Friday, August 28, 2020
Open Mike Strikes Out
Cameras were rolling on the Mets' page of the MLB app Thursday afternoon and picked up a candid conversation from someone believed to be the Mets general manager.
"Baseball is trying to come up with a solution," the man says. "You know what would be super powerful?"
The man then pauses to tell the two people he's speaking to that this doesn't leave the room, unaware that the camera is rolling. more
Security Management: Which Type of Employee Do You Inspire
Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer.
He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service... According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds. more
OR...
Earlier this week, the FBI arrested a 27-year-old Russian citizen for attempting to carry out a ransomware attack against a US company. It turns out that company was Tesla.
According to a complaint shared by the Department of Justice, in July, Egor Igorevich Kriuchkov traveled to the US and contacted a Russian speaking, non-US citizen who was working at the Tesla Gigafactory in Sparks, Nevada.
After meeting with that individual, Kriuchkov allegedly proposed a deal. He would pay the employee $1 million to deliver malware to computer systems at the Gigafactory...The employee immediately informed Tesla, and the company contacted the FBI, which launched a sting operation. Agents arrested Kriuchkov in Los Angeles as he was attempting to leave the US. more
Loyal employees can be worth more than you think. Treat them fairly. Make them feel a part of the security effort, and you will have a security army working for you. ~Kevin
Tuesday, August 25, 2020
Clearly Creepy - The Billboards are Watching You
Clear Channel Outdoor, one of the world’s largest billboard companies, will in coming days roll out technology across Europe capable of letting advertisers know where people go and what they do after seeing a particular billboard.
Sounds creepy, no?Monday, August 24, 2020
Stacey Dooley Investigates, Spycam Sex Criminals - BBC
This story broke in the Security Scrapbook on March 24th. Unfortunately, the full BBC video could not be viewed outside of the UK at that time. A part of it is now available on YouTube.
This BBC report examines the "molka" phenomenon in South Korea: the proliferation of hidden wireless cameras in toilets and hotel rooms, and the culture of blackmail and revenge porn around it. "How many spycams can Stacey Dooley find in a love motel bedroom?"
Thursday, August 20, 2020
Hackers Can Now Clone Your Keys Just by Listening to Them (wtf?!?!)
Every time you unlock your front door, your key whispers a small, but audible, secret. Hackers finally learned how to listen.
Researchers at the National University of Singapore published a paper earlier this year detailing how, using only a smartphone microphone and a program they designed, a hacker can clone your key.
What's more, if a thief was able to install malware on your smartphone, smartwatch, or smart doorbell to record the audio from afar, they wouldn't even need to be physically nearby to pull off the attack.
The key (ahem) to the attack, dubbed SpiKey, is the sound made by the lock pins as they move over a typical key's ridges. more
Wednesday, August 19, 2020
Why Corporations Need a TSCM Consultant On-Board
Nowadays more than ever, corporate espionage and hacking and stealing of IP has become a business discipline – with the threat not only coming from Asia. Desperation of many businesses due to dire economic outlooks, isolationism of nations and the new security gaps have amplified the willingness to obtain competitor information.
Take car manufacturers. These companies typically go through great lengths to get hold of their competitors’ newly released models to test and often dismantle them to get more information on the parts used and build process. This is mostly seen as legal.
Daimler, for example, used a cover entity to rent and test Deutsche Post DHL’s own electric van Streetscooter. Deutsch Post discovered what Daimler was doing through the van’s location data as it had made numerous laps around Daimler’s test track. The company later accused Daimler of industrial espionage. Daimler argued, however, that it was just “Mystery shopping”.
The sudden shift to remote work has massively amplified the problem of protecting proprietary information. As companies had to implement remote access technologies fast (or upgrade existing infrastructures) to ensure business continuity, they often fell back on improvisation. This led to the frequent neglect of even the most basic security and compliance protocols. more
An educated and credentialed Technical Surveillance Countermeasures (TSCM) specialist can help solve your security concerns, some of which you didn't even know existed!
Spycam News: X-Youth Basketball Coach Sentenced to 20 Years
PA - In June 2016, James Hardcastle, 42, transported three minor boys, ages 15, 16 and 16, as their coach to Wildwood, New Jersey to participate in a basketball tournament, and shared a motel room with them in which there was no shower curtain.
The defendant installed a USB drive containing a hidden camera in a power outlet in the bathroom and surreptitiously filmed each of the minors taking showers.
Previously, in June and July 2015, the defendant also attempted to videotape two minors in a bathroom using a hidden camera while the minors were visiting his home in Bensalem. more
The camera looked something like this...
These spy cameras come in all different shapes, sizes and disguise enclosures. Learning how to spot them is easy, and may save you or someone you care about from being a victim. morePrivacy Alert - Scammers Pretending to be COVID-19 Contact Tracers
Be
aware of scammers pretending to be COVID-19 contact tracers.
