Showing posts with label advice. Show all posts
Showing posts with label advice. Show all posts

Tuesday, August 3, 2021

The NSA's Wireless Device Best Practices

Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks (e.g., conference or hotel Wi-Fi®) are secure. Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings.

This infosheet gives National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users the best practices for securing devices when conducting business in public settings. It describes how to identify potentially vulnerable connections and protect common wireless technologies, and lists steps users can take to help secure their devices and data. 

While these best practices cannot ensure data and devices are fully protected, they do provide protective measures users can employ to improve their cybersecurity and reduce their risks. more

Tuesday, December 29, 2020

Check Your Holiday Rental for Hidden Surveillance Cameras

Australia - There's something unsettling about the idea of being watched while you and your loved ones kick back on holidays. If you've searched online to find whether holiday rental landlords spy on their guests, there's plenty to feed your paranoia...

Still, if something feels off or you want to sweep the house, there are some steps you can take. Although without professionals and high-tech gear involved, it can't be 100 per cent accurate...

Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera... "The reality is, that's how a lot of these cameras can be found — through anomalies. Things that just don't look right within an environment," he explained.


Tips:

  1. Inspect what's on the Wi-Fi network... Many cameras sold in consumer electronic stores need an internet connection so they can be viewed remotely from a computer or app. This could provide a clue.

  2. Try to spot the camera lens... Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera.

  3. Check the power points... Hidden cameras need ongoing power, so Mr Claxton suggested looking at what's connected to power points.
     
  4. Look for oddly placed objects... Hidden cameras can be built into just about anything, but for the lay person, Mr Claxton suggested using "a bit of common sense". more

Also, consider taking a one-hour, on-line, video Spycam Detection Training course.

Friday, October 16, 2020

Consumer Reports - All the tools You Need for Online Safety

Keep Your Data Secure With a Personalized Plan

Cut down on data collection and prevent hackers from invading your laptop, tablet and even your phone. Answer a few simple questions to get customized recommendations to help you:
  • Safely backup files
  • Browse online without tracking
  • Avoid phishing scams
  • Prevent identity theft

CR Security Planner is a free, easy-to-use guide to staying safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from smartphones to home security cameras, and reducing intrusive tracking by websites.

Consumer Reports is an independent, nonprofit member organization that works with consumers to create more fairness, safety, and transparency in the marketplace. We don’t run third-party ads, and no company will ever exercise influence over our recommendations of products or services.

Friday, October 9, 2020

The FBI Hotel Wi-Fi Security Checklist


The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework.
FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. 

US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. 

Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework. more

Friday, October 2, 2020

Best Business Espionage Article of the Year (A corporate executive must read.)

The Espionage Threat to U.S. Businesses

By Bill Priestap, Holden Triplett

Many authoritarian governments are doing everything they can, including using their spy services, to build successful businesses and grow their economies. Indeed, even some nonauthoritarian governments are taking this approach. The reason for this is simple: A large number of nation-states view privately owned companies within their jurisdictions as extensions of their governments. They support and protect the companies as if those entities were integrated parts of government...

(Main Points)

  • U.S. companies must understand that in many cases they are no longer simply competing with corporate rivals. They are competing with the nation-states supporting their corporate rivals—nation-states with enormous resources and capabilities and with very little restraint on what they will do to succeed.

  • U.S. businesses are decidedly not supported by U.S. government spy agencies. For this reason, they are often competing on an uneven playing field.
     
  • Exacerbating the problem is the fact that businesses and investors are woefully unprepared for this new environment.

  • Intelligence and the art of spying are no longer constrained to the government sphere. While spy tools and tactics are more readily available, what is truly driving this proliferation is the intelligence realm’s shift in focus from government to businesses.

  • In addition, most companies are focused too myopically on strong cybersecurity as a panacea for spying. Of course, cybersecurity is extremely important, but it protects only one vector by which a nation-state could spy on and subsequently loot a company.
     
  • If businesses want to protect their assets, then developing an understanding of spies and their activities should become standard practice for business leaders and investors today.
     
  • Spy services may also target a business via its partners and vendors, so it is equally important to shield those entities from potential attack or attempted exploitation.
     
  • Understanding and mitigating the activities of spies must become standard practice for business leaders. And if investors don’t see companies doing this, they should hold onto their money—tightly. more

Saturday, September 19, 2020

Flashback - July 1988 - Eavesdropping in America

 July 1988 - Eavesdropping in America

A podcast before there were podcasts. Ted was way ahead of his time.



Thursday, August 6, 2020

Stay Safe - Stay Feeling Good

This fun statement can be taken several ways...
• Anti Covid-19
I'm not feeling very social right now!
• A warning to spies that you are protected against electronic surveillance. 
Available here.

