Get Alerts from your Local Police & 5,000 other Public Safety Agencies

One thing Hurricane Sandy taught us was truth beats rumors. Sign up for the truth... 

"This service, NIXLE, delivers trustworthy and important neighborhood level public safety and community event notifications instantly sent to you by cell phone text message, email and web. There is NO spam or advertising and the service is available at no cost.

Register at www.nixle.com. This service is simple to use, reliable and trusted.

Stay connected to your world, from the public safety alerts that are relevant to you, to the important neighborhood advisories you want to know about and other valuable community information."

How to Surf the Web in Secret

via Brad Chacos...

They say no one can hear you scream in space, but if you so much as whisper on the Web, you can be tracked by a dozen different organizations and recorded for posterity. 

Simply visiting a website can allow its operators to figure out your general physical location, identify details about your device information, and install advertising cookies that can track your movements around the web. (Don't believe me? Check this out.)

Not everyone likes the idea of having his or her entire digital lives scraped, analyzed and (in countries with restrictive regimes) controlled outright by third parties. 

So please consider the following tools and tips, which will hide your IP address and have you surfing the web in blissful anonymity in no time. (more)

Checklist...
• Use a second web browser.
• Set it to anonymous / private mode.
• Have it wipe all cookies when closed.
• Use a web-based proxy. (Proxify, Anonymouse, Hide My Ass, or one from Proxy.org)
• Better... Use a virtual private network (VPN) like The Onion Router (aka TOR).
• Send your email anonymously via Anonymouse or Hide My Ass.

Security Alert: Malware Via Email... From YOUR Printer!

In these high-tech times, scanners and photocopiers aren't just dumb machines sitting in the corner of the office.

They are usually connected to the corporate network, and - in some cases - can even email you at your desk to save you having to wear out your shoe leather.

And it's precisely this functionality that we have seen cybercriminals exploiting today, pretending that their malicious emails in fact come from an HP scanner inside your organization.

If you see a file like this one, beware...

hp_page-1-19_24.07.2012.exe

Clearly that's not a scanned-in image - it's executable code. ...be on your guard.

If you are one of the many people seeing this malware attack in your email today, please do not click on the attachment even if you are waiting for a scanned-in document to be sent to you. Instead, simply delete the email and your computer will be safe. (more)

eBlaster Shatters Crystal - $20,000 Loss

The ex-wife of a wealthy businessman must pay him $20,000 for installing spyware on his computers and using it to illegally intercept his emails to try to gain an upper hand in their divorce settlement, a federal judge in Tennessee ruled.

U.S. Magistrate Judge William Carter ordered Crystal Goan to pay ex-husband James Roy Klumb $20,000 for violating federal and state wiretap laws when she used Spectorsoft's eBlaster spyware to intercept Klumb's email. (more)

Libya Powers Up Old Spy Gear (The Who, you say!)

Libya's caretaker government has quietly reactivated some of the interception equipment that fallen dictator Moammar Gadhafi once used to spy on his opponents.

The surveillance equipment has been used in recent months to track the phone calls and online communications of Gadhafi loyalists, according to two government officials and a security official. Two officials say they have seen dozens of phone or Internet-chat transcripts detailing conversations between Gadhafi supporters. (more) (the gear) (sing-a-long)

In other news... Bull Poops Out

French technology company Amesys is offloading its business that sells Internet-interception equipment, a move that comes six months after it became public that Moammar Gadhafi's regime had been using the technology to spy on Libyans.

Bull SA, Amesys's parent company, said Thursday it had "signed an exclusivity agreement with a view to negotiating the sale of the activities" related to its Eagle interception product. Bull declined to identify the buyer. (more)

Jersey Sure - Encrypted & Self-Destructing iPhone Email

Encryption is meant to keep your messages secret from any third-party eavesdropper–what security pros call a “man-in-the-middle” attack. 

But what about that more common problem, the man-on-the-other-end? Even trusted recipients of a message, photo or video can leak secrets, carelessly forward messages, let them fall into the wrong hands, or even betray the sender and dig up evidence years later–a lesson folks like Anthony Weiner and Adrian Lamo have illustrated all too clearly.

Wickr, a free application that launched in the iPhone app store Wednesday, aims to encrypt text, picture and video messages to prevent their interception by men-in-the-middle. But then, as the app’s name implies, those messages also delete themselves after just minutes or even seconds like a burning wick, leaving no trace behind even for forensic investigators. “We want to let people send messages that are easy, secure, and leave no trace,” says Robert Statica, one of the company’s founders and director of Center for Information Protection at the New Jersey Institute of Technology. (more)

Business Espionage - Blueprint Blues to Reds

A previously unknown cyber worm preying on machinery blueprints has been exposed in Latin America. The new virus steals the blueprints and sends them to e-mail accounts registered in China. A number of machines in the US have been infected.

The worm dubbed ACAD/Medre.A targets the AutoCAD program used by architects, engineers, project managers and designers to create blueprints, including machines, buildings, household appliances and other inventions...

“ACAD/Medre.A is a serious example of suspected industrial espionage,” said Richard Zweinenberg, senior research fellow at ESET. (more)

Wiretap Law May Soon Include Email Snooping

Adel Abadir and Annabelle Zaratzian got divorced. It came out later that Adel knew too much about his ex-wife's income. He had placed spyware on her computer which secretly forwarded all her emails to him. She sued...

Zaratzian’s suit — first filed Dec. 3, 2010, in U.S. District Court in White Plains — is one of the first in the country to allege a more eye-opening charge: wiretapping, an accusation more reminiscent of Watergate and the Cold War than an otherwise run-of-the-mill divorce case.

Zaratzian’s definition of wiretapping depends on a novel legal theory, that auto-forwarding email represents a “contemporaneous” interception of electronic communications, and experts have been mixed on whether that definition will ultimately prevail in the courts. But if it does it could be the beginning of significant new interpretation of the law, opening up new legal avenues for those looking to sue, in addition to potentially more criminal prosecutions under federal wiretapping statutes, which haven’t been updated since a 1986 revision...

The case is now scheduled for a status conference June 18, before a potential trial later this year. (more)

Meet Your New Back Door Friend...

Will Congress require social networks, online voice over IP (VoIP) services, and Webmail providers to build in backdoors that could be used for electronic surveillance purposes by the FBI?

According to one news report, FBI officials have been meeting with Facebook, Google, Microsoft (which owns Skype and Hotmail), and Yahoo, among other companies. The goal apparently isn't to promote the bureau's push for expanded wiretapping capabilities, but rather to ask how that be implemented while causing minimal disruption for the companies with networks that would be directly accessed...

Six Key Points to Consider

1. Bureau Warns About Going Dark. The bureau has already been asking Congress for broader surveillance powers to help it keep up with new technologies....

2. Proposed CALEA Revisions Would Update 1994 Law. Accordingly, the FBI wants Congress to expand the Communications Assistance for Law Enforcement Act (CALEA)...

3. Questions Remain Over Wiretapping Scope. Just how often does the FBI need to use wiretapping during an investigation? That's not clear. According to an FBI website about CALEA, wiretapping "is used infrequently and then only to combat the most serious crimes and terrorism."...

4. Civil Liberties Groups See Slippery Slope. Civil rights groups have warned that granting law enforcement agencies new surveillance powers could lead to a decrease in the privacy protections that people currently enjoy...

5. Will Technology Companies Back CALEA Expansion?...

6. Backdoors May Facilitate Unauthorized Access. Wiretapping backdoors could also make online services more vulnerable to attackers.... (more)

UK - Sky News, a 24-hour news channel in the U.K., twice authorized its reporters to hack into emails of suspected criminals but said the actions were "editorially justified" and in "the public interest."

The disclosure adds to the intensified scrutinty of British reporting tactics. Sky News is a unit of British Sky Broadcasting Group PLC, which itself is 39.1%-owned by News Corp., whose U.K. newspapers have been at the center of a storm over reporting methods. (more)

Email Bugging Scandal in New Zealand

New Zealand - Online security has been tightened at ACC after some claimants bugged emails to see what case managers were doing.

Bronwyn Pullar, the woman at the centre of the ACC security scandal, has revealed she used email tracking software to get updates of activity with her file - a detail already revealed by Michelle Boag to ACC minister Judith Collins. (more)

Wiretapping and Divorce Advice from a Lawyer

You think your wife is cheating on you? 

You remember the password to her Gmail account because you set it up for her? 

 You log into her account and discover emails between her and her new lover? 

Think that’s legal? 

Think that’s admissible evidence in court? 

Not so fast. 

