Sunday, October 31, 2010

Hamas warns against buying cars imported from Israel

The Hamas government in the Gaza Strip is warning local politicians, government officials and faction leaders against buying cars imported from Israel for fear they may contain eavesdropping equipment or even remote-activated bombs planted by Israeli security agencies. (more)

Test your car...
If you own a late model General Motors car with OnStar, try this test. Tune your radio to 770 AM, turn up the volume and tap on the OnStar microphone near the rear view mirror. Do you hear yourself coming through the radio? No? Maybe they only bugged my car. ~Kevin

Google Bans SMS Spy App Tap

A controversial mobile phone application, which helps a cell phone user read the text messages of others secretly, has been removed from sale by Internet search engine Google.
Google said the application, called SMS Secret Replicator, violated its terms.

Once installed on a mobile phone, the Android phone application automatically creates carbon copies of incoming text messages and forwards them to a selected number - prompting fears it could be used by jealous lovers and even work colleagues to snoop on private messages. (more) (video)
Google may have dropped it from their marketplace, but doesn't mean this $9.99 app is not available elsewhere. (more
Coming soon, a way you can detect if your phone is infected with spyware. (more)

Thursday, October 28, 2010

Security Alert: iCracked

A security flaw in the iPhone allows strangers to bypass the handset’s lock screen with a few button presses.

...the quick method to circumvent an iPhone’s passcode-protected lock screen:
• tap the “Emergency Call” button,
• then enter three pound signs,
• hit the green Call button
• and immediately press the Lock button.
That simple procedure gives a snoop full access to the Phone app on the iPhone, which contains the address book, voicemail and call history. (more)

Apple:
“We’re aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November." 

"Why is this important?”
Not having password protection on a smart phone leaves you open to information theft, jail-breaking and injection of spyware.

"Why does this trick exist?"
• It is a software loophole.
• It is a programmer's shortcut they forgot to patch.
• It is a programmer's Easter egg.
• It is a law enforcement backdoor never meant to become public knowledge.
Interesting question. You decide.

FutureWatch: The ability to create passwords longer than four measly digits... which is only a pool of only 10,000 passwords. ~Kevin

Wednesday, October 27, 2010

Firesheep Makes Stealing Your Wi-Fi Secrets Easy

via Steven J. Vaughan-Nichols
From all the yammering, you’d actually think there was something new about Firesheep, the Firefox extension that lets you grab login IDs, passwords, and other important information. What a joke. I, and any hacker or network administrator worth his salt, have been able to do this kind of stuff for years.

The only thing “new” about Firesheep is that how it easy makes it to do. I’m unimpressed. Anyone who was serious about grabbing your personal information has already been doing it for years. Trust me, if someone really wanted your data and you’ve been using open Wi-Fi networks, they already grabbed it.

No, the real worry isn’t about some jerk grabbing your Twitter password in a coffee house. The real worry has always been that your office Wi-Fi is easy to compromise and then someone can use a packet-sniffer to get something that really matters like your your Accounts Payable password. (more)

Need a Wi-Fi Security Audit and Compliance Inspection? (you do) Please call me. (more)

11/4/10 - UPDATE:  IBM researchers are proposing an approach to WiFi security they call Secure Open Wireless in light of the release of the Firesheep tool. (more)

11/5/10 - UPDATE: 10 Ways to Protect Yourself from Firesheep Attacks (more)

Our Spy Coin Receives the Ultimate Compliment

I give spy coins to my clients.
It is a reminder that information loss is mostly a people problem, not an electronic problem. Filing cabinets of information can walk out the door in pocket change!


Careless people often blab information, forget to secure it, toss it in the garