Thursday, October 31, 2019

This Week's News About Spies

 Busy, as always...

Drones: An Increasing Business Espionage Concern Worldwide

South Africa - The increased use of unmanned aerial vehicles, or drones, in SA over the last few years has opened local organisations to a significant and evolving scope of threat in areas such as cyber espionage, illegal surveillance, electronic snooping and reconnaissance.

Security experts warn that while drone technology is increasingly being harnessed to carry out a host of commercial tasks faster, safer and more efficiently across industries including agriculture, media, health and defence, it is also increasingly being exploited by criminals as a tool to usher in a new era of physical and IT security threats. more

• Our other Security Scrapbook drone coverage.
• Researching anti-drone technology for your corporate security department? Contact us for our free Anti-Drone Research Paper.

Wednesday, October 30, 2019

Southwest Airlines Flight Attendant Says Pilots Streamed Secret Bathroom Live Feed into Cockpit

A Phoenix-based flight attendant has sued Southwest Airlines for retaliation after she reported two pilots for live streaming secret lavatory video onto an iPad in the cockpit. 

Renee Steinaker says...she saw an iPad mounted to the jet’s windshield where she could see the pilot in the restroom. She says the co-pilot then told her that the cameras were a new “top secret security measure” which Steinmaker later determined was not true.

She claims that the pilots also left the aircraft unattended after landing the flight, and “left a loaded firearm unattended in the cockpit” which violates FAA regulations. more

The two pilots, both based near Southwest's Dallas headquarters, have denied the allegations in court documents. So has the airline, which dismissed the incident as an "inappropriate attempt at humor" in a statement. more

UPDATE:  A statement by the Southwest Airlines Pilots Association this week:
"Southwest Airlines has never placed cameras and never videoed anyone in any lavatory, and the pilots on Flight 1088 did not video anyone. The incident, which occurred over two years ago, was a poor attempt at humor where the pilot took a selfie video from the chest up, fully clothed, in the lavatory of a completely different airplane months before Flight 1088 and then replayed the exact same selfie video on his iPad when Ms. Steinaker came into the cockpit." more

Kettle Gets Called Black... or, Who's Zoomin' Who

Facebook launched a new front in the battle over encryption yesterday by suing the Israeli spyware firm NSO Group for allegedly hacking WhatsApp, its encrypted messaging service, and helping government customers snoop on about 1,400 victims...

The lawsuit marks the first time a messaging service has sued a spyware company for undermining its encryption and it could prompt a slew of suits against companies that have developed encryption workarounds bolstering governments' ability to spy on their citizens. more

More People Searching for Technical Surveillance Countermeasures (TSCM)

Analysis: More organizations are hardening their defenses against electronic surveillance and information theft.  With TSCM information security surveys becoming mainstream attacks will shift toward the defenseless...

Defenseless equals lunch in the Infowar Jungle.

Friday, October 25, 2019

Espionage Weekend Movie: "The Current War"

Don't let the fancy attire and the Gilded Age setting fool you, there is nasty business afoot in "The Current War."

It's a power struggle, both literal and societal, with Benedict Cumberbatch as inventor Thomas Edison on one side, Michael Shannon as industrialist George Westinghouse on the other, Nicholas Hoult as eccentric visionary Nikola Tesla in the middle and the future of electricity in America hanging in the balance.

In theaters Friday, Oct. 25, the film is a tale of innovation advanced via moral compromise. There are dead animals, corporate espionage, even the invention of the electric chair all deployed in the battle to determine whether Edison's direct current or Westinghouse's alternating current would light up the nation.

It's a story rife with tragedy and squandered potential. more

Spy Doc Dropped

The doctor accused of corporate espionage and stealing trade secrets from blood giant CSL to further his career and to land a job at rival group Pharming has been sacked from his job.

Dutch pharmaceutical company Pharming announced on Thursday that it had permanently terminated Joseph Chiao's employment.

Dr Chiao had been subject to a US court injunction preventing him from starting work at Pharming in October so that CSL and Pharming could investigate CSL's allegations that Dr Chiao had stolen 1,000,000 documents from CSL. more

Hacker Physically Plants Keylogger Devices on Company Systems

A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time.

It appears that the individual was after data relating to an "emerging technology" that both targeted companies were developing.

