Agribusiness Espionage: The Scientist and the Spy

Deputy Cass Bollman was about to enjoy a coffee break at a gas station in Iowa when the alert came across his radio: “Asian male wearing a suit walking through a farm field. … Nature of incident: suspicious.”

Bollman raced to the scene, a little northeast of Des Moines, where he talked to a farmer who had spotted the odd figure in the field. A few minutes later, Bollman had pulled over an SUV driven by Robert Mo, a Chinese national.

So begins one of the most unexpected stories of espionage ever told—in this case, by Minnesota journalist Mara Hvistendahl in her new book, “The Scientist and the Spy.”

Wi-Fi Internet Communicator Hidden in a Calculator Hack

Sometimes a device is just too tempting to be left untouched. For [Neutrino], it was an old Casio calculator that happened to have a perfectly sized solar panel to fit a 128×32 OLED as replacement.

But since the display won’t do much on its own, he decided to connect it to an ESP8266 and mount it all inside the calculator’s housing, turning it into a spy-worthy, internet-connected cheating device, including a stealthy user interface controlled by magnets instead of physical buttons. more


It wouldn't take much to turn this into a Wi-Fi bug.

Spy vs. Spy - The Movie

The Spy vs. Spy comic strip has been a regular fixture in Mad magazine for almost sixty years. In that time, the two identical birdlike espionage agents — Black Spy and White Spy — have also featured in video games and cartoons, but a live-action big-screen adaptation has continually eluded the warring duo. However, that could all finally change, if new developments go according to plan.

According to Collider, Rawson Marshall Thurber is in talks to direct the movie for Warner Bros. and Imagine Entertainment. Ron Howard and Brian Grazer are on board as producers, which makes sense as they’ve been attached to the project since its inception. It remains to be seen if Dwayne Johnson will star, but that wouldn’t be surprising as he’s Thurber’s go-to guy...

The movie, as silly as it will undoubtedly be, might also be very smart and biting. The original comics are rife with political satire, often taking aim at America’s involvement in wars. Given that there’s still plenty of real-life drama to comment on, don’t be surprised if the movie pokes fun at current affairs...

If the film lives up to its potential, Spy vs. Spy will be one entertaining, wacky ride. more

A Sad Case Highlights Perception of Privacy Loss and Mental Health

WA - A suicidal man who was shot and killed by police officers at a Loves truck stop in Ritzville called police twice to report that his car was bugged and that he was being tracked, according to a release by the Columbia Basin Investigative Team.  more

BBC Spycam Documentary

In a new BBC documentary Stacey Dooley Investigates: Spycam Sex Criminals.

The crime no doubt happens all over the world, but is actually one that has been sweeping South Korea lately, as many have been found guilty of planting recording equipment in public places and then charging people to view the footage online...

The upcoming documentary will see our fave reporter look into the subject head on to give us an insight into the voyeuristic practice and how now, with such advanced technology, it's easier than ever to hide cameras in public places.

Some of the cameras being used are as small as the head of a needle and are so difficult to spot, but Stacey will be taken on patrol with an experienced spy cam hunters to uncover hiding places.

Stacey Dooley Investigates: Spycam Sex Criminals will be available on iPlayer from 6am on 1st April - something to add to your quarantined watch list. more

Coronavirus Surveillance Escalates, Personal Privacy Plummets

Tracking entire populations to combat the pandemic now could open the doors to more invasive forms of government snooping later.

...government agencies are harnessing surveillance-camera footage, smartphone location data and credit card purchase records to help trace the recent movements of coronavirus patients and establish virus transmission chains...

...authorities are analyzing location data transmitted by citizens’ mobile phones to determine how many people are obeying a government lockdown order and the typical distances they move every day. About 40 percent are moving around “too much,” an official recently said.

...internal security agency is poised to start using a cache of mobile phone location data — originally intended for counterterrorism operations — to try to pinpoint citizens who may have been exposed to the virus...

...ratcheting up surveillance to combat the pandemic now could permanently open the doors to more invasive forms of snooping later. It is a lesson Americans learned after the terrorist attacks of Sept. 11, 2001, civil liberties experts say. more

Ultrasonic Bracelet Claims to Jam Eavesdropping Microphones

Spying isn’t the same as it was in the old days. Today, an inconspicuous smart speaker could be recording every word you say in your own home. That threat of invaded privacy will only continue to grow as more microphone-enabled devices are released in the years to come.

That’s why a team of researchers from the University of Chicago has invented a device
to combat it. They created a bracelet that uses ultrasonic signals to jam nearby microphones. Though it isn’t something that most people would need to use on a daily basis it could represent a picture of what jewelry will need to be in the future—both stylish and functional.

The experimental version is quite clunky, looking more like a piece of audio equipment than jewelry. However, that design has a purpose. The bracelet’s array of 24 speakers emit imperceptible ultrasonic signals. To nearby microphones, these signals come across as loud static that effectively drowns out any speech in the vicinity. more

This eavesdropping countermeasure has been around forever. We experimented with it back in the 80's. It's effectiveness can be very iffy, its downsides serious. Read more about it here.

