Tuesday, December 29, 2020

Security Director Alert: DHS Warns US Businesses of China’s Data-Collection Practices

A 15-page “business advisory” released Tuesday by DHS cautions that Chinese intelligence services could collect and exploit data held by U.S. firms doing business in China
, highlighting longstanding concerns from U.S. officials. Beijing has denied allegations of economic espionage...

Chinese law requires Chinese businesses and citizens, including in academia, to “take actions related to the collection, transmission and storage of data that runs counter to principles of U.S. and international law and policy,” DHS said in a press release. 

The department urged U.S. firms to “minimize the amount of at-risk data being stored and used” in China, or in places accessible to Chinese authorities. more

Need help. Click here.

There is a New Kind of Bug Comin' to the UK, Mate

In collaboration with UAVTEK, we have developed a nano “Bug” drone and delivered the first 30 units to the British Army, which has put it through its paces as part of a trial. 

The Bug is a nano-Unmanned Aerial Vehicle (UAV) weighing 196g – similar to the weight of a smartphone – with 40 minute battery life and a 2km range

It boasts a stealthy low visual profile and the ability to fly even in strong winds of more than 50mph...

The teams are now working on the next developments on the nano-UAV, exploring sensing equipment and capabilities which could be added, as well as how the Bug could be integrated with other military equipment. more


Check Your Holiday Rental for Hidden Surveillance Cameras

Australia - There's something unsettling about the idea of being watched while you and your loved ones kick back on holidays. If you've searched online to find whether holiday rental landlords spy on their guests, there's plenty to feed your paranoia...

Still, if something feels off or you want to sweep the house, there are some steps you can take. Although without professionals and high-tech gear involved, it can't be 100 per cent accurate...

Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera... "The reality is, that's how a lot of these cameras can be found — through anomalies. Things that just don't look right within an environment," he explained.


Tips:

  1. Inspect what's on the Wi-Fi network... Many cameras sold in consumer electronic stores need an internet connection so they can be viewed remotely from a computer or app. This could provide a clue.

  2. Try to spot the camera lens... Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera.

  3. Check the power points... Hidden cameras need ongoing power, so Mr Claxton suggested looking at what's connected to power points.
     
  4. Look for oddly placed objects... Hidden cameras can be built into just about anything, but for the lay person, Mr Claxton suggested using "a bit of common sense". more

Also, consider taking a one-hour, on-line, video Spycam Detection Training course.

Tuesday, December 22, 2020

Industrial Espionage and IP Theft in the Manufacturing Threat Landscape

 via Rob Acker...
Today, the manufacturing industry promotes innovation, productivity and trade to capitalize on opportunities created by changing demand and technological advancements. However, the move towards connected manufacturing has introduced sophisticated threats to data, intellectual property (IP) and operations.

Industrial Espionage and IP Theft
Manufacturing organizations invest heavily in IP development. It’s often an organization’s most valuable asset and its theft is among the most damaging of manufacturing cyber-threats. Recently, manufacturing executives cited IP protection as their primary concern...

 Although manufacturing organizations are reasonably advanced in their awareness of the cyber and information security risks they face, preparedness varies. A certified ISO 27001 Information Security Management System (ISMS), paired with independent testing, detection and response services, provides a transparent solution. more

Chinese Spies: from Chairman Mao to Xi Jinping (book)

As China expands its reach around the globe, it is important to understand not only its foreign, economic and security policies but also its massive covert operations. 

Roger Faligot, an investigative journalist who specializes in studying intelligence agencies, first published Chinese spies in French. It proved so successful that he recently had a significantly expanded version translated into English - Chinese spies: from Chairman Mao to Xi Jinping.

Faligot’s ambitious book spans a century of Chinese espionage, from the beginnings of the Chinese Communist Party to the Xi Jinping era...

Faligot’s ground-breaking book is essential reading for both intelligence professionals and generalists seeking to understand the reach of China’s hidden hand. Given rapid technological developments, one can only hope that Faligot is working on a follow-up volume. more

Russian Spy Crank Yanked into Confessing

Poisoned Kremlin critic Alexei Navalny duped a Russian spy into confessing to the botched assassination attempt — revealing that nerve agent had been smeared on his underpants, according to a report.

The 44-year-old opposition leader posed as a senior official from Russia’s National Security Council demanding an urgent debriefing about why the poisoning in August failed, according to a recording shared with CNN.

In a sting where he used a number disguised to look like it was from the headquarters of Russia’s Federal Security Service (FSS), Navalny tricked Konstantin Kudryavtsev into revealing key details about how he had been poisoned with Novichok in August, CNN said. more

Yet Another Air-Gapped Computer Hack

Academics from an Israeli university have published new research today detailing a technique to convert a RAM card into an impromptu wireless emitter and transmit sensitive data from inside a non-networked air-gapped computer that has no Wi-Fi card.

Named AIR-FI, the technique is the work of Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev, in Israel.

Over the last half-decade, Guri has led tens of research projects that investigated stealing data through unconventional methods from air-gapped systems. 

These types of techniques are what security researchers call "covert data exfiltration channels." They are not techniques to break into computers, but techniques that can be used to steal data in ways defenders aren't expecting. more

Friday, December 18, 2020

The Ultimate Spy, or Better Learn How to Say "Yes, Master"

 via Sundance...

