Tuesday, August 31, 2021

A Spy, a Botanist, and a Strawberry

The year was 1712. An engineer in the French Army Intelligence Corps named Amédée-François Frézier was sent by King Louis XIV on a reconnaissance mission to Chile. Between covert visits to Chilean military fortifications where he posed as a tourist in order to gain access, Frézier was also charged with documenting the local flora and fauna. One day he came upon a familiar sight: a berry that looked similar to one he knew from Europe, but significantly larger...

Frézier packed up some of these plants and took them back to France where they were planted among other species. The crossing of Fragaria chilenosis with another species from the new world, Fragaria virginiana, resulted in a hybrid that would eventually become the strawberry we know today... Eventually the hybrid made its way back across the Atlantic and took hold in North and South America.

Did you happen to notice our French spy's name, Frézier? That might sound familiar because the French word for strawberry is fraise. An ancestor of Frézier’s was knighted and bestowed the name by the king of France in the year 916 after offering his highness a gift of ripe strawberries. Seems it was Amédée’s destiny to become intertwined with this noble berry. more

Monday, August 30, 2021

Weird Files: Somewhat Covert Microphone is a Blast & Bugged Bugs

The GREEN12 is a cardioid directional, small diaphragm electret condenser microphone that is a great choice for users that are looking for a slim profile, high-quality microphone which is perfect for most professional, semi-professional, and home-recording applications. 

Its cardioid capsule and machined vents allow for high off-axis rejection and a focused recording, great for stringed acoustic instruments. 

The GREEN12 is handmade from an actual discharged 12Ga shell. more

---

The first Asian giant hornet nest of 2021 was found Thursday morning, Aug. 19, in a rural area east of Blaine, about one-quarter mile from where a resident reported a sighting of a live Asian giant hornet on Wednesday, Aug. 11.

The state agriculture staff netted, tagged with a tracker and released three of hornets Aug. 11, to Tuesday, Aug. 17, according to a news release from the Washington State Department of Agriculture. One of the so-called “murder hornets” slipped out of the tracking device, another hornet was never located and one eventually led the team to the nest. more


Read more here: https://www.bellinghamherald.com/news/local/article253621598.html#storylink=cp

Friday, August 27, 2021

Controversial Tool That Lets Kids Spy on Their Parents

A new tool that may give one or two parents -- and many, many kids -- pause for thought.

It's called Parent Track and it's the mindchild of environmentally caring soap brand Gelo.

The idea is that kids can install the Parent Track ad tracker onto their parents' devices. This will, well, guilt them into not buying environmentally questionable products and drive them to eco-positive awareness tools...

Not everyone will be positively moved by the message Gelo sends when a parent's device is signed up. 

It reads: "You just signed up this device, allowing us to follow your parents around the internet, reminding them to quit single-use plastics for good. By doing so, you set them on a more sustainable path and may very well have saved the planet. Our thanks just don't feel like enough."

Perhaps more parents buying Gelo products -- so that Gelo would make more money -- would feel like enough. more

Spies for Hire: New Breed of Hackers Blends Espionage and Entrepreneurship

China’s buzzy high-tech companies don’t usually recruit Cambodian speakers, so the job ads for three well-paid positions with those language skills stood out. The ad, seeking writers of research reports, was placed by an internet security start-up in China’s tropical island-province of Hainan.

That start-up was more than it seemed, according to American law enforcement. Hainan Xiandun Technology was part of a web of front companies controlled by China’s secretive state security ministry, according to a federal indictment...

The accusations appear to reflect an increasingly aggressive campaign by Chinese government hackers and a pronounced shift in their tactics: China’s premier spy agency is increasingly reaching beyond its own ranks to recruit from a vast pool of private-sector talent.

This new group of hackers has made China’s state cyberspying machine stronger, more sophisticated and — for its growing array of government and private-sector targets — more dangerously unpredictable. more

Thursday, August 26, 2021

Personal Security: Remove Your House from Apple Maps, Google Maps & Bing Maps

If you’d like to opt out of a property you own or rent appearing in one of these street-level views, you can use a reporting or request method in each service:

  • Apple: Apple requires that you email them “to request that a face, license plate, or your own house be censored.” The address is MapsImageCollection@apple.com.
  • Google: Visit maps.google.com and go to the address of concern. Expand the side panel on the left, then click the photo in the side panel to have it enlarge in your browser. Look for an info box in the upper left of the photo and click on the icon of the three vertical dots. In the pop-up that appears, click “Report a problem” and select what you would like to have blurred from the “Request blurring” list of options. You can also submit via the Google Maps app.
  • Microsoft: Visit Bing Maps, click “Report a privacy concern with this image” at the lower-left corner of the page, and select House (or another option) from “What kind of concern do you have?” You can describe in the text box below that you want to have your house blurred. more

Wednesday, August 25, 2021

Cyber Attacks Are Making Work-From-Home Expensive for Businesses

Working from home during the pandemic cost German companies some 53 billion euros ($62 billion) worth of damages from cyber attacks, according to estimates by the Cologne Institute for Economic Research.