In the Era of Hacking, Bugs Remain a Critical Espionage Threat

via Scott Stewart, Vice President Tactical Analysis at Stratfor

HIGHLIGHTS

• While cyberattacks offer a powerful means for corporate surveillance, it is important to remember that it is just one option in the espionage toolbox.
  
• Some information, such as in-person conversations, cannot be obtained through hacks and thus require the use of other tools, such as human intelligence collection insiders or covert audio and video recorders and transmitters (bugs).
  
• Today, bugs are cheaper, smaller and easier to obtain than ever — and the number being deployed and discovered is vastly under-reported, masking the true scope of the threat.
  
• Therefore, in order to adequately combat corporate espionage, organizations must also implement security measures to protect against bugging. more

FutureWatch: Mind-Reading Called Brain-Hacking - Food for Thought

The world is in the middle of a new technology arms race, according to best-selling historian Yuval Noah Harari, who warns that the prize being fought over this time is not physical territory, but our brains. 

Speaking at the World Economic Forum in Davos, Harari predicted a future where governments and corporations will be able to gather enough data about citizens around the world that, when combined with computational power, will let them completely predict – and manipulate – our decisions. Harari calls this concept "brain-hacking".

"Imagine, if 20 years from now, you could have someone sitting in Washington, or Beijing, or San Francisco, and they could know the entire personal, medical, sexual history of, say, every journalist, judge and politician in Brazil," said Harari.

"You could control a whole other country with data. At which point you may ask: is it an independent country, or is it a data colony?" more   Previous mind-reading posts.

"I found this thing. Is it a bug?"

At Murray Associates we occasionally receive calls asking, "I found this thing. Is it a bug?"

Usually, the identification is easy:

• it's a piece of electronic jewelry (blinky earring, or pin); 
• an old annoy-a-tron; 
• or Bluetooth tag, like a Tile item finder.

Today, a call comes in from a well-respected private investigator in Boston. He has a corporate client whose employee "found this thing."

She takes a photo, sends it to him, who sends it to us... via low resolution text message...

Rough guess...
A Bluetooth item finder, similar to a Tile, but a Chinese knockoff branded with some corporate logo. Possibly a promotional item?

We later learned it was in her bedroom, mounted to the wall, not found in a covert location. She had pulled it off the wall to take the photo. We did not receive a photo of the mounting piece, or a mention of its placement.

Later we eventually received a photo of the flip side...

Hummm... not too helpful, but no evidence of on the front of a pinhole for video, or a microphone on the circuit board. No battery seen, but the two large solder tabs and circles on the circuit board indicate there is a battery on the other side of the board.

Why would someone mount something like this on a bedroom wall?!?!

One possibility emerged... "How to find your lost iPhone with Tile."

Nope. Tiles have their logo on them. Ours looks different.

Another possibility... Yahoo changed their logo last Fall.

Could they have sent out a promotional "Tile" with their newly designed exclamation point logo on it?

Close, but no prize.

Okay, let's start fresh.
Say, the Tile is a MacGuffin.
Look elsewhere.

What other wall-warts do we know of?
HVAC sensors, for one.

Google search....

Ah ha.... that's what this thing is. 
Case closed.

This was a good investigative process refresher for us, and a thing we will all remember next time "this thing" shows up.

Extra Credit:

• If you find a thing and think it's a bug, read this.
• To learn about the other Thing—the famous spy eavesdropping device—read this.

~Kevin

Surveillance is Hot at CES 2020

At CES show, devices that see, hear, track people are promoted. Privacy concerns? Not so much.

From the face scanner that will check in some attendees to the cameras-everywhere array of digital products, the CES gadget show is all-in on surveillance technology...

All these talking speakers, doorbell cameras and fitness trackers come with the promise of making life easier or more fun, but they're also potentially powerful spying tools.

And the skeptics who raise privacy and security concerns can be easily drowned out in the flashy spectacle of gee-whiz technology. more

Now Santa's Toys Know if You Are Naughty or Nice

Christmas is over, which means there may be a few extra toys for children in the house.

Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.

...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more

Trend Micro Reveals Security Worries for 2020

In 2020, tried-and-tested cyber crimes – such as extortion, obfuscation and phishing – will remain, but new risks will inevitably emerge.

Full 5G implementations will introduce new security threats and the increased migration to the cloud will see more organizations facing risks from their cloud and supply chain.

In addition, the sheer number of connected assets and infrastructures will open doors to threats, and fake images, videos, or audio will be used to manipulate enterprise business procedures.

This is according to a new report from security firm Trend Micro, titled: “The New Norm: Trend Micro Security Predictions for 2020.”

...of special interest to our clients...

IOT devices used for espionage, extortion.

