Friday, October 11, 2019

Spy Camera Detectors – Do they work? How do they work?

Covert cameras have been around since the 1800’s. Interestingly, as soon as photography developed, people wanted to surreptitiously take photos. From voyeurs to private eyes, a spycam was the gadget to have.

In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.

Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.

With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.

Planting Spy Chips in Routers - Proof of Concept

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks...

But even as the facts of that story remain unconfirmed...

Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment... more
5 Cheap Things to Beef Up Your Security
by Rob Kleeger,
Digital4nx Group

Here are a few simple things to prevent and keep most of your private information as safe as possible from hacks or negligence.
  1. Invest in a Password Manager:  If you are like me, most people can’t remember the login details for the dozens of online services they use, so many people end up using the same password — or some variation of one — everywhere. If you are one of those people, this means that if just one site on which you use your password gets hacked, someone could gain access to all your accounts.
  2.  Use a virtual private network (VPN) service: When connected to any internet-connected device, it helps to keep most of your browsing private from your internet service provider; it reduces some online tracking; and it secures your connections when you use public Wi-Fi.
  3. Turn on MFA (2FA) on everything: Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because knowing the victim's password alone is not enough to pass the authentication check. Two-factor authentication doesn’t guarantee security, and it is vulnerable to hacking attacks like phishing attempts that spoof a login page.
  4. Backup: Have a backup plan. All too often, SMB leadership says they backup, but the backup is saved on the server, which if gets encrypted, serves no purpose...neither does attaching a NAS to the same network. Have a cloud-based or offline based backup plan. Confirm backups run regularly and periodically test those backups to do a full restore. 
  5. Don't forget about the paper:  In many ways, people are so focused on cybersecurity, they forget about the basics. Use a cross-cutting paper shredder.  Wirecutter recommends the AmazonBasics 15-Sheet Cross-Cut Shredder for most people, though serious privacy mavens should step up to the AmazonBasics 12-Sheet High-Security Micro-Cut Shredder, which runs a little slower but produces confetti half the size of a cross-cut shredder’s pieces.

Thursday, October 10, 2019

LaFollette Councilwoman Indicted - 34 counts of Wiretapping and Electronic Surveillance

TN - A LaFollette city councilwoman was indicted Thursday on wiretapping and official misconduct charges after a nearly eight-month investigation by the Tennessee Bureau of Investigation...

Campbell County District Attorney Jared Effler requested the TBI investigate after a recording device was found in the LaFollette City Hall Conference Room. Investigators later determined that Thompson was responsible for placing the device in the conference room.

On October 2nd, the Campbell County Grand Jury returned indictments charging Thompson with 34 counts of Wiretapping and Electronic Surveillance and two counts of Official Misconduct.  more

Julian Assange’s Hideout May Have Been Bugged

A Spanish security firm that worked for the Ecuadorean embassy in London is being investigated on suspicion it spied on WikiLeaks founder Julian Assange for US secret services.

Spain’s National Court says it is investigating whether David Morales and his Undercover Global SL security agency invaded Assange’s privacy and that of his lawyers by installing hidden microphones and other devices in the embassy.

It said the information gathered appeared to have been passed on to Ecuadorean and US bodies. more

UPDATE - Director of Spanish security company that spied on Julian Assange arrested.

Cop Dropped for Electronic Eavesdropping - Nothing Further to Report

CA - The Roseville Police Department arrested an officer of Folsom’s police force Wednesday on suspicion of stalking, electronic eavesdropping and illegally using monitoring equipment...

The Roseville Police Department said it would not be releasing any further information regarding the investigation. more

Read more here:

Read more here:

Don't Get Struck by Lightning by Borrowing a Cable

Bad news: A hacker has created a rogue Lightning cable that lets bad guys take over your computer. Worse news: Now it’s being mass-produced.

... from now on, asking a stranger to borrow a Lightning cable, or accepting an offer by a stranger to give you one, is the last thing you’ll want to do if you’re scrupulous about protecting your data.

That’s because a hacker has created the first Lightning cable that, when plugged into your Mac or PC, will allow someone to remotely take over your computer.

Worse, this hacked Lightning cable, called the O.MG Cable, isn’t a bespoke one-off. It’s being mass-produced in factories so anyone can buy and use them to target your datamore

Japan Ninja Student - Writes Essay in Invisible Ink - Gets A+

Japanese student of ninja history who handed in a blank paper was given top marks - after her professor realised the essay was written in invisible ink.

Eimi Haga followed the ninja technique of "aburidashi", spending hours soaking and crushing soybeans to make the ink.

The words appeared when her professor heated the paper over his gas stove.