Before you log onto your spouse’s email account or intercept any messages whatsoever whether email, voicemail, etc., consult with a lawyer about wiretapping laws. In your passion to discover what your spouse is doing, you might just violate federal wiretapping laws. This could backfire on you and could be more costly to you than the information you would otherwise discover is worth. Again, talk to a lawyer about this. (more)

Shawn L. Reeves is a Columbia, SC family lawyer. His office is located at 1201 Main Street, Suite 1980, Columbia, South Carolina.

iSnitch, ilLumiaNaughty & RIMshot Cell Out

India - Apple, Nokia and Research In Motion (RIM) gave Indian intelligence agencies secret access to encrypted smartphone communications as the price of doing business in the country, according to what appear to be leaked Indian government documents.

The purported documents, if they are real, indicate that the smartphone giants gave India's Central Bureau of Investigation (CBI) and Indian military intelligence "backdoor" tools that would let the Indian agencies read encrypted emails sent to and from RIM's BlackBerrys, Apple's iPhones and Nokia smartphones...

A "decision was made earlier this year to sign an agreement with mobile manufacturers (MM) in exchange for the Indian market presence," the military intelligence document reads. (more)

Top German cop uses spyware on daughter, gets hacked in retaliation

A top German security official installed a trojan on his own daughter's computer to monitor her Internet usage. What could possibly go wrong?

Nothing—well, at least until one of the daughter's friends found the installed spyware. The friend then went after the dad's personal computer as a payback and managed to get in, where he found a cache of security-related e-mails from work. The e-mails, in turn, provided the information necessary for hackers to infiltrate Germany's federal police.

Wait, it gets worse...

The hackers got into the servers for the "Patras" program, which logs location data on suspected criminals through cell phone and car GPS systems. Concerned about security breaches, the government eventually had to take the entire set of Patras servers offline. (more)

Industrial Espionage Gang Sends Malicious Emails

A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.

Dubbed the Nitro attacks, the gang's original industrial espionage efforts began sometime in July and lasted until September. The attackers' modus operandi involved sending emails that carried a variant of the Poison Ivy backdoor and were specifically crafted for each targeted company... 

"The same group is still active, still targeting chemical companies, and still using the same social engineering modus operandi," security researchers from Symantec said in a blog post on Monday. (more)

BlackBerry / India Ink Surveillance Contract - RIM shot

 Remember when India was threatening to shut down BlackBerry service unless it could tap user's communications? Reports have RIM operating a wiretapping facility in Mumbai to help with that.

Back in 2010, the Indian government set multiple deadlines for RIM to provide the government with access to encrypted BlackBerry communication or face a shutdown of BlackBerry services in the country. Those deadlines came and went, with RIM insisting that it has no back door that would let government authorities (or anybody else) decrypt and access communications on its BlackBerry Enterprise services. 

However, by the beginning of 2011 RIM had been working with the Indian government to provide access to consumer-level BlackBerry Messenger and BlackBerry Internet Services (BIS) email—and now the Wall Street Journal reports RIM is operating a small surveillance facility in Mumbai to process government requests for access to BlackBerry user communications. (more)

Hollywood hacker apologises for spying on stars

FL - A computer hacker accused of infiltrating the email accounts of Hollywood stars including Scarlett Johansson has apologized, and says he plans to plead guilty to all charges.

Christopher Chaney, 35, faces up to 121 years in jail after being arrested in Florida on Wednesday. He faces 26 indictments, including accessing and damaging computers, wire tapping and identity theft.

Chaney's arrest, following an 11-month probe into the hacking of more than 50 victims, including actress Mila Kunis and singer Christina Aguilera. (more)

Man Admitted Installing Spying Program

PA - A Pottstown man accused of illegally intercepting his father’s emails prior to his 2008 murder told investigators he had installed a program on two family computers that relayed keystrokes and other information on a daily basis, according to testimony given Thursday.

Pennsylvania State Police Trooper Robert Levan said Parth Ingle, 25, had told him in 2008 that he had installed a keystroke-logging program called eBlaster on the family computer in 2004 and on a subsequent family computer sometime in 2007.

According to Levan, Parth Ingle said his mother, Bhavnaben Ingle, told him in 2003 or 2004 that her husband had been unfaithful, but did not say his mother had directed him to install the software.

Parth and his sister, Avnee Ingle, 28, also of Pottstown, are accused of intercepting 15 emails between their father and women with whom he was believed to be having affairs.

No one has ever been charged with killing Arunkumar Ingle, whose beating and stabbing death at his Middletown home in January 2008 remains unsolved. (more)

Missing Email? Maybe it was Doppelganged!

Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months.

The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.

