Wednesday, May 27, 2020

Data Breach Report: 28% Involved Small Businesses

Almost a third or 28% of data breaches involved small businesses. The data comes from one of the most acclaimed cybersecurity reports in the industry, the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR).

Currently, in its 13th year, the DBIR is an industry-standard when it comes to gauging the state of cybersecurity around the world...

Click to Enlarge
With small businesses making up 28% of the breaches, owners have to be more proactive in protecting their digital presence. Whether it is an eCommerce site, blog, V-log, podcast, or other digital assets, you have to protect your domain. This not only ensures your data is safe, but it is one more tool you can use to attract new customers; robust security. more

Spy Pigeon Arrested... again

A pigeon suspected of being trained to “spy” by Pakistan has been captured in India along the Kashmir border. Indian officials say the bird was carrying a “coded message” which they are trying to decipher. In 2016, police in India found a bird with a note attached to it inscribed with an alleged threat to Indian prime minister Narendra Modi. more

Sheriff’s Office Communications Specialist Charged with Spying on Roommate

A Florida sheriff’s office employee hid a camera in his roommate’s bedroom to spy on her, authorities said.

Llewellyn Berkheiser III, a 28-year-old communication specialist for the Orange County Sheriff’s Office, was busted Saturday after his roommate found a GoPro camera in a vent in her bedroom, according to an arrest report obtained by the Orlando Sentinel.

Berkheiser’s roommate, who was not identified, told deputies she discovered the recording device Friday when she noticed she couldn’t see light in the vent from an adjoining kitchen that was usually visible, deputies said. more

The Man Who Hacked Former President Francois Mitterrand's Phone

One of the richest men in France claims to be a former spy who once hacked former President Francois Mitterrand.

The billionaire co-owner of Le Monde newspaper, Xavier Niel, 52, told the Parliamentary Channel that as a teen in the 1980s he worked undercover for the Directorate of Territorial Surveillance after he was caught hacking the French channel Canal+...

Niel claims he was tasked with hacking into the mobile telephone of President Mitterrand in 1986 as well as the car company Renault. In the process he found that Renault was being hacked by people from Australia who were downloading large chunks of data.

“We were doing all this for ourselves as a game and we would pass on the information,” Niel said. “It was just fun. It was thrilling to get around the system. They told us it was impossible.” more

Yet Another Spy Movie List

The 58 Best Spy Movies of All Time

Were this a year like any other, we’d already have seen the year’s two most-anticipated spy movies: the 25th James Bond film No Time to Die and Marvel’s Black Widow solo film.

Both were scheduled for spring releases and will now open in theaters in November…if theaters are, in fact, open.

Fortunately, there’s no shortage of great spy movies to keep us occupied while we wait... The List

Sunday, May 24, 2020

From The Very Practical News (VPN) File...

Hong Kong saw a spike in downloads of VPN software designed to mask internet usage Thursday after Beijing signaled plans to usher in a new national security law that could tighten its grip... more

Bosnian Leader Brags He Illegally Wiretapped - (WWHT)

Opposition parties and Transparency International in Bosnia and Herzegovina (TIBiH) have filed criminal charges against the Serb member of the tripartite Bosnian state presidency member Milorad Dodik, whom they accuse of illegal wiretapping based on his own statements.

The charges were filed after Dodik told the parliament in the mainly Serb entity of Bosnia, Republika Srpska, on May 20 that he often listened in to telephone conversations between representatives of the opposition parties, saying it was normal practice.

Dodik stated that he was eavesdropping on the representatives of the opposition by phone, that every government was eavesdropping on the opposition, and he recounted the content of telephone conversations of opposition members...  more

Proposed Bill: Anti-Espionage Theft in Airports

U.S. Rep. Ross Spano (R-FL) signed on to co-sponsor a bill designed to protect the transportation infrastructure from espionage and intellectual property theft. 

The bill, HR 6917, the Airport Infrastructure Resources (AIR) Security Act, would prohibit federal airport improvement funds from being used in the purchase of passenger boarding bridges made by companies that have violated the intellectual property rights of the United States.

Introduced by Reps. Ron Wright (R-TX) and Marc Veasey (R-TX), the bill is intended to keep the Chinese Communist Party from spying on American airline passengers, and to prevent China from any further power grab, Wright said. more

Amsterdam School Bugging Incident

The director of the Cornelius Haga Lyceum in Amsterdam planted eavesdropping equipment in the office assigned to the Education Inspectorate for its investigation into the school...

This is not Soner Atasoy.
During the investigation, the school made an office available to the inspectors, where they had sensitive conversations with each other, with pupils, and with staff. These conversations were recorded and eavesdropped on multiple times...

NRC's sources said that school director Soner Atasoy wanted to keep an eye on the Inspectorate's investigation and on what employees of the school said about him and the school...

The Education Inspectorate told NRC that there was a "suspicion" that the room given to inspectors to use was being tapped. After that, the inspectors slightly adjusted their working methods at the school, switching rooms "with some regularity" and conducting confidential conversation by phone or outside.

The office in question was never searched for eavesdropping equipment because there was "insufficient cause" for it and it would have led to "unnecessary unrest", the Inspectorate said. more

Cheap TV Equipment Eavesdrops on Sensitive Satellite

An Oxford University-based security researcher says he used £270 ($300) of home television equipment to capture terabytes of real-world satellite traffic — including sensitive data from “some of the world’s largest organisations.”

James Pavur, a Rhodes Scholar and DPhil student at Oxford, will detail the attack in a session at the Black Hat security conference in early August...

It appears to boil down in large part to the absence of encryption-in-transit for satellite-based broadband communications.

It also reveals how some of the eavesdropping was conducted using a “75 cm, flat-panel satellite receiver dish and a TBS-6983 DVB-S receiver… configured to receive Ku-band transmissions between 10,700 MHz and 12,750 MHz. A set of 14 geostationary satellites were selected [and from them] over 350 transponders were identified using existing “Blind Scan” tools. more

Wednesday, May 20, 2020

German Intelligence Gets Wiener Schnitzel'ed

In the world of online spying, great power lies with those who can get their hands on the data flowing through the world’s Internet infrastructure.

So the fact that Germany is home to one of the world’s biggest Internet exchange points—where data crosses between the networks that make up the Internet—has given a lot of power to the country’s equivalent of the U.S. National Security Agency.

The Bundesnachrichtendienst, or BND, gets to freely sift through all the foreign traffic passing through that exchange junction in search of nuggets that can be shared with overseas partners such as the NSA. But now that power is in jeopardy, thanks to a Tuesday ruling from Germany’s constitutional court...

“With its decision, the Federal Constitutional Court has clarified for the first time that the protection afforded by fundamental rights vis-à-vis German state authority is not restricted to the German territory,” the court said in a statement.

The German chapter of Reporters Without Borders, which brought the case in partnership with the Berlin-based Society for Civil Rights (GFF) and a few other journalists’ associations, is overjoyed. more

Alliance Trust Savings Censured After Whistleblower’s ‘Spying’ Concerns

A Dundee-based financial firm has been censured by the Information Commissioner over the use of a mobile app which allowed it to access an “excessive amount” of employees’ sensitive personal data...

Alex Forootan, 36, began investigating after receiving an unexpected text message from Microsoft saying someone had attempted to access his email account.

Mr Forootan worked as a database administrator at ATS’s Dundee headquarters between October 2017 and October last year and is set to take the company to an employment tribunal next month.

He recently rejected a £10,000 pay out from ATS over the issue, citing concerns about his ability to raise it to public attention should he accept. more

Regulator Ask for Credit Suisse Directors' Mobile Data in Spy Inquiry

Swiss regulators have requested electronic messaging data from the mobile phones of several Credit Suisse managers and supervisory board directors as part of a probe into spying at the bank, three people familiar with the matter said. more

ADT Employee Had Access to Hundreds of Home Security Camera Streams, Lawsuit Alleges

Hundreds of ADT customers are suing the home-security firm after it admitted that a former employee gained unauthorized access to their systems over the last several years—including the live video streams of their in-home cameras. 

Two federal class-action lawsuits have been filed on behalf of the customers, The Dallas Morning News reports.

The employee was able to add his email address to customers’ accounts during home-service visits, according to the company. With his email address added to the accounts, he was then able to use the company’s mobile app to snoop on in-home security cameras. 

“Moments once believed to be private and inside the sanctity of the home are now voyeuristic entertainment for a third party,” the lawsuits state. “And worse, those moments could have been captured, shared with others, or even posted to the internet.”

ADT reportedly fired the employee after discovering the abuse, and said it brought in measures to prevent a similar incident from taking place in the future. more

Monday, May 18, 2020

Leaked Phone Call Uncovers Possibly Moldy Marijuana | Fact or Business Espionage Trick?

An audio recording of a detailed phone conversation between two people in the Alaska marijuana industry surfaced on YouTube this week, posted by an account that goes by the name of “Bobb Dogg.”

The conversation cannot be confirmed as legitimate, and could even be business espionage...

In the audio, a person who appears to be a manager of one of Anchorage’s largest marijuana stores admits that his company sold 100 pounds of possibly moldy marijuana, and that CBD oil that was supposed to have a low psychoactive level of THC was found to, in fact, contain high amounts...

The video can be viewed by searching for Bobb Dogg on YouTube. The audio is labeled “Weedileaks.” more

Sir Frederick Barclay's Nephew 'Caught with Bugging Device' at Ritz Hotel

The footage is at the centre of a bitter legal row between the families of the billionaire Barclay twins.

Sir Frederick, 85, and his daughter Amanda are suing three of Sir David Barclay's sons for invasion of privacy.

They claim the surveillance gave the men commercial advantage and they sold the Ritz for half its market value.

The Barclay brothers' businesses include the Telegraph Media Group, the online retailer Very Group, the delivery business Yodel, and - at the time of the bugging - the Ritz hotel in London.

