Showing posts with label GSM. Show all posts
Showing posts with label GSM. Show all posts

Wednesday, February 9, 2022

GSM Eavesdropping Bugs: A Recent Find in a Corporate Office

While on lockdown, businesses and individuals must think about their unoccupied premises and possessions. Now that we are coming out of this lockdown and going back to work, Gurpreet Thathy and Mike Moran give their thoughts and go through a recent case with a client last week...

Mike and his team conducted a ‘sweep’ of the offices in conjunction with our Cyber Audit. We identified a GSM eavesdropping device planted within a boardroom during the critical areas’ in-depth physical and electronic search. This device was cunningly disguised as a 3-way extension adapter which was fully operational.

A closer examination of the adapter revealed a SIM card and a microphone connected. The client was immediately informed, and as per our standard operating procedure (SOPs), the device was isolated from the infrastructure, bagged, tagged, and handed over to our internal forensic team to investigate.

The forensic investigation of the SIM card revealed dialled and received calls. more

What is a GSM Bug?  When was the last time your organization conducted an inspection for one?

Thursday, January 7, 2021

Court Order Doesn't Stop Man from Eavesdropping & GPS Tracking

NY - An area man has been arrested for allegedly installing a GPS device in order to eavesdrop and spy on a person who has an order of protection against him.

Dutchess County resident Brett M. Marinaccio, 33, of Hopewell Junction, was arrested on Monday, Jan. 4, by New York State Police, said Trooper AJ Hicks.

According to Hicks, an investigation determined Marinaccio utilized hidden GPS tracking devices with audio capabilities to eavesdrop (similar to this) on the victim while an order of protection was in place issued by the Dutchess County Family Court to protect the victim. more

Friday, April 5, 2019

The Surprising Cost of a GPS Tracking & Cellular Eavesdropping Bug

As described on eBay...

Ultra Mini GF-07 GPS Long Standby Magnetic SOS Tracking Device for Vehicle/Car/Person Location Tracker Locator System Anti-lost Device 

Features:
1. Small size and light weight, easy for carry.


2. Black shell, easy to hide, perfect for tracking vehicles, teens, spouses, elderly persons or assets. With two powerful magnets inside, easy to attach to vehicle firmly, no extra installation need.


3. All you need is a working SIM card (NOT included!) to insert into the device, then you can track and map (with Google Maps) in real-time over the Internet.


4. Dial SIM card number, then you can hear voice around this tracker, with no light and no noise, you can monitoring and spy what's going on around the tracker silently and secretly.


5. Voice Recording Function: Send text message 555 to SIM card number, it will reply a message “Snd” and start recording, SIM card and TF card are not included.


Electronic surveillance devices, like this one, are flooding into the country. Below is just one of the many ads on eBay alone. At these prices (as low as $11.99, and cheaper from the China and Hong Hong listings) they are throwaway items. Set it and forget it. No need to risk retrieving it to recharge the battery. 

Businesses especially need to be concerned. Imagine competitors tracking your sales people, delivery trucks, or your top executives. Learn more about these types of devices and what you can do about them.
Click to enlarge.

Wednesday, September 5, 2018

Ex-boyfriend Faces Jail - Concealed Hidden Listening Devices in Her Bedroom

An "evasive and dishonest" ex-boyfriend faces jail after spying on his lover by concealing hidden listening devices in her home.

Wayne Bamford, 47, mounted a stalking campaign after being spurned by mother-of-one Joanna Dawson, a court heard.

He hid two secret listening devices in her bedroom in what was described as a "highly sophisticated" covert operation. She found a twin dual adapter plug - which had a hole in it - in her bedroom next to her bedside cabinet.

Experts revealed it was, in fact, a listening device and Bamford was arrested and then bailed by police.

Bamford called the second listening device at least 1,600 times in a bid to hear what was happening in Miss Dawson's house over 15 days from March 1, 2017, to March 16, 2017, the court heard.

But Bamford's surveillance op was foiled after Miss Dawson sought advice... more

Friday, August 11, 2017

Security Director Alert # 522 - Spying USB Power Plugs & Charging Cables

Freely for sale on Amazon's marketplace, and plenty of other online stores, are USB and iPhone cables that can be used to listen to your phone calls and track your location.

When these cables are connected to a power source they can use a SIM card to connect to a mobile network. The hardware is unsophisticated but can send both audio and very coarse location data to a third-party...

A more worrying feature is the ability of the cable to detect sound over a certain threshold and then call a pre-programmed number. Once it has done this is relays the sound near it, be that a phone call or conversation, and allows a third-party to listen in.

Not only are there cables that do this, there are also USB power adaptors for your wall outlet that have the same SIM functionality.

Cables and power adapters like this should also be something of a worry to firms that need their security too, they may well not be noticed by security checks and could be responsible for a lot of sensitive information walking out the front door. more

Best Practice: Include the inspection of cables and charging blocks as part of your TSCM inspections.

Thursday, December 8, 2016

TSCM Team Finds "Plug Bug" Eavesdropping Device

Japan - An eavesdropping device was found in a waiting room for conservative members of the Mito Municipal Assembly, local city government officials and other sources told the Mainichi Shimbun on Dec. 7.

Example of a "Plug Bug"
Ibaraki Prefectural Police seized the device and are investigating the case which they suspect could constitute trespassing into the building and violation of the Radio Act.

According to Mito Government officials, it was tipped off about the bug on Dec. 6.

Specialized workers hired by the local government began searching for the device from the evening of Dec. 7 and found it in a waiting room for three assembly members from "Suiseikai" -- a conservative parliamentary group -- on the first floor of the temporary two-story prefabricated assembly building. The bug plugs into an electric outlet. more

The example shown operates like a cell phone, but looks (and also operates) as a USB charger. It is powered 24/7, and may be called from a cell phone anywhere in the world. BTW, it can  also automatically call the eavesdropper when it detects sound. Available on eBay for $14.79. 

Don't you think its time to have your offices and conference rooms checked? ~Kevin

Wednesday, November 30, 2016

Angry Birdmen of Malta v Scientists in Eavesdropping Spat

Malta - The FKNK Federation for Hunting and Conservation – Malta, said on Friday said that BirdLife Malta was...

“possibly desperately resorting to illegal and corrupt methods to abolish the traditional socio-cultural practice of live-finch capturing from the Maltese islands,” claiming that BirdLife had been using electronic devices to eavesdrop on private mobile phone conversations.

Possibly, a false GSM base station known as ‘IMSI catcher’ or similar was used to intercept the trappers’ mobile traffic in the immediate area,” the hunting federation said.

But MaltaToday has learnt that the would-be “eavesdropping equipment” are actually antennae set up for 15 to 20 minutes in different locations to establish accurate GPS positioning data as part of a research study on coastal land-sliding being carried out by an Italian team of experts on behalf of the University of Malta and with the full cooperation of local authorities. more

Tuesday, November 22, 2016

Business Espionage: GSM Bugs Are Mini Cell Phones in Disguise

(from a seller's website in the UK)
GSM bugs are also known as mobile phone bugs and infinity bugs. Based around mobile technology, these devices provide a discreet listening facility with an unlimited distance.

Click to enlarge.
Up until a few years ago radio frequency transmitters were relied upon to provide an eavesdropping solution, albeit over only relatively short distances, generally up to about 800 metres line of sight. These devices are still available, but have been outlawed by OFCOM legislation and are therefore not legal to sell into the UK or operate in the UK without a radio broadcast licence. GSM Bugs use the existing GSM network as a transmission tool.

When they fist became available, the GSM bugs were literally modified mobile phones that auto-answered silently to open up the microphone and listen into the surrounding environment. These devices are still available today and some dedicated (dead phone) units have had enhanced microphone adjustments to make them more attuned to pick up sounds in a wider area, turning them into dedicated listening devices.