Sample of Info Netted - Click to Enlarge

“Twenty gigs of data is a lot of data in six months of really doing nothing,” said researcher Peter Kim from the Godai Group. “And nobody knows this is happening.”

Doppelganger domains are ones that are spelled almost identically to legitimate domains, but differ slightly, such as a missing period separating a subdomain name from a primary domain name – as in the case of seibm.com as opposed to the real se.ibm.com domain that IBM uses for its division in Sweden. (more)

Libyan Spy Center Provides Glimpse of Government Capabilities Worldwide

via The Wall Street Journal...

On the ground floor of a six-story building here, agents working for Moammar Gadhafi sat in an open room, spying on emails and chat messages with the help of technology Libya acquired from the West.

The recently abandoned room is lined with posters and English-language training manuals stamped with the name Amesys, a unit of French technology firm Bull SA, which installed the monitoring center...

Earlier this year, Libyan officials held talks with Amesys and several other companies including Boeing Co.'s Narus, a maker of high-tech Internet traffic-monitoring products, as they looked to add sophisticated Internet-filtering capabilities to Libya's existing monitoring operation, people familiar with the matter said.

Libya sought advanced tools to control the encrypted online-phone service Skype, censor YouTube videos and block Libyans from disguising their online activities by using "proxy" servers, according to documents reviewed by the Journal and people familiar with the matter...

Libya is one of several Middle Eastern and North African states to use sophisticated technologies acquired abroad to crack down on dissidents. Tech firms from the U.S., Canada, Europe, China and elsewhere have, in the pursuit of profits, helped regimes block websites, intercept emails and eavesdrop on conversations...

The Tripoli Internet monitoring center was a major part of a broad surveillance apparatus built by Col. Gadhafi to keep tabs on his enemies. Amesys in 2009 equipped the center with "deep packet inspection" technology, one of the most intrusive techniques for snooping on people's online activities, according to people familiar with the matter.

Chinese telecom company ZTE Corp. also provided technology for Libya's monitoring operation, people familiar with the matter said. Amesys and ZTE had deals with different arms of Col. Gadhafi's security service, the people said. A ZTE spokeswoman declined to comment.

VASTech SA Pty Ltd, a small South African firm, provided the regime with tools to tap and log all the international phone calls going in and out of the country, according to emails reviewed by The Wall Street Journal and people familiar with the matter. VASTech declined to discuss its business in Libya due to confidentiality agreements.

Libya went on a surveillance-gear shopping spree after the international community lifted trade sanctions in exchange for Col. Gadhafi handing over the suspects in the 1988 bombing of Pan Am flight 103 and ending his weapons of mass destruction program...

The Tripoli spying center reveals some of the secrets of how Col. Gadhafi's regime censored the populace. The surveillance room, which people familiar with the matter said Amesys equipped with its Eagle system in late 2009, shows how Col. Gadhafi's regime had become more attuned to the dangers posed by Internet activism...

The Eagle system allows agents to observe network traffic and peer into people's emails, among other things. In the room, one English-language poster says: "Whereas many Internet interception systems carry out basic filtering on IP address and extract only those communications from the global flow (Lawful Interception), EAGLE Interception system analyses and stores all the communications from the monitored link (Massive interception)."

On its website, Amesys says its "strategic nationwide interception" system can detect email from Hotmail, Yahoo and Gmail and see chat conversations on MSN instant messaging and AIM. It says investigators can "request the entire database" of Internet traffic "in real time" by entering keywords, email addresses or the names of file attachments as search queries... 

Across town from the Internet monitoring center at Libya's international phone switch, where telephone calls exit and enter the country, a separate group of Col. Gadhafi's security agents staffed a room equipped with VASTech devices, people familiar with the matter said. There they captured roughly 30 to 40 million minutes of mobile and landline conversations a month and archived them for years, one of the people said.

A description of the company's Zebra brand surveillance product, prepared for a trade show, says it "captures and stores massive volumes of traffic" and offers filters that agents can use to "access specific communications of interest from mountains of data." Zebra also features "link analysis," the description says, a tool to help agents identify relationships between individuals based on analysis of their calling patterns.

Capabilities such as these helped Libya sow fear as the country erupted in civil war earlier this year. Anti-Gadhafi street demonstrators were paranoid of being spied on or picked up by the security forces, as it was common knowledge that the regime tapped phones. Much of the early civil unrest was organized via Skype, which activists considered safer than Internet chatting. But even then they were scared. (more)