Thursday, September 23, 2021

Security Director Alert: Check for Spyware When Execs Travel

Smartphone, laptop, etc. device check service for traveling users.  

Detect Pegasus and other 0-click and 1-click spywares. Check before and after executives enter high-risk countries to determine their exposure and perform remediation. Prevent introducing foreign threats to your network. Service is a ZecOps product. more

Reasons You Should Never Connect To Public Wifi

There Are Too Many Risks
Put simply, the risks you take when you connect to Wifi in public places such as libraries, stations, cafes, and shopping malls are often too great to make the benefits worthwhile...

  • Misuse of personal data Distribution of malware
  • Insecure connection
  • Online attacks on business
  • Eavesdropping

Hackers or anyone with a sound knowledge about internet software and applications can eavesdrop on your personal data if they are using the same public Wi-Fi connection as you are...

  • Try not to share your personal data while you are using a personal Wi-Fi connection.
  • Avoid logging in to websites that involve your personal or bank credentials.
  • Try using a VPN (virtual Private Network) service that will help you to encrypt all the data you receive or send.
  • Use 2-Factor authorizations that will make your connection secure and prevent the risk of data loss.” more

Grain of Sand Sky Spies

A new microchip roughly the size of a grain of sand that has the potential to glide across great distances is being touted as a breakthrough for aerial surveillance.

Key points: 

  • The devices are about the size of a grain of sand and can transmit wirelessly
  • Remote sensing technology was originally developed for warfare
  • The researchers hope the technology can be used to help monitor disease spread

Collaborating scientists from institutions including Northwestern University in the United States and Soongsil University in Korea have created what they believe are the world's smallest ever "human-made flying structures", which can be fitted with microchips and sensors and have the capacity to transmit data remotely.

The microchips can be dropped from the sky and potentially used to monitor environmental impacts and the spread of disease.The researchers, who published their findings today in the journal Nature. more

NFL Spying Book in the Works

Spies on the Sidelines - The High Stakes World of NFL Espionage

A NON FICTION BOOK BY KEVIN BRYANT

After the NFL’s Spygate controversy, involving the New England Patriots illicitly recording the defensive signals of the New York Jets in 2007, NFL fans and pundits alike struggled to answer a lingering question: Were the Patriots the only team spying on their opponents or was espionage a commonplace activity in the NFL? 

Everyone had an opinion, but few could offer more than a gut feeling to back up their claims and for good reason...

Well, that was before. Spies on the Sidelines shines a light on the shadowy world of NFL espionage and exposes the full range of collection techniques teams use to spy on their opponents, as well as the defensive countermeasures that are used to defend against these threats. more

Have a Little James Bond in You? Have I Got a Car for You!

ASTON MARTIN DB5 JUNIOR

No Time To Die Edition

From Goldfinger to No Time To Die, Bond has never been far from his Aston Martin DB5. This car has arguably been part of his DNA for over 50 years. Now, an exclusive partnership between Aston Martin, EON Productions and The Little Car Company brings you the Aston Martin DB5 Junior No Time To Die Edition.

Limited production run of 125 vehicles.

Created at 66% scale of the original, with a fully electric powertrain, the DB5 has been reimagined for Bond fans worldwide. As an official Aston Martin model, the No Time To Die edition will pay homage to the rich history of the brand with Silver Birch paintwork, Smiths instruments, and individually numbered chassis plates. Complete with Aston Martin and 007 badging, this car is unmistakably Bond.

The DB5 Junior is designed to offer seating for an adult and child side by side, to allow all generations of Bond fans to share the love of driving. more

Wednesday, September 22, 2021

Pegasus: How The Spyware Invades Phones & What It Does

What is Pegasus?
Is Pegasus a hacking software or spyware? It is pipped as the best version of both worlds that was developed, marketed, and licensed to governments around the world by the Israeli company NSO Group. This is because of the intrusive nature it possesses where it can infect and silent surveillance on billions of phones running either iOS or Android operating systems. 

Pegasus was first discovered in 2016 in a group of mobile devices which were infected via a spear phishing campaign which tricked users into clicking on malicious links which would install the spying software. However, recent versions of the spyware are much more sophisticated and require zero interaction from the victim for delivery and execution.

How it works?
The spyware executes via a zero-click exploit. This means that a victim does not need to interact with the initial delivery vector of the spyware for the malicious code to be executed. The victim receives a message on SMS, WhatsApp, iMessage or any other messaging application. As soon as the message is received the spyware is executed and all traces of the message are deleted. This implies that the user’s device will be infected with the spyware, without the user being aware of even receiving any suspicious message. more



From the Weird File: Drone Strike by a Ravin' Raven

Is it a bird?
Is it a plane?
It's a raven swooping on a drone attempting to make a delivery to a Canberran craving caffeine.

Key points:

  • Drone service Wing temporarily halts its drone deliveries to the Canberra suburb of Harrison
  • The company says it has received reports of birds swooping on objects during nesting season
  • The pause on deliveries will allow bird experts to investigate the behaviour of ravens

A battle for aerial dominance is emerging as nesting season coincides with a surge in demand for drone deliveries during Canberra's lockdown.

Drone delivery service operator Wing has paused flights in the northern suburb of Harrison while bird experts assess the behaviour of local ravens to ensure their welfare is safeguarded. more

Tuesday, September 21, 2021

Spy Tip 592 - How to Eavesdrop More Effectively

Dr Anthony Youn explained that there is a way you can listen into a chat that wasn’t meant for you.

He explained: “Try listening with your right ear and not your left – your right ear is connected to the left side of your brain which processes speech and language.”

His posts on body hacks have gone viral and include a range of tricks and trips.

He also revealed how you can get rid of hiccups. more

BAT S#!T Crazy - Corporate Espionage Gone Wild

In the past week, a spate of reports, including from the BBC and the University of Bath, has detailed how British American Tobacco (BAT) ran a spy ring in SA.

Of course, none of this is new – we’ve been writing about it for aeons now. But because so much time has lapsed since this story initially broke in SA, perhaps a recap is in order.

Years ago, BAT took off the gloves in a bid to claw back market share from competitors who emerged selling the same product, but cheaper. 

BAT’S strategy was simple: disrupt its competitors to the point of making it impossible for them to operate. 

To do this, BAT relied on a security firm — Forensic Security Services (FSS) — to co-ordinate activities, under the guiding hand of British American Tobacco SA’s (BAT SA’s) anti-illicit trade head. But it also used a series of in-place “agents” at its competitors’ businesses even as it co-opted law enforcement agencies and deployed a shared agent with the State Security Agency (SSA): triple agent and honey trap Belinda Walter.

All of this was monitored from BAT’s global headquarters, Globe House in London.

One former employee explained it as follows: “Our primary work description was to spy on competitors and disrupt business operations on behalf of BAT SA, [which] was fully aware that FSS was obtaining information illegally, and these (sic) included obtaining recorded conversations.”  more

BlackBerry Updates SecuSUITE to Secure Phone Calls from Eavesdropping

BlackBerry has announced that its SecuSUITE for Government offering now provides certified end-to-end encryption of all group phone calls and instant messages for governments and enterprises alike.

As a result of the global pandemic, millions of employees are working from home, with many teams turning to group calling methods to ensure business continuity. However, enterprises and government officials around the world are increasingly being targeted by coordinated eavesdropping attacks. SecuSUITE protects these individuals against identity spoofing, metadata harvesting and communications interceptions, which can compromise sensitive discussions and major operations. more  infographic

Peyton Manning - Patriots Locker-Room Bugging Accusation

The New England Patriots’ cheating scandals didn’t stop at Spygate and Deflategate, according to Peyton Manning.

Manning said that he knew the Patriots bugged the visiting locker room at Gillette Stadium with hot mics to eavesdrop on conversations between opposing players.

“Every time I played against New England, I used to talk to my receivers in the showers,” Manning said during ESPN’s “Monday Night Football Manning-cast in Week 2’s matchup between the Green Bay Packers and Detroit Lions.“Don’t talk about a play next to my locker because I know it’s bugged. I know it’s got a hot mic in there... more

Tuesday, September 14, 2021

I've been hacked! Now what?

Check these links for some instant advice and assistance...

https://www.justice.gov/criminal-ccips/reporting-computer-internet-related-or-intellectual-property-crime

https://www.consumer.ftc.gov/articles/how-recover-your-hacked-email-or-social-media-account

https://www.kaspersky.com/resource-center/threats/what-to-do-if-your-email-account-has-been-hacked

https://www.cnet.com/tech/services-and-software/when-you-get-hacked-figuring-out-who-to-call-for-help-can-be-a-puzzle/

https://www.popularmechanics.com/technology/security/a34284848/steps-to-take-if-you-have-been-hacked/

https://support.google.com/accounts/answer/6294825?hl=en

https://www.csoonline.com/article/3617849/15-signs-youve-been-hacked-and-how-to-fight-back.html

FTC Shuts Down Smartphone Spyware App Company

The Federal Trade Commission (“FTC”) reached a settlement with stalkerware app company Support King, LLC d/b/a SpyFone.com and its CEO (collectively “SpyFone”) to resolve allegations that it secretly harvested and shared smartphone owners’ physical location data and information about their phone use and other online activities, and that it exposed smartphones to hacker attacks in violation of the FTC Act.