Sir Frederick, the elder twin by 10 minutes, and his daughter Amanda are suing Sir David Barclay's sons - Alistair, Aidan and Howard, Aidan's son Andrew, and Philip Peters, a board director of the Barclay group for invasion of privacy, breach of confidence and data protection laws.

The claim stems from a falling out between the children of the famously private twins...

The CCTV footage allegedly shows Alistair Barclay handling a bugging device at the Ritz hotel on 13 January this year. The recording shows Mr Barclay inserting a plug adaptor, which is claimed to contain a listening device, into a socket.

In court documents lodged by Sir Frederick and Amanda Barclay, it is claimed the bug - which was placed in the hotel's conservatory where Sir Frederick liked to conduct business meetings and smoke cigars - captured more than 1,000 separate conversations amounting to some 94 hours of recordings.

The pair claim the recordings amount to "commercial espionage on a vast scale"....
Voice Activated Wireless GSM Spy Bug SIM Mains 2 Way Adapter Plug Doubler Surveillance Adaptor

Second bug

It is also claimed a separate Wi-Fi bug was supplied by private investigation firm Quest Global. Its chairman is former Metropolitan Police commissioner Lord Stevens.

The claimants' documents say that Quest invoiced for 405 hours of listening and transcribing.

The recordings, it is alleged, captured "private, confidential, personal and Sir Frederick's privileged conversations with his lawyers, and with his daughter's trustees, bankers and businesspeople"more

Oddly, there is no mention of the video bug which recorded the incident. It does however make the nephew eligible for our Darwin Award for capturing himself with his own bug. ~Kevin

Friday, May 15, 2020

And, The Number One Spy Job Nobody Would Want Is...

North Korea has axed its spy chief as well as the long-running head of Kim Jong Un’s security — signs of a major shakeup during the ongoing mystery over the dictator’s status.

Jang Kil Song was ousted as head of the Reconnaissance General Bureau (RGB), the North’s military intelligence agency, according to the Korea Herald, citing a report by South Korea’s Unification Ministry.

The RGB is behind the Hermit Kingdom’s most high-profile attacks as well as spy missions, including those against the US, the report says...

(Surprise) No reason was given for the switch. more

Assembling an Ikea Spy Case

Ikea and some of its former executives were ordered to face trial in France over accusations they conspired with police officers to spy on staff.

An Ikea unit in France was accused of collecting information on employees and people applying to work for the furniture giant, according to an indictment dated April 30.

In exchange for a fee, police officers provided confidential information to former Ikea executives on past convictions.

This was in turn used to dismiss staff or turn down applications.

Ikea France said it has “always firmly disapproved” of such practices. more

NJCCIC Publishes: Tips for Teleworkers, Remote Access Security

For many organizations, telework programs have been in practice for years – whether as part of the organization’s everyday work program or as a component of their business continuity plans.

For those organizations, policies, educational programs, technologies, and support services for the remote workforce are well established. For organizations engaging in telework for the first time, defining expectations is a good starting point.

First, create a telework policy that addresses the following:
  • The scope of the telework program, roles and responsibilities, eligibility to telework (not all jobs can be performed remotely), 
  • work hours and paid time-off, 
  • the suitability of the alternate workplace and its related safety requirements, 
  • responsibility for equipment and supplies, 
  • operating costs and expenses, 
  • and requirements for physical and information security. more

NSA Publishes: Survey of Videoconferencing Apps

Selecting and Safely Using Collaboration Services for Telework
During a global pandemic or other crisis contingency scenarios, many United States Government (USG) personnel must operate from home while continuing to perform critical national functions and support continuity of government services. With limited access to government furnished equipment (GFE) such as laptops and secure smartphones, the use of (not typically approved) commercial collaboration services on personal devices for limited government official use becomes necessary and unavoidable. survey

Tuesday, May 12, 2020

Agribusiness Espionage: The Scientist and the Spy

Deputy Cass Bollman was about to enjoy a coffee break at a gas station in Iowa when the alert came across his radio: “Asian male wearing a suit walking through a farm field. … Nature of incident: suspicious.”

Bollman raced to the scene, a little northeast of Des Moines, where he talked to a farmer who had spotted the odd figure in the field. A few minutes later, Bollman had pulled over an SUV driven by Robert Mo, a Chinese national.

So begins one of the most unexpected stories of espionage ever told—in this case, by Minnesota journalist Mara Hvistendahl in her new book, “The Scientist and the Spy.”

Wi-Fi Internet Communicator Hidden in a Calculator Hack

Sometimes a device is just too tempting to be left untouched. For [Neutrino], it was an old Casio calculator that happened to have a perfectly sized solar panel to fit a 128×32 OLED as replacement.

But since the display won’t do much on its own, he decided to connect it to an ESP8266 and mount it all inside the calculator’s housing, turning it into a spy-worthy, internet-connected cheating device, including a stealthy user interface controlled by magnets instead of physical buttons. more

It wouldn't take much to turn this into a Wi-Fi bug.