Legitimate contact tracers will never ask for your Medicare Number or financial information. If someone calls
and asks for personal information, like your Medicare Number, hang up and report it to 1-800-MEDICARE. medicare.gov & more
Verizon Launches Hyper-Precise GPS Location Technology
Verizon launched its Hyper Precise Location using Real Time Kinematics (RTK), a location technology that provides location accuracy within 1-2 centimeters, on the Verizon network.
Verizon has built and deployed RTK reference stations nationwide to provide pinpoint level accuracy to RTK compatible internet of things (IoT) devices. RTK will also support emerging technologies that depend on high level location accuracy such as delivery drones and customer-approved location data for first responders during emergencies...Additionally, the rollout of hyper-precise location services paired with Verizon’s 5G Ultra Wideband (UWB) network and 5G Edge, will pave the way for more autonomous technologies. more
Saturday, August 15, 2020
Corporate Espionage in the News
RedCurl is its name.
Corporate espionage is its game.
Security researchers today published findings on a new APT group they claim has been stealing data from organizations around the world as far back as 2018. Since then, RedCurl has targeted at least 14 private companies in 26 attacks designed to steal documents containing commercial secrets and employees' personal information.
Its targets span a range of industries and locations. The group has targeted organizations in construction, finance, consulting, retail, banking, insurance, law, and travel...
There is no indication who might have hired RedCurl, where they might be based, or who is behind these attacks, he adds. The group is fairly new, and researchers hope to learn more over time.
"Corporate espionage is not something that we're used to on the cyberscene," Mirkasymov says. Researchers believe the frequency of these attacks indicates it's likely to become more widespread in the future. more
----------
Three corporate espionage reasons why VW was not a good career choice...
March 14th - Former VW employee says he was fired after questioning deletion of documents. more
June 16th - Former VW employee sought by U.S. arrested in Croatia... more
August 14th - Former VW employee under investigation for corporate espionage found dead in burned-out car...was investigated by the police on suspicion of violating business secrets. more
----------
The U.S. National Security Agency and Federal Bureau of Investigation today issued a joint cybersecurity advisory warning on a previously undisclosed form of Russian malware...although the objectives of Drovorub were not detailed in the report, they could range from industrial espionage to election interference. more
----------
Once again, LinkedIn is the battleground for nation state espionage operations. Every counterintelligence and insider threat professional should be paying attention...The goal of the social engineer is to entice the target to at least take a gander at the job offering being discussed and click the attachment which is provided. This attachment carries the payload of malware designed to compromise the device and network of the target. Once the device is compromised and the group has access to the content, their espionage goals are achieved. more
----------
...and Corporate Espionage can also be entertaining...
As the conflict between global corporations heats up, one man decides to strike back against the unseen forces that quietly rule the modern world, using an entirely unanticipated weapon — his own mind. That’s the idea at the center of American Ronin...The series is the first collaboration between writer Peter Milligan (Shade the Changing Man, Hellblazer, X-Force) and artist ACO (Midnighter, Nick Fury), with the two playing off each other’s strengths to create a story that’s part-corporate espionage, part-superhuman thriller and unlike anything else on the stands at the moment. more
Thursday, August 13, 2020
White Sims from the Dark Side
Russian SIMs. Encrypted SIMs. White SIMs.
These cards go by different names in the criminal underground, and vary widely in quality and features...Beyond spoofing phone numbers, some SIMs let a caller manipulate their voice in real-time, adding a baritone or shrill cloak to their phone calls that is often unintentionally funny. Other cards have the more worthwhile benefit of being worldwide, unlimited data SIMs that criminals source anonymously from suppliers without having to give up identifying information and by paying in Bitcoin.
The SIM cards themselves aren't inherently illegal, but criminals certainly make a noticeable chunk of the companies' customer bases. The NCA told Motherboard it has seized so-called Russian SIMs from suspects during investigations. more
Wednesday, August 12, 2020
Attack Can Decrypt 4G (LTE) Calls to Eavesdrop on Conversations
A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls.
Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower)...
Researchers say that the equipment to pull off a ReVoLTE attack costs around $7,000. While the price might seem steep, it is certainly in the price range of other 3G/4G mobile interception gear, usually employed by law enforcement or criminal gangs...
A scientific paper detailing the ReVoLTE attack is also available for download as PDF from here and here. The paper is titled "Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE." more
Saturday, August 8, 2020
Eavesdropping: A Reader (book)
The earliest references to eavesdropping are found in law books.
According to William Blackstone's Commentaries on the Laws of England (1769), 'eavesdroppers, or such as listen under walls or windows, or the eaves of a house, to hearken after discourse, and thereupon to frame slanderous and mischievous tales, are a common nuisance and presentable at the court-leet'.
Today, however, eavesdropping is not only legal, it's ubiquitous – unavoidable. What was once a minor public-order offence has become one of the key political and legal problems of our time, as the Snowden revelations made clear.
Eavesdropping addresses the capture and control of our sonic world by state and corporate interests, alongside strategies of resistance. For editors James Parker (Melbourne Law School) and Joel Stern (Liquid Architecture), eavesdropping isn't necessarily malicious.