Overall damages hit a record 224 billion euros last year, more than double the value reported in a 2019 survey. Increased remote work accounted for about a quarter of the increase, according to researcher Barbara Engels, whose calculations are based on a Bitkom survey. more



IoT News: Data from Over 116.5 million Smart Devices Go Here

From rooftop to basement and the bedrooms in between, much of the technology making consumer products smart comes from a little-known Chinese firm, Tuya Inc. of Hangzhou. More than 5,000 brands have incorporated Tuya’s technology in their products... Smart home thermostats. Smart home security cameras. Smart refrigerators. Smart TVs. Smart pet feeders. Smart breast pumps...

Tuya says as of 2020, its services cover more than 1,100 categories, such as healthcare, agriculture and apartment management, and are sold in more than 220 countries and regions globally in over 116.5 million smart devices... including Dutch multinational Philips, and TCL, the Chinese electronics company that makes Roku TV, according to the company. Global retailers Amazon, Target and Walmart sell consumer products that use Tuya’s technology.

Some cybersecurity experts worry about the lack of protection for the consumer data collected by Tuya tech in household items and in products used in health care and hospitality. more

Fax Security Alert: One Picture Worth 1000 Hacks

Security researchers have found a way to remotely execute code on a fax machine by sending a specially crafted document to it. So… who cares about fax? Well apparently a lot of persons are still using it in many institutions, governments and industries, including the healthcare industry, legal, banking and commercial. Bureaucracy and old procedures tend to die hard.

"Our research set out to ask what would happen if an attacker, with merely a phone line at his disposal and equipped with nothing more than his target`s fax number, was able to attack an all-in-one printer by sending a malicious fax to it.

In fact, we found several critical vulnerabilities in all-in-one printers which allowed us to ‘faxploit’ the all-in-one printer and take complete control over it by sending a maliciously crafted fax." more

 

Friday, August 20, 2021

Wanted: Disgruntled Employees to Deploy Ransomware

 via krebsonsecurity.com
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

 
Image: Abnormal Security.

Crane Hassold, director of threat intelligence at Abnormal Security, described what happened after he adopted a fake persona and responded to the proposal in the screenshot above. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network.

This particular scammer was fairly chatty, and over the course of five days it emerged that Hassold’s correspondent was forced to change up his initial approach in planning to deploy the DemonWare ransomware strain, which is freely available on GitHub. more

Thursday, August 19, 2021

IoT Bug Impacts Millions of Devices - Allows Hackers to Spy on You

Security researchers have discovered a critical vulnerability affecting millions of IoT devices which could allow attackers to spy on you by tapping into real-time camera feeds.

The security issue impacts products from various manufacturers that provide video and surveillance solutions, as well as home automation IoT systems, which are all connected via ThroughTek’s Kalay IoT cloud platform.

American cybersecurity firm Mandiant revealed the CVE-2021-28372 bug after reporting it to the Cybersecurity and Infrastructure Security Agency (CISA).

Because the Kalay platform is used by devices from a large number of manufacturers, it is difficult to create a list with the affected brands. Mandiant were unable to determine how many devices are affected, but they warned that more than 83 million users are currently using Kalay. more

An adversary would be able to remotely compromise an IoT device by exploiting the flaw and could compromise device credentials, watch real-time video data, and listen to live audio. more

Russian Spy Ship Loitering Near Trans-Atlantic Internet Cables

The Russian Navy related ship Yantar has turned up off the Atlantic coast of Ireland. An Irish Defence Forces spokesperson said that the Irish Navy is aware of the ship.

The ship carries a range of deep-diving submersibles and sonar systems and has been suspected of operating on undersea cables before.

Yantar took up a stationary position between two undersea internet cables on Tuesday morning. According to AIS (automated identification system) positions collected by MarineTraffic.com, the ship moved into a position between the cables around 4am local time. She has remained there for most of Wednesday before resuming her journey southwest. more

Apple's Double Agent Spy Blows Cover Over Pay

An active member of the Apple jailbreak and leaking community reportedly served as a "double agent" and spied for the Cupertino tech giant's security team.

Andrey Shumeyko, who goes by handles JVHResearch and YRH04E, advertised leaked Apple apps, internal company documents, and stolen devices to a community that traded in such commodities. However, unbeknownst to others in the community, he also shared a wealth of details about its inner workings to Apple.

According to Motherboard, Shumeyko reportedly provided Apple with the personal information of people who sold stolen prototype devices and Apple employees who leaked information online...

Shumeyko said he is sharing his story because he felt like Apple took advantage of him and didn't compensate him for the information that he provided to the company's Global Security team. more

Your Own Personal License Plate Reader

via Theodore Claypoole, Womble Bond Dickinson (US) LLP 

Somewhere along the path between doorbell cameras and anti-tank weapons lies the newest home protection equipment – privately-owned license plate readers. A new company straight out of Y Combinator is offering machine-learning license plate capture technology for your home and office. Flock Safety, a start-up that describes itself in press releases as a crime-solving company, offers for sale TALON, a national network of automatic license plate readers. Anyone can own a node in this network.

Until recently, license plate readers had been the province of law enforcement... more

OK, how much?