"It is something I learned through a book when I was little," Ms Haga told the BBC. more

Tuesday, October 8, 2019

A Blue Blaze Irregular Asks About RFID Money Detectors

Hi Kevin, 

I would love it if you did a report on the RFID in currency and the "detectors" that are used to identify the exact amount of cash in a car, suitcase, etc. 

For example, a husband and wife were driving with $14,000 cash to buy a car when an automobile from Homeland Security pulled alongside them for a minute to scan their car. When they realized the car had $14,000 in it, they informed the local law enforcement which then proceeded to pull the car over to confiscate the money. Or the sheriff in Northern California who uses a similar "detector" to pull over people who are bringing cash to Nor Cal to buy cannabis during harvest season. From what I've read, wrapping anything that has the RFID in it with aluminum foil or a Faraday cage-like material is enough to block any signals. I think your readers would find this very interesting. 

Thanks Kevin I appreciate it. 

FutureWatch: I looked into it and found some interesting articles. It appears the U.S. Treasury department is looking into it. They currently have a Request for Information (RFI) out to develop this technology. Answers due by January, 24, 2020.

Technical papers on this technology include...
Banknote Validation through an Embedded RFID Chip and an NFC-Enabled Smartphone
A Comparison Survey Study on RFID Based Anti-Counterfeiting Systems
RFID banknotes

Apparently, this technology has been explored since at least 2001. I couldn't find that it has been implemented anywhere... yet. It appears it may be coming, however.

Our BBI is correct. RFID readers can be easily blocked by Faraday Cage techniques.

All this reminds me weapons of war; evolutionary stair-step escalation through the ages.

Double FutureWatch: RFID tracking of currency may become a moot point if governments leap-frog into cryptocurrencies.

Monday, October 7, 2019

Signal Users - Time to Patch

A security flaw in the privacy-focused encrypted messaging service Signal could enable a threat actor to listen to the audio stream recorded by the Android device of another Signal user, without their knowledge...

The attack does not work with Signal video calls.

The issue was discovered last month by a researcher with Google Project Zero. Signal has already released a patch. more

GPS Cyberstalking of Girlfriend Brings Indictment for Alleged Mobster

20 supposed wiseguys charged because one was possessive...

Joseph Amato's attempt to surveil his girlfriend by attaching a hidden GPS device to her car led authorities to surveil the alleged mobster, and ultimately to his indictment by a grand jury...

"In November 2016, a GPS tracking device was found on an MTA bus in Staten Island during a routine maintenance inspection: it had been hidden in an oil pan," the government's detention memo states. "In fact, Joseph Amato had purchased the device to place a girlfriend, identified herein as Jane Doe, under close surveillance and used the tracking device in an attempt to maintain control over her."...

...after Jane Doe discovered the GPS tracker on her car and removed it. The detention memo suggests she placed it on an MTA bus to thwart Amato's surveillance. more

Women Snooping on Boyfriends Help Topple Dictator Instead

It all started in 2015 with a frantic message from a woman in Sudan who was having cold feet ten days before her wedding. The woman had a nagging feeling her husband-to-be was cheating on her, and she was desperate to find out the truth before she went through with the marriage.

She decided to reach out to her friend Rania Omer, who had won a lottery visa to become a U.S. citizen five years earlier.

Now Omer was 24 and studying at a college in Nebraska, but she still fancied herself an anti-matchmaker among her close-knit community back home in Khartoum. The friend wanted Omer’s help. Would she mind posting a photo of the potential husband to Facebook to see if other women could dig up information on him?

A few hours later, Omer had her answer: one commenter posted to say she was his wife. more

Friday, October 4, 2019

Dissinformation as a Service (DaaS)

While disinformation campaigns are often associated with governments, new research indicates there is a robust, easy-to-navigate market for anyone looking to buy their own propaganda arms.

It is “alarmingly simple and inexpensive” to launch a sophisticated disinformation campaign, analysts from threat-intelligence company Recorded Future concluded after studying the issue. “Disinformation services are highly customizable in scope, costing anywhere from several hundreds of dollars to hundreds of thousands of dollars, or more depending on the client’s needs.”...

“If the ease of this experience is any indication, we predict that disinformation-as-a-service will soon spread from a nation-state tool to one increasingly used by individuals and organizations,” the Recorded Future analysts said. more

As Technical Information Security Consultants, this caught our attention. 

The best disinformation always adds in some correct information. The sum is verisimilitude, the ring of truth. 

So, where will the best correct information come from? Inside, of course.

Another very good reason to conduct regularly scheduled Technical Information Security surveys at your organization.

Tuesday, October 1, 2019

U.S. Tour Guide Accused as Spy for China's Security Service

Watch Surveillance Video of Alleged Spy’s ‘Dead Drop’ at Hotel 

The U.S. arrested a California man accused of spying for China’s security service while working as a tour guide in the San Francisco area. U.S. agents secretly monitored drop-offs of packages at a hotel in Newark, California, that were traced to Peng, according to the complaint.

China’s Ministry of State Security schemed “to use an American citizen to remove classified security information to the PRC,” U.S. Attorney David Anderson said at a press conference.

Peng’s activities for the company where he worked, U.S. Tour and Travel, “went far beyond innocent sight-seeing,” Anderson said. more

Husband Ordered to Pay Almost $500K After Bugging Wife’s iPhone

The chairman of a performing arts school in Brooklyn has to pay an almost $500,000 verdict after he installed spying software in his estranged tobacco-heiress wife’s iPhone...

Jurors ordered Crocker Coulson, Brooklyn Music School chairman, to pay Anne Resnik $200,000 in compensatory damages, $200,000 in punitive damages, and $41,500 in statutory damages—or $100 for each of the 415 days he accessed her phone between 2012 and 2014.

Coulson was also ordered to pay $10,000 to Resnik’s mom, sister, and psychiatrist because he also intercepted their communications by spying on his wife. more

Credit Suisse’s C.O.O. Quits Over a Spying Scandal

Chief Operating Officer Pierre-Olivier Bouee, who worked as the CEO’s chief lieutenant at three companies for more than 10 years, stepped down after ordering detectives to shadow former wealth-management head Iqbal Khan to ensure he didn’t poach clients and brokers for his new post at UBS Group AG. The bank said that he acted alone...

Chairman Urs Rohner is seeking to contain a scandal that erupted in Swiss tabloids a week ago and escalated into a threat for the bank’s top leadership after a confrontation in downtown Zurich between Khan and the private detectives sent to spy on him.

Events took on an even more dramatic turn just before the bank’s announcement, when it emerged that a contractor hired by the bank to recruit the investigative agency took his own life. more

Uber’s Next Big Safety Feature... Eavesdropping

Uber users have raised their share safety concerns with the company, and now it seems that a new feature that could help allay some of those concerns is on the way.  

Uber is apparently testing a feature that will allow riders to record audio through the app when they feel unsafe during a ride.

There are a lot of details we don’t know about this feature yet, as Uber hasn’t said anything official about it. more

Legit-Looking iPhone Cable That Hacks

Soon it may be easier to get your hands on a cable that looks just like a legitimate Apple lightning cable, but which actually lets you remotely take over a computer. The security researcher behind the recently developed tool announced over the weekend that the cable has been successfully made in a factory...
MG is the creator of the O.MG Cable. It charges phones and transfers data in the same way an Apple cable does, but it also contains a wireless hotspot that a hacker can connect to. Once they've done that, a hacker can run commands on the computer, potentially rummaging through a victim's files, for instance. more - background

Tuesday, September 10, 2019

GPS Tracker Bugs Kids... about 600,000 of them.

Serious security flaws in GPS trackers manufactured by a Chinese company have been found to expose location data of nearly 600,000 children and elderly, according to researchers from cybersecurity firm Avast.

T8 Mini GPS Tracker Locator
The researchers spotted the vulnerabilities in the T8 Mini GPS tracker and nearly 30 other models by the same manufacturer, Shenzhen i365 Tech.

...these devices expose all data sent to the Cloud, including exact real-time GPS coordinates, showed the findings revealed last week.

Further, design flaws can enable unwanted third-parties to spoof the location or access the microphone for eavesdropping.

The researchers estimate that there are about 600,000 of these unprotected trackers in use globally that are using the very generic default password of "123456". more

FutureWatch - Non-Public 5G Networks - Network Security via Isolation

The concept of non-public networks is nothing new -- yet the rise of the internet of things (IoT) and connected assets is driving more and more companies to investigate the opportunities that non-public 5G networks could offer them...  

Non-public 5G networks offer protection against industrial espionage. Data in non-public 5G networks is segregated and processed separately from public 5G networks. This ensures complete privacy protection of process -- and production-related data. more

This Week in Spy News

DC - In a previously undisclosed secret mission in 2017, the United States successfully extracted from Russia one of its highest-level covert sources inside the Russian government... more

Netflix - Though hampered by a few hiccups and low-hanging cliches, Netflix's new miniseries The Spy is also awesomely anchored by an astounding dramatic performance by Sacha Baron Cohen. more

FL - The trial of alleged Mar-a-Lago intruder and supposed Chinese “spy” Yujing Zhang started with a bout of the bizarre that has become typical of the case, briefly delaying proceedings. more
Switzerland - Russian spies have been operating in Switzerland under assumed identities, using documents that change their nationalities, a former KGB agent has told Swiss public television RTS. more

S. Korea - A former prisoner in North Korea has told German media that he used to spy for the CIA, seeking out nuclear secrets and taking pictures with a concealed wristwatch camera. more