We cannot help but hear too much, more than we mean to. Eavesdropping is a condition of social life. And the question is not whether to eavesdrop, therefore, but how. buy or free (pdf)
Friday, August 7, 2020
1650 Kircher Musurgia Listening Devices
Vol. 2 (Af-x.10): plate between pages 302 & 303 |
The illustration depicts a piazza-listening device.
The voices from the piazza are taken by the horn up through the mouth of the statue in the room on the piano nobile above, allowing both espionage and the appearance of a miraculous event. more
The modern eavesdropping equivalent is the ventilation plenum. Acoustical ducting is something most people don't consider when concerned about eavesdropping. We do.
Woman Charged with Wiretapping at Church
MD - A woman is facing felony wiretapping charges on allegations she secretly recorded board meetings at the Four Quarters Interfaith Sanctuary.
Rosanna
E. Tufts, 61, of Cockeysville, was charged with 11 counts of
interception, disclosure or use of wire, electronic or oral
communication. more
Corporate Espionage Quote of the Week
"The threat model in corporate espionage is absolutely one of theft of property. It’s a lot easier to steal somebody’s laptop than to hack it." ~ toxik
National Security Concerns — Executive Orders Against TikTok
President Trump issued two executive orders late Thursday against China-based TikTok and messaging app WeChat, citing national security concerns in a sweeping order that could prevent the companies from doing most business in the United States....
“This data collection threatens to allow the Chinese Communist Party
access to Americans’ personal and proprietary information — potentially
allowing China to track the locations of Federal employees and
contractors, build dossiers of personal information for blackmail, and
conduct corporate espionage,” the TikTok order reads. more
Satellite Comms Globally Open to $300 Eavesdropping Hack
Essentially what this means is that if they were able to perform an
interception, adversaries could eavesdrop on vast sections of the globe. more
Thursday, August 6, 2020
Stay Safe - Stay Feeling Good
• I'm not feeling very social right now!
• A warning to spies that you are protected against electronic surveillance.
Recent Spycam News
You too can find hidden spy cameras. more
Wednesday, August 5, 2020
Personal Alert: Home Sellers Eavesdropping on Buyers
NSA Tells Mobile Users Beware of Find-My-Phone
Tuesday, August 4, 2020
How to Hide from Drones in the Age of Surveillance
Monday, August 3, 2020
Staffing Firm Alleges Corporate Espionage by Former Employees
In a 54-page filing with the Federal District Court in Northern District earlier this month, Adecco accuses the upstart Staffworks of raiding its Corning, Elmira, Utica and Syracuse staff to steal proprietary account information and using it to steal long-established business...
- Former employees commandeered a Adecco Corning office Facebook page for their own use, renaming it and taking control of posts.
- A former Adecco employee broke into locked office filing cabinets, drilling through locks, "to remove colleague personnel files and other Adecco documents containing confidential information." The employee contends she was only trying to obtain personal items from the locked cabinet.
- Proprietary pricing information and profit margin details was emailed from internal email accounts to personnel accounts before Adecco cut off access.
- Those named in the suit refused to return company laptops and mobile devices with critical and confidential client and company details.
- In their last weeks of employment , three defendants sabotaged client relationships by failing to enter information into a payroll system, later using the foul-up as evidence that Adecco was "going downhill," in an attempt to land new clients. more
The Vatican Hack
A report, released July 28, said that hackers may have used a counterfeit condolence message from Cardinal Pietro Parolin, the Vatican Secretary of State, to gain access to Vatican communications. more
Block TikTok, or Microsoft to the Rescue
U.S. Secretary of State, Mike Pompeo, claimed that TikTok sends user data to China, exerting pressure on the video-sharing social networking service. Pompeo brought attention to the fact that if personal information flows across a Chinese server, it will eventually end up in the hands of the Chinese Communist Party which he calls an “Evil Empire”.
TikTok has denied U.S. allegations but a report by cyber experts at ProtonMail says otherwise. The report is more a warning as it states – “Beware, the social media giant not only collects troves of personal data on you, but also cooperates with the CCP, extending China’s surveillance and censorship reach beyond its borders.” more
In other news...
Microsoft said Sunday it will continue talks to buy short-form video app, TikTok after its chief executive spoke with President Trump, following a weekend of uncertainty clouding the future of the Chinese-owned app. more
Connect the Dots...
When Microsoft bought Skype, Wired Magazine noted, "The Skype client itself is written almost as if it were a piece of malware, using complex obfuscation and anti-reverse engineering techniques, and it would be disquieting for Microsoft to release something that behaved in such a shady way; at the very least, the client would surely have to be rewritten to avoid the obfuscation and outright hostility to
managed networks that Skype currently has... Ultimately, it's hard to see how the Skype purchase is worthwhile from a
technology or user-access perspective. The technology isn't good enough
and the users aren't lucrative enough or plentiful enough to justify
it. more
Pure Conjecture Disguised as Analysis...
Microsoft already had Windows Live Messenger. Did it really need Skype? Skype you might recall was a predominately Estonian-based encrypted platform. It was giving governments fits worldwide. Then, in 2011, Microsoft bought it. Guess what happened.
TikTok, it appears, is also giving government fits. Who ya gonna call?