As the technology has moved on, these eavesdropping devices have become smaller and more sophisticated. They are really only restricted in size at present by the battery size, however, some of the latest units are built into mains powered devices such as multi-plug adapters and mains sockets, thereby making them invisible to the naked eye and with no power consumption restrictions.

Some of these eavesdropping devices are obviously for the UK market.
Bugs for other electrical standards are also available. 


Do you have electrical extension strips in your office?
Have they been inspected and sealed by a TSCM specialist

~Kevin

Wednesday, September 14, 2016

Hey Kids - Learn How to Operate a Stingray IMSI-Catcher!

Using mass surveillance software without a warrant is almost as easy as installing Skype, according to leaked footage and instruction manuals for Harris Corp. stingray devices.

The footage, obtained by the Intercept, shows Harris Corp.'s Gemini software being used on a personal computer demonstrating how accessible the program is with a noticeable lack of any registration keys, proof of ownership, or safety measures to ensure the software was only used for authorized purposes.

The manuals include instructions for several Harris surveillance boxes, including the Hailstorm, ArrowHead, AmberJack, KingFish and other products in the RayFish Product Family.

Some features mentioned in the manuals are the ability to impersonate four cellular communication towers at once, monitor up to four cellular provider networks at once, and the ability to knock a targets devices down to an inferior network, such as from LTE to 2G.

The manual also details how to set up a target or “subscriber” and how to set up bulk surveillance, according to a Gemini device “Quick Start Guide” that was leaked on DocumentCloud. more

Monday, October 5, 2015

Jealous Wives and Girlfriends Can Now Snoop on their Partner using a Spy Belt

Jealous wives and girlfriends can snoop on their fellas with a spy gadget disguised as a belt.

A tracking device hidden in the leather monitors the wearer’s location every 60 seconds. And it can be controlled remotely through Android and iPhone apps without the wearer noticing.

Unwary men could receive one as a present without knowing what they have let themselves in for.

The Belt Tracker, sold by Spymaster, in Marylebone, London, has a 12-hour battery life and can be used in 220 countries without incurring data roaming charges. It even has a flight safe mode to comply with airline regulations.

The GPS device was originally designed to monitor people working in dangerous environments, such as undercover police. And it can be used to track children and give peace of mind to parents. more

Monday, April 13, 2015

Beauty Queen Sues In-Laws For Bugging Bedroom

A former Turkish beauty queen has sued her former in-laws for bugging her bedroom with the help of her ex-husband, according to a local media report.

Sinem Sülün, who was crowned Miss Model Turkey in 2005 and was runner-up at Miss Turkey-Universe in 2007, divorced her husband Mustafa Yüksel last month. She was awarded 200,000 Turkish Liras in compensation and 2,500 liras as a monthly alimony after the divorce.

Daily Milliyet reported on April 1 that the divorce case led to a fierce argument between the two sides, after Sülün claimed that her husband and his parents had illegally wiretapped their private conversations by bugging a power socket in their bedroom.

The 5th Criminal Court of Peace recently ruled for the trial of businessman Yüksel and his parents on charges of illegally recording a private conversation, the report said. more

Sunday, January 18, 2015

UK - Former Deputy Prime Minister Finds Car Bugged

UK - John Prescott has turned detective after finding his Jaguar had been bugged.

The former Deputy Prime Minister discovered the device hidden in his car when he took it to a garage because it had problems starting.

Mechanics found a tracker concealed under the driver’s seat that was hooked up to the car battery, draining its power.

The sophisticated device uses mobile phone technology and is capable of reporting the Jag’s movements at all times. It also has an inbuilt microphone enabling it to pick up conversations.

And the 6 inch-square black box is even capable of immobilising the car if instructed to by mobile phone.

Lord Prescott told the Sunday Mirror: “I’ve been told that whoever knows the SIM card that goes with the tracker can send out a signal and stop the engine...

"This type of surveillance breaches our right to privacy – I’ve had my mobile hacked, my phone tapped, and now someone might have been tracking my car.”

But insisting he was calm about the find he joked: “I can only hope whoever listened to my conversations installed an automatic bleeper too.”
(more)

Best guess from here... Installed by the car dealership, or previous owner, to thwart late payments or theft.