DC - A former CIA officer who says she spent years under deep cover has written what appears to be one of the most revealing memoirs ever put to paper by an American intelligence operative — a book so intriguing that Apple bought the television rights even before its October publication date. Life Undercover: Coming of Age in the CIA, by Amaryllis Fox more

DC - Valerie Plame isn’t a spy anymore, but she plays one in her latest campaign ad, which looks more like the trailer for a movie about Jason Bourne’s aunt than the start of a congressional run. more

Book Review - Spying: Assessing US Domestic Intelligence Since 9/11 by Darren E. Tromblay.
This book is a welcome addition to the rather small literature on domestic and homeland intelligence in the United States. It will interest more than just intelligence specialists, because Tromblay addresses broader homeland security issues, focusing especially on the FBI and DHS, and the book would serve as a useful introduction to those agencies. more

Friday, September 6, 2019

Last Month in Spycam News

OH - The 27-year-old manager of Hamad Tire was charged with public indecency and voyeurism... Police... found videos on (his) cellular device "that depicted the secret and surreptitious recording of females using the toilet at the business." (and) discovered a vent had been accessed beneath the HVAC unit that provided hidden access to the female's bathroom without the knowledge of the bathroom's users. more

UK - Victims of a pervert doctor, who was jailed for voyeurism after taking thousands of images of female patients, are seeking compensation. more

TX - Lee Choon Ping has pleaded guilty to video voyeurism after he was caught planting a hidden camera in the toilet of a United Airlines flight... Authorities had identified Lee after comparing surveillance videos to the clips contained in the planted camera. more

Canada - A high school teacher convicted by Canada's top court of voyeurism for secretly video recording female students with a pen camera has been handed a six-month jail term. more

UT - A North Ogden man is being charged with voyeurism after officials allegedly found more than 110 videos of an undressed teenage girl on his computer... the defendant had put a camera in a bathroom and recorded a female juvenile... “Furthermore, the defendant was identified in some of the images while setting up the camera.” more

CT - Detective Lt. Mark Williams says in the past year, Danbury police have responded to four voyeurism incidents in local stores and to one dorm situation involving a student in the shower. more

Canada - A Kelowna man has been arrested after RCMP were called to a local business regarding a possible voyeurism offence... an individual located what they believed to be a small hidden camera in the staff washroom of Summerhill Pyramid Winery... the staff member has been terminated and all other bathrooms, staff and public, have been swept. more

FL - The discovery of a bathroom spy camera led to the arrest of a Gainesville talent manager... a person was in a bathroom with his girlfriend when he noticed a clock that looked like a hidden camera... Shortly after discovering the spy camera, the person who uncovered the camera got an unprompted call from Howard Louis Anderson Jr., 38, trying to explain why he placed the camera there. more 

UK - A physiotherapist placed hidden cameras in bathrooms to secretly film a teenage girl while she got undressed and showered. Andrew Weinzettel, 52, also admitted he secretly filmed another female patient at a physiotherapy clinic in Greenfield Park in Sydney's west... he placed a covert camera disguised as a clothes hook at the clinic, which had a swimming pool for patients. more

TN - The Church of Jesus Christ of Latter-day Saints has removed a Utah church official after he was charged with taking photos of a woman undressing in a Tennessee clothing store. more

ID - A 30-year-old Burley man is facing several charges including video voyeurism... According to the charges, the victim family called investigators when they discovered wiring in their basement that went up under a bathroom sink outlet that had a wireless camera attached to it with the lenses installed under the counter top facing the shower. more

SC -Officers were called to La Bamba Mexican Restaurant on South Woody Jones Boulevard (stop snickering) for a voyeurism incident. Police learned that a customer went into the restroom and found a cellphone concealed in the restroom and recording video. more

OH - A former Maumee real estate agent was sentenced to serve six months ... for placing a recording device inside a bathroom and hallway of his Maumee residence — which captured recordings of a 16-year-old and a 19-year-old who lived in the home. more

 TX - A man accused of planting a recording device in a neighbor’s bathroom had 20 terabytes of data, more than 1 million images and multiple victims... the device was determined to be a Phylink brand covert wireless camera. They said this brand of camera is capable of capturing video, audio and can be accessed through a local network. more

FL - Man hid camera in smoke detector... in a room that he only rented out to women; pleads guilty to video voyeurism. more

AR - A convenience store employee found a hidden cellular telephone with the video camera activated beneath and behind the toilet of the restroom. The camera recorded the suspect as he positioned and re-positioned the camera several times. more

UK - A pervert put his mobile phone in a toilet and recorded women in a cubicle inside.
Thomas Stephens recorded himself setting up the camera in the unisex toilet in East Grinstead. more