This fascinating and visually stimulating documentary examines simulation theory—the idea that this world we live in might not be entirely real. The theory is as old as Plato's Republic and as current as Elon Musk's Twitter feed and A Glitch in the Matrix traces its genesis over the years, from philosophical engagements by the ancient Greeks to modern explorations by Philip K. Dick, the Wachowskis, and game theorists.

A new trailer for the upcoming documentary A Glitch in the Matrix gives a haunting look at the theory that we are all living in a giant simulation. The title alludes to the Wachowskis’ popular Matrix franchise, which is perhaps the most significant cultural exploration of the trippy thought experiment.

A Glitch in the Matrix will premiere at the 2021 Sundance Film Festival in the Midnight Section line-up. After Sundance, A Glitch in the Matrix will be in theaters and on demand on February 5, 2021.

"Solarwinds" Attack Announcement (AA20-352A) from CISA

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations 

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations...

CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations. CISA advises stakeholders to read this Alert and review the enclosed indicators. more

Note: In addition to cybersecurity, a quality TSCM program is required to protect against multiple other attack vectors.

TSCM Tech Alert: If You Detect a Signal at 9.65 GHz You're Being Watched

A New Satellite Can Peer Inside Buildings, Day or Night

A few months ago, a company called Capella Space launched a satellite capable of taking clear radar images of anywhere in the world, with incredible resolution — even through the walls of some buildings.

And unlike most of the huge array of surveillance and observational satellites orbiting the Earth, its satellite Capella 2 can snap a clear picture during night or day, rain or shine...a capability that will only get more powerful with the deployment of six additional satellites next year. Is that creepy from a privacy point of view? Sure...

The satellite beams down a powerful 9.65 GHz radio signal toward its target, and then collects and interprets the signal as it bounces back up into orbit...

Possibilities abound. Train two SAR satellites on the same target and they can actually image targets in three dimensions down to minute differences in height. more

Monday, December 14, 2020

Exercise Like Your Walter Mitty Secret Agent Life Depended On It

via Justin Harper, Business reporter, BBC News, Singapore

I was the hero in my very own spy story, speeding from one checkpoint to another to foil the bad guys.

The plot came from a running app called Running Stories, which casts you as a secret agent in a story playing out with a heart-thumping soundtrack.

It is one of the latest apps designed to make exercise more entertaining, using real-time data that integrates the plot with your surroundings.

Key events in the storyline are triggered when a runner passes specific GPS markers and landmarks.

From being shot at by snipers to racing to catch a speedboat along the river, the plot kept me engaged and burned plenty of calories. more



John le Carré - RIP


John le Carré, whose exquisitely nuanced, intricately plotted Cold War thrillers elevated the spy novel to high art by presenting both Western and Soviet spies as morally compromised cogs in a rotten system full of treachery, betrayal and personal tragedy, died on Saturday in Cornwall, England. He was 89. (Born David John Moore Cornwell in Poole, Dorset, on Oct. 19, 1931.) more

Saturday, December 12, 2020

World's Smallest & World's Best Spy Cameras of 2020

World's Smallest

Weighing just 1g, Austrian company AMS has announced they have made the world's smallest camera. The NanEyeC has a footprint of just 1x1mm so is smaller than the size of a pinhead.

The 102,000 pixel camera only shoots in black and white, but is designed to be invisible when mounted in wearable devices, such VR headsets – and will doubtless also become the ultimate spy camera. more

 
 World's Best Spy Cameras of 2020

We've put together this guide to spy cameras to help you pick out the best one for your home. 

Some are simple small cameras that can be placed somewhere that most people won't notice them, while others are disguised as objects like photo frames or USB chargers. 

We've even found a camera that's disguised as a light bulb! 

As you might imagine, there are loads of creative options in this area. more


 

Another TSCM Fail - Dentist Sweeps Office - In Situ Spycam Missed

Two weeks ago a school district conducted their own "in-house" TSCM sweep for spycams after an employee was charged with 30 child pornography and voyeurism charges. Big fail. Multiple reasons.

This week...

An Illinois dental practice has been sued by 11 employees after an hygienist allegedly hid two cameras in the work bathroom, new court papers show.


One camera was discovered Oct. 22 in a unisex employees’ bathroom of the national dental chain Aspen Dental in Crestwood, and it was turned over to the police department, according to the lawsuits filed in Cook County Circuit Court on Thursday.

That same day, dental hygienist Armani Alexander, 25, “admitted to placing the camera” in the bathroom and was arrested, the court papers say.

The office assured the workers that they swept the premises and didn’t find any more cameras.

Yet Oct. 26, a second camera was discovered in the same bathroom, court documents allege...

Aspen admitted that a background check for Alexander — who had only been with the company for two months — “was flagged for criminal activity,” the court papers say...

The workers — who are each suing for at least $50,000 — have brought claims of negligent hiring and supervision against the practice. more

No surprise there. This DIY amateur hour bug sweep was an exercise in negligence. 

Consider these points...
  • The police were given the first camera and had a confession the same day. "Case closed."
  • We don't know if the police conducted a follow-up inspection for additional cameras. If they didn't, they failed. If they did, they failed to find the second camera.
  • The practice knowingly hired a hygienist with known criminal activity ...and didn't investigate further.
  • No mention of an independent Technical Surveillance Countermeasures (TSCM) specialist being called in to investigate. Big fail.
  • "The office assured the workers that they swept the premises and didn’t find any more cameras." (Visions of Steve Martin.) ..."Yet Oct. 26, a second camera was discovered in the same bathroom."