Want to know more about protecting your privacy?
Visit us at https://counterespionage.com

Wednesday, August 5, 2020

Personal Alert: Home Sellers Eavesdropping on Buyers

You never want to reveal too much enthusiasm when home shopping. But now many are giving away their hand before they ever get inside. more

NSA Tells Mobile Users Beware of Find-My-Phone

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

And don't forget to limit ad tracking. Advisory contains a host of recommendations.

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps.

“Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.” more

Tuesday, August 4, 2020

How to Hide from Drones in the Age of Surveillance

Drones of all sizes are being used by environmental advocates to monitor deforestation, by conservationists to track poachers, and by journalists and activists to document large protests. As a political sociologist who studies social movements and drones, I document a wide range of nonviolent and pro-social drone uses in my new book, “The Good Drone.” I show that these efforts have the potential to democratize surveillance...

...it’s time to think about how many eyes are in the sky and how to avoid unwanted aerial surveillance. One way that’s within reach of nearly everyone is learning how to simply disappear from view.

How to disappear
The first thing you can do to hide from a drone is to take advantage of the natural and built environment.  more tips 



Saturday, July 25, 2020

DHS Gives Federal Agencies 24 hours to Patch Critical Microsoft Windows Vulnerability

Our friend in cold country has a hot tip for you!
Thanks, Mike.

--------------------
If you’re running an externally facing Windows DNS server, it should be patched as soon as possible.  It’s probably a good idea to work this patch into your internal patch management cycle as well.

CVE-2020-1350

If your DNS is managed by an external IT firm, please feel free to forward this to them.
If you’re not sure, drop me an email or give me a call at (907) 354-4879 (cell).

Thanks,
-Mike.
---
Mike Messick
President, Deep Forest Security Consulting
PO Box 242334
Anchorage, AK. 99524-2334
(907) 334-9090 Office

Thursday, July 23, 2020

The World’s Smallest Voice Recorder?

Is this The World’s Smallest Voice Recorder?



Specifications
TileRec by ATTO Digital 
Ultra-small: ≈1.53”x1.53”x.02” (≈39 x 39 x 5 mm)
Record modes: Voice activated or continuous.
Storage capacity: 145 hours.
Format: 128 kbps CD Quality MP3.
Playback: Download files to any computer.
Battery “on time”: Up to 24 hours.
Battery charge time: 2 hours.
Housing: Sturdy aluminum case.
Operates with one on/off switch.
Cost: $59.80 Amazon

Voice recorders keep getting smaller and smaller. 

However, If smallest means thin to you, yes there is a thinner one, the Edic-mini Tiny16+ A75…
 1 mm thinner, 12 mm less wide, but double the length. And, at $345, six times the price. They also make one card-key sized (2.7 mm thin).

Edic-mini Tiny16+ Flat voice recorder 

If by smallest you mean really, really thin… You might want to consider the NAGRA Dollar Bill recorder that’s being marketed to law enforcement instead. Thirty-one times as expensive as the TileRec.
There are many slightly larger voice recorders that are still considered to be mini in size. Our search on eBay returned 1,809 results and over 2,000 on Amazon.

eBay Search Box for voice recorder 
The prices on eBay ranged from $1.45 (with free shipping from China!) to $2,000. for the Edic-mini Tiny+ B76-150HQ. The Edic-mini Tiny+ being closest in size to the TileRec.

A Voice Recorder Manufacturer Speaks

Jang Sung-Churl, chief executive of electronics firm Auto Jungbo Co. Ltd., told Reuters that covert recording devices “have been selling like hotcakes” …sales of voice recorders so far this year (2019) have doubled to 80 devices per day, Jang said as he forecast sales to also double this calendar year to 1.4 billion won ($1,172,289).

Think about it. That's almost 30,000 devices sold per year... before the expected doubling of sales. And, he is only one manufacturer. An educated guess is that there are thousands of manufacturers around the world.

Accessibility + Affordability = Big Concerns.

 

Who Cares About Voice Recorder Size?

Lots of folks, for many and varied reasons…
  • Sneaky people who want to eavesdrop.
  • Sneaky people who want to entrap others.
  • Anyone worried about covert surveillance.
  • Local law enforcement detectives and Private Investigators. They might not have the budget necessary for a covert NAGRA Dollar Bill Recorder, but have the smarts to slap a TileRec between two one-dollar bills.
  • Technical Surveillance Countermeasures (TSCM) Technicians whose job it is to find illegal, electronic surveillance devices.
It all boils down to these two things:
People hiding voice recorders, and… thwarting the people doing it.

 

Discovering Voice Recorders 

Since the offense has the advantage let’s concentrate on the defense.

The average covert voice recorder will either be carried by a person to record face to face conversations or it will be hidden within conversations-of-interest areas.