Canada - A Guelph doctor is facing possible disciplinary action from the College of Physicians and Surgeons of Ontario... a hidden camera was allegedly found in a staff washroom at his practice in Mississauga.  more

LA - A New Orleans man faces more than a decade in prison after his conviction for hiding a camera in a bathroom and capturing video of a 16-year-old girl showering. more

KY - A landlord for a Louisville condominium is facing voyeurism charges after a camera was found hidden in a tenant's vent... she discovered a camera hidden in the vent above her bed. Police identified the man in the video as the woman's employer and landlord. more

AZ - A Glendale man was arrested for the second time for allegedly planting a video recording device in a bathroom, this time at a mall ice cream shop. more

VT - A Kimpton Taconic Hotel employee found a cell phone in the corner of a restroom in the hotel's basement level, which is accessible only to employees, according to a police affidavit. more

DC - FBI employee charged with voyeurism after allegedly placing camera under woman's desk...  the woman said she was sitting at her desk, when she switched the position of her legs, and she hit the camera and caused it to hit the ground. more

UK - Police are investigating a second alleged Peeping Tom spying on women on the set of the new James Bond movie. A 49-year-old man was arrested back in June and charged with voyeurism after a recording device was found in a women’s toilet at Pinewood Studios. more

Had enough? Want to protect your restrooms, avoid embarrassing publicity and costly lawsuits? Check out... Spycam Detection in Workplace Expectation of Privacy Areas — Conduct professional forensic investigations to detect covert spy cameras and create a Recording in the Workplace policy.

The Credit Card that Pays for Itself

Confidential Conference Planning
  • You can say no cell phones allowed in the meeting.
  • You can prohibit brief cases and backpacks.
  • You can scan participants for surveillance devices.
But, you probably won't think about having them leave their wallets outside the door, or checking the books on the shelf.

We would. This is just one of the many things we think about at Murray Associates.

Tuesday, September 3, 2019

Protecting Your Engineering Business from Industrial Espionage

Industrial espionage is a much more common occurrence than many people realize. 

As a business grows and begins to compete at a higher level, the stakes grow and their corporate secrets become more valuable. It isn’t just other businesses that might want this information, hackers who think they can sell the information will also be sniffing about.

Even if you can’t eliminate the risk entirely, there are certain things you can do to reduce the risk of a security breach in your business. more

A Very Short List...
  • Shred Documents

  • Don’t Print Sensitive Information if You Don’t Have to

  • Keep Your Schematics (designs, strategies, etc.) Under Wraps

  • Keep it Need to Know

and my favorite... 

If you don't look,
you may never know.

Workplace Covert Recording on the Rise

Voice activated recorder. Easy to hide.
South Korean workers fed up with bullying are being increasingly emboldened by a new tougher labor law to secretly record alleged abuse or harassment by their bosses, boosting sales of high-tech audio and video devices.

Gadgets disguised as leather belts, eyeglasses, pens and USB sticks are all proving popular with employees in a country where abusive behavior by people in power is so pervasive that there is a word for it - “gabjil”...

Auto Jungbo Co.’s sales of voice recorders so far this year have doubled to 80 devices per day, Jang said as he forecast sales to also double this calendar year to 1.4 billion won. more

Kevin's Tips for Management

  • Assume your discussions are being recorded.
  • Before proceeding, ask if they are recording.
  • Be professional. If you would not say it in a courtroom, don’t say it.
  • Red Flag – When an employee tries to recreate a previous conversation with you.
  • Have an independent sweep team conduct periodic due diligence debugging inspections.

Create a Workplace Recording Policy

Carrie's on-the-Lam Comment via a Leaked Recording

The embattled leader of Hong Kong was caught on a leaked audio recording reportedly saying she would “quit” if she could after causing “unforgivable havoc,” but on Tuesday reiterated that she hasn’t resigned because it would be the easy way out.

In a press conference, Carrie Lam slammed the audio, recorded during a private meeting with a group of businesspeople, saying it was “unacceptable.”

The recording was published Monday by Reuters. In it, she is heard apparently blaming herself for igniting Hong Kong’s political crisis. more

Kevin's Tips for Management

  • Assume your discussions are being recorded.
  • Before proceeding, ask if they are recording.
  • Be professional. If you would not say it in a courtroom, don’t say it.
  • Red Flag – When an employee tries to recreate a previous conversation with you.
  • Have an independent sweep team conduct periodic due diligence debugging inspections.

Create a Workplace Recording Policy

Thursday, August 29, 2019

A Golf Ball Right Out of Spy vs. Spy

Nissan Motor Co. has developed a golf ball that will help you make a putt with your eyes closed.

As a proof of concept, the carmaker unveiled a video on Tuesday, whereby a toddler taps a ball with his club and makes a putt that would make Tiger Woods’ jaw drop. Here’s how it works... more

The Scarlet Letter: 2019 - Old Spy Tool. New Use.