 Why is all this important?

Emotional pain and embarrassment aside... not conducting a professional emergency sweep will have expensive consequences, and may put this dentist out of business.

  • 11 employees suing for $50,000.00 each = $550,000.00
  • Cost of recruiting, hiring and training new staff = $????.00
  • Loss of business due to the bad publicity = $????.00+
  • Total cost of their DIY "sweep" (rough guess) "a lot!"
  • Cost of a professional TSCM sweep for an average dental office suite ≈ only $4,500 - $6,000.
Want to proactively check for spycams yourself? Learn how to do it first.
If you have an active situation, find a competent TSCM professional.

Friday, December 11, 2020

10 Years Ago This Month - Merry Christmas, kid.

"Mommy has a new toy she would like you to play with."
 
 

 "Find out who's telling the truth—and who's not—by giving your suspect a lie detector test! Attach the sensor to your suspect's finger. Ask tough questions to really make 'em squirm! The indicator lights light up when your suspect isn't telling the truth. Busted!"

You better watch out
You better not cry
Better not pout
I'm telling you why
Santa Claus is coming to town
He's making a list
And checking it twice;
Gonna find out Who's naughty and nice
Santa Claus is coming to town...
 
SHOCKING 2020 UPDATE...
The latest model lie detector toy for kids electrocutes them if it thinks they are lying.
 
From the sales pitch... 
  • If you tell the truth, no shocking and you can move out your hand safely. But if you tell a lie, you will be shocked by electric. 
  • Toys for your friends, Fool's Day Party, Prank gifts, Halloween Prank, Christmas gift.
  • It would be a great warm-up game at a party. more

I can't wait to see what 2030 brings.

Thieves Steal Radio Equipment from Russian ‘Doomsday Plane’

A Russian military aircraft designed to allow the country’s leadership to survive and fight a nuclear war has been crippled, the victim of a particularly brazen burglary. Thieves stole 39 pieces of communications equipment from the Ilyushin Il-80 aircraft, nicknamed “Maxdome” by NATO.

The incident took place at the Beriev Taganrog Aviation Scientific and Technical Complex, outside the Russian city of Rostov. Inspectors noticed an open hatch leading inside the plane and soon discovered the equipment was missing. more  one sing-a-long possibility? (nsfw)



Sunday, December 6, 2020

This Week in (the other type of) Corporate Espionage


NLRB Accuses Google of Spying On and Retaliating Against Employees

The National Labor Relations Board (NLRB) lodged a formal complaint against Google, LLC and Alphabet, Inc. (collectively Google) on Wednesday, contending that the company interfered with workers’ rights to organize and retaliated against certain employees for attempting to unify. According to an article by Ars Technica, and a redacted filing consolidating the cases, the NLRB stepped in after several employees made complaints about their former employer’s restrictive and punitive actions. more  

Private spies reportedly infiltrated an Amazon strike... A union is taking legal action.
Amazon could face a court battle with a Spanish workers' union over a report that said private investigators were hired to infiltrate and secretly surveil a strike outside one of its warehouses. According to a 51-page document obtained by the Spanish news site El Diario, private detectives spied on an Amazon workers' strike at a warehouse near Barcelona, Spain... more

Employers Are Spying on Remote Workers in Their Homes
As the Covid-19 pandemic has forced more people to work from home, employers have begun using digital surveillance technology to increase control and maintain productivity. more

Credit Suisse Spy Agency Was More Global, Inept Than Previously Reported
The most amazing thing about Credit Suisse’s CEO-sinking spy scandal isn’t that the bank’s internal KGB existed at all, but how hilariously, spectacularly shitty it was at the job. The most important thing, after all, about a covert operation is not the information it uncovers, but that it remain covert, undetected by those under its watch. Not only were CS’s Keystone Kops unable to achieve this most basic secrecy over and over and over again, they weren’t able to concoct an effective cover-up of their rare successful operations from the world’s most credulous law firm. more

NJ Whistleblower Allies File Lawsuit Against Carpenters' Union Over Spying
Five former employees of Eastern Atlantic States Regional Council of Carpenters have sued the union for allegedly spying on and then firing them over their support of a whistleblower who sparked a federal corruption investigation of the union. more

Oil & Gas Industry Corporate Espionage, or Those Fracking Spies

According to the FBI, corporate espionage in the global oil and gas industry mostly involves stealing intellectual property, including a company's trade secrets, research, and proprietary information...

The main culprits are domestic and/or foreign commercial rivals, start-up companies, foreign Intelligence officers (spies), disgruntled employees (insider threat), or organized criminals.

In the case of Texas fracking companies, employees of drilling firms were targeted when they traveled outside the United States with the contents of their company laptops stolen.

Alternatively, individuals were actively placed inside target companies, or disgruntled employees would simply go rogue and begin collecting and selling trade secrets, mainly as an act of defiance to strike back at their employers. more

Government-Mandated Tax Software Contains Malware

U.S. and German investigative and intelligence agencies issued grave warnings in recent months that Chinese government-mandated tax software contains malware, which enables backdoor access into the applications that install it.

If the allegations are true, local units of foreign companies operating in China as well as global financial institutions will be exposed to the risk. more

Diplomats Reportedly Zapped with Microwaves

Mysterious neurological symptoms experienced by U.S. diplomats in China and Cuba appear to be caused by directed microwave energy, according to a new report by the National Academies of Sciences (NAS) obtained by The Hill...

