Cashed Out

Google is poised to pay a modest $13 million to end a 2010 privacy lawsuit that was once called the biggest U.S. wiretap case ever and threatened the internet giant with billions of dollars in damages.
The settlement would close the books on a scandal that was touched off by vehicles used by Google for its Street View mapping project. Cars and trucks scooped up emails, passwords and other personal information from unencrypted household Wi-Fi networks belonging to tens of millions of people all over the world. more

Monday, July 22, 2019

From the What Goes Around Files: Russia's FSB Hacked

Russia's Secret Intelligence Agency Hacked: 'Largest Data Breach In Its History'
 
Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSB—Russia's Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world.

The data was passed to mainstream media outlets for publishing. FSB is Russia's primary security agency with parallels with the FBI and MI5, but its remit stretches beyond domestic intelligence to include electronic surveillance overseas and significant intelligence-gathering oversight. It is the primary successor agency to the infamous KGB, reporting directly to Russia's president. more

Tuesday, July 16, 2019

Information Security: Privacy Tips for Business Travelers

The Basics...
  • Beware of shoulder surfers. Get one of these.
  • Know when to shut your mouth. Don't give strangers any confidential information.
  • Use a Virtual Private Network (VPN).
  • Change any passwords you used while on your tip.
  • Keep your device with you to reduce info-suck opportunities.
  • Avoid using public charging stations (unless you have one of these).
  •  Read Murray Associates' Guide to Off-Site Meeting Information Security.

Security Director Tips: You Don't Have to be an IT Dude to Protect Your Company Online

The Top 6 things you can do to better than the IT department. (Go ahead. Take back some turf.)
  1. Establish a cyber incident response plan.
  2. Regularly rehearse the response plan using a range of different scenarios.
  3. Monitor and manage the risk posed from the supply chain.
  4. Ensure the company understands the terms of their insurance and what is covered.
  5. Understand what 'normal' looks like for the business, in terms of application usage, so the company can identify any unfamiliar patterns.
  6. Investing in regular training and raising their people's awareness of cyber security. more

Monday, July 15, 2019

Spanish App Works Like Spanish Fly... undercover

Spain’s data protection agency has fined the country’s soccer league, LaLiga, €250,000 (about $280,000) for allegedly violating EU data privacy and transparency laws. The app, which is used for keeping track of games and stats, was using the phone’s microphone and GPS to track bars illegally streaming soccer games...

Using a Shazam-like technology, the app would record audio to identify soccer games, and use the geolocation of the phone to locate which bars were streaming without licenses. more

Spot on ID, or... "The Tell-Tale Heart"

via MIT Technology Review 

A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. “I don’t want to say you could do it from space,” says Steward Remaly, of the Pentagon’s Combating Terrorism Technical Support Office, “but longer ranges should be possible.”... In the longer run, this technology could find many more uses, its developers believe... more

Like eavesdropping? 
(Spoiler Alert: Israeli scientists did this in 2009, and then improved it in 2014.) ~Kevin

Friday, July 12, 2019

FREE: "Top Secret: From Ciphers to Cyber Security" GCHQ Exhibit in London

Historic gadgets used by British spies will be revealed for the first time later this week, as one of the country's intelligence agencies steps out the shadows to mark its centenary -- and to educate people about the risks of cyber-attacks.

The Government Communications Headquarters (GCHQ) will hold an unprecedented exhibition at London's Science Museum, taking visitors through 100 years of secret conversations and eavesdropping...

A prototype of the Enigma cipher machine used by the Germans will be on display. But the standout exhibit at this new exhibition is the 5-UCO machine developed in 1943 to send decrypted German messages to officers in the field...

"Top Secret: From Ciphers to Cyber Security" opens to the public on Wednesday and runs until February 2020. more

FREE but must book ahead: Science Museum, Exhibition Road, South Kensington, London SW7 2DD  ~Kevin

Historical - A Covert Transmitter & A Mistake = Early Fake News

February 13, 1935 was probably the first case of a major news organization incorrectly reporting a courtroom verdict because of a radio communications fail - the birth of Fake News! 

Flemongton, NJ - The Associated Press (AP) thought it was being uniquely creative - and sneaky - during "The Trial of the Century" involving the kidnapping and murder of Charles Lindberg's young son. A reporter secreted in a miniature shortwave transmitter, concealed within a leather brief case. A receiver station above the courtroom stood ready to copy the agreed upon code, based on the verdict, and send the results to its newspaper feeds.