The complaint alleged that SpyFone’s apps provided real-time access to the data of smartphone owners through a hidden device hack that allowed others, including stalkers and domestic abusers, to track the smartphones on which the apps were installed. In addition, SpyFone’s lax security measures, including storing sensitive information without encryption, exposed consumers to hackers and other cyber threats, including through a 2018 breach of SpyFone’s servers in which the personal information of 2,200 consumers was accessed and stolen.

Under the terms of the proposed consent order, SpyFone will disable its stalkerware apps and destroy all personal information collected through these apps. more

Alert: Apple iOS 14.8 Security Update Spikes Spyware Flaw

 Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. 

The fix, earlier reported by The New York Times, stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. more

Monday, September 13, 2021

Urban Drone Detection is Due to Become Easier Thanks to 5G

The Department of Homeland Security (DHS) Small Business Innovation Research (SBIR) Program awarded $750,000 to Texas-based small business Cobalt Solutions Inc. to develop a detection and tracking sensor system that can identify nefarious small unmanned aerial vehicles (UAV) in an urban environment...

Cobalt’s technology increases the number of exploitable drone signatures for detection and tracking,” said Dr. Jeff Randorf, DHS S&T engineering advisor and SBIR topic manager. “As more 5G mmWave transceivers are deployed in city centers, the ability to detect and track drones in complex urban geometries becomes easier, while not contributing to an already crowded radio frequency spectrum.” more

Friday, September 10, 2021

Top 10 5G Security Concerns

5G security is inherently prone to security vulnerabilities. Previous-generation networks relied on centralized hardware-based functions that provided security choke points that were relatively easy to monitor. Endpoints in distributed software-defined (SD) networks like 5G are more difficult to keep an eye on.

While 5G addresses security issues in previous-generation wireless networks, for example with enhanced encryption, anti-tracking, anti-spoofing and network slicing features, security holes cybercriminals could potentially exploit have been identified. Some of the security vulnerabilities detected early on were linked to previous-generation networks loopholes. These included ones that allowed attackers to expose a user's location, downgrade their service to a less secure legacy that was more easily attacked, run up costly wireless bills and track users’ activities. more

Thursday, September 9, 2021

Spy Tech - Facebook and Rayban (Possibly Raybanned in some locales)

The first thing you'll notice about Facebook’s new camera glasses is that they are not called Facebook Glasses — they are called Ray-Ban Stories. This is because they are made in partnership with Ray-Ban (a cool company that no one hates), and Facebook has had a rough couple of years in the public eye. And “Stories” because, you know, Instagram stories and Facebook stories and also Snapchat "story,"

...the real danger here isn’t to your data — it’s the fact that you’re walking around wearing barely perceptible spy glasses, taking videos and photos of anyone you want, likely without them noticing...

If the idea of camera sunglasses seems familiar, perhaps that’s because it sounds like Snapchat Spectacles, which launched in 2016. In what I can only imagine is a loving tribute, Facebook has named its camera sunglasses “Stories” after the other signature product that Facebook/Instagram lifted from Snapchat. more

Tech stuff: "Dual 5MP camera gives your content new depth and dimension. Takes high resolution photos (2592x1944 pixels) and quality video (1184x1184 pixels at 30 frames per second)."

Not as dorky as past creepy-peepies, these glasses may not be recognized as spy glasses at first glance. (Maybe a Buddy Holly or Maurice Moss meets Zuck mash-up instead.) In fact, "Facebook says it's a violation of the Terms of Service to cover up the light that comes on when you're recording." Right, like that's gonna work. Additionally, "Facebook is discussing building facial recognition into its upcoming smart glasses product..." What could possibly go wrong? more

FutureWatch: Laser Through a Keyhole Can Expose Everything in a Room (somewhat)

If you're worried about privacy, it might be time to cover up your front door's peephole.

Being able to see inside a closed room was a skill once reserved for super heroes. But researchers at the Stanford Computational Imaging Lab have expanded on a technique called non-line-of-sight imaging so that just a single point of laser light entering a room can be used to see what physical objects might be inside...

It’s an incredibly clever technique, and one day it could be a very useful technology for devices like autonomous cars that would potentially be able to spot potential hazards hidden around corners long before they’re visible to passengers in a vehicle, improving safety and obstacle avoidance...

The research could one day provide a way for police or the military to assess the risks of entering a room before actually breaking down the door and storming their way inside, using nothing but a small crack in the wall or a gap around a window or doorway.  more

‘Havana Syndrome ’ and the Mystery of the Microwaves

Doctors, scientists, intelligence agents and government officials have all been trying to find out what causes "Havana syndrome" - a mysterious illness that has struck American diplomats and spies. Some call it an act of war, others wonder if it is some new and secret form of surveillance - and some people believe it could even be all in the mind. So who or what is responsible?

It often started with a sound, one that people struggled to describe. "Buzzing", "grinding metal", "piercing squeals", was the best they could manage.   

...Havana syndrome first emerged in Cuba in 2016. The first cases were CIA officers, which meant they were kept secret. But, eventually, word got out and anxiety spread...

Uncovering the truth has now become a top US national security priority - one that an official has described as the most difficult intelligence challenge they have ever faced.  more  history

Wednesday, September 8, 2021

Martian Helicopter - Coincidence or Espionage? You Decide.


China’s National Space Science Center is working on an aerial drone that bears a striking resemblance to NASA’ Ingenuity helicopter, currently on Mars.
It’s got four outstretched wiry legs, two rotors stacked atop each other, and a simplified fuselage. It’s China’s take on NASA’s wildly successful aerial drone.

A press release from China’s National Space Science Center suggests the vehicle, called the “Mars cruise drone,” has passed acceptance and will presumably advance to the next stage of development. Eventually, the Chinese aerial drone could make it to Mars, where it will patrol the landscape and further China’s exploration of the Red Planet. To that end, the Mars cruise drone will be equipped with a spectrometer for performing aerial surveys and for studying the Martian geology. more

Espionage - It Still Happens and it Still Matters

The Director General of Mi5 noted in his annual threat update hostile states seeking to spy on certain governments is as old as the hills. Nevertheless, it still happens, and it still matters. Hostile States utilising someone on the ‘inside’ to acquire privileged information makes their job so much easier.  Recently we have seen media coverage of a security officer at the British Embassy in Berlin arrested on suspicion of acting on behalf of a foreign intelligence agency.    

This blog serves as a reminder that traditional spycraft does exist and importantly provides you with some high-level protective security principles that your organisation should consider.  more


 

Friday, September 3, 2021

Security Director Alert: Wireless Key-Logger Hides in USB-C to Lightning Cable


A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.


Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables...

“We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” he added...

...the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.  more

These spy cables come in various configurations, including standard USB charging cables. They look exactly like authentic cables. An electronic test can identify a malicious spy cable easily. In fact, you can do it yourself. Click here for instructions.

Wednesday, September 1, 2021

Last Month in Spycam News

FL - Pembroke Pines Police said Thursday that the owner of Master Franco’s Taekwondo Academy on Pines Boulevard is facing additional video voyeurism charges. Robert Franco, 64 was already facing charges for placing nanny cameras in the bathroom of his Pembroke Pines facility. more

UK - A vile sexual deviant who snooped on a woman as she got changed at a swimming pool was found to possess 30 more videos of people getting changed - including children... unaware victim was getting changed...when she noticed a towel from the cubicle next to her along with a hidden mobile phone. more

WY - A Casper man (Douglas Michael Dickey) facing accusations that he recorded multiple videos of people using the restroom at a restaurant where he used to work has changed his plea in the case... “Dickey’s face [was] also observed when he started the recording of the video,” detectives write in the affidavit. “Setting up his cell phone by placing it next to the toilet and covering the cell phone from his victims. The videos also showed Dickey wearing his [uniform] and his employee name tag. Each of the videos ended with Dickey looking into the cell phone as he recovered the phone and ended the recording.” more

FL - Former Gulf Breeze Mayor Edward “Ed” Merrill Gray III has been sentenced to five years in state prison for secretly recording teen boys in his shower. more 

FL - A 34-year-old Port Orange man is charged with 25 counts of Video Voyeurism for secretly videotaping his child's nanny in his home... A digital clock in that bathroom struck the nanny as "weird." She explained that the clock "faced directly towards the shower and a blank wall. more