Saturday, May 9, 2020

"Recording suspects is his hobby, Your Honor, an innocent hobby."

CA - An Alameda County sheriff's sergeant pleaded no contest this week to four misdemeanor eavesdropping counts for recording conversations between juvenile suspects and their attorneys in 2018.

The plea agreement for Sgt. James Russell, who originally was charged with four felony counts, calls for him to be placed on 3 years'
probation and perform 180 hours of community service...

Odbert (Russsell's attorney) said at the hearing that Russell wasn't present when the recording began and had no intent of using the conversations between Plaine and the juveniles as a way of building a case against themmore

Pew Comments on Relationship Health - It Stinks

Most Americans think snooping on a partner’s phone is a bad thing to do, but that hasn’t stopped more than a third of people in committed relationships from doing it anyway, according to Pew research published Friday.

Of those surveyed, 34 percent of people in committed relationships admitted to snooping on their partner’s phone without their knowledge. Interestingly, the survey also found that 42 percent of women (who are in relationships) say they’ve snooped through their current partners’ phones without them knowing, while just 25 percent of men say they have.

As many of us find ourselves cooped up with our partners and our phones for the foreseeable future, the researchers suggest that using this technology is not necessarily great for the health of our long-term relationships. more

WeChat - More Than Just Chat - You're Teaching it Censorship Skills

The incredibly popular Chinese chat app WeChat is being put under a microscope by The Citizen Lab.

In a study, the researchers found that not only is WeChat spying on the chats of Chinese users, but it’s also looking in on chats from foreigners with the goal of fueling its censorship algorithms...

The company has been known to monitor all of the chats of Chinese users as they come through.

However, the study found that images and documents shared between users outside of China are scanned and flagged for potentially politically sensitive content.

Anything that matches is hashed and flagged when someone shares them with a Chinese account. The flagged content is fed to a machine-learning system that is used to censor content in China. That means WeChat spying isn’t limited to Chinese users, which is quite scary for anyone using the app. more

Spy Satellite NROL-44 Victum of Lockdown... Perhaps

The next flight of United Launch Alliance’s triple-barrel Delta 4-Heavy rocket has been delayed from June to late August, military officials said Friday.

The heavy-lift rocket will carry a classified National Reconnaissance Office payload into orbit ... capable of eavesdropping on foreign communication signals.

Military officials did not disclose a reason for the two-month delay. more

Google Searches for TSCM and Wiretap up in Past Week

This Week in Spycam News

Canada - A judge has certified and approved a class action settlement against a late former Belleville orthodontist, who was alleged to have made video recordings of patients without their consent or knowledge. Dr. Anthony Garry Solomon had been charged with making and possessing child pornography, and voyeurism in 2017, but criminal charges were withdrawn following his death a short time later and a civil class action case has been underway for the past two and a half years. more

LA - More than 10 people who worked in the past for a Plaquemine snowball stand manager accused of videotaping people in the shop's bathroom have contacted the Iberville Parish Sheriff's Office since the manager's arrest on May 2, making a current total of 24 employees who may have been affected, Sheriff Brett Stassi said Friday. more  more

 LA - The Assumption Parish Chamber of Commerce chairman was arrested in St. Gabriel this week after filming a man in public bathroom without consent, authorities said. more

Canada - Multiple charges relating to voyeurism and child pornography have been laid against a Clarington resident who police say formerly worked as a self-employed handyman. more

Namibia - Up to 34 children could be involved in a case in which a Windhoek resident yesterday appeared in cour..."The videos contain various children performing sexual acts in a bathroom where a covert camera was [suspected to have been] set up," Shikwambi said. "Videos were also obtained from a covert camera placed in a toilet at a sporting event inWindhoek recording minor boys visiting the toilet at a municipal swimming pool."

UK - A man has appeared in court accused of killing his wife in an arson attack after spying on her with secret cameras and posting sexually explicit images of her online. more

FL - A Pensacola man is accused of secretly filming women in a Lowe's bathroom, according to a sheriff's report. more

UK - Coronation Street (a TV show) fans were left frustrated last night after the police failed to find Geoff's hidden camera. During the months that Geoff has been abusing Yasmeen, he set up a secret camera to spy on his wife. more

You know spy cameras are a big problem it becomes a popular TV show plot.
Updated: Spy Camera Detectors – Do they work?

Tuesday, May 5, 2020

Air-Gapped PC Power Supplies Spills the Screens

One of the most secure system arrangements today consists of air-gapped PCs. The reason being their total disconnection from the internet.

In February this year, it was reported that hackers can steal data from air-gapped PC using screen brightness and now the same can be done through their power supply.

Mordechai Guri, a cybersecurity researcher from the Israeli Ben Gurion of the Negev University has conducted an experiment that shows how power supply units (PSUs) can be exploited to extract information from both an air-gapped & audio-gapped computer.