Machine learning and AI will be abused to listen in on connected devices like smart TVs and speakers to snoop on personal and business conversations, which can then provide material for extortion or corporate espionage. more

The New York Times Reports: "Bugging Epidemic"

With surveillance gear cheaper and easier to use, security experts say checking your environment for cameras and microphones is not a crazy idea...

A growing array of so-called smart surveillance products have made it easy to secretly live-stream or record what other people are saying or doing. Consumer spending on surveillance cameras in the United States will reach $4 billion in 2023, up from $2.1 billion in 2018, according to the technology market research firm Strategy Analytics. Unit sales of consumer surveillance devices are expected to more than double from last year.

The problem is all that gear is not necessarily being used to fight burglars or keep an eye on the dog while she’s home alone. Tiny cameras have been found in places where they shouldn’t be, like Airbnb rentals, public bathrooms and gym locker rooms. So often, in fact, that security experts warn that we are in the throes of a “bugging epidemic.” more

Spybuster Tip #621: Conduct your own sweeps for covert spycams. Learn how.

Drones: An Increasing Business Espionage Concern Worldwide

South Africa - The increased use of unmanned aerial vehicles, or drones, in SA over the last few years has opened local organisations to a significant and evolving scope of threat in areas such as cyber espionage, illegal surveillance, electronic snooping and reconnaissance.

Security experts warn that while drone technology is increasingly being harnessed to carry out a host of commercial tasks faster, safer and more efficiently across industries including agriculture, media, health and defence, it is also increasingly being exploited by criminals as a tool to usher in a new era of physical and IT security threats. more

• Our other Security Scrapbook drone coverage.
• Researching anti-drone technology for your corporate security department? Contact us for our free Anti-Drone Research Paper.

More People Searching for Technical Surveillance Countermeasures (TSCM)

Analysis: More organizations are hardening their defenses against electronic surveillance and information theft.  With TSCM information security surveys becoming mainstream attacks will shift toward the defenseless...

Defenseless equals lunch in the Infowar Jungle.

Hacker Physically Plants Keylogger Devices on Company Systems

A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time.

It appears that the individual was after data relating to an "emerging technology" that both targeted companies were developing.

In February 2017, 45-year old Ankur Agarwal of Montville, New Jersey, trespassed the premises of one of the two tech companies and installed keylogging devices on its computers to capture employee usernames and passwords. He also added his laptop and a hard drive to the company's computer network. more

A Technical Information Security Survey could have prevented this in the first place. ~Kevin

Women Snooping on Boyfriends Help Topple Dictator Instead

It all started in 2015 with a frantic message from a woman in Sudan who was having cold feet ten days before her wedding. The woman had a nagging feeling her husband-to-be was cheating on her, and she was desperate to find out the truth before she went through with the marriage.

She decided to reach out to her friend Rania Omer, who had won a lottery visa to become a U.S. citizen five years earlier.

Now Omer was 24 and studying at a college in Nebraska, but she still fancied herself an anti-matchmaker among her close-knit community back home in Khartoum. The friend wanted Omer’s help. Would she mind posting a photo of the potential husband to Facebook to see if other women could dig up information on him?

A few hours later, Omer had her answer: one commenter posted to say she was his wife. more

Dissinformation as a Service (DaaS)

While disinformation campaigns are often associated with governments, new research indicates there is a robust, easy-to-navigate market for anyone looking to buy their own propaganda arms.

It is “alarmingly simple and inexpensive” to launch a sophisticated disinformation campaign, analysts from threat-intelligence company Recorded Future concluded after studying the issue. “Disinformation services are highly customizable in scope, costing anywhere from several hundreds of dollars to hundreds of thousands of dollars, or more depending on the client’s needs.”...

“If the ease of this experience is any indication, we predict that disinformation-as-a-service will soon spread from a nation-state tool to one increasingly used by individuals and organizations,” the Recorded Future analysts said. more

As Technical Information Security Consultants, this caught our attention. 

The best disinformation always adds in some correct information. The sum is verisimilitude, the ring of truth. 

So, where will the best correct information come from? Inside, of course.

Another very good reason to conduct regularly scheduled Technical Information Security surveys at your organization.

Workplace Covert Recording on the Rise

Voice activated recorder. Easy to hide.

South Korean workers fed up with bullying are being increasingly emboldened by a new tougher labor law to secretly record alleged abuse or harassment by their bosses, boosting sales of high-tech audio and video devices.

Gadgets disguised as leather belts, eyeglasses, pens and USB sticks are all proving popular with employees in a country where abusive behavior by people in power is so pervasive that there is a word for it - “gabjil”...

Auto Jungbo Co.’s sales of voice recorders so far this year have doubled to 80 devices per day, Jang said as he forecast sales to also double this calendar year to 1.4 billion won. more

Kevin's Tips for Management

• Assume your discussions are being recorded.
• Before proceeding, ask if they are recording.
• Be professional. If you would not say it in a courtroom, don’t say it.
• Red Flag – When an employee tries to recreate a previous conversation with you.
• Have an independent sweep team conduct periodic due diligence debugging inspections.

Create a Workplace Recording Policy