Friday, February 14, 2020

Spy Fail: Alleged Huawei Spy Caught Disguised as 'Weihua' Employee

If you're going to steal trade secrets for your employer, you might want to do a little more to hide your identity than simply rearrange the letters of your company's name.

That's apparently all one Huawei employee spy did to disguise himself during a late-night attempt to steal technology from a U.S. competitor.

Needless to say, it wasn't exactly successful.

This hilarious new detail emerged as part of the United States government's indictment of the Chinese firm on charges of racketeering and conspiracy to steal trade secrets. The indictment lays out how the company sought to steal the intellectual property of six different U.S. tech companies — though not every attempt was particularly sophisticated. more

Thursday, February 13, 2020

AI News: The Farm Bots Are Here... finally


IL - In a research field off Highway 54 last autumn, corn stalks shimmered in rows 40-feet deep. Girish Chowdhary, an agricultural engineer at the University of Illinois at Urbana-Champaign, bent to place a small white robot at the edge of a row marked 103. 

 The robot, named TerraSentia, resembled a souped up version of a lawn mower, with all-terrain wheels and a high-resolution camera on each side.

In much the same way that self-driving cars “see” their surroundings, TerraSentia navigates a field by sending out thousands of laser pulses to scan its environment. A few clicks on a tablet were all that were needed to orient the robot at the start of the row before it took off, squeaking slightly as it drove over ruts in the field. more

Farm Bots from 48 years ago,
in your weekend movie,
                      Silent Running...

Wednesday, February 12, 2020

Wireless Tech to Steal Luxury Cars in Seconds

As they both walked through a dimly lit parking garage, one of the pair of men peered at a black, laptop-sized device inside his messenger bag. Using buttons on its outer case, he flicked through various options on the device's bright LED screen before landing on his choice....

"EvanConnect," one of the men in the video who goes by a pseudonym online, embodies a bridge between digital and physical crime. These devices he sells for thousands of dollars let other people break into and steal high end vehicles. He claims to have had clients in the U.S., UK, Australia, and a number of South American and European countries.

"Honestly I can tell you that I have not stolen a car with technology," Evan told Motherboard. "It's very easy to do but the way I see it: why would I get my hands dirty when I can make money just selling the tools to other people." more

How to Delete Your Personal Information From People-Finder Sites

While some sites might have a link for removing personal information, the actual process could be convoluted.

Spokeo is, perhaps, the simplest. You just find your profile page on the site, go to spokeo.com/optout, and then type (or paste) the link along with your email address so you can confirm.

Others are not as straightforward. At Whitepages, you have to paste the URL to your profile at whitepages.com/suppression_requests, and then type the reason you want to opt-out. After that, you have to provide your phone number—yes, you have to give a data broker your phone number. You then receive a call from a robot, which gives you a verification code you have to type on the website to complete the process.

The ultimate indignity? 411.info actually charges a fee if you want it to remove your info. more

The CIA's Greatest Hit... that we know of so far.

For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.

The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades...

The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.

But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages. more

Talk about your self-licking ice cream cone. 
Profit from selling expensive crypto gear.
Profit by deciphering everything going through it. 
Brilliant! ~Kevin

Thursday, February 6, 2020

US Weapons-Makers Plagued by Industrial Espionage

The U.S. defense industrial base received a "mediocre C" report-card grade as it struggles to stay ahead of adversaries, such as China, that rely on stealing American military secrets to remain competitive, according to a new report from the National Defense Industrial Association (NDIA).

 "Vital Signs 2020: The Health and Readiness of the Defense Industrial Base," a data-based report compiled by NDIA and the data analytics firm Govini, analyzed 44 statistical indicators ranging from potential threats to digital systems to surge capacity over the last three years.

The report then graded eight performance areas -- on a scale of 100 -- for an average grade of 77 for 2019. more

Book: Chinese Communist Espionage: An Intelligence Primer

Chinese Communist Espionage: An Intelligence Primer
 
Chinese espionage hinges on a sophisticated network of spies focused on state-sponsored tech theft, according to a new book that dispels outdated theories of how Beijing collects intelligence around the world.

Why it matters: Old tropes cast all ethnic Chinese as potential amateur spies, a belief which has led to racial profiling. In reality, China's intelligence agencies employ highly trained professionals who operate much like spies from any other country.
 
Details: Published late last year by the Naval Institute Press, doubles as an explainer of how Chinese espionage works and as a brief encyclopedia of key figures.
  • The book's authors are Peter Mattis, a former CIA counterintelligence analyst, and Matthew Brazil, a former US Army officer and diplomat.
  • Their main message: That Chinese espionage is neither mysterious nor totally different than that practiced by other nations. more

Business Club Teacher Charged in Spy Camera Case

A Wisconsin high school teacher facing federal child pornography charges was charged Wednesday in Minnesota with trying to secretly record students in their Minneapolis hotel rooms on a business club trip.

Hennepin County prosecutors charged David Kruchten, 37, of Cottage Grove, Wisconsin, with three felony counts of interfering with the privacy of a minor under 18.

Kruchten is a teacher at Madison East High School and was chaperoning students on a trip to Minneapolis in December. Authorities allege Kruchtenhid cameras in a smoke detector and two air fresheners planted in students’ hotel bathrooms at the Hyatt Regency in downtown Minneapolis....

The automatic air fresheners and a smoke detector were “oriented to face toward the toilet and shower area. One of the victims noticed an air freshener on her bathroom counter and went to press a button that she believed would activate the spray. When she pressed it, the device opened up to reveal the inner workers of a surveillance camera and other related electronics,” the complaint said.  more  find spycams yourself  sing-a-long

Tuesday, February 4, 2020

In the Era of Hacking, Bugs Remain a Critical Espionage Threat

via Scott Stewart, Vice President Tactical Analysis at Stratfor

HIGHLIGHTS
  • While cyberattacks offer a powerful means for corporate surveillance, it is important to remember that it is just one option in the espionage toolbox.
  • Some information, such as in-person conversations, cannot be obtained through hacks and thus require the use of other tools, such as human intelligence collection insiders or covert audio and video recorders and transmitters (bugs).
  • Today, bugs are cheaper, smaller and easier to obtain than ever — and the number being deployed and discovered is vastly under-reported, masking the true scope of the threat.
  • Therefore, in order to adequately combat corporate espionage, organizations must also implement security measures to protect against bugging. more

Brazen B&E to Plant Spy TV

NY - State Police have arrested a Town of Moreau man for breaking into a home and hiding a recording device in a bedroom.

State Police in Wilton arrested 39-year-old Todd D. Derush. Police say Derush unlawfully entered the home of the victim and hid a recording device in their bedroom. Derush's actions were in violation of a full stay away order of protection barring Derush from being on the property, according to State Police. more

Spies in the Skys

SPY ONE
From 1957, when he first started working on the project, until 2011 when it was declassified, Dave McDowell was sworn to secrecy.

But now, the results of this once top-secret Kodak program is on full display at the Strasenburg Planetarium.



“Awe” is how McDowell described what he felt standing in front of the exhibit. “It’s something we designed and built in Rochester, and this one didn’t fly in space, but 48 others exactly like it did.”

The top-secret project was the optical system for Gambit-1, a national reconnaissance satellite. Kodak engineers designed and built what was essentially a large camera encased in a capsule. It was a revolutionary technology at that time, and it played a significant role in U.S. national security in the Cold War era. more

SPY TWO


On January 20, something rather strange happened in orbit. A Russian satellite suddenly maneuvered itself so that it was closely shadowing a US spy satellite.

The pair are now less than 186 miles (300 kilometers) apart—a short distance when it comes to space. While we don’t know for sure what’s going on, the Russian satellite’s actions strongly suggest it is there to spy on the US one—and there is very little the US can do about it. more

Monday, February 3, 2020

How to Turn a Tesla Into a Surveillance Station

Truman Kain, senior information security analyst at Tevora, has developed a new device called the Surveillance Detection Scout. As Wired describes it, the DIY computer plugs into the dashboard USB port of a Tesla Model S, 3 or X and uses the car’s built-in cameras to read license plates and faces to alert the driver if someone is following them.

“It turns your Tesla into an AI-powered surveillance station,” Kain told the magazine. “It’s meant to be another set of eyes, to help out and tell you it’s seen a license plate following you over multiple days, or even multiple turns of a single trip.” more

Sunday, February 2, 2020

Encryption Using Palindrome Number (Never odd or even.)

Posted in honor of this special day*

This paper provides a technique for message security in which palindrome number is used for encryption message. Colour is important in authentication process as it acts as a password. Using this technique message can be protected from on-line cyber crime and accessible to an authorized individual when required.  more

Who cares? The important thing is this historical date... 

02/02/2020 
*Palindrome Day... for the first time in 909 years! Wow, yet another palindrome!

Here in the U.S., it is also a trifecta: Palindrome Day, Groundhog Day and Superbowl Sunday.

Saturday, February 1, 2020

FutureWatch: You've Probably Been Photo-Napped by an App

Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared.

The system — whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites — goes far beyond anything ever constructed by the United States government or Silicon Valley giants...

The computer code underlying its app, analyzed by The New York Times, includes programming language to pair it with augmented-reality glasses; users would potentially be able to identify every person they saw...

Searching someone by face could become as easy as Googling a name. Strangers would be able to listen in on sensitive conversations, take photos of the participants and know personal secrets. Someone walking down the street would be immediately identifiable — and his or her home address would be only a few clicks away. It would herald the end of public anonymity. more

Quote of the Month

“Absent a very strong federal privacy law, we’re all screwed.”
—Al Gidari, a privacy professor at Stanford Law School.
(via The New York Times article above)

Friday, January 31, 2020

Five Mile GPS Tracker Doesn't Require Cellular Service

GoFindMe is a real-time GPS tracker that works without cell service. By built-in GPS & long-range radio technology, it allows you to stay in touch with people even if your phone fails by rich handy features such as:
 -Real time location tracking
 -Send & receive texts, built-in voice and GPS coordinates
 -One-button emergency SOS
 -Automatic trace record
 -Sync up group activity
 -Set customized safe zone
 -Pin meeting place or home base
 -Mesh network to extend connectivity range
more


But what if you can't find it when you need it?

Thursday, January 30, 2020

NIST - Detecting and Responding to Ransomware and Other Destructive Events

In response to growing ransomware attacks on businesses and governments small and large, the National Institute of Standards and Technology (NIST) has released draft guidelines to help organizations prepare for “data integrity cybersecurity events” that threaten their operations...

The free guide, which will be available for public comment through Feb. 26, focused specifically on potential tool sets for mitigating and containing cybersecurity attacks as well as what strategies security teams could adopt to respond...

Security teams and organization leaders can read the full report and provide public comment through NIST’s website. more

Facebook Tracks You - You can stop the spying, sort of.

If you’ve ever thought Facebook is listening or watching you when you’re not on the social media site, you are right. ...  The Washington Post says Facebook-owned apps like Instagram and Messenger are tracking you, too.

But now developers at the social media giant have rolled out a tool that may stop most of it, or at least tell you how Facebook is spying on users’ daily lives. It’s called off-Facebook activity...

Click the small triangle at the top right of Facebook and go to settings. Then click “Your Facebook Information” on the left column, then select Off-Facebook Activity to manage the information the company gleans from your life. Here you can either manage it or clear the entire history from your account.

But the company also has a caveat. You may clear your current history, but new activity will be shared back to Facebook in the future. more

Geez... just like barnacles.

FBI: Harvard Doc Can't Have Rice Cake and Eat it Too

Federal law enforcement officials arrested a top Harvard scientist on Tuesday for allegedly lying to the U.S. government about his involvement in a massive Chinese program that authorities say is responsible for stealing proprietary information from U.S. institutions.

Authorities arrested Dr. Charles Lieber, 60, chair of the department of chemistry and chemical biology at Harvard University...

"...received more than $15,000,000 in grant funding from the National Institutes of Health (NIH) and Department of Defense (DOD),” The Department of Justice said in a statement. “These grants require the disclosure of significant foreign financial conflicts of interest, including financial support from foreign governments or foreign entities.”

“Unbeknownst to Harvard University beginning in 2011, Lieber became a ‘Strategic Scientist’ at Wuhan University of Technology (WUT) in China and was a contractual participant in China’s Thousand Talents Plan from in or about 2012 to 2017.” more

The original traveling professor.

Hershey Sues Former Top Official - Alleges Corporate Espionage

The Hershey Company is accusing a former top executive of committing corporate espionage, and it and wants a federal judge to order him to repay hundreds of thousands of dollars.

The target of Hershey’s lawsuit filed suit in U.S. Middle District Court is Doug Behrens, who is now chief customer officer of KIND LLC, a snack food maker and a competitor of Hershey.

The suit reads like the intro to a spy novel. more

Spybusters Tip #509: When someone resigns, is fired, or is laid-off... lock them out. This includes access cards, passwords, and email accounts.

Saturday, January 25, 2020

January's Hot Mic Moments... so far

Leaked audio appears to catch Trump demanding the firing of Marie Yovanovitch: “Get rid of her!”
“Get her out tomorrow," a voice that is apparently President Trump’s says in the recording. more

Hot mic catches Pence telling Netanyahu 'He's unstoppable' “We are contending. He’s unstoppable, like someone else I know,” the vice president was overheard telling Israel's prime minister. more

Trudeau's hot mic comments cause consternation in Canada... Trudeau was caught on camera at a Buckingham Palace reception for NATO seemingly trash talking President Donald Trump. more

“You Called Me a Liar”: CNN Hot Mic Catches Warren-Sanders Blowup more

Biden heard on hot mic joking with Sanders about his arm gestures at debate. more

Patrick Cantlay involved in classic hot-mic fail at Sentry Tournament of Champions... Patrick Cantlay can expect to receive a stern letter from PGA Tour Commissioner Jay Monahan, and it won’t have anything to do with his pace of play. This one will be for “conduct unbecoming a professional.” more

Steve Kerr went BALLISTIC on a ref during the Warriors' game against the Sacramento Kings on Monday night -- and the whole profanity-laced rant was caught on a hot mic!!! more

It turns out it was Virginia State Senator Dave Marsden who called gun rights advocates "children" on a hot mic at a public meeting over the weekend. But calling them "children" was just the beginning. Things just got worse. Much worse. more

Five 'hot mic' moments that got leaders in trouble... more

"If you don't have something nice to say about somebody, don't say it." ~my mom
"Always assume you are being recorded." ~common sense
"Been there. Done that. Have the T-Shirt." ~hackneyed phrase

Wednesday, January 22, 2020

FutureWatch: Mind-Reading Called Brain-Hacking - Food for Thought

The world is in the middle of a new technology arms race, according to best-selling historian Yuval Noah Harari, who warns that the prize being fought over this time is not physical territory, but our brains. 

Speaking at the World Economic Forum in Davos, Harari predicted a future where governments and corporations will be able to gather enough data about citizens around the world that, when combined with computational power, will let them completely predict – and manipulate – our decisions. Harari calls this concept "brain-hacking".

"Imagine, if 20 years from now, you could have someone sitting in Washington, or Beijing, or San Francisco, and they could know the entire personal, medical, sexual history of, say, every journalist, judge and politician in Brazil," said Harari.

"You could control a whole other country with data. At which point you may ask: is it an independent country, or is it a data colony?" more   Previous mind-reading posts.

Tuesday, January 21, 2020

Android Users Beware: These Top Camera Apps May Secretly Be Spying

The latest warning has come from the research team at CyberNews, exposing “camera apps with billions of downloads [that] might be stealing user data and infecting them with malware.”