Wednesday, December 17, 2014

Norway - Eavesdropping Devices Found - UPDATE

Stingray mobile phone surveillance equipment estimated to cost up to £200,000 has been found hidden near the Norwegian parliament, believed to be snooping on legislators.

Following a two week investigation, Norway's Aftenposten newspaper reported to the Norwegian National Security Authority (NSM) that it had discovered IMSI-catchers (International Mobile Subscriber Identity) of a type believed sold by Harris Corporation, located inside fake mobile phone stations near government and parliamentary buildings in Oslo. At least six devices were found, each about the size of a suitcase. Potential targets within a radius of one kilometre of the equipment include the prime minister's office, the ministry of defence, Stortinget (parliament) and the central bank, Norges Bank, ministers, state secretaries, members of parliament, state officials, the American and Israeli embassies as well as many private businesses...

Initially IMSI-catchers only collect data from the sim-card but the intrusion can escalate, as the Aftenposten report explains: The most advanced versions can register several hundred numbers in just a few minutes. Once a mobile phone has been detected by a fake base station, the IMSI-catcher can enter an active mode to eavesdrop on certain conversations. Then it will transmit the conversation to the real GSM-system acting as a ‘man-in-the-middle.

The fake base station can even register SMS-messages and install spyware enabling its operator to switch on the microphone so that the mobile phone can be used to bug rooms and meetings. (more)

Monday, December 15, 2014

Norway Alerts Politicians After Eavesdropping Devices Found

Norwegian police said Sunday they have warned politicians about possible eavesdropping of cellphone calls after several listening devices were reportedly found in central Oslo, including near government buildings and Parliament.

Siv Alsen from the security police said the National Security Authority has begun an investigation, but could not provide more information pending the agency's report...

Her comments followed media reports that illegal listening and tracking devices were found in fake mobile base stations, which could be used to monitor calls and data, as well as trace the movement of people in the area. (more)

Sunday, July 20, 2014

China Outlawed Manufacturer & Sale of Bugging Devices... meh

Gadgets such as tracking devices and wiretapping bugs have been popular products on China's online shopping websites. Their popularity has not waned even after being declared illegal by the Chinese government, which has since begun shutting down businesses selling and using them, reports the Beijing News...

Most of the sellers in Zhongguancun, which has been dubbed "China's Silicon Valley," only offer the devices when clients ask. Some of them have stopped selling these devices after Chinese authorities banned producing and selling wiretapping devices and hidden cameras on May 1. Producing and selling these devices can be punishable by up to three years in jail. People using them can serve up to two years.

The law seems not to have deterred their sale, however. Over thousands of these devices are available on China's leading e-commerce website Taobao at prices ranging from hundreds to thousands of yuan. They are all advertised as "theft or lost item prevention" devices to avoid legal responsibilities. (more)

Wednesday, July 2, 2014

BSI Publishes Study on Enterprise Mobile Device Security

BSI, the German Federal Office for Information Security, has published a report on "Enterprise mobile device security" (in German*) that provides a comprehensive overview on the current risks associated with the deployment of mobile devices in an enterprise context.
The report... covers Apple iOS, Google Android and Blackberry devices, taking a hard look at the current generation of hardware and software and the resulting dependencies on a limited number of key suppliers.

The study identifies key risk areas associated with the deployment of mobile devices in an enterprise context... and makes the case for doing so only in the context of a well-defined framework of organizational and technical measures that secure the enterprise against industrial espionage and other kinds of attacks. 


* An English version may be available. Ask at ESD America
Audio interview about Cryptophone, a high security cell phone ≈ 6 min.

Thursday, March 13, 2014

Chinese-Made Bugs in Demand in Vietnamese City

Bugging devices smuggled in from China are widely sold in Ho Chi Minh City though lawyers say their use is illegal. 

Also available on eBay.
A shopkeeper named Duong in an alley in District 3 offered a Thanh Nien reporter two bugging devices smaller than a matchbox for VND900,000 (US$43).