The Flock Safety Falcon camera is $2,500 per camera per year, with a one-time $250 installation cost. This price includes everything — installation, maintenance, footage hosting, cellular service, and software updates. The Sparrow camera (a lighter and smaller version of our Falcon camera) costs slightly less with the same basic subscription model. more

Two U.S. Officials in Germany Treated for Havana Syndrome

At least two U.S. officials stationed in Germany sought medical treatment after developing symptoms of the mysterious health complaint known as Havana Syndrome, U.S. diplomats said.

The symptoms, which included nausea, severe headaches, ear pain, fatigue, insomnia and sluggishness, began to emerge in recent months and some victims were left unable to work, the diplomats said. They are the first cases to be reported in a NATO country that hosts U.S. troops and nuclear weapons. more

Tuesday, August 17, 2021

“Glowworm” Can Eavesdrop via Devices’ Power LEDs

Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations.

The Cyber@BGU team—consisting of Ben Nassi, Yaron Pirutin, Tomer Gator, Boris Zadov, and Professor Yuval Elovici—analyzed a broad array of widely used consumer devices including smart speakers, simple PC speakers, and USB hubs. The team found that the devices' power indicator LEDs were generally influenced perceptibly by audio signals fed through the attached speakers.

Although the fluctuations in LED signal strength generally aren't perceptible to the naked eye, they're strong enough to be read with a photodiode coupled to a simple optical telescope... more 

Check out the other eavesdropping hits that have come out of Ben-Gurion University... here

Friday, August 13, 2021

The Philadelphia Experiment Isn't the Only Thing Missing

When one thinks of spy stories, one usually thinks of foreign cites such as Hong Kong or Berlin, but espionage is being committed right here in Philadelphia.
Economic espionage occurs in Philadelphia as the city and surrounding suburbs are home to major corporations, major universities, and major defense contractors. Technologically advanced firms, small innovative companies, as well as chemical, critical manufacturing, energy, and public health organizations, are also targeted. more

This Week in Spy News

Germany Arrests British Embassy Worker Suspected of Spying for Russia
Prosecutors accuse the British man of handing over documents to Russian agents for cash, amid growing concerns that Germany is increasingly caught in the cross hairs of international spying. more

A Chinese court has sentenced Canadian businessman Michael Spavor to 11 years in prison for espionage, more than two years after he was first detained. Spavor, a Beijing-based businessman who regularly traveled to North Korea, was sentenced after being found guilty of spying and illegally providing state secrets to foreign countries, the Dandong Intermediate People's Court said in a statement Wednesday. more

Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted. The National Security Agency’s Inspector General Robert Storch has announced a review of whether the agency illegally conducted cyber-espionage and collected the electronic communications of Fox News opinion-show host Tucker Carlson, who has accused the NSA of trying to capture embarrassing information that might lead to him being taken off the air. more

China Sighted by CIA

The Central Intelligence Agency is weighing proposals to create an independent “Mission Center for China” in an escalation of its efforts to gain greater insight into the U.S.’s top strategic rival, according to people familiar with the deliberations.

The proposal, part of a broader review of the agency’s China capabilities by CIA Director William Burns, would elevate the focus on China within the agency, where China has long been part of a broader “Mission Center for East Asia and Pacific.” more

Tips for Closing Hard-to-Delete Online Accounts

 via Consumer Reports

Tips for Deleting Old Accounts

Deleting your old accounts can be a time-consuming and sometimes frustrating process. Some guidelines to speed things along...
  • Check to see if anyone has figured out the steps. Google “how to delete [company name] account” and you’ll often find instructions. (A step-by-step guide to deleting two dozen common accounts.)
  • Go to the Settings page first. Companies sometimes put the delete button in settings, account menus, or pages to edit your profile; it varies by company.
  • Try the privacy policy. Privacy policies often include instructions, and you can search for words like “account,” “delete,” “close,” or “deletion.”
  • Explore the Help menus. If there’s a Help menu or an FAQ section on a website, you can often find deletion instructions there.
  • Try customer service. When available, text chats are usually faster than phone calls in my experience.
  • Take advantage of privacy laws. California’s privacy law, the CCPA, requires most businesses to let state residents delete data collected from them. Companies don’t have to fulfill a deletion request if you’re not a resident, but some honor requests from anyone. Look for “California” or “CCPA” in privacy policies for details.
  • Don’t forget the accounts you’ve forgotten. You may have registered for accounts years ago that have slipped your mind. A whole article with detailed instructions on how to find them. Some tips to get started: Google your email address and old usernames; check for saved log-ins in your web browser or password manager; search your email inbox for old “welcome” messages. Try variations on phrases like “welcome to,” “new account,” “password,” or “confirm your email.” more

Tuesday, August 3, 2021

The NSA's Wireless Device Best Practices

Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks (e.g., conference or hotel Wi-Fi®) are secure. Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings.

This infosheet gives National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users the best practices for securing devices when conducting business in public settings. It describes how to identify potentially vulnerable connections and protect common wireless technologies, and lists steps users can take to help secure their devices and data. 

While these best practices cannot ensure data and devices are fully protected, they do provide protective measures users can employ to improve their cybersecurity and reduce their risks. more