Termed as POWER-SUPPLaY; the malware exploits the PSU using it as an “out-of-band, secondary speaker with limited capabilities”. The data that can be extracted includes different files & information of the user’s keystrokes transmittable up to 1 meters away along with passwords and encryption keys that the attacker could receive with a device that is five meters away from such as a smartphone...

The research does not deal with the question of how the malware will be implemented in the first place. The technique is very clever nonetheless. more

TSCM Nightmares Today, Reality Tomorrow

These give some technical surveillance countermeasures specialists nightmares.

Emerging technologies like the ones below are interesting. They could be used for illegal eavesdropping in the future. Combining the first two could produce a wireless bug that never has to have its batteries replaced. It could also be incredibly small.

Some people say, "the bad guys are always one step ahead of us."
I say, "do your homework and you will be one step ahead of them."

Ultra-Low-Power WiFi Radio Enables IoT Devices
  • Housed in a chip, it lets IoT devices communicate with existing WiFi networks.
  • Housed in a chip smaller than a grain of rice.
  • The radio could last for years on a single coin cell battery.

It consumes just 28 microwatts of power and does so while transmitting data at a rate of 2 megabits per second (a connection fast enough to stream music and most YouTube videos) over a range of up to 21 meters.

New Green Technology from UMass Amherst Generates Electricity ‘Out of Thin Air’

The laboratories of electrical engineer Jun Yao and microbiologist Derek Lovley at UMass Amherst have created a device they call an “Air-gen.” or air-powered generator, with electrically conductive protein nanowires produced by the microbe Geobacter.

The Air-gen connects electrodes to the protein nanowires in such a way that electrical current is generated from the water vapor naturally present in the atmosphere. “We are literally making electricity out of thin air,” says Yao.

Seeing Around Corners to Detect Object Shapes
Special light sources and sensors see around corners or through gauzy filters, enabling reconstruction of the shapes of unseen objects.

A technique was developed that enables reconstruction of images in great detail. Researchers computed millimeter- and micrometer-scale shapes of curved objects, providing an important component to a larger suite of non-line-of-sight (NLOS) imaging techniques.

Most of what people see — and what cameras detect — comes from light that reflects off an object and bounces directly to the eye or the lens. But light also reflects off the objects in other directions, bouncing off walls and objects. 

Monday, May 4, 2020

Trade Secret Protection in a Nutshell

Trade Secret Law in a Nutshell (book)
The federal Defend Trade Secrets Act and similar laws in most states let employers seek injunctions for the return of certain business information if three things are true: 
  1. The information is actually secret,  
  2. the business has taken "reasonable measures" to keep it so, 
  3. and the information has "independent economic value" because it's unknown to others who could profit from it.
These cases often turn on what an employer did to protect its alleged secret. If security was tight, it stands a good chance at getting an injunction; if it was lax, it'll likely lose. more

Spy vs. Spy - The Movie

The Spy vs. Spy comic strip has been a regular fixture in Mad magazine for almost sixty years. In that time, the two identical birdlike espionage agents — Black Spy and White Spy — have also featured in video games and cartoons, but a live-action big-screen adaptation has continually eluded the warring duo. However, that could all finally change, if new developments go according to plan.

According to Collider, Rawson Marshall Thurber is in talks to direct the movie for Warner Bros. and Imagine Entertainment. Ron Howard and Brian Grazer are on board as producers, which makes sense as they’ve been attached to the project since its inception. It remains to be seen if Dwayne Johnson will star, but that wouldn’t be surprising as he’s Thurber’s go-to guy...

The movie, as silly as it will undoubtedly be, might also be very smart and biting. The original comics are rife with political satire, often taking aim at America’s involvement in wars. Given that there’s still plenty of real-life drama to comment on, don’t be surprised if the movie pokes fun at current affairs...

If the film lives up to its potential, Spy vs. Spy will be one entertaining, wacky ride. more

Friday, May 1, 2020

Spycam Detection Course | Now With Korean Closed Captions

The highly rated Spycam Detection video training course now has Korean closed captions, as well as English. Spanish is coming soon.

The demand for a Korean translation was fueled by their epidemic spy camera problem. They even have a special word for it, Molka. The problem is so bad the government created special inspection squads and a safety handbook for the public.

In other countries the problem is also epidemic.

This one-hour, self-paced course was originally created for businesses and other organizations to train their security and facilities employees. Having these people conduct periodic inspections reduces risk and legal exposure. A Certificate-of-Completion is awarded at the end.

The training is also beneficial for police, private investigators and executive protection professionals.

Personal protection is the most effective prevention. Knowing what to look for is important. The course is open to everyone. Any individual with a little knowledge can conduct their own inspections of:
  • hotel rooms,
  • public restroom,
  • store changing rooms,
  • locker rooms,
  • vacation rentals,
  • and their own domiciles.
Please forward this post to anyone it can help.
As more people become knowledgeable, fewer people will become victims.

Eavesdropper Scams Financial Advisor | Prevention Tips

Early in April, a financial advisor and her team met with an insurance company wholesaler via the video conferencing platform Zoom.

Unbeknownst to them, another participant had joined the virtual meeting.