Little did they know that a competing news agency had the same idea, but used a different code. The AP operator received the New York Daily News code assuming it was from the AP mole. It immediately sent the story to hundreds of editors across the world.

One of the short-wave transmitters carried by a reporter into the courtroom at Flemington was concealed in a small leather brief-case...


Short Wave Craft described how to build a short-wave set in a brief-case in the June 1932 issue - three years earlier! With a slight change in the connections, this receiver is easily converted into a transmitter for code signals, such as those used at the Hauptmann trial.

Short waves played a most important role in the famous million-dollar Hauptmann trial. Two tiny short-wave transmitters were secretly carried by reporters into the courtroom and were used to signal the jury's verdict to other reporters outside the locked courtroom. more

Eavesdropping and TSCM Trends Track Each Other


Conclusion: As organizations and individuals realize that electronic eavesdropping is escalating, they search for Technical Surveillance Countermeasures (TSCM) services, aka bug sweeps.

Thursday, July 11, 2019

Apple Temporarily Disables Walkie Talkie on Apple Watch Over Eavesdropping Concerns

Less than 24 hours after Apple issued a background update to remove a vulnerability in Zoom’s Mac app that installed a surreptitious web server that could activate the video camera without the user’s permission, Apple has disabled another app for a possible security breach. And this time it’s one of its own: Walkie Talkie.
Walkie Talkie was introduced with watchOS 5 as a quicker way to communicate between Apple Watches. Apple promotes it as “a new, easy way to have a one-on-one conversation with anyone who has a compatible Apple Watch.” However, it might not be as private as you think. Apple announced late Wednesday that it was temporarily disabling the Walkie Talkie on the Apple Watch due to eavesdropping concerns. more

This Week in Spycam News

S. Korea - A South Korean TV star has resigned over claims he secretly filmed a woman’s lower body, in the country’s latest celebrity spycam scandal. Presenter Kim Sung-joon pleaded for ‘forgiveness’ after police allegedly caught him red-handed at a metro station in Seoul. more

ID - A Monteview man is facing a felony charge after he admitted to hiding a camera in a bathroom and videotaping people naked, according to court documents. He contacted deputies with the Jefferson County Sheriff’s Office on Thursday, saying he wanted to turn himself in. During the phone call with a deputy, Roundy said he videotaped people taking showers at his home. He told the deputy he knew it was wrong and wanted to know if he could turn himself in on Friday. more

N. Ireland - An ex-children’s nurse accused of inventing a VIP paedophile gang told jurors he set up a hidden camera to film a boy using a toilet out of “curiosity” to see if he found sexual gratification in it. more

India - Days after a 27-year-old model had filed a case against a skin specialist popular among celebrities, accusing her of clandestinely installing a spy camera in her clinic at Lokhan Complex, Andheri West, and taking her pictures, the Oshiwara police arrested the doctor on Monday. more


FL - A Firestone Complete Auto Care employee was arrested Tuesday after recording at least two female customers using the restroom, the Port Orange Police Department... Police were notified of the recording after one of the victims found a recorder inside the women’s restroom. more

LA - The Jefferson Parish District Attorney has brought formal charges in the case of a camera in a restroom at Smoothie King headquarters in Metairie... He allegedly put the camera under a bathroom cabinet at the company's offices when he worked for Smoothie King. more

Canada - A 22-year-old man has been arrested after allegedly filming multiple women changing in a unisex change room at the Eaton Centre... The man then entered the change rooms and placed a homemade recording device on the floor between change room stalls and recorded numerous females changing. A woman occupying one of the change rooms noticed the device on the floor and immediately notified security and police. more

IN - A 20-year-old employee of an Indiana auto parts store has been charged with possession of child pornography and voyeurism after two 10-year-old girls uncovered a cell phone used to film in the company's staff bathroom... The filming device was discovered by the girls hidden behind a plunger and bottles of cleaning products. It had been placed slightly to the left of the toilet. One of the girls had just used the toilet and the other was partially undressed when they discovered the camera. more

Canada - A man pleaded guilty in a London courtroom Tuesday for secretly video taping his family and friends while they were using the bathroom. The court heard that the man set up a hidden camera in the bathroom of his home and recorded about 20 people between 2010 and 2017. He was charged by police after his daughter discovered the camera and told her mother. more

...and a major story from mid-June that slipped through the cracks...

