Bugging Devices Found at Italian Yacht Builder Ferretti

The Italian Ferretti Group was the setting for a spy-vs-spy scenario that reportedly included private detectives shadowing an executive of the Italian builder’s primary Chinese investor and recording devices hidden in several offices, according to Bloomberg. 

The discovery of this board-level surveillance has prompted two criminal cases, now in the hands of Italian prosecutors. In April 2024, Xu Xinyu, an executive director at Ferretti SpA, noticed two men in an SUV outside Ferretti’s headquarters in Milan... 

Xu also observed the pair following him while visiting hotels in the city, Bloomberg reported. He hired a counter-surveillance company, which reportedly found a listening device and signal amplifier hidden in his office. Other devices were found in the offices of Ferretti’s Chinese-Italian translator and board secretary.

...the Ferretti Group filed its own complaint... “Ferretti SpA considers itself an aggrieved party, having been wronged by the unlawful and improper installation of surveillance devices within its offices,” the statement said. more

Laptop Microphone Could Be Spying — Through Walls — Even When It’s Off

Your microphone is leaking conversations: 

• Digital microphones in laptops, phones, and smart speakers unintentionally broadcast electromagnetic signals that can be intercepted up to 2 meters away, even through walls.

• The attack is surprisingly accessible: Researchers achieved over 94% accuracy in speech recognition using simple equipment like copper tape antennas, making this vulnerability exploitable by anyone with basic technical knowledge.

• Your “off” microphone might still be listening: Testing revealed that microphones often activate automatically when playing audio or video content, and some remain active even when apps appear muted.  more

Spy Device Can Read Book Text from Nearly a Mile Away

Scientists say they've developed a ludicrously keen-eyed laser device that can read the text in a book from a whopping 0.85 miles away.

As detailed in a new paper published in the journal Physical Review Letters, the team used interferometry, a commonly used technique in the world of astronomy that uses superimposed waves of light to create interference patterns, to develop the spy system.... Put simply, researchers applied a technology that space observatories use to a ground-based laser system to zoom across vast distances — with promising and somewhat creepy results. more

OpenAI's New Threat Report is Full of Spies, Scammers, and Spammers

(via theneurondaily.com)
Ever wonder what spies and scammers are doing with ChatGPT?

It’s not just asking for five-paragraph essays, obviously. 

… Here’s the Top 5 Most Interesting Cases…  
OpenAI just dropped a wild new threat report detailing how threat actors from China, Russia, North Korea, and Iran are using its models for everything from cyberattacks to elaborate schemes, and it reads like a new season of Mr. Robot.

The big takeaway: AI is making bad actors more efficient, but it's also making them sloppier. By using ChatGPT, they’re leaving a massive evidence trail that gives OpenAI an unprecedented look inside their playbooks.

1. North Korean-linked actors faked remote job applications. They automated the creation of credible-looking résumés for IT jobs and even used ChatGPT to research how to bypass security in live video interviews using tools like peer-to-peer VPNs and live-feed injectors. 

2. A Chinese operation ran influence campaigns and wrote its own performance reviews. Dubbed “Sneer Review,” this group generated fake comments on TikTok and X to create the illusion of organic debate. The wildest part? They also used ChatGPT to draft their own internal performance reviews, detailing timelines and account maintenance tasks for the operation.

3. A Russian-speaking hacker built malware with a chatbot. In an operation called “ScopeCreep,” an actor used ChatGPT as a coding assistant to iteratively build and debug Windows malware, which was then hidden inside a popular gaming tool.

4. Another Chinese group fueled U.S. political division. “Uncle Spam” generated polarizing content supporting both sides of divisive topics like tariffs. They also used AI image generators to create logos for fake personas, like a “Veterans for Justice” group critical of the current US administration.

5. A Filipino PR firm spammed social media for politicians. “Operation High Five” used AI to generate thousands of pro-government comments on Facebook and TikTok, even creating the nickname “Princess Fiona” to mock a political opponent.

Why this matters: It’s a glimpse into the future of cyber threats and information warfare. AI lowers the barrier to entry, allowing less-skilled actors to create more sophisticated malware and propaganda. A lone wolf can now operate with the efficiency of a small team. This type of information will also likely be used to discredit or outright ban local open-source AI if we’re not careful to defend them (for their positive uses).

Now get this: The very tool these actors use to scale their operations is also their biggest vulnerability. This report shows that monitoring how models are used is one of the most powerful tools we have to fight back. Every prompt, every code snippet they ask for help with, and every error they try to debug is a breadcrumb. They're essentially telling on themselves, giving researchers a real-time feed of their tactics. For now, the spies using AI are also being spied on by AI.

Any Wall Can be Turned Into a Camera...

...to see around corners!

An ordinary camera could soon take photos of things that are out of sight, thanks to algorithms that interpret how light bounces off a wall.

“Normally, when light bounces off rough surfaces, like walls, it scrambles the scene into a messy blur,” says Wenwen Li at the University of Science and Technology of China, Hefei. “Our goal was to ‘unscramble’ that blur and recover the hidden scene. Think of it like turning a rough wall into a mirror.”

The method involves mapping the geometry and reflectance of the wall surface by taking many images under different lighting conditions, so the researchers could predict how each bump and groove would distort reflected light. Once they had created a digital model of the surface, the team devised equations to reconstruct a hidden image from the scrambled light pattern

Li and her colleagues have successfully demonstrated real-time imaging at 25 frames per second using an ordinary camera, like one found in a smartphone. more

Personnel Officer, "So, What Qualifies You for this National Security Position?"

After a recent grocery store clerk was appointed as an anti-terror chief, it can be revealed that a second young national security official was hired straight from the cash register—with disastrous results.

A U.S. intelligence worker charged with trying to leak state secrets to a foreign spy agency was hired as a 22-year-old with little professional experience outside the cash register at a local grocery store...

His professional experience prior to joining a U.S. national security agency was remarkably similar to that of Thomas Fugate, who has just been appointed to lead terror prevention at the Department of Homeland Security.

A cybersecurity graduate of Florida Polytechnic University, Nathan Vilas Laatsch is the second national security official in two days whom The Daily Beast has revealed to have virtually no professional experience other than working at a grocery store before being hired by a U.S national security agency at the age of 22.

Laatsch, now 28, a computer scientist with “top secret” clearance at the Defense Intelligence Agency (DIA) in Virginia, was hired under the last Trump administration. He was arrested last week, accused of attempting to pass sensitive information to Germany’s Federal Intelligence Service (BND). more

UFB (shakes head and walks away)

FBI: Home Internet Connected Devices Facilitate Criminal Activity

The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement to warn the public about cyber criminals exploiting Internet of Things (IoT) devices connected to home networks to conduct criminal activity using the BADBOX 2.0 botnet. Cyber criminals gain unauthorized access to home networks through compromised IoT devices, such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products. Most of the infected devices were manufactured in China. Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity.

WHAT IS BADBOX 2.0 BOTNET

BADBOX 2.0 was discovered after the original BADBOX campaign was disrupted in 2024. BADBOX was identified in 2023, and primarily consisted of Android operating system devices that were compromised with backdoor malware prior to purchase. BADBOX 2.0, in addition to compromising devices prior to purchase, can also infect devices by requiring the download of malicious apps from unofficial marketplaces. The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity.

INDICATORS

The public is urged to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks. more

Behold The Amazing "AIR" Key

AIR, a joke acronym for “Anti InfraRed.”

However, just a blast of compressed air can open most card-key access entry doors in commercial buildings. 

Compressed air does this by tricking the internal exit sensor into thinking someone wants to leave. 

Click the link to learn more and actually watch how anyone can B&E without a key. https://counterespionage.com/lock-trick/

P.S. - We creatively labeled these cans for our clients so they can demonstrate the vulnerability to their colleagues. Of course, we also provide them with security solutions to rectify the problem. 

You really should join our client family. It's easy. Just add our TSCM inspections to your security program. 

Corporate Spy v Spy v Spy v Spy, or Spy Cubed

The fight between HR tech startups has heated up another notch this week as Rippling on Thursday filed an 84-page amended complaint in its lawsuit against Deel.