In February 2017, 45-year old Ankur Agarwal of Montville, New Jersey, trespassed the premises of one of the two tech companies and installed keylogging devices on its computers to capture employee usernames and passwords. He also added his laptop and a hard drive to the company's computer network. more

A Technical Information Security Survey could have prevented this in the first place. ~Kevin

Racoon Steals Data for $200. per Month - Cute

A new kind of easy to use trojan malware is gaining popularity among cyber criminals, providing them with simple means of stealing credit card data, passwords and cryptocurrency -- and it has already infected hundreds of thousands of Windows users around the world.

Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.

Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more

Thursday, October 24, 2019

Turning Amazon and Google Smart Speakers into Smart Spies

Researchers at Germany’s SRLabs found two hacking scenarios — eavesdropping and phishing — for both Amazon Alexa and Google Home/Nest devices. They created eight voice apps (Skills for Alexa and Actions for Google Home) to demonstrate the hacks that turns these smart speakers into smart spies. The malicious voice apps created by SRLabs easily passed through Amazon and Google’s individual screening processes...

For eavesdropping, the researchers used the same horoscope app for Amazon’s smart speaker. The app tricks the user into believing that it has been stopped while it silently listens in the background. more

Google Accused of Spying with New Tool

Google employees have accused their employer of creating a surveillance tool disguised as a calendar extension designed to monitor gatherings of more than 100 people, a signal that those employees may be planning protests or discussing union organizing. Google parent company Alphabet “categorically” denies the accusation. 

The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.  

Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more

Hospital Bathroom Video Voyeur had 1 Million Images

FL - Authorities have arrested a 41-year-old man who they say hid a small camera in bathrooms at three Florida medical facilities...
Police began investigating on Oct. 3 when a hidden camera was found inside an employee bathroom at St. Mary's Medical Center. 
Investigators found more than a million still and video images.
(The suspect) was a technician who took CT scans at the hospital and PET scans at medical facilities in Delray Beach and Boca Raton. more

Toga! Toga! Toga! ...SCIF Fight!

SCIF fight shows lawmakers can be their own biggest cybersecurity vulnerability.

About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.

A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more

"You're all worthless and weak!" ~Doug Neidermeyer

Wednesday, October 23, 2019

CNN - In 1999 a listening device was planted inside the State Department...

After a suspicious rise in Russian diplomats visiting the State Department in 1999, the FBI worked with the Diplomatic Security Service to follow mysterious radio frequencies. For more, watch "Declassified" Sunday at 11 p.m. ET/PT. more

Thanks to our Blue Blase Irregular at Big T for spotting this one for us.

Free Ransomware Decryption Tool

Emsisoft Decryptor for STOP Djvu

The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.

Please note: There are limitations on what files can be decrypted. more

Of course, put all the safeguards in place first so you won't need this tool. ~Kevin

Friday, October 18, 2019

IT / Security Director Alert: Cisco Aironet Wi-Fi High-Severity Vulnerability Patch Available

Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.

It also issued a slew of additional patches addressing other flaws in its products.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. " could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more

Thursday, October 17, 2019

Why Do CIA Spies Stop at Every Yellow Light?

After spending years in the CIA fighting to prevent nuclear terrorism and other catastrophes, some old habits just will not go away for the ex-spy Amaryllis Fox...

...a former CIA clandestine-service officer and author of the new book "Life Undercover: Coming of Age in the CIA"...

...CIA spies learn to master skills regular people do not, and they stick with you...

...But there is one old habit, she said, that drives her husband a little bit crazy — stopping at every yellow light when she drives. more

Welcome to our home. Your visit may be recorded for no apparent reason. Would you like a glass of wine?

The privacy backlash against AI-powered digital assistants has just taken an interesting twist, with a senior exec from one of the core proponents of the technology admitting that he has his own privacy concerns over the tech.

Google hardware chief Rick Osterloh told the BBC that guests visiting a home where smart speakers are stored should be warned that their conversations might be overheard and recorded. more

Calling All Ears - Calling All Ears

Comedy Central is casting talent for “Eavesdropping,” a digital sketch. The production needs talent, aged 20–40, to play cute families, tourists, creepy men, and more. Two of the roles require the ability to cry on command. Filming will take place on Oct. 23 in New York City. Pay is $100 per day with meals provided on set. Apply here for the general background roles and apply here for the crying background roles!

Massive Corporate Espionage Attack: 'One million pages stolen'

Australian blood giant CSL has been rocked by an alleged corporate espionage attack, with a former "high level" employee accused of stealing tens of thousands of its documents - including trade secrets - in order to land a job at a key competitor...
CSL’s allegations are expected to reverberate through the highly competitive global drug making industry where trade secrets are the most prized possession of the companies. more
It's never this obvious.