As the hacker captured details, the wholesaler named the price of a new policy and the advisor agreed to the terms.

...It’s likely that even before the meeting ended the eavesdropper generated an email to the advisor so that it appeared to come from the insurer. In a later forensic analysis, an overlooked detail revealed the spoof: a single letter the hacker changed in the insurance company’s name.

After the meeting ended, the advisor received the message with instructions to wire money — in the low six figures — to a New York bank account. She did as instructed, sending the money to the hacker. more

———How to prevent Zoombombing in your video chats in 4 easy steps———

1. Don't use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting. Zoom's support page offers a video walk-through on how to generate a random meeting ID for extra security.

2. Enable the "Waiting Room" feature so that you can see who is attempting to join the meeting before allowing them access. Like many other privacy functions, a skillful disrupter can sometimes bypass this control, but it helps to put another hurdle in their route to chaos.

Zoom offers a support article here as well. To enable the Waiting Room feature, go to Account Management > Account Settings. Click on Meeting, then click Waiting Room to enable the setting.

3. Disable other options, including the ability for others to Join Before Host (it should be disabled by default, but check to be sure -- see below). Then disable screen-sharing for nonhosts, and also the remote control function. Finally, disable all file transferring, annotations and the autosave feature for chats...

4. Once the meeting begins and everyone is in, lock the meeting to outsiders ... and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting. more

Wednesday, April 29, 2020

Robot 'Spy' Gorilla Records Wild Gorillas Singing and Farting

This is the first time that singing mountain gorillas have been caught on camera.

(Image: © Copyright John Downer Productions)

Mountain gorillas have been caught on camera as they "sing" during their supper, a behavior that has never before been documented on video. Filmmakers captured the astonishing footage of the primate crooners with a little help from a very special camera: a robotic "spy" designed to look like a young gorilla.

The singing apes make their television debut on April 29 in the returning PBS series, "Nature: Spy in the Wild 2."

Like its predecessor, which first aired in 2017, the program documents remarkable up-close glimpses of elusive wildlife behavior, seen through the "eyes" of robots that are uncanny lookalikes of the creatures that they film. more  sing-a-long

'Zoom-bombed' | Salary Cuts Call Eavesdropped on by Rival Company

Staff at national news outlet The Independent were on a ‘confidential and sensitive video’ Zoom call to learn about salary cuts and furloughs when it was ‘zoom-bombed’ by an employee from a rival media organisation. more

Mark Di Stefano, a reporter with the Financial Times, allegedly entered meetings held over the video conferencing app by the Independent and the Evening Standard.

Stefano, according to the Independent, brazenly joined the meeting by using his work email address. This caused Stefano’s name to appear on the call, although his camera remained disabled.

The journalist reportedly joined for 16 seconds before logging out but returned soon after by logging in with his phone number.

Not long after the call, Stefano sent out a series of tweets describing topics that the Independent says were discussed during the staff meeting.

Stefano described information on everything from pay cuts to the outlet’s issues with falling ad revenue. more

Related News...
DHS Reportedly Concerned Zoom May be Vulnerable to Foreign Spies 
The feds are concerned that Zoom’s security flaws could make the popular videoconferencing platform vulnerable to foreign spies, a new report says.

An intelligence analysis from the Department of Homeland Security found that Zoom’s explosive growth and its well-known security problems make it a “target-rich environment” for government spy services and other hackers, ABC News reported Tuesday.

“Any organization currently using — or considering using — Zoom should evaluate the risk of its use,” the department warned in the analysis, which was reportedly distributed to law enforcement agencies around the US. more
...and much more.

"What's in a Name?

...That which we call a rose by any other name would smell as sweet.”

Spies Keep Sneaking Malware Into Google Play

Google's Play Store for Android apps has never had a reputation for the strictest protections from malware. Shady adware and even banking trojans have managed over the years to repeatedly defy Google's security checks.

Now security researchers have found what appears to be a more rare form of Android abuse: state-sponsored spies who repeatedly slipped their targeted hacking tools into the Play Store and onto victims' phones.

At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store...

Once Kaspersky had identified the PhantomLance apps, its researchers were able to match their code with older malware used by OceanLotus, which has been active since at least 2013. more

New Spy Podcast

Fresh from playing Peggy Carter in the Marvel Universe, and now preparing for Mission: Impossible 7, Hayley Atwell gets CIA, KGB & Mossad operatives to share their inside stories of real spy missions.

Thursday, April 23, 2020

A Sad Case Highlights Perception of Privacy Loss and Mental Health

WA - A suicidal man who was shot and killed by police officers at a Loves truck stop in Ritzville called police twice to report that his car was bugged and that he was being tracked, according to a release by the Columbia Basin Investigative Team.  more

A Global Recession Will Fuel Cyber-Espionage

While the current pandemic crisis presents businesses with unprecedented economic challenges to their very existence, it has also created a tremendous level of cyber-risks. 