Ultraviolet ink has been used by spies (secret writing) and TSCM technicians (as tamper detection) for over a century. And now, to brand sexual assailants for groping.

Anti-groping stamp lets victims mark assailants.

The Japanese device is paired with a special lamp that lets its otherwise invisible ink be seen...

The Tokyo Metropolitan Police said 2,620 sexual crimes were reported in 2017, including 1,750 cases of groping, mostly on trains or at stations.

A limited run of 500 devices, which retailed at 2,500 yen (£19.30), sold out within 30 minutes on Tuesday... more

FutureWatch: Additional tech will continue to enhance citizen crime fighting. New technologies will be appropriated. Old technologies, like ultraviolet, will find new uses. 

Just think of what internet search engines, smartphone videos, video doorbells, and covert spy cameras have already accomplished in recent decades. 

I wonder why Gentian Violet in mini spray bottles wasn't thought of first. Instant ID. No UV light necessary.

Has Your Doctor (or other Professional) Downloaded Apps With Microphone Access?

via Robinson & Cole LLP - Linn Foster Freedman

As I always do when talking to people about their phones, I asked them to go into their privacy settings and into the microphone section and see how many apps they have downloaded that asked permission to access the microphone. How many green dots are there? Almost all of them looked up at me with wide eyes and their lips formed a big “O.”...

I am not picking on them—I do the same thing with lawyers, financial advisors and CPAs, and any other professional that has access to sensitive information.

When a professional downloads an app that allows access to the microphone, all of the conversations that you believe are private and confidential are now not private and confidential if that phone is in the room with you. more

Tuesday, August 27, 2019

Just Another Week in the World of Spies

China - Yang Hengjun, a well-known Australian writer and democracy activist detained by the Chinese authorities in January, has been formally charged with spying... more

Russia - A Moscow court has ruled to keep an American man and Marine veteran suspected of spying in prison for two more months. The court ruled on Friday to keep Paul Whelan behind bars at least until late October. more 

WWW - Freelance site Fiverr offers illegal private spying services... more

UAE - Why the CIA doesn't spy on the UAE... more

Israel shouldn’t let a little spying undo its economic ties with China, ex-chief analyst argues... more

Iran has sentenced a British-Iranian national to 10 years in jail for spying for Israel... more

China’s spies are waging an intensifying espionage offensive against the United States. more

USA - Patrick Byrne resigned suddenly as CEO of last Thursday, after mounting controversy surrounding his past romantic relationship with alleged Russian agent Maria Butina. Butina is now serving an 18 month prison sentence for conspiring to promote Russian interests through conservative U.S. political groups. more

Australia - Intelligence agencies warn of 'unprecedented scale' of foreign spying within Australia. more

Iran - Environmentalists filming Iran’s endangered cheetahs could be executed for spying. more

India sending spying devices to Pakistan via balloons... more

USA - The spy in your wallet: Credit cards have a privacy problem... In a privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data. more

Book - The Secret World: A History of Intelligence

via By , The New Yorker
The history of espionage is a lesson in paradox: the better your intelligence, the dumber your conduct; the more you know, the less you anticipate.

Is intelligence intelligent? This is the question that runs or, rather, leaps through the mind of the reader struggling with Christopher Andrew’s encyclopedic work “The Secret World: A History of Intelligence” (Yale).

Andrew, who is a longtime history don at Cambridge, begins his book...with one of the most appealing opening lines in recent nonfiction: “The first major figure in world literature to emphasize the importance of good intelligence was God.

The Israelites’ reconnaissance mission to the promised land of Canaan is the first stop in Andrew’s tour of four thousand years of spying; the last is the American failure to anticipate 9/11.

For anyone with a taste for wide-ranging and shrewdly gossipy history—or, for that matter, for anyone with a taste for spy stories—Andrew’s is one of the most entertaining books of the past few years. more

'Complete Control' Hack Allows Audio / Video Spying and More

All Windows users should update immediately as ‘Complete Control’ hack is confirmed.

In case you were underestimating the tool, it can allow a hacker to remoting shutdown or reboot the system, remotely browse files, access and control the Task Manager, Registry Editor, and even the mouse.

Not only that, but the attacker can also open web pages, disable the webcam activity light to spy on the victim unnoticed and capture audio and video.

Since the attacker has full access to the computer, they can also recover passwords and obtain login credentials using a keylogger as well as lock the computer with custom encryption that can act like ransomware. more

Friday, August 23, 2019

Whistle-Blower Charged with Industrial Espionage, or No Good Deed Goes...

A whistle-blower responsible for uncovering one of the biggest cases of tax avoidance in Germany is now prosecuted by Swiss authorities for industrial espionage...