Any pharmaceutical company without: 
  • a robust Information Security Policy, 
  • Recording in the Workplace Policy
  • IT Compliance and Surveillance program, 
  • regularly scheduled Technical Surveillance Countermeasures (TSCM) inspections (with an Information Security Survey component)
is an easy target. Sadly, they won't even know they have had their brains picked until the damage is done.

CSL had protection measures in place. Thus, this discovery, and recovery. ~Kevin

Iranian President's Brother Claims Presidential Office was Bugged

Iran - After surrendering to serve his five-year term in prison, the younger brother of Iran’s president, Hossein Fereydoun claimed in a statement October 16 that the judge had convicted him based on eavesdropping on the presidential office.

A close advisor to Hassan Rouhani, Fereydoun did not name the body or persons responsible for the eavesdropping. Nevertheless, it is public knowledge that the Islamic Revolution Guards Corps Intelligence Organization had been behind the lawsuit against him. more

Holy Crap: IT Folks Fear the Internet Connected Toilet

IT security professionals are nervous people.

This seems clear from a new survey perpetrated on the part of the hardware security company nCipher...

The surveyors asked 1,800 IT security professionals in 14 countries about vital elements...

Thirty-six percent confessed they were afraid they'd be spied upon by an internet-connected device. The same number feared they'd have money stolen.

Twenty-four percent fear personal embarrassment as unholy information about them would be leaked.

I, though, feel a particular empathy for the 21% who are afraid that pranksters will hack their connected toilets. more

Friday, October 11, 2019

Spy Camera Detectors – Do they work? How do they work?

Covert cameras have been around since the 1800’s. Interestingly, as soon as photography developed, people wanted to surreptitiously take photos. From voyeurs to private eyes, a spycam was the gadget to have.

In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.

Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.

With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.

Planting Spy Chips in Routers - Proof of Concept

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks...

But even as the facts of that story remain unconfirmed...

Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment... more
5 Cheap Things to Beef Up Your Security
by Rob Kleeger,
Digital4nx Group

Here are a few simple things to prevent and keep most of your private information as safe as possible from hacks or negligence.
  1. Invest in a Password Manager:  If you are like me, most people can’t remember the login details for the dozens of online services they use, so many people end up using the same password — or some variation of one — everywhere. If you are one of those people, this means that if just one site on which you use your password gets hacked, someone could gain access to all your accounts.
  2.  Use a virtual private network (VPN) service: When connected to any internet-connected device, it helps to keep most of your browsing private from your internet service provider; it reduces some online tracking; and it secures your connections when you use public Wi-Fi.
  3. Turn on MFA (2FA) on everything: Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because knowing the victim's password alone is not enough to pass the authentication check. Two-factor authentication doesn’t guarantee security, and it is vulnerable to hacking attacks like phishing attempts that spoof a login page.
  4. Backup: Have a backup plan. All too often, SMB leadership says they backup, but the backup is saved on the server, which if gets encrypted, serves no purpose...neither does attaching a NAS to the same network. Have a cloud-based or offline based backup plan. Confirm backups run regularly and periodically test those backups to do a full restore. 
  5. Don't forget about the paper:  In many ways, people are so focused on cybersecurity, they forget about the basics. Use a cross-cutting paper shredder.  Wirecutter recommends the AmazonBasics 15-Sheet Cross-Cut Shredder for most people, though serious privacy mavens should step up to the AmazonBasics 12-Sheet High-Security Micro-Cut Shredder, which runs a little slower but produces confetti half the size of a cross-cut shredder’s pieces.

Thursday, October 10, 2019

LaFollette Councilwoman Indicted - 34 counts of Wiretapping and Electronic Surveillance

TN - A LaFollette city councilwoman was indicted Thursday on wiretapping and official misconduct charges after a nearly eight-month investigation by the Tennessee Bureau of Investigation...

Campbell County District Attorney Jared Effler requested the TBI investigate after a recording device was found in the LaFollette City Hall Conference Room. Investigators later determined that Thompson was responsible for placing the device in the conference room.

On October 2nd, the Campbell County Grand Jury returned indictments charging Thompson with 34 counts of Wiretapping and Electronic Surveillance and two counts of Official Misconduct.  more

Julian Assange’s Hideout May Have Been Bugged

A Spanish security firm that worked for the Ecuadorean embassy in London is being investigated on suspicion it spied on WikiLeaks founder Julian Assange for US secret services.

Spain’s National Court says it is investigating whether David Morales and his Undercover Global SL security agency invaded Assange’s privacy and that of his lawyers by installing hidden microphones and other devices in the embassy.