New Zealand - Ninety women, 81 images, 30 hours of hidden camera video - the victims' stories... more

Spycam Facts:
  • Most spycam attacks go undetected.
  • A few are discovered... almost all by accident.
  • Only a few of these are reported to the police.
  • Only a few of these cases are solved.
  • Only a few of these cases make the news.
  • Only few of these make it to my desk.
  • I only share a few of them with you.
Any organization with expectation of privacy areas needs to consider this to protect their employees, visitors and customers... and themselves, from forseeability law suits.

Time to read the next post and let it all sink in.

New Report Projects the Size of the World Spycam Market 2019-2025

An extensive analysis of the Global Spy Cameras market strategy of the leading companies in the precision of import/export consumption, supply and demand figures, cost, price, revenue and gross margins.

The report starts by an introduction about the company profiling and a comprehensive review about the strategy concept and the tools that can be used to assess and analyze strategy.

It also analyzes the company’s strategy in the light of Porter’s Value Chain, Porter’s Five Forces, SWOT analysis, and recommendation on Balanced Scorecard for supply chain analysis...

The Spy Cameras market was valued at xx Million US$ in 2018 and is projected to reach xx Million US$ by 2025, at a CAGR of xx% during the forecast period.

In this study, 2018 has been considered as the base year and 2019 to 2025 as the forecast period to estimate the market size for Spy Cameras.

This report presents the worldwide Spy Cameras market size (value, production and consumption), splits the breakdown (data status 2014-2019 and forecast to 2025), by manufacturers, region, type and application. more

If you want to fill in the X's, you'll have to purchase the report ($4,600.). 

Takeaway... It must be a monster market if professional forecast reports are covering it. But, we already knew that. ~Kevin

Wednesday, July 10, 2019

Security Quote of the Week

"To paraphrase Warren Buffett, “we are in uncharted territory, and it’s going to get worse, not better.” By not having the right technology skillsets in every boardroom, companies and their boards have set themselves up for failure, so it’s almost guaranteed to get worse before it gets better.

Hackers come from all over the world with different motivations, including corporate espionage, and financial and health data theft.

They are incredibly diligent in figuring out creative ways to attack corporate networks, and while these anonymous hackers advance their tactics, it is critical for companies to anticipate what’s coming next and stay a step ahead of them." ~Bob Zukis in Forbes Magazine

Inevitable... As IT security improves expect an increase in classic attacks: electronic eavesdropping, VoIP phone taps, dumpster diving, covert intrusions, employee subversion, and blackmail to name a few. Protection will come when information security is addressed in a holistic manner. ~ Kevin

FREE - Security Message Screen Savers

Security Message Screen Savers
  • Reminders work.
  • Put your idle computer screens to work.
  • Three backgrounds to choose from, or commission custom screens.

Supreme Court Relaxes the Confidentiality Standard... but you have to do your part!

via Blank Rome LLP - Robyn N. Burrows

The Supreme Court in Food Marketing Institute v. Argus Leader Media, No. 18-481 (U.S. June 24, 2019) recently relaxed the standard for withholding confidential information under Exemption 4 of the Freedom of Information Act (“FOIA”)—a major win for contractors that regularly submit sensitive business information to the government...

To take full advantage of the Court’s holding, companies doing business with the government should keep in mind the following practical tips:
  • In submissions to the government, clearly indicate which information is to be kept confidential. This includes marking the data with a protective legend identifying it as subject to Exemption 4 protection. Be aware that certain statutes and regulations may require specific language to be used.
  • To the extent possible, obtain written assurances from the agency that the information will be kept confidential and will not be released to third parties absent the contractor’s consent. Contractors may also be able to negotiate contractual provisions protecting the data to be submitted to the government. more
* An independent consultant specializing in quarterly holistic information security audits can do this for you. 

Killed for Spying: The Story of the First Factory

Piedmont, in north-west Italy, is celebrated for its fine wine. But when a young Englishman, John Lombe, traveled there in the early 18th Century, he was not going to savoir a glass of Barolo. His purpose was industrial espionage. 

Lombe wished to figure out how the Piedmontese spun strong yarn from silkworm silk. Divulging such secrets was illegal, so Lombe snuck into a workshop after dark, sketching the spinning machines by candlelight. In 1717, he took those sketches to Derby in the heart of England.

Local legend has it that the Italians took a terrible revenge on Lombe, sending a woman to assassinate him. 

Whatever the truth of that, he died suddenly at the age of 29, just a few years after his Piedmont adventure. more

A Favorite M.I.B. — M.I.A. — R.I.P. Torn

      February 6, 1931 – July 9, 2019