The complaint accuses Deel of targeting, infiltrating, and compromising four other competitors, in addition to Rippling.

The revised complaint doesn’t name all of the four other alleged victims, except cryptocurrency-based tax and payroll compliance company, Toku. Toku is suing its competitor LiquiFi, also alleging corporate espionage and that Deel was involved...

The complaint also says that there are one or more additional victims who are “major competitors of Deel” in the employer of record market. A source familiar with the investigation believes that more witnesses will soon come forward at these other companies to offer details. more

So, A Man Steals A Cherry-Picker...

...while undercover L.A. sheriff’s deputy is using it to remove concealed surveillance cameras!

A man carjacked an L.A. County Sheriff’s Department bucket truck early Wednesday morning while a sheriff’s deputy was precariously positioned high above the ground in the bucket, authorities said....

Two undercover deputies were using the truck to remove concealed cameras when a man jumped into the vehicle, said he had to go to the hospital and began to drive away, law enforcement sources told The Times.

When the carjacking took place, one of the deputies was elevated in the bucket.

The man conducted a takeover of a 2011 Ford F550 utility bucket truck on the corner of Spring and Temple streets around 5 a.m. while two deputies were in the vehicle, according to a department bulletin. A deputy received minor injuries during a struggle with the carjacker and was treated at a hospital, according to a department statement. more

P.S. I'll bet there is at least one very nervous citizen who frequents that part of town.

Supermarket Facial Recognition: "Attention. Miscreant in Asile 5."

The facial recognition system used by New Zealand’s supermarket chain Foodstuffs to prevent retail crime is compliant with privacy rules but questions still remain about bias and negative impacts on Māori and Pacific people, according to the country’s privacy watchdog...

The trial covered 25 supermarkets in which more than 225.9 million faces were scanned ... the system was effective at reducing harmful behavior, especially reducing serious violent incidents...The system only identified people who have engaged in seriously harmful behavior, while people under 18 or deemed vulnerable were not included on the list.

The Privacy Commissioner’s Office is currently working on New Zealand’s first code of practice for regulating biometric data, slated to be released by mid-2025. more

Book: Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup

Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup

by Ross Haleliuk

Reader Review: “Cyber for Builders" offers an essential roadmap for navigating the cybersecurity vendor landscape.

Most cybersecurity books are written for hackers, security leaders and practitioners, and a general audience. 

This book is different as it is intended first and foremost for builders - startup founders, security engineers, marketing and sales teams, product managers, VCs, angel investors, software developers, investor relations and analyst relations professionals, and others who are building the future of cybersecurity. 

Cyber for Builders provides an overview of the cybersecurity industry from entrepreneurial lenses, breaks down the role of a variety of industry players, from investors to channel partners and acquirers, and offers insight into the trends shaping the future of security. 

Moreover, the book is packed with mental models, notes, and advice to help early-stage cybersecurity founders get their ideas off the ground and solve problems faced by young companies around problem discovery, hiring, building products, and fundraising, to name some. more

From the Off-Topic Files

The world's largest freely available fart recording dataset.
This dataset contains over 7500 fart recordings that were collected over a period of 37 months.

Suggested Uses

• Unsupervised signal classification - You can experiment with categorizing farts without any preexisting knowledge of defining characteristics and potentially apply these learnings to other signal types - speech, radar, tv, radio, light, EEG.

• Supervised signal recognition - This dataset could be used to experiment with developing deep learning models capable of recognizing whether a sound is a fart. An interesting property of farts is variable frequencies and inconsistent durations.

• Sound effects creation - This dataset could be used by sound designers or audio engineers as a basis to create new sound effects for movies, video games, or other media. You could also simply use it as a publicly available and free source of farts.

• Education and outreach - Educators and scientists can use this dataset as an approach to better engage their audiences in signal processing and deep learning.

License

• This data is publicly and freely available to use and modify however you would like. There is no license and no limitations for use. I would appreciate being notified of this data being used publicly, purely for my own entertainment. more