It said the information gathered appeared to have been passed on to Ecuadorean and US bodies. more

UPDATE - Director of Spanish security company that spied on Julian Assange arrested.

Cop Dropped for Electronic Eavesdropping - Nothing Further to Report

CA - The Roseville Police Department arrested an officer of Folsom’s police force Wednesday on suspicion of stalking, electronic eavesdropping and illegally using monitoring equipment...

The Roseville Police Department said it would not be releasing any further information regarding the investigation. more

Read more here:

Read more here:

Don't Get Struck by Lightning by Borrowing a Cable

Bad news: A hacker has created a rogue Lightning cable that lets bad guys take over your computer. Worse news: Now it’s being mass-produced.

... from now on, asking a stranger to borrow a Lightning cable, or accepting an offer by a stranger to give you one, is the last thing you’ll want to do if you’re scrupulous about protecting your data.

That’s because a hacker has created the first Lightning cable that, when plugged into your Mac or PC, will allow someone to remotely take over your computer.

Worse, this hacked Lightning cable, called the O.MG Cable, isn’t a bespoke one-off. It’s being mass-produced in factories so anyone can buy and use them to target your datamore

Japan Ninja Student - Writes Essay in Invisible Ink - Gets A+

Japanese student of ninja history who handed in a blank paper was given top marks - after her professor realised the essay was written in invisible ink.

Eimi Haga followed the ninja technique of "aburidashi", spending hours soaking and crushing soybeans to make the ink.

The words appeared when her professor heated the paper over his gas stove.

"It is something I learned through a book when I was little," Ms Haga told the BBC. more

Tuesday, October 8, 2019

A Blue Blaze Irregular Asks About RFID Money Detectors

Hi Kevin, 

I would love it if you did a report on the RFID in currency and the "detectors" that are used to identify the exact amount of cash in a car, suitcase, etc. 

For example, a husband and wife were driving with $14,000 cash to buy a car when an automobile from Homeland Security pulled alongside them for a minute to scan their car. When they realized the car had $14,000 in it, they informed the local law enforcement which then proceeded to pull the car over to confiscate the money. Or the sheriff in Northern California who uses a similar "detector" to pull over people who are bringing cash to Nor Cal to buy cannabis during harvest season. From what I've read, wrapping anything that has the RFID in it with aluminum foil or a Faraday cage-like material is enough to block any signals. I think your readers would find this very interesting. 

Thanks Kevin I appreciate it. 

FutureWatch: I looked into it and found some interesting articles. It appears the U.S. Treasury department is looking into it. They currently have a Request for Information (RFI) out to develop this technology. Answers due by January, 24, 2020.

Technical papers on this technology include...
Banknote Validation through an Embedded RFID Chip and an NFC-Enabled Smartphone
A Comparison Survey Study on RFID Based Anti-Counterfeiting Systems
RFID banknotes

Apparently, this technology has been explored since at least 2001. I couldn't find that it has been implemented anywhere... yet. It appears it may be coming, however.

Our BBI is correct. RFID readers can be easily blocked by Faraday Cage techniques.

All this reminds me weapons of war; evolutionary stair-step escalation through the ages.

Double FutureWatch: RFID tracking of currency may become a moot point if governments leap-frog into cryptocurrencies.

Monday, October 7, 2019

Signal Users - Time to Patch

A security flaw in the privacy-focused encrypted messaging service Signal could enable a threat actor to listen to the audio stream recorded by the Android device of another Signal user, without their knowledge...

The attack does not work with Signal video calls.

The issue was discovered last month by a researcher with Google Project Zero. Signal has already released a patch. more

GPS Cyberstalking of Girlfriend Brings Indictment for Alleged Mobster

20 supposed wiseguys charged because one was possessive...

Joseph Amato's attempt to surveil his girlfriend by attaching a hidden GPS device to her car led authorities to surveil the alleged mobster, and ultimately to his indictment by a grand jury...

"In November 2016, a GPS tracking device was found on an MTA bus in Staten Island during a routine maintenance inspection: it had been hidden in an oil pan," the government's detention memo states. "In fact, Joseph Amato had purchased the device to place a girlfriend, identified herein as Jane Doe, under close surveillance and used the tracking device in an attempt to maintain control over her."...

...after Jane Doe discovered the GPS tracker on her car and removed it. The detention memo suggests she placed it on an MTA bus to thwart Amato's surveillance. more

Women Snooping on Boyfriends Help Topple Dictator Instead

It all started in 2015 with a frantic message from a woman in Sudan who was having cold feet ten days before her wedding. The woman had a nagging feeling her husband-to-be was cheating on her, and she was desperate to find out the truth before she went through with the marriage.