 

In-Person Recording Detection Tips

  • Since frisking is probably out of the question, assume you are being recorded.
 Even if you could frisk, results would be iffy; these voice recorders are tiny.
  • At the outset of a conversation ask the other person if they are recording you. Watch their reaction. Do they overly protest, or fake anger? 

If they say no but record anyway, the recording’s value can be challenged. They lied, so maybe they also faked, edited or doctored the recording.
  • Also… Be professional. If you would not say it in a courtroom, don’t say it.
Big Red Flag – When someone tries to recreate a previous conversation with you.

 

Covert Recording Detection Tips

  • Pay attention to your surroundings. Who has access and when? Voice recorders need to be retrieved: to review recordings and to recharge batteries.
  • Avoid using the same area for all your sensitive conversations. Use various and unpredictable locations if possible.
  • Conducting your own search for surveillance devices is futile. An experienced eavesdropper will plant one easy-to-find device. They know the search will stop at that point. The harder-to-find device and it’s back-up will still be on the job. Without proper training and instrumentation your success is unlikely.
  • 

For office and home office situations an independent Technical Surveillance Countermeasures (TSCM) sweep team should be employed. Have them conduct periodic due diligence debugging inspections. In addition to searching for room audio and video surveillance devices have them check your vehicles. Vehicle inspections also include a search for GPS tracking devices.

 

TileRec Voice Recorder Detection Test

 

Voice Recorder Detection Test 50% & 100% PowerTesting Our Defenses

Murray Associates conducted tests to determine the effectiveness of their detection techniques on mini voice recorders. 

TileRec was difficult–but not impossible–to detect compared to other recorders tested.

During a professional TSCM inspection the technician’s physical search is aided by an instrument called a Non-Linear Junction Detector (NLJD). This instrument can detect electronic surveillance devices, including mini voice recorders, active or dormant.

A distance of 3 to 4 inches was chosen to test the NLJD detection technique. This simulates the recorder being secreted within another object. Green shows the power output. Red shows the level of detection.

With the NLJD set at 50% power output the TileRec was barely detectable. When the power was increased to 90-100%, success. Even at this higher power operator skill in using the NLJD was critical.

Conclusions

  • The TileRec is (probably)
    The World’s Smallest (affordable)
    Voice Recorder (as of now).
  • Size doesn’t matter. Any mini recorder can be easily secreted and threaten privacy.
  • The market for mini recorders is huge. There are a lot of them out there. Some of the very good ones are very inexpensive.
  • Detection is difficult, but not impossible.
  • The best self-protection tactic is watching what you say and situational awareness. Critical situations require the assistance of a professional TSCM / counterespionage firm.
* * *

Kevin D. Murray CPP, CISM, CFE is a business counterespionage consultant and TSCM specialist with over four decades of experience.

Murray Associates is an independent counterespionage consulting firm, providing eavesdropping detection (TSCM) and counterespionage services to business, government and the at-risk individual.
 
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.

If you have any questions, or would like to schedule TSCM / information security audits, please let us know.

Tuesday, July 7, 2020

Don't Click on Links Like This... but click on this one to learn why. (blahaha)

A subset of Three UK users have received an SMS message warning them about text message-based spam – complete with a shortlink and textual urgings to click it and learn more.

The definitely-not-smishing-honest message was received by Reg reader Chris, and he was not very chuffed with it. He told us:

"They send an unsolicited out-of-the-blue SMS which asks you to 'click' (not tap) on a link. When checked out in a sandboxed environment this goes to an insecure http-only page which warns of suspicious text messages and a video telling recipients not to tap on any links. Awesome!" more

The offending message is reproduced in all its glory below:

Monday, July 6, 2020

TikTok - Times Up

This has been a week that TikTok—the Chinese viral video giant that has soared under lockdown—will want to put quickly behind it...

Whether India had always planned to announce its ban on TikTok, along with 58 other Chinese apps, on June 29, or was prompted by the viral response to the iOS security issue is not known. But, as things stand, TikTok has been pulled from the App Store and Play Store in India, its largest market, and has seen similar protests from users in other major markets around the world, including the U.S.

One of the more unusual groups campaigning against TikTok is the newly awakened Anonymous hactivist group... “Delete TikTok now,” the account tweeted, “if you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.more
Calls for Tik Tok to be banned in Australia over Chinese spying fears

Friday, June 26, 2020

Reports: Cybercrimes Surge 400%, Teleworkers Need to Tighten Security

...in another new analysis, IBM warns that teleworkers are especially vulnerable to attack.

“There is a level of apathy and a lack of awareness when it comes to securing the home office environment....they’re seeing double the failure rates on their security tests than they saw pre-COVID,” warns Mathew Newfield, Chief Information Security Officer at Unisys...

This unprecedented remote working explosion amounts to a dramatic game changer for corporate security officers and cyber attackers,” says Patrick Barry, Chief Information Officer at Rebyc Security.”