Echart Seith is a lawyer that contributed to uncovering a Swiss bank mechanism that deprived German taxpayer of €12bn...

The 61-year old Seith has now been charged with industrial espionage and his case goes to trial on March 26. If found guilty, he is facing three-and-a-half years in prison. His testimony closed the tax loophole exploited by the Swiss banking industry in 2011...

The question at hand is how Seith got internal bank documents that allowed him to make the case against the Swiss banking system. more

How Music Has Made Auditory Surveillance Possible

An interesting article on the history of electronic eavesdropping...
For as long as we’ve been able to transmit sound through the ether, it seems, someone has been listening in... more

FutureWatch: Eavesdropping on REALLY Tiny Sounds

Researchers have developed a microphone so sensitive it’s capable of picking up individual particles of sound.

OK, we knew light has particles, and gravity has particles. Now even sound has particles? Well, not quite. A phonon is what’s called a quasiparticle — basically, an emergent phenomenon that occurs when a microscopically complicated system behaves as if it were a particle...

 The quantum microphone consists of a series of supercooled nanomechanical resonators, so small that they are visible only through an electron microscope.

The resonators are connected to a superconducting circuit which contains electron pairs that move around without resistance. The circuit forms a qubit — a system that can exist in two states at once and has a natural frequency, which can be read electronically. more

Spycam Man Gets Life +150 Years — Skips on Castration

A workman accused of hiding cameras in several homes to spy on young girls was sentenced Wednesday to life in prison plus nearly 150 years by a judge who said she would have him castrated if the law allowed.

"We're here because of the choices that you and you alone made," Oklahoma County District Judge Amy Palumbo told Ryan Aaron Alden. "The devastation that you caused these families may never be known."

Alden, 39, of The Village, pleaded guilty in June to 28 felonies that included aggravated possession of obscene material involving minors, manufacturing child pornography and using video equipment in a clandestine manner.

Prosecutors alleged that Alden placed hidden cameras in the ceiling vents of four homes in Edmond, Nichols Hills and Oklahoma City. He reportedly placed the cameras in the bedrooms, bathrooms and closets of the homes while performing electrical work.

Alden was also accused of taking clandestine photos of girls in numerous public places, including gyms, schools, stores, mall changing rooms and a high school football game. more

Fighting Corporate Espionage — by a Counterintelligence Agent

Corporate executives must bear the responsibility... No longer is “Security” to the facility and personnel all that is required. Many foreign countries and interests take short cuts to becoming competitive through the theft of trade secrets, products and overt and covert espionage of all sorts...

Many of the tactics utilized in private sector counterintelligence have much in common with the secrets and information the government does its best to safeguard from theft... 

 There are open and legal methods of collection open that are harmful and a good counterintelligence program should target this as well as illegal activities such as electronic eavesdropping, hacking, etc.

Passive counterintelligence tries to curtail what a collector may do through countermeasures, and awareness training. Active counterintelligence will prove beneficial to identify and detect a threat, and will conduct operations including eliminating threats or ongoing targeting... The leaders in the private sector need to be proactive and realize that it is no longer only local threats they face. The threats can be global and may not only be an economic threat but also a threat to national security. more

The O.MG Cable™ — The Smartphone Electro-Leach

via Blue Blaze irregular C.G.
The O.MG Cable™ is the result of months of work that has resulted in a highly covert malicious USB cable. As soon as the cable is plugged in, it can be controlled through the wireless network interface that lives inside the cable.
The O.MG Cable allows new payloads to be created, saved, and transmitted entirely remotely. 
The cable is built with Red Teams in mind with features like additional boot payloads, no USB enumeration until payload execution, and the ability to forensically erase the firmware, which causes the cable to fall entirely back to an innocuous state. And these are just the features that have been revealed so far. more 
Their other "interesting" products of which you should be aware.

Tuesday, August 20, 2019

Wiretap Found at Office of Deputy Prosecutor General of Ukraine

Nazar Kholodnytsky
The Head of the SAPO* claimed a “device similar to a tapping device has been found”, adding that he did not know whom it belonged to...

Ukrainska Pravda wrote that the “bugs” had been planted on the acquiarium (sic) in Kholodnytsky’s office and reminded of rumors regarding the possible voluntary resignation “due to health reasons”.

Ukrainski Novyny, citing sources in the Prosecutor General’s Office, said that Kholodnytsky may be detained and arrested as the result of “the wiretapping case”.

Reacting to the resignation rumors, the SAPO head encouraged “not to count on it.” more

Extra Credit: Ukraine's Security Service denies allegations of wiretapping presidential candidates. more

*Ukraine's Specialized Anti-Corruption Prosecutor's Office

How to Drive Artificial Intelligence Surveillance Cameras Nuts

In order to deceive surveillance cameras, a fashion designer and hacker has developed a new clothing line that allows people camouflage themselves as a car in the recordings.