She decided to reach out to her friend Rania Omer, who had won a lottery visa to become a U.S. citizen five years earlier.

Now Omer was 24 and studying at a college in Nebraska, but she still fancied herself an anti-matchmaker among her close-knit community back home in Khartoum. The friend wanted Omer’s help. Would she mind posting a photo of the potential husband to Facebook to see if other women could dig up information on him?

A few hours later, Omer had her answer: one commenter posted to say she was his wife. more

Friday, October 4, 2019

Dissinformation as a Service (DaaS)

While disinformation campaigns are often associated with governments, new research indicates there is a robust, easy-to-navigate market for anyone looking to buy their own propaganda arms.

It is “alarmingly simple and inexpensive” to launch a sophisticated disinformation campaign, analysts from threat-intelligence company Recorded Future concluded after studying the issue. “Disinformation services are highly customizable in scope, costing anywhere from several hundreds of dollars to hundreds of thousands of dollars, or more depending on the client’s needs.”...

“If the ease of this experience is any indication, we predict that disinformation-as-a-service will soon spread from a nation-state tool to one increasingly used by individuals and organizations,” the Recorded Future analysts said. more

As Technical Information Security Consultants, this caught our attention. 

The best disinformation always adds in some correct information. The sum is verisimilitude, the ring of truth. 

So, where will the best correct information come from? Inside, of course.

Another very good reason to conduct regularly scheduled Technical Information Security surveys at your organization.

Tuesday, October 1, 2019

U.S. Tour Guide Accused as Spy for China's Security Service

Watch Surveillance Video of Alleged Spy’s ‘Dead Drop’ at Hotel 

The U.S. arrested a California man accused of spying for China’s security service while working as a tour guide in the San Francisco area. U.S. agents secretly monitored drop-offs of packages at a hotel in Newark, California, that were traced to Peng, according to the complaint.

China’s Ministry of State Security schemed “to use an American citizen to remove classified security information to the PRC,” U.S. Attorney David Anderson said at a press conference.

Peng’s activities for the company where he worked, U.S. Tour and Travel, “went far beyond innocent sight-seeing,” Anderson said. more

Husband Ordered to Pay Almost $500K After Bugging Wife’s iPhone

The chairman of a performing arts school in Brooklyn has to pay an almost $500,000 verdict after he installed spying software in his estranged tobacco-heiress wife’s iPhone...

Jurors ordered Crocker Coulson, Brooklyn Music School chairman, to pay Anne Resnik $200,000 in compensatory damages, $200,000 in punitive damages, and $41,500 in statutory damages—or $100 for each of the 415 days he accessed her phone between 2012 and 2014.

Coulson was also ordered to pay $10,000 to Resnik’s mom, sister, and psychiatrist because he also intercepted their communications by spying on his wife. more

Credit Suisse’s C.O.O. Quits Over a Spying Scandal

Chief Operating Officer Pierre-Olivier Bouee, who worked as the CEO’s chief lieutenant at three companies for more than 10 years, stepped down after ordering detectives to shadow former wealth-management head Iqbal Khan to ensure he didn’t poach clients and brokers for his new post at UBS Group AG. The bank said that he acted alone...

Chairman Urs Rohner is seeking to contain a scandal that erupted in Swiss tabloids a week ago and escalated into a threat for the bank’s top leadership after a confrontation in downtown Zurich between Khan and the private detectives sent to spy on him.

Events took on an even more dramatic turn just before the bank’s announcement, when it emerged that a contractor hired by the bank to recruit the investigative agency took his own life. more

Uber’s Next Big Safety Feature... Eavesdropping

Uber users have raised their share safety concerns with the company, and now it seems that a new feature that could help allay some of those concerns is on the way.  

Uber is apparently testing a feature that will allow riders to record audio through the app when they feel unsafe during a ride.

There are a lot of details we don’t know about this feature yet, as Uber hasn’t said anything official about it. more

Legit-Looking iPhone Cable That Hacks

Soon it may be easier to get your hands on a cable that looks just like a legitimate Apple lightning cable, but which actually lets you remotely take over a computer. The security researcher behind the recently developed tool announced over the weekend that the cable has been successfully made in a factory...
MG is the creator of the O.MG Cable. It charges phones and transfers data in the same way an Apple cable does, but it also contains a wireless hotspot that a hacker can connect to. Once they've done that, a hacker can run commands on the computer, potentially rummaging through a victim's files, for instance. more - background