Corporate cyber security strategies, policies, penetration testing procedures, and technologies need to be reconsidered and reevaluated and, in many cases, revamped.more

Thursday, June 25, 2020

Questions We Get... Are 5G Cell Phone Signals Dangerous?

A. Being a licensed amateur radio operator, the topic hits close to home. Basically, any high strength RF emission can cause damage. Leukemia is the top one for transmitter engineers in the broadcast biz. 

Fortunately... "The intensity of radio waves over distance obeys the inverse-square law, which states that intensity is inversely proportional to the square of the distance from a source. Think of it this way: double the distance, and you get four times less power."

Given the distance cell antennas are away from people the effect is negligible. However, if your office chair sits next to a wall with a cell antenna mounted just on the other side, you might want to change offices. ~Kevin  more

Friday, May 15, 2020

NJCCIC Publishes: Tips for Teleworkers, Remote Access Security

For many organizations, telework programs have been in practice for years – whether as part of the organization’s everyday work program or as a component of their business continuity plans.

For those organizations, policies, educational programs, technologies, and support services for the remote workforce are well established. For organizations engaging in telework for the first time, defining expectations is a good starting point.

First, create a telework policy that addresses the following:
  • The scope of the telework program, roles and responsibilities, eligibility to telework (not all jobs can be performed remotely), 
  • work hours and paid time-off, 
  • the suitability of the alternate workplace and its related safety requirements, 
  • responsibility for equipment and supplies, 
  • operating costs and expenses, 
  • and requirements for physical and information security. more

Monday, May 4, 2020

Trade Secret Protection in a Nutshell

Trade Secret Law in a Nutshell (book)
The federal Defend Trade Secrets Act and similar laws in most states let employers seek injunctions for the return of certain business information if three things are true: 
  1. The information is actually secret,  
  2. the business has taken "reasonable measures" to keep it so, 
  3. and the information has "independent economic value" because it's unknown to others who could profit from it.
These cases often turn on what an employer did to protect its alleged secret. If security was tight, it stands a good chance at getting an injunction; if it was lax, it'll likely lose. more

Friday, May 1, 2020

Spycam Detection Course | Now With Korean Closed Captions

The highly rated Spycam Detection video training course now has Korean closed captions, as well as English. Spanish is coming soon.

The demand for a Korean translation was fueled by their epidemic spy camera problem. They even have a special word for it, Molka. The problem is so bad the government created special inspection squads and a safety handbook for the public.

In other countries the problem is also epidemic.

This one-hour, self-paced course was originally created for businesses and other organizations to train their security and facilities employees. Having these people conduct periodic inspections reduces risk and legal exposure. A Certificate-of-Completion is awarded at the end.

The training is also beneficial for police, private investigators and executive protection professionals.

Personal protection is the most effective prevention. Knowing what to look for is important. The course is open to everyone. Any individual with a little knowledge can conduct their own inspections of:
  • hotel rooms,
  • public restroom,
  • store changing rooms,
  • locker rooms,
  • vacation rentals,
  • and their own domiciles.
Please forward this post to anyone it can help.
As more people become knowledgeable, fewer people will become victims.



Eavesdropper Scams Financial Advisor | Prevention Tips

Early in April, a financial advisor and her team met with an insurance company wholesaler via the video conferencing platform Zoom.

Unbeknownst to them, another participant had joined the virtual meeting.

As the hacker captured details, the wholesaler named the price of a new policy and the advisor agreed to the terms.

...It’s likely that even before the meeting ended the eavesdropper generated an email to the advisor so that it appeared to come from the insurer. In a later forensic analysis, an overlooked detail revealed the spoof: a single letter the hacker changed in the insurance company’s name.

After the meeting ended, the advisor received the message with instructions to wire money — in the low six figures — to a New York bank account. She did as instructed, sending the money to the hacker. more

———How to prevent Zoombombing in your video chats in 4 easy steps———

1. Don't use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting. Zoom's support page offers a video walk-through on how to generate a random meeting ID for extra security.

2. Enable the "Waiting Room" feature so that you can see who is attempting to join the meeting before allowing them access. Like many other privacy functions, a skillful disrupter can sometimes bypass this control, but it helps to put another hurdle in their route to chaos.

Zoom offers a support article here as well. To enable the Waiting Room feature, go to Account Management > Account Settings. Click on Meeting, then click Waiting Room to enable the setting.

3. Disable other options, including the ability for others to Join Before Host (it should be disabled by default, but check to be sure -- see below). Then disable screen-sharing for nonhosts, and also the remote control function. Finally, disable all file transferring, annotations and the autosave feature for chats...

4. Once the meeting begins and everyone is in, lock the meeting to outsiders ... and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting. more