A source familiar with the symptoms told NBC News, which was the first to report on the findings from NAS, that the CIA had determined Russian operatives who had worked on microwave weapons were in the same cities as CIA agents at the time they began experiencing the neurological symptoms.

U.S. diplomats in Cuba began experiencing the symptoms in late 2016, reporting they were hearing strange sounds and experiencing odd physical sensations before becoming sick. Some of those symptoms disappeared, while others lingered.

Cuba has denied any knowledge of the illnesses. more

Sunday, November 29, 2020

School District Sweeps Schools for Recording Devices ... Using Maintenance & IT Staff

Canada - Anglophone East School District sweeps Riverview schools for recording devices. 

Sweep done after a volunteer basketball coach was charged with 30 child pornography and voyeurism charges. 

Anglophone East Superintendent Gregg Ingeroll sent an e-mail to parents... He says the sweep was done by maintenance and IT staff in all Riverview schools, searching for any electronic or recording devices, as well as any areas where recording devices could potentially be hidden.  

"This sweep of all areas resulted in no recording devices being found," Ingersoll wrote.

No surprise there. This amateur hour bug sweep was an exercise in negligence, or a whitewash. 

Consider these points...

  • There is evidence of a crime.
  • There is a suspect.
  • An independent Technical Surveillance Countermeasures (TSCM) specialist is not called in to investigate.
  • A decision is made to use in-house janitors and the IT guy. Persons with no TSCM training or the required detection instrumentation. And, most importantly, no independent objectivity, and possibly a personal relationship with the suspect.

This Month in Spycam News

FL - A nurse in Florida has been charged with video voyeurism after being accused of planting a hidden camera in a public restroom at the rehab clinic where he worked. more

Canada - The man who recorded people changing and using a staff bathroom at Summerhill Winery was a “raging alcoholic” at the time, according to his lawyer... Leighton's defence counsel Cory Armour said his client had been drinking a 26-ounce bottle of hard liquor and two bottles of wine every day in August 2019, when he hid cameras inside the staff washroom at Summerhill Winery. He was an employee of the winery at the time. more

 FL - A man is facing video voyeurism charges while claiming to be on a job interview. The Palm Beach County Sheriff's Office arrested Che Cunningham, 27, on the third floor of an unidentified office building... According to the arrest report, Cunningham said he came to the building for a job interview but didn't remember the employer's name or office number. He claimed he had to use the bathroom and accidentally walked into the women's restroom. more

FL - A Village of Chitty Chatty man has entered a plea in a criminal case in which he is accused of using his phone to shoot video of a man in an adjacent bathroom stall. Sumter County sheriff’s deputies had been searching for a man who had gone to Lowe’s Home Improvement ... and attempted to use his phone to video a man using an adjacent stall in a restroom. more

IN - A Jay County man has been charged with voyeurism after failing to convince authorities his actions had been part of an ill-conceived Halloween prank. Sheriff's deputies said Doublin was visiting the home of a female acquaintance when he tried to use his cellphone to record images of the woman's daughter as she entered and emerged from a shower. The young woman had suspected Doublin of such behavior earlier, and placed a camera in a hallway to record his actions on Oct. 31, according to an affidavit. more

Australia - A woman has shared the sneaky way a man was trying to record her getting undressed in a changing room in a bid to help others stay safe... (The) video shows, the man in the stall next to hers had used this gap to try to record her getting undressed, positioning his camera phone between his feet on the floor to point inside her cubicle and film her getting undressed. more

MS - A Mississippi man has been arrested after police reportedly found a camera he installed in his neighbors bedroom wall. On Friday, Oxford police arrested 44-year-old Gary Morris after officers responded to a residence on Christman Drive where a woman found a camera lens protruding through her bedroom wall. more

Canada - A 37-year-old man faces voyeurism-related charges for allegedly filming an Ottawa woman without her consent during consensual sexual encounters over a two-year period. The Almonte man met the victim on a dating app. more

SC - Agents with SLED have confirmed the arrest of a Laurens County Detention Center officer. Warrants say Tollison on multiple occasions invited a victim into his office to change her clothing in private... During these incidents, Tollison set up a web camera in his office and photographed the victim undressing without her knowledge or consent. more

Borneo - The Magistrate’s Court yesterday handed a four-month jail sentence to a 42-year-old cleaner for recording a video of a woman using the female restroom at a government primary school... The court was also informed that he had been employed for a year as a cleaner at the school. more

Singapore - Earlier this year, Lynn Neo started locking the door of her hostel room whenever she took a nap... She and other friends began taking precautions like these immediately after they heard about a 24-year-old male student at NUS who had mounted two spycams in women’s toilets in their college. more

Learn how to detect spy cameras.

Verizon’s 2020 Cyber Espionage Report


Verizon’s 2020 Cyber Espionage Report
, the result of a total of 14 years of research into global data breaches and threat actor activity, has come up with some illuminating observations about long-term patterns of cyber spying. 

Among the major highlights are that criminal organizations and disgruntled former employees play a trivial role in overall attempts, that the public sector is the preferred target of attackers and that desktops and laptops are far more likely to be breached than phones...