UK - Louise was nearly six months' pregnant when she spotted something suspicious after having had a massage - a digital clock wired up to a laptop computer. Immediately afterwards Louise - not her real name - searched online for "digital clock, hidden camera". The first result confirmed her worst fears. more

UK - A GREATER Manchester Police employee has today been sentenced for voyeurism in the workplace after secretly filming colleagues on the toilet. more

NY - According to arrest records from Seneca Police...Andrew Ballenger Johns, age 26 of West Union, was booked into jail on a charge of voyeurism... Judge Susan Harris alleged that Johns “knowingly video recorded the victim, a 26-year old female, without her knowledge or consent while she was in a place that she had reasonable expectation of privacy…and that he did position a cell phone set to record inside a bathroom of a residence.” more

N. Ireland - A Belfast-based private tutor is to stand trial over allegations that he secretly recorded a group of schoolgirls, a judge ordered today. more

UK - Cheshire pervert secretly filmed women and young girls on the toilet in pubs...A search at the scene and his home address...revealed 20 video clips of adults being filmed without their knowledge: 16 of which featured men and women using the toilets at Creamfields - where Smith was working and had set up a covert camera... more

LA - Michael Jackson was convicted of video voyeurism and sentenced to 80 years in prison after he was convicted as a habitual offender from a July 2016 arrest. Jackson got caught at a fast-food restaurant sticking a camera under a bathroom stall to film females. The registered sex offender had multiple other convictions on his record. more

Mauritius - The Mauritius Football Association and local police are investigating a complaint of voyeurism after a female FA employee found a mobile phone in video recording mode in the women's toilets at the FA headquarters. ...the device hidden in a blue basket above the toilet water tank. more

China - The China Cyberspace Administration (CAC) announced on Monday that dozens of people were arrested and 25,000 illegally hacked webcams were seized as part of a crackdown on illegal voyeurism in Asian countries. In a statement, Cyber ​​Security Watchdog announced the detention of 59 suspects allegedly using camera cracking software to illegally control webcams, eavesdrop on individuals and commit illegal acts. more

UK - For months voyeur Christopher Adam Robinson, 35, secretly put his mobile phone in the shop’s changing room where it could film others without them knowing, said Howard Shaw, prosecuting... Robinson said he needed to “set up” the changing room and went briefly into it before letting people use it. As they tried the clothes on, they spotted the phone half hidden behind curtains and realised they were being filmed. more

FL - A girl’s discovery of hidden cameras in a Pembroke Pines martial arts studio’s restroom led to the arrest of the 64-year-old head instructor, Pembroke Pines police announced Saturday... a student noticed two cameras “discretely placed within picture frames on a shelf located in the academy’s restroom.” more

UK - Doctor Metwally also pleaded guilty to two offences of voyeurism which took place between 2013 and 2014 after he covertly filmed two patients who were in a state of undress whilst attending medical appointments. more

NY - Philip Close, the former owner of the Close School of Music, was sentenced Tuesday to 50 years in prison for child pornography, according to federal officials... He admitted to hiding spy cameras to secretly record students, parents and teachers in the building... Close also put hidden cameras in the music school’s only bathroom, one under the toilet and one in front of the toilet. These cameras were used to record young girls using the bathroom. more

Canada - A trial has been scheduled for Moose Jaw businesswoman Kyra Klassen, who is facing two charges of voyeurism...Klassen is facing allegations that she secretly photographed two nude women last year and posted the images to an online chat group without their permission. more

TN - Police said a man has been charged with three counts of video voyeurism after they found a phone under a bathroom sink in a Middlesboro hospital, with a motion-activated app that police said would take live footage. more

Japan - Tokyo Metropolitan Police have arrested a 42-year-old man over the alleged sale on the internet of illicit footage of female sex workers...allegedly sold footage of several sex workers on the pay-to-view site... (He had) mounted a hidden camera on the frame of his glasses to take tosatsu (voyeur) footage during encounters with them... Upon his arrest (he) admitted to the allegations. “I thought that if I made money, I could visit more sex shops,” the suspect told police. more

These stories are presented to raise awareness.

Spycam Facts:

  • Only the failed video voyeurs make the news.
  • Most spycam attacks go undetected.
  • A few are discovered... almost all by accident.
  • Only a few of these are reported to the police.
  • Only a few of these cases are solved.
  • Only few of these make it to my desk.
  • I only share just a few of them with you.
Any organization with expectation of privacy areas needs this to protect their employees, visitors and customers... and themselves, from forseeability law suits.