“They can hear clearly within a 15-30 meters radius,” he said, offering a 12-month guarantee.


One needs to buy a prepaid SIM card, an unregistered one which is also widely available illegally so that it cannot be traced, insert it into the device, and call to activate it, he said.


A call to that SIM card then will pick up sounds from around the device.


Another bug costing VND1.6 million automatically sends signals to one’s phone number when there is any noise in the vicinity.
 

But their prices vary largely around the city...
A company, only identified as N.N., rents an office building in Vo Van Tan Street to provide bugging services. 


Tai, a representative, said a full package of calls, messages, history of web browsing and online chats, images from a ’s mobile phone, and the location of the target costs VND10 million a year and VND3-4 million the second year. 



He said it only takes 15 minutes to install a software on the target’s mobile phone. An Internet connection is needed to activate the software, and once that is done all information from the phone is sent to the customer’s email. A contract is signed to offer a guarantee, he said. 


Several companies like Tai’s operate in the city, labeling themselves as detective agencies. (more)

Thursday, August 15, 2013

Man Bugs his Ex's Home for Over Three Years

UK - A woman has been left terrified in her home and was turned against her closest friends after her ex-partner bugged her house for three and a half years, a court has heard.

The victim said she suspected her ex had planted a listening device in her Darlington home after he started talking about things which she did not believe he should know...

The man, who cannot be identified for legal reasons, said he installed the device to check on his young daughter.


As near as we can tell from the report, the bug looked like this one.
The device, which the man bought in London for £180 ($280.00), was installed behind a plug socket in the living room in November 2009, and could be accessed through his mobile phone...

In a statement read to the court by Ms Milson, the victim said she had nearly suffered a mental breakdown after finding out she had been bugged.

She said: “I feel sick to the pit of my stomach that he has been listening to me for over three years, he has always known too much about my life.

“He made me question myself and used what he heard against me. I am scared every single day, I am totally distraught and it has left me feeling differently about my home.” (more)


The price on these has dropped since 2009. 
The one shown above is now $79.95. 
The economy of scale, perhaps?

Friday, January 11, 2013

Stingray - Clandestine Cellphone Tracking Tool - Fights On

The FBI calls it a “sensitive investigative technique” that it wants to keep secret. But newly released documents that shed light on the bureau’s use of a controversial cellphone tracking technology called the “Stingray” have prompted fresh questions over the legality of the spy tool.

Functioning as a so-called “cell-site simulator,” the Stingray is a sophisticated portable surveillance device. The equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network. 

The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications. But by design Stingrays, sometimes called “IMSI catchers,” collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service—which critics say violates a federal communications law. The FBI has maintained that its legal footing here is firm. Now, though, internal documents obtained by the Electronic Privacy Information Center, a civil liberties group, reveal the bureau appears well aware its use of the snooping gear is in dubious territory...

It’s likely that in the months ahead, a few more interesting nuggets of information will emerge. The FBI has told EPIC that it holds a mammoth 25,000 pages of documents that relate to Stingray tools, about 6,000 of which are classified. The Feds have been drip-releasing the documents month by month, and so far there have been four batches containing between 27 and 184 pages each. Though most of the contents—even paragraphs showing how the FBI is interpreting the law—have been heavy-handedly redacted, several eyebrow-raising details have made it through the cut. (more) (Stingray explained)

Friday, September 28, 2012

Mobile malware up 2,180% - Threats to mobile devices rocket and set to rise further.

Between Q1 2011 and Q2 2012 ABI Research found that unique malware variants grew by 2,180 percent reaching 17,439. 

And these threats are set to increase significantly.

"With the increasing popularity of smartphones, mobile threats are on the rise. This has implications for security at the corporate level as well as for individual privacy," says Michela Menting, senior cyber security analyst. 


"The mobile application security market is rife with vendors offering their wares. The priority now for end-users is understanding the issue at hand and finding the right offering that best suits their needs," said Menting. (more) (SpyWarn)