Heightened risks are present not only due to the significant numbers of individuals working from home, increasing the vulnerability landscape, but also because as states fall deeper into recessions, some may resort to cyber-espionage in an attempt to position better their post-pandemic political, economic, and industrial structures.

Regardless of the industry, the intellectual property (IP) of any organization is likely to be a precious target for foreign government-sponsored hackers...

Managing the crisis, in reality, can be much more complex and a nightmare for decision-makers. However, flexible, agile, and governments that are being flexible and adaptable while at the same time prioritizing their cybersecurity measures and counter-espionage efforts are more prone to survive the crisis as well as sustain domestic business operations with minimal loss. more

This Week in Spycam News

UVM Medical Center Doctor Hid Camera in Staff Bathroom
The emergency department doctor and assistant professor is facing several voyeurism charges after hospital security discovered the hidden camera. more

Man faces felony accusation of viewing girl through camera in alarm clock...
When interviewed by police, the girl said she knew the camera was there because of a "dot" on the front of the clock and that camera's presence made her "uncomfortable" and "creeped out." On Valentine's Day, the girl placed a series of heart-shaped stickers on the clock to decorate it, while also blocking the camera's view. more

Former head golf professional classified as Tier I sex offender...
Mohawk Golf & Country Club’s former head golf professional who was charged after a recording device was found in a women’s locker room was classified as a Tier I sex offender today. more

IR Eye of Ra, or The Drone Patrol

Police in Westport, Connecticut, announced this week that they’re testing a so-called “pandemic drone” that can detect when people on the ground have fevers.

The new drone platform will also be used to determine when people are closer than six feet to each other. Police will be able to deliver a verbal warning through the drone’s speaker to anyone not practicing social distancing.

The new drone technology was developed by a company called Draganfly Inc., which has been around since the late 1990s, and uses Westport PD’s existing quadcopter drones with Draganfly’s software. Draganfly worked with a deep-learning company called Vital Intelligence Inc. and researchers from the University of South Australia to develop the new tech, according to a press release. more

Wednesday, April 22, 2020

What 007 is Doing These Days

British Spy Unit Kills 2,000 COVID-19 Scams In Just One Month

Across the world, law enforcement and intelligence agencies are waging a different kind of war on COVID-19, one taking on scammers who’re exploiting fear around the coronavirus.

In the U.K., an arm of the GCHQ intelligence agency, has spent the last month wiping COVID-19 crooks from the web, with the National Cyber Security Centre (NCSC) announcing Monday that it had taken down more than 2,000 scams in a single month. more

Some Landlords Illegally Spying On Tenants’ Stimulus Check Status

While millions are awaiting their payments to help with necessities, landlords are also eager for their tenants to receive stimulus checks, so they can pay rent. Unfortunately, some landlords have not just been waiting patiently...

In order to help Americans to track the status of their stimulus payments, the IRS and Treasury Department launched a new tool, Get My Payment. The tool provides individuals “with the status of your payment, including the date your payment is scheduled to be deposited into your bank account or mailed.”...

In order to check the status of a stimulus payment, one only needs to provide basic information, including name, date of birth, street address, and Social Security Number (SSN) ... This basic information is readily available on the dark web ... it is also readily available to many landlords through the applications that tenants complete when applying to rent a property.
You may want to speak with a lawyer to evaluate options if your landlord checks your payment status on the IRS portal. You may also want to consider filing a police report. more

Monday, April 20, 2020

7 Espionage Tricks to Avoid While Working From Home

Don't get tricked into giving away personal information. 
Why? Because this is what you use for your passwords.
  1. Facebook Quizzes
    Quizzes are all over Facebook:  What does your eye color say about you? What kind of dog are you according to your zodiac sign? (Facebook says these were questions the criminals used.)

  2. 10 Things About You
    As people try to connect during the stay-at-home order, they are answering cut-and-paste questionnaires from their friends. They usually start with something like “Tell me 10 things I don’t know about you” and go on to ask questions like: Who was your first love? ... Here's the problem: those are the exact same questions asked when you forget your password. So, be wary of posting the answers on social media.

  3. Posting Information about Your Passwords
    People are posting all sorts of information about what’s going on at their homes with their children or with their pets. That’s fine, unless they use those same names as their passwords.

  4. Photos of the Home Work Station
    At this point, people are pretty proud of their work from home stations. They have a new webcam, a makeshift desk, and maybe even a good microphone. But posting photos of that home work station might give criminals too much information. Can someone see the screen from a window? Are they giving away the brands and models of their IoT devices (which might or might not have exploitable vulnerabilities)?

  5. Clicking Questionable Links
    There are a lot of questionable links on the internet. Users should be wary of sites they don’t recognize. While this is rudimentary advice, it’s a good reminder that the headline “New Pandemic Cure No One Is Talking About” likely leads to a malicious site.

  6. Be Aware of What’s Public
    Savvy users have changed their Facebook and Instagram profile settings to make them more private. But as soon as you post to a group or comment on someone’s post without strong privacy settings, folks outside your friend's group can see what you’re doing. And, other sites like Twitter and Reddit are not generally private. more 
 Thanks to Jake Milstein, CI Security Inc. for compiling this list.