Though there is some market for corporate secrets in the criminal underworld, the research shows that these figures make up a small amount of overall cyber espionage incidents: about 4% are from organized crime, and about 2% are from former employees. An overwhelming 85% come from state-affiliated groups, with an additional 8% from nation-states. more

Work From Home (WFH) Risks Assessed


The work-from-home (WFH) arrangement appeared to be the safest way for employees and businesses to continue operating during the pandemic, but it also exposes companies to heightened cyber security risks, studies showed...


There is also a perception that getting home security controls or measures or support from their companies is getting expensive...

The study showed that 43 percent of breach victims were small businesses, and 34 percent of data breached involved internal actors. The same survey showed that 15 percent of companies found millions of files open to every employee. ...The study showed that 71 percent of breaches were financially motivated and 25 percent is due to espionage. more

Concerned about Sony's PS5 spying on you? Here is What You Can Do...

Sony's always-on PS5 DualSense mics are sparking privacy concerns. The PlayStation 5's DualSense controller comes with a built-in mic that's on by default, and it records what you say to help Sony "analyze" key data points. Here's how to change those settings, and what they mean.

Gamers are a bit concerned about privacy on the PS5. 

It was recently confirmed the DualSense's mic auto-records anything you say when unlocking an in-game trophy. This is just the tip of the iceberg, really.

As a PS5 owner you can limit the data that Sony collects. But you can't turn data collection off entirely.

Here's how to adjust your data collection settings:
Settings -> Users and Accounts -> Privacy -> Data You Provide more

Friday, November 27, 2020

GPS Trackers, Hidden Cameras on the Rise During Pandemic

Domestic violence offenders are increasingly using GPS trackers and surveillance cameras to monitor their victims, with support workers saying technology-based abuse has escalated during the pandemic... 

The report, co-authored by researchers from WESNET, Curtin University and the University of New England, surveyed 442 support workers from around the country who specialise in helping victims of family and sexual violence...

In 2020, nearly one in three frontline workers said they saw victims tracked with GPS apps or devices "all the time". Five years ago, only 8 per cent of workers saw that type of abuse that often.

Surveillance camera misuse was seen "all the time" or "often" by 42 per cent of support workers in 2020, up from 16 per cent in 2015. more

Learn how to detect covert cameras.

Thursday, November 26, 2020

Spy News of the Week

NZ - A soldier based in New Zealand has been charged with spying, the NZ Defense Force confirmed in a statement Wednesday. Why it matters: The soldier allegedly has ties to far-right extremist groups, per multiple local media reports. They're the first person to face espionage charges in New Zealand. more

Iran released a British-Australian scholar, Kylie Moore-Gilbert, detained since 2018 on charges of spying for Israel, in a prisoner swap conducted Wednesday for three Iranian men described by Iran’s official media as businessmen who had been held abroad. more

TX - A Texas A&M employee claims in a federal lawsuit against the university that her former boss secretly recorded her and dozens of other women using the bathroom... The camera was located underneath a counter in the women’s bathroom, facing toward the toilet. more

Swedish Foreign Minister Ann Linde formally urged Iran to cancel an execution for an Iranian-Swedish professor charged with spying for Israel. more 

Prime Minister Benjamin Netanyahu has promised Jonathan Pollard, an American who spent 30 years in U.S. prison for spying for Israel, a warm welcome and a comfortable life in Israel now that parole restrictions have ended. more

Hackers have the ability to use Light Detection and Ranging (LiDAR) technology to enable vacuum cleaners to eavesdrop private conversations in houses. A LiDAR sensor is designed to scan the surroundings by utilising laser-based ranging techniques to create a distance map. In robotic vaccum cleaners, these sensors act as navigators and provide mapping services to clean houses. more

MA - Betty Cavacco is calling for a special town counsel to investigate alleged email spying by Town Manager Melissa Arrighi, but no one else on the Select Board is supporting that proposal. Following a lengthy executive session that delayed the start of Tuesday’s meeting, board member Cavacco read a statement urging the appointment of an investigator to review this matter, calling the allegations of spying on emails “a disturbing and scary affront to the foundations of the government of this town.” more

Swiss public television, SRF, has found a second company besides Crypto AG was involved in manufacturing manipulated devices allegedly used for spying by foreign intelligence... Of concern are the OC-500 series devices. Devices were sold to several Swiss federal agencies. However, Swiss authorities only noticed the devices weren't secure in the mid-2000s. more

100 Best Spy Movies of all Time

Stacker compiled data on all spy movies to come up with a Stacker score—a weighted index split evenly between IMDb and Metacritic scores. Here are the best spy movies of all time... more

#5 - Duck Soup


 

Nicolas Sarkozy Eavesdropping Trial Will Resume Monday

France - Nicolas Sarkozy’s trial for corruption in the “wiretapping” affair will be held well by the end of the year. After a false start last Monday, the court requested the resumption of the hearing next Monday, November 30.

The corruption trial of former President Nicolas Sarkozy in the “eavesdropping” affair will resume next Monday, November 30, the Paris Criminal Court having rejected on Thursday November 26 the request for referral, for health reasons, of one of his co-defendants. more

Wednesday, November 25, 2020

The Case of the "Donated" Apples, or Pad My Palm

Apple Inc.’s head of global security and the Santa Clara County undersheriff are among those charged in an alleged bribery scheme in which iPads worth $70,000 were to be given to the Santa Clara County Sheriff’s Office in exchange for concealed-carry firearms permits, according to an indictment released Monday...“Undersheriff Sung and Captain Jensen treated CCW licenses as commodities and found willing buyers,” Santa Clara County Dist. Atty. Jeff Rosen said in a statement. “Bribe seekers should be reported to the district attorney’s office, not rewarded with compliance.”

Monday, November 16, 2020

EaaS - Espionage as a Service

Ransomware-as-a-service has become so popular and profitable that bad actors in the dark markets are expanding their range of illicit services to offer dedicated phishing and espionage campaigns too.

Over the past half a year, BlackBerry’s Research and Intelligence team has been keeping a close eye on a cyber-espionage campaign that is targeting individuals around the world. Dubbed ‘CostaRicto’ by BlackBerry, the campaign seems to be run by 'hackers-for-hire', a group of skilled APT actors with bespoke malware tooling and complex VPN proxy and secure shell (SSH) tunneling capabilities...

When it comes to espionage campaigns, outsourcing the whole or even part of the campaign is a compelling proposition, particularly for businesses and individuals who are looking for inside information on their competitors but don’t necessarily have the skills, tools or experience to do this themselves. (and/or want plausible deniability) more

The use of cutouts is a popular and very effective spy tactic. Most corporate espionage (and competitive intelligence) is based on this method. 

Pretext'ers, employment moles, buggers, blackmailers, aerial reconnaissance pilots, private investigators, and bribers are just a few of the EaaS types. Now, hackers join the list. The one thing they have
in common is stay invisible and don't get caught. 

Thus, the victim never realizes they have been victimized. 

Thus, only corporations with smart security directors conduct Technical Surveillance Countermeasures (TSCM) inspections, information security surveys and provide employees with counterespionage training.

In Other News... Laser Device Can Make Lightning Strike Specific Targets

An international team of researchers says that small lasers could be used to guide lightning strikes — much like Thor’s legendary hammer Mjölnir.

“It turns out that to deliver particles, you do not need high-intensity lasers, even low intensity like your laser pointer will be already enough,” Andrey Miroshnichenko, a researcher at the University of New South Wales in Canberra, Australia, told Agence France Presse of the work...

“We can imagine a future where this technology may induce electrical discharge from passing lightning, helping to guide it to safe targets and reduce the risk of catastrophic fires,” co-researcher Vladlen Shvedov from the Australian National University told AFP.

Or you could use it to smite your enemies. Just saying. more

Jilted IT Expert Bugged Wife’s TV and Car

A jilted IT expert bugged his ex’s TV and car after their 20-year marriage ended... He sneaked into his estranged partner’s home while she was away and planted a listening device in the TV and hid an iPhone in her car.

Ms Ewart told a court: “He sent text messages to me about TV shows I had been watching.” 

Ewart, of Washington, admitted stalking and was jailed for 18 weeks, suspended. He must wear an electronic tag to keep him away from his ex. more  & more

Bridge Workers Claim Spycams Installed in Locker Room

Maintenance workers at the Kingston-Rhinecliff Bridge are claiming that management installed spy cameras in their locker room. New York State Bridge Authority Executive Director Tara Sullivan has denied the accusations but acknowledged the use of the cameras...

The room where the cameras were discovered was used as a locker room for half of the work crew as well as an office for the assistant foreman, Mr. Gravino...

Executive Director Sullivan called the report “incorrect.” She said, “There is no investigation by the State Police and there have been no cameras placed at the Kingston-Rhinecliff Bridge facility where there would be a reasonable expectation of privacy such as a locker room or changing room.” more

Friday, November 6, 2020

Why Law Firms and Businesses Need TSCM - Reason #243

UK - A former Dechert client told a London judge Tuesday that spying conducted on a BigLaw partner is a common tactic in hard-fought commercial litigation.

A lawyer for the former client, a Kazakh mining company called the Eurasian Natural Resources Corp., is asking the judge to toss claims that spying on Dechert partner Neil Gerrard and his wife constituted illegal harassment, Law360 reports.

The ENRC hired Diligence International to surveil Gerrard in the hopes of gathering information for a lawsuit against Dechert and the United Kingdom’s Serious Fraud Office. Toward that end, Diligence planted hidden cameras in a hedge outside Gerrard’s home, Gerrard has alleged.

Lawyer Tom de la Mare said the cameras weren’t supposed to be found, so their placement couldn’t constitute harassment, according to Law360. And surveillance isn’t illegal unless oppressive or unreasonable, he said.

“Let’s be blunt about it,” de la Mare said. “This type of surveillance used to be common in commercial litigation.” more

Commercial TSCM Inspections
Spy Camera Detection Training

Can Two-Party Consent to Record be Obtained Using a False Persona?

Massachusetts' top appellate court said it will review a case over whether a recorded telephone interview between a Barstool Sports podcast host and a local city mayor runs afoul of a law prohibiting secret recordings if one party fraudulently obtains consent for taping...

Having been denied an interview with Curtatone about the mayor's comments on the issue, Minihane tried again, this time claiming to be Boston Globe columnist Kevin Cullen, according to the suit. Minihane, posing as Cullen, was granted the interview, in which he told the mayor he was recording...

Barstool and Minihane's attorney Aaron Moss of Greenberg Glusker LLP said in a statement Thursday that he is confident the SJC will reject Curtatone's arguments and uphold the lower court's ruling. 

"The Massachusetts Wiretap Act is crystal clear that it only prohibits secret recordings. If a recording isn't secret, the question of consent is irrelevant," Moss said. more

Interesting question. How would you decided?

Security Director Alert – Hackers Exploiting VoIP to Compromise Business Accounts

A hacking campaign has compromised VoIP (Voice over Internet Protocol) phone systems at over 1,000 companies around the world over the past year in a campaign designed to make profit from selling compromised accounts.

While the main purpose appears to be dialing premium rate numbers owned by attackers or selling phone numbers and call plans that others can use for free, access to VoIP systems could provide cyber criminals with the ability to conduct other attacks, including listening to private calls, cryptomining, or even using compromised systems as a stepping stone towards much more intrusive campaigns...

It's recommended that organizations change default usernames and passwords on devices so they can't easily be exploited and, if possible, analyze call billings on a regular basis for potentially suspicious destinations, volumes of traffic or call patterns.

And most importantly, organizations should apply the required security patches to prevent known vulnerabilities from being exploited. more

Snitch Culture Redux, or The Hong Kong So Long

Police in Hong Kong have launched a hotline where residents can report breaches of the national security law imposed by Beijing earlier this year.

The law criminalizes secession, subversion and collusion with foreign forces. It has silenced many protesters since it came into force.

Hong Kong residents can send images, audio and video files to the hotline.

Rights groups say they are concerned the service could be used to target those with opposing political views. more

 It is worth remembering that "Citizen Snitch Surveillance" is a tactic of cultures that eventually fail. 

About one in 100 East Germans was an informer for communist East Germany's secret police in 1989, according to a new study. Political ideology was their main motivation, both in East and West Germany.

Stasi files

The Stasi kept detailed files on thousands of East Germans

Around 189,000 people were informers the secret police of the GDR's communist regime, when the Berlin Wall fell in 1989 -- that's according to Thuringia's state office for researching East Germany's Stasi... more
 
See the movie...

Your Weekend Movie – “A Call to Spy” Now Streaming

A Call to Spy” is now available to watch via streaming services and in select theaters across the United States and United Kingdom...

Premiering on June 21st, 2019 -- the 75th anniversary of D-Day -- at the Edinburgh International Film Festival, the film has gone on to win numerous awards...

In the beginning of WWII, with Britain becoming desperate, Churchill orders his new spy agency—the Special Operations Executive (SOE)—to recruit and train women as spies. 

Their daunting mission: conduct sabotage and build a resistance. SOE's "spymistress," Vera Atkins (Stana Katic), recruits two unusual candidates: Virginia Hall (Sarah Megan Thomas), an ambitious American with a wooden leg, and Noor Inayat Khan (Radhika Apte), an Indian Muslim pacifist. Together, these women help to undermine the Nazi regime in France, leaving an unmistakable legacy in their wake. Inspired by true stories. more

Sunday, November 1, 2020

New York’s KGB Espionage Museum Will Soon Go Up for Auction

It’s a sad fact that as the coronavirus crisis stretches on, many museums and galleries won’t be able to survive the economic crunch, and will likely be forced to sell off their collections. 

However, this also means that vast and unusual troves of items will be redistributed to the public, which is the case with an upcoming Julien’s Auctions sale of the entirety of the items within the KGB Espionage Museum in New York City. 

Set to take place on February 13, 2021 at Julien’s Auctions in Beverly Hills and online simultaneously, the auction will include the world’s largest collection of authentic KGB spy equipment dating back to the Cold War...

“The KGB Espionage Museum’s collection of Cold War era items is one of the largest and most comprehensive in the world,” Martin Nolan, the Executive Director of Julien’s Auctions, told Observer on Thursday. “We anticipate the auction will attract a wide range of collectors from museum curators to historians to James Bond fans, particularly in this election year." more

Missing Wirecard Executive Could be Austrian Spy

German authorities say a missing Wirecard manager, who vanished just as the digital payments company collapsed, may be an informer for Austria’s intelligence agency.

Austrian-born Jan Marsalek, Wirecard’s former chief operating officer, disappeared without trace in June just as it emerged the company had inflated its balance sheet by at least €3 billion.

While the worldwide hunt continues for the fugitive 40 year-old executive, German prosecutors have told Bundestag MPs there is evidence that Mr Marsalek, who was in charge of all Wirecard operational business, was a source for Austria’s BVT intelligence agency. more

The Modern Detective: How Corporate Intelligence Is Reshaping the World

Tyler Maroney has written The Modern Detective, in which he reflects on a two-decade career as a PI, detailing his pursuit of corporate fraudsters, missions to conduct due diligence for blockbuster mergers and acquisitions, and even how he helped free an innocent man from prison...

"Private detectives are brought into projects throughout the entire life cycle of a company’s existence."
Maroney seeks to demystify the job of private investigators and debunk myths ingrained from television and pulp fiction. He argues that the modern detective is a vital cog in corporate life and can be a force for good in society. more

Sir Sean Connery Has Died at the Age of 90

The Scottish actor was best known for his portrayal of James Bond, being the first to bring the role to the big screen and appearing in seven of the spy thrillers.

Sir Sean died peacefully in his sleep in the Bahamas, having been "unwell for some time", his son said. more

In Other Spy News...

Whistle-blower Edward Snowden will become a father by the end of the year and his child is eligible to be a citizen of Russia, where the U.S. citizen has been living since in 2013 after releasing details of the U.S. electronic-surveillance program. more

Friday, October 30, 2020

Florida Woman Arrested for Hacking Home Camera System

A woman from Naples, Florida has been arrested after allegedly hacking into the home camera system of a family member as part of an extortion attempt.

Agents with the Florida Department of Law Enforcement arrested Jennifer Lenell Small on October 26 and charged the 44-year-old with a third-degree felony cybercrime.

Agents say that Small accessed the home camera system of a male family member as part of an extortion attempt that involved a contested will. Her alleged victim was a former employee of her husband's construction company.

"Small gained access to the camera and stored recordings after her husband’s construction company fired the victim and he turned the cell phone back into the company," said a spokesperson for the Florida Department of Law Enforcement.

The company cell phone that the victim had returned to his employer had an app installed on it that allowed the victim to view footage from his home security camera system...

A FDLE spokesperson said: "Small sent a short video clip to the victim telling him she had hours of videos that she would use against him in court if the victim did not agree to mediation." more

Spybusters Tip #934: Wipe your devices before passing them on.

New York Times — Fighting the ‘Bugging Epidemic’

With surveillance gear cheaper and easier to use, security experts say checking your environment for cameras and microphones is not a crazy idea.

People worry that Big Brother and Big Tech are invading their privacy. But a more immediate concern may be the guy next door or a shifty co-worker. 


 A growing array of so-called smart surveillance products have made it easy to secretly live-stream or record what other people are saying or doing.
Consumer spending on surveillance cameras in the United States will reach $4 billion in 2023, up from $2.1 billion in 2018, according to the technology market research firm Strategy Analytics. Unit sales of consumer surveillance devices are expected to more than double from last year.

The problem is all that gear is not necessarily being used to fight burglars or keep an eye on the dog while she’s home alone. Tiny cameras have been found in places where they shouldn’t be, like Airbnb rentals, public bathrooms and gym locker rooms. So often, in fact, that security experts warn that we are in the throes of a “bugging epidemic.”

It is not paranoid to take precautions. A lot of spy gear is detectable if you know what to look for, said Charles Patterson, president of Exec Security, a firm in Tarrytown, N.Y... more

STEVE WOZNIAK & STEVE JOBS — Blue Box up for Auction

Blue Box, 1972. An original first iteration "blue box" populated circuit board made by Steve Wozniak and marketed by Steve Jobs and Wozniak, 51 x 72 mm, with speaker wire and 9volt battery connector.

Provenance: Purchased directly from Steve Wozniak by the consignor in Autumn 1972 during a drive together from Sunnyvale to Los Angeles.

Bid estimate:
US$ 4,000 - 6,000
£ 3,100 - 4,600

While "phone phreakers" (hobbyists who were fascinated by the phone system) had used a "blue box" since the 1950s to avail themselves of free phone service, the first digital blue box was designed by Steve Wozniak in 1972. 

It was marketed and sold by Wozniak (who took the phone phreak name "Berkeley Blue"), Jobs (known as "Oaf Tobar"), and friends in Berkeley and throughout California in 1972 and 1973. 

Wozniak cites the number of boxes they produced at 40 or 50, while Jobs put the number at 100; but certainly many of those were confiscated as phone phreaking arrests increased throughout 1973 to 1975, in part due to the commercial distribution of the devices. 

These blue boxes represent the first commercial collaboration between the two Apple computer giants, and the circuit boards the first printed boards by Woz. 

Very few of the Wozniak originals have survived and even fewer of these first iteration boards as Wozniak soon changed the circuit board layout to accommodate a less expensive membrane keypad. The early models would have been made by Wozniak himself. more

Back Story: I examined the photos closely. The IC chips have manufacturing dates of 1973 & 1974, thus the provenance appeared misleading. I advised the specialist at Bonhams. To his credit, and that of the auction house, they very quickly researched it further. The auction now has an addendum which clears up the mystery...

"PCB was purchased unpopulated directly from Steve Wozniak by consignor and parts were later added by consignor. Wozniak confirmed in an email to the consignor that this was one of his boards and that Steve Jobs had it printed."
 

Scarier than Halloween - Ponder This Over the Weekend...

In an influential 2003 paper, University of Oxford philosopher Nick Bostrom laid out the possibility that our reality is a computer simulation dreamed up by a highly advanced civilization. In the paper, he argued that at least one of three propositions must be true:
  1. Civilizations usually go extinct before developing the capability of creating reality simulations.
  2. Advanced civilizations usually have no interest in creating reality simulations.
  3. We’re almost certainly living inside a computer simulation.

Now, Columbia University astronomer David Kipping took a hard look at these propositions, also known as Bostrom’s “trilemma,” and argued that there’s essentially a 50-50 chance that we are indeed living in a simulation, Scientific American reports.

Thursday, October 29, 2020

Microsoft Says Iranian Hackers Targeted Conference Attendees

Microsoft says Iranian hackers have posed as conference organizers in Germany and Saudi Arabia in an attempt to break into the email accounts of “high-profile” people with spoofed invitations. 

The targets included more than 100 prominent people invited by the hackers to the Munich Security Conference, which is attended by world leaders each February, and the upcoming Think 20 Summit, which begins later this week in Saudi Arabia but is online-only this year.

“We believe Phosphorus is engaging in these attacks for intelligence collection purposes,” said Tom Burt, Microsoft’s security chief, in a prepared statement. “The attacks were successful in compromising several victims, including former ambassadors and other senior policy experts who help shape global agendas and foreign policies in their respective countries.” more