The garments are also covered with license plate images that trigger automated license plate readers, or ALPRs, to inject junk data into systems used to monitor and track civilians. more

Phone Phreaking - The Next Frontier - Elevator Eavesdropping

Next time you’re in an elevator, be advised that someone – besides building security and fellow elevator riders – might be listening.
A recent Wired article exposed the hidden world of elevator phreaking. By calling an unsecured elevator phone, a third party can expose a person, and potentially an enterprise, to a major security and privacy risk. 
Since elevator phones don’t require anyone to pick up the phone to open the circuit, a third party can make a call and be connected – allowing them to eavesdrop on conversations happening inside the elevator. 
Given the competitive nature of industries like banking and technology, it isn’t completely unthinkable for a hacker to eavesdrop this way. more

I know of a hotel in Miami which has bugged elevator—the one nearest the Boardroom; located on the Conference Floor level.

But, if bugged elevators aren't freaky enough, eavesdrop on elevators that talk! ~Kevin

Eye Spy

Spectacles are a camera that you wear on your face. Tap a record button near the temple, and they capture video in intervals of 10 seconds, which automatically uploads to the Snapchat app. The first two generations of the sunglasses, released in 2016 and 2018 respectively, were bulky, plastic, and multicolored—almost toylike.

Spectacles 3, to be released later this fall, are a much more appealing species. Sleeker, slimmer, and made in lightweight stainless steel, they signal the company’s move into elevated design. The style—exaggerated round lenses with a brow bar across the top—comes in just two minimal hues: matte black (the Carbon) and rose gold (the Mineral). more

The Peregrination of a Childhood Promise

Finally, another childhood fantasy becomes reality. Hard on the heals of wall screen TVs; Dick Tracy's wrist radio.

  • The now iconic 2-way wrist radio premiered in 1946 and was replaced with a 2-way wrist TV in 1964.
  • 1952 prototype wrist radio.
  • 1960's wrist radio.
  • Apple watch Walkie-Talkie.
  • FutureWatch: A "Real" Dick Tracy wrist radio watch. (Bluetooth)
  • Wrist radios on ebay.
  • Wrist radios on Amazon.
  • In June of 1954, the radio was upgraded to increase the range from 500 miles to 1,000 miles, then again in 1956 to 2,500 miles. 
Chester Gould’s idea of Tracy wearing something like this on his wrist in the comic strip was actually turned down by his employer because it was thought to be too much of a cheat, so-to-speak, an easy way out for the detective who had been written into a scene where he was held captive with no possible way of escaping from the criminals.

It was then that Gould decided to call an inventor he had met, Al Gross (pictured above).

Al Gross was a man way ahead of his time with inventions such as the walkie-talkie. When Gross was just 16 years old, he already had an amateur radio operator's license and had built a ham radio going on to invent the first telephone pager in 1949.

When Gould stopped by, Al Gross had just recently invented a two-way radio that people could wear on their wrists, just like a watch. Gould asked Gross if he could use his idea and that’s where Dick Tracy’s wrist watch radio came into being. Gould was so appreciative that as a Thank You, he gave Gross the first four panels of the cartoon where Tracy is seen wearing and using the soon-to-be infamous gadget. The device proved to be the exact answer for Dick Tracy to rescue himself from the seemingly impossible situation.

Still on my list...
  UPDATE - 8/27/19
Apple reportedly kills project to turn iPhone into 'walkie talkie'

Monday, August 12, 2019

Ultrasound Talk Gives a Whole New Meaning to Defcon

Researchers have long known that commercial speakers are also physically able to emit frequencies outside of audible range for humans. At the Defcon security conference in Las Vegas on Sunday, one researcher is warning that this capability has the potential to be weaponized...

Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

Those aural barrages can potentially harm human hearing, cause tinnitus, or even possibly have psychological effects.

And while it is still unclear whether acoustic weapons played a role in the attack on United States diplomats in Cuba, there are certainly other devices that intentionally use loud or intense acoustic emanations as a deterrent weapon... more

Sunday, August 11, 2019

Tesla Mod Creates a Mobile Surveillance Station - Possible Bad News for PIs on Surveillance

At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras—the same dash and rearview cameras providing a 360-degree view used for Tesla's Autopilot and Sentry features—into a system that spots, tracks, and stores license plates and faces over time.

The tool uses open source image recognition software to automatically put an alert on the Tesla's display and the user's phone if it repeatedly sees the same license plate. When the car is parked, it can track nearby faces to see which ones repeatedly appear.

Kain says the intent is to offer a warning that someone might be preparing to steal the car, tamper with it, or break into the driver's nearby home. more