Sunday, April 19, 2020

10 Best Spy Comedy Films, Ranked (According To IMDb)

There are better things to do other than watch CNN (Covid-19 News) 24/7.
Here are some suggestions. ~Kevin

***** (Personal favorite)

A Few Others
more (amazing, uh?)

"The Warehouse" by Rob Hart (book)

"The Warehouse" by Rob Hart: A thrilling story of corporate espionage at the highest level ... and a powerful cautionary tale about technology, runaway capitalism, and the nightmare world we are making for ourselves” is how Blake Crouch, New York Times (NYT) bestselling author of Dark Matter describes this book. more

"A chilling and all-too-believable portrait of a not-so-far-off future where free will succumbs to big business."--Alafair Burke, New York Times bestselling author of The Better Sister


The Machine Never Blinks: A Graphic History of Spying and Surveillance (book)

In The Machine Never Blinks, the story of surveillance is presented from its earliest days, to help you more fully understand today's headlines about every-increasing, constant, and unrelenting monitoring and global data collection.
This book spans surveillance from the Trojan Horse, through 9/11 and to the so-called War on Terror, which enabled the exponential growth of government and corporate intercepts and databases.

It also explains spying as entertainment (reality TV) and convenience (smart speakers). Take a look around... Who's watching you right now? Black & white illustrations. more

Office Printers: The Ticking IT Time Bomb

Unsecured printers are one of the items on our inspection checklist. Why? Because it is a very common problem. Normally buttoned-up networks put out a hacker welcome mat with just one unsecured printer. ~Kevin

Office printers don’t have to be security threats: with foresight and maintenance they’re very easily threat-proofed. The problem is that system administrators rarely give the humble printer (or scanner, or multifunction printer) much attention.

Hackers haven’t forgotten about printers – not by a long shot. Last summer, a Russian hacker group penetrated numerous organizations by first infiltrating unprotected printers, which were connected to the same network as every other device, and then laddering up to exploit increasingly sensitive areas.

Furthermore, according to a recent report, foreign governments can also easily conduct industrial espionage by targeting this under-the-radar beachhead into the organizational networks...

Using third parties to continually help identify security risks is a smart course of action for enterprises that are truly serious about security measures. more

Managers: Don’t Rush to Workplace Spyware during Pandemic

A Rutgers organizational psychologist explains ramifications of putting spy software in place.

With millions of employees working remotely due to the coronavirus pandemic, managers—likely new to virtual management—are scrambling to find the best ways to oversee them online.

Computer performance monitoring may interest those looking for “an extra set of eyes,” but workplace surveillance is not that simple, according to John Aiello, an expert in organizational psychology at Rutgers School of Arts and Sciences.“While spy software may relieve the manager’s anxieties, organizations will see an increase in stress on employees and it could decrease productivity,” said Aiello, who has researched the electronic monitoring of workers over the last three decades.

Topics addressed...
How does monitoring software affect productivity?
How does implementing this surveillance affect managers?
Can electronic monitoring be used for “the greater good?”
If employers are thinking about implementing this surveillance, what might be done first? 

Thursday, April 16, 2020

Gad Zoox - Tesla Settles Trade Secret Theft Law Suit

Zoox Inc. said on Tuesday it had settled a lawsuit with Tesla Inc. after admitting that some new hires from the electric carmaker were in possession of certain Tesla documents when they joined the U.S. self-driving car startup.

Tesla lawyers filed a lawsuit in March last year against four former employees and Zoox, alleging the employees stole proprietary information and trade secrets for developing warehousing, logistics and inventory control operations.

Zoox said the settlement required it to pay Tesla an undisclosed amount and undergo an audit to ensure that none of its employees had retained or are using Tesla's confidential information. more

Zeroing in on Zoom’s Threat to Financial Services

COVID-19 has induced a significant shift in the way we work. Remote is the new reality.

There may be, however, a tremendous cost to Zoom’s convenience... For many, Zoom has been the answer to staying connected in the workplace.

Simply put, the widespread adoption of Zoom amid a global pandemic might be the security vulnerability of the decade. 

In fact, any financial services organization using the service should immediately assume their user credentials are under malicious parties’ control.

In recent weeks, New York Attorney General Letitia James has probed Zoom’s data security strategy, and whether the company’s security protections can keep up with the spike in users. It is also our understanding the FBI, among other federal government agencies, has also prohibited the use of Zoom and WebEx due to security concerns. more
Suit Claims Facebook, LinkedIn Eavesdropped on Zoom Calls
More Zoom news.

Business Espionage - You Staying in Jail

U.S. District Judge Ronnie Greer Wednesday temporarily stayed – or postponed – the pretrial release of Xiorong “Shannon” You, a 56-year-old Chinese-born chemical engineer accused of stealing $17 million in trade secrets from Eastman Chemical Company and more than $100 million more while working for Coca-Cola in Atlanta, according to court documents. more