...But that’s exactly what some of the top beauty camera apps have been found guilty of doing. more
  1. BeautyPlus – Easy Photo Editor & Selfie Camera
  2. BeautyCam
  3. Beauty Camera – Selfie Camera
  4. Selfie Camera – Beauty Camera & Photo Editor
  5. Beauty Camera Plus – Sweet Camera & Makeup Photo
  6. Beauty Camera – Selfie Camera & Photo Editor
  7. YouCam Perfect – Best Selfie Camera & Photo Editor
  8. Sweet Snap – Beauty Selfie Camera & Face Filter
  9. Sweet Selfie Snap – Sweet Camera & Beauty Cam Snap
  10. Beauty Camera – Selfie Camera with Photo Editor
  11. Beauty Camera – Best Selfie Camera & Photo Editor
  12. B612 – Beauty & Filter Camera
  13. Face Makeup Camera & Beauty Photo Makeup Editor
  14. Sweet Selfie – Selfie Camera & Makeup Photo Editor
  15. Selfie camera – Beauty Camera & Makeup camera
  16. YouCam Perfect – Best Photo Editor & Selfie Camera
  17. Beauty Camera Makeup Face Selfie, Photo Editor
  18. Selfie Camera – Beauty Camera
  19. Z Beauty Camera
  20. HD Camera Selfie Beauty Camera
  21. Candy Camera – selfie, beauty camera & photo editor
  22. Makeup Camera-Selfie Beauty Filter Photo Editor
  23. Beauty Selfie Plus – Sweet Camera Wonder HD Camera
  24. Selfie Camera – Beauty Camera & AR Stickers
  25. Pretty Makeup, Beauty Photo Editor & Selfie Camera
  26. Beauty Camera
  27. Bestie – Camera360 Beauty Cam
  28. Photo Editor – Beauty Camera
  29. Beauty Makeup, Selfie Camera Effects & Photo Editor
  30. Selfie cam – Bestie Makeup Beauty Camera & Filters

Dude, you gotta be a government before you shoot spies!

FL - A man is facing charges after authorities say he fired shots at children he thought were spying on him from canoes outside his home.

Deputies with the Volusia County Sheriff’s Office
said they were called to the home in the 1500 block of Murphy Road in Pierson after the victims said they were fishing in a lake when 30-year-old Michael Adams fired several shots their way...

Adams was arrested and booked into the Volusia County Branch Jail on two counts of aggravated assault with a firearm. more

Plumbing for Secrets in Davos

Swiss officials foiled an apparent spying operation by Russians posing as plumbers in Davos, site of the World Economic Forum's annual meeting, a newspaper reported on Tuesday, but police did not confirm key details of the account.

The report in the Tages-Anzeiger newspaper said the pair presented diplomatic passports and left the country. more

‘Spy Games’ - 10 Civilians Vie for $100,000 Prize

One can’t deny that there is a certain charm and pull around the life of a spy - from going on undercover missions to just enjoying the finer things in life à la James Bond, and if you are keen on seeing how one goes about acquiring the skills needed to be a good spy, then Bravo’s latest offering ‘Spy Games’ might just be what you have been looking for...


One can’t deny that there is a certain charm and pull around the life of a spy - from going on undercover missions to just enjoying the finer things in life à la James Bond, and if you are keen on seeing how one goes about acquiring the skills needed to be a good spy, then Bravo’s latest offering ‘Spy Games’ might just be what you have been looking for.  more

Thursday, January 16, 2020

"I found this thing. Is it a bug?"

At Murray Associates we occasionally receive calls asking, "I found this thing. Is it a bug?"

Usually, the identification is easy:
  • it's a piece of electronic jewelry (blinky earring, or pin); 
  • an old annoy-a-tron
  • or Bluetooth tag, like a Tile item finder.
Today, a call comes in from a well-respected private investigator in Boston. He has a corporate client whose employee "found this thing."

She takes a photo, sends it to him, who sends it to us... via low resolution text message...

Rough guess...
A Bluetooth item finder, similar to a Tile, but a Chinese knockoff branded with some corporate logo. Possibly a promotional item?

We later learned it was in her bedroom, mounted to the wall, not found in a covert location. She had pulled it off the wall to take the photo. We did not receive a photo of the mounting piece, or a mention of its placement.

Later we eventually received a photo of the flip side...

Hummm... not too helpful, but no evidence of on the front of a pinhole for video, or a microphone on the circuit board. No battery seen, but the two large solder tabs and circles on the circuit board indicate there is a battery on the other side of the board.

Why would someone mount something like this on a bedroom wall?!?!

One possibility emerged... "How to find your lost iPhone with Tile."

Nope. Tiles have their logo on them. Ours looks different.

Another possibility... Yahoo changed their logo last Fall.

Could they have sent out a promotional "Tile" with their newly designed exclamation point logo on it?

Close, but no prize.

Okay, let's start fresh.
Say, the Tile is a MacGuffin.
Look elsewhere.

What other wall-warts do we know of?
HVAC sensors, for one.

Google search....
Ah ha.... that's what this thing is
Case closed.

This was a good investigative process refresher for us, and a thing we will all remember next time "this thing" shows up.

Extra Credit:
  • If you find a thing and think it's a bug, read this.
  • To learn about the other Thing—the famous spy eavesdropping device—read this.
~Kevin

Wednesday, January 15, 2020

The Case of “Eddie Spaghetti” and the First Spycam News of 2020

We are only halfway through, the first month, of the first year, in a new decade... and the spycam pandemic is off to a roaring start. 

Like corporate espionage and other forms of illegal electronic surveillance, only the failures make the news. The vast majority of illegal covert electronic surveillance goes undetected.

Learn how to spot spycams and keep scheduling your corporate TSCM inspections.

-----

Canada - Edward Casavant, 55, (who gave himself the nickname, “Eddie Spaghetti”) pleaded guilty to possession of child pornography, making child pornography, voyeurism and sexual exploitation of a person with a disability, and was sentenced to six years in prison. more

OH - A former Hillsdale Middle School and High School art teacher convicted of voyeurism was sentenced Tuesday to 180 days in jail. more

CA - Peterborough man charged with voyeurism after allegedly using electronics to peer through windows. more

Singapore - The alleged victims of a Singaporean undergraduate accused of illicitly filming 12 women want a gag order on his identity to be lifted, despite being fully aware of the risk of being identified. more

ID - Kory Ray West, the 34-year-old man accused of concealing a video camera in the bathroom of a Blackfoot home where he had been staying, and of stealing items of underclothing from bedrooms, could serve up to seven years in prison for his crimes. more

NY - The husband of a New York prosecutor who filmed his child's nanny on bathroom spycam, could have charges against him dropped, after he claimed he only used it to watch himself undress. more

HI - An $8,000 project to install covert security cameras in the Council Chambers of the county building in order to monitor an active shooter or hostage situation was kept secret from most council members and the public, county officials said. more

CA - Ring of fired: Amazon axes multiple workers who secretly snooped on netizens' surveillance camera footage. more

KY - A former teacher at a Kentucky high school admitted to filming students in a bathroom...
Police...reported finding a recording device set up in the bathroom of the nurse's station. Police said the video recorder captured the person putting the device in place. more

MI - A Canton man pleaded guilty last month to three felony charges associated with illegal voyeurism at an Aqua-Tots swim school in his hometown... Police said they were dispatched to the Canton Aqua-Tots swim school for young children...because a woman saw a recording device targeting her changing stall. She reported her suspicions to staff. more

UK - staff and parents with children at Denmead Junior School were in shock at the grim discovery of an iPhone in a vent. Action was taken by the school. A 23-year-old man from Waterlooville (was arrested) on suspicion of voyeurism. He has been released under investigation. more

CT - An investigation that began in South Windsor in August that led to a Manchester man being charged with voyeurism after filming people in a locker room at L.A. Fitness resulted in more charges being filed against him Friday stemming from similar incidents in Farmington, police said. South Windsor police said that Selby had placed his cellphone in one of the lockers and left the door open. more

CA - A Desert Hot Springs man who was previously required to register as a sex offender pleaded not guilty Friday to charges of filming people inside a grocery store bathroom in Cathedral City...10 misdemeanor counts of unlawful use of a concealed camera to secretly videotape.... 2013 - Prosecutors alleged he concealed a video camera in a paper bag and entered a woman's restroom in a Los Angeles Macy's department store dressed as a woman and secretly videotaped women using the restroom. more

Wales - A sportsman who once represented Anglesey in the Island Games has admitted installing a camera in toilets where people, including youngsters, got changed. more



Surveillance in Tombstone Territory

It's the Wild West when it comes to modern surveillance tech. 

One recent example we've come across is the Tombstone Cam... Click to enlarge. more  The last time we heard of a bugged funeral.

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

...All of the electronics at the embassy—some 10 tons of equipment—was securely shipped back to the United States. Every piece was disassembled and X-rayed.

After tens of thousands of fruitless X-rays, a technician noticed a small coil of wire inside the on/off switch of an IBM Selectric typewriter. Gandy believed that this coil was acting as a step-down transformer to supply lower-voltage power to something within the typewriter. Eventually he uncovered a series of modifications that had been concealed so expertly that they had previously defied detection.

A solid aluminum bar, part of the structural support of the typewriter, had been replaced with one that looked identical but was hollow. Inside the cavity was a circuit board and six magnetometers. The magnetometers sensed movements of tiny magnets that had been embedded in the transposers that moved the typing “golf ball” into position for striking a given letter. more

Monday, January 13, 2020

Security Tip #792: Be Gone Phishing

via Krebs on Security
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."

"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more

Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.

Death by Spycam

The wedding hall was booked and home furnishings all bought... but the bride — one of thousands of women to fall victim to an epidemic of high-tech voyeurism in South Korea — is not here.

Lee Yu-jung took her own life after a colleague secretly filmed her in the changing room of the hospital where they both worked, the country’s first reported spy-cam death.

Footage of Lee was found among a bigger video cache of women, all illegally snatched in the country’s spy-cam epidemic, often with cheap devices as small as a key ring. more

Spybuster Tip #632: Fortify Your Two-factor Authentication

Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead.

 The most popular authenticator apps are Google Authenticator and Authy, but password managers 1Password and LastPass offer the service as well, if that helps you streamline. If you're heavy into Microsoft's ecosystem, you might want Microsoft Authenticator. While they all differ somewhat in features, the core functionality is the same no matter which one you use. more

Tuesday, January 7, 2020

The Art of Investigation (book)

https://amzn.to/2tF8RQ4
The Art of Investigation examines the qualities required to be a professional, thorough, and effective investigator. As the title suggests, it delves into more than the steps and procedures involved in managing an investigation, it also covers the "soft skills" necessary to effectively direct investigations and intuit along the way.

The editors and contributing authors* are the best in their field, and bring a wealth of real-world knowledge and experience to the subject. There are several publications available on the nuts-and-bolts of the process and stages of an investigation. That ground has been covered. However, little has been published on the investigative skills required, the traits necessary, and the qualities endemic to an inquisitive mind that can be cultivated to improve an investigator’s professional skill-set.

Each chapter discusses the applicability of the traits to the contributor’s own work and experience as an investigator. more
*Robert Rahn (Lt. Ret.) is one of the excellent contributors.
ISBN-13: 978-1138353787
ISBN-10: 1138353787

FutureWatch: The Demise of the Common Spies

Not so long ago, Secret Agent Man could globe-hop with impunity (sing-a-long) and hide with undercover diplomatic immunity. Now, he may as well wear the Scarlet Letter "A", for Agent.

WTF happened? Quite a bit...

9/11, for one. It's not so easy to fly under the radar these days.

In 2014, U.S. spies were exposed when the Office of Personnel Management was hacked. About 22 million fingerprints, security clearance background information, and personnel records allegedly fell into Chinese hands. In 2015 it happened again.

One can be fairly sure this isn't just a problem for U.S. spies. Other countries get hacked, too. You just don't hear about it.

If all this wasn't bad enough, a spy's best friend turned on him in the 2000's. Technology.

Video cameras are planted everywhere, and facial recognition is becoming more accurate every day. It is being used at airports, in buildings, and with in conjunction with city surveillance cameras. This list will grow, of course.

The latest advancement is analysis of video streams using artificial intelligence logarithms.  Suspicious movements, packages left unattended, predictions of future movements and crimes are analyzed by mindless machines 24/7, waiting to trigger an alert.

On the communications side spyware is a concern. Smartphone and GPS tracking don't help spies hide either.

It has been reported that some countries are compiling real-time databases which incorporate the above-mentioned speed bumps with: taxis, hotel, train, airline, credit card, customs and immigration information. As soon as one enters the country, they know where you are—minute by minute. And, if one takes too long going between locations, or a dual timeline appears (being in different places at the same time), a security alert is generated.

Couple all this with countries sharing information, e.g. EU, being a spy who needs to make in-person contacts becomes nearly impossible.

Think staying out of view is a good spy strategy? For now, perhaps. However, progress is being made by constructing a person's face by the sound of their voice.

The future of spying (no, it won't go away) will be radically different out of necessity. One can only guess how, but I understand they are working very hard on mind-reading.

Be seeing you.

Surveillance is Hot at CES 2020

At CES show, devices that see, hear, track people are promoted. Privacy concerns? Not so much.

From the face scanner that will check in some attendees to the cameras-everywhere array of digital products, the CES gadget show is all-in on surveillance technology...

All these talking speakers, doorbell cameras and fitness trackers come with the promise of making life easier or more fun, but they're also potentially powerful spying tools.

And the skeptics who raise privacy and security concerns can be easily drowned out in the flashy spectacle of gee-whiz technology. more

Monday, January 6, 2020

Information Security and Cryptography Seminar

Information Security and Cryptography
Fundamentals and Applications
June 8-10, 2020 in Zurich, Switzerland
Lecturers: Prof. David Basin and Prof. Ueli Maurer

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience.

A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2020.html. Early registration is until February 28th.

The seminar takes place in Zurich Switzerland. The lectures and all course material are in English. more

Thursday, January 2, 2020

U.S. Securities & Exchange Commission Issues Guidance on IP and Tech Risks


...Among the risks faced by companies is the risk of theft of technology, data and intellectual property through a direct intrusion by private parties or foreign actors, including those affiliated with or controlled by state actors.


While not exclusive, examples of situations in which technology, data or intellectual property may be stolen or compromised through direct intrusion include cyber intrusions into a company’s computer systems and physical theft through corporate espionage, including with the assistance of insiders... more

Your Smart TV is Spying on You — How to stop it...

Those smart TVs that sold for unheard of low prices over the holidays come with a catch. The price is super low, but the manufacturers get to monitor what you're watching and report back to third parties, for a fee.

 Or, in some cases, companies like Amazon (with its Fire TV branded sets from Toshiba and Insignia) and TCL, with its branded Roku sets, look to throw those same personalized, targeted ads at you that you get when visiting Facebook and Google.

It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!

2020 Quote of the Year - First Contender

“The biggest thing (coming in 2020) is connected everything,” said Carolina Milanesi, a technology analyst for the research firm Creative Strategies. “Anything in the home — we’ll have more cameras, more mics, more sensors.” *
 ----
via The New York Times...
The 2010s made one thing clear: Tech is everywhere in life... In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments. more

* Thus, a need for more TSCM; the yin to espionage yang.


Wednesday, January 1, 2020

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

Every engineer has stories of bugs that they discovered through clever detective work. But such exploits are seldom of interest to other engineers, let alone the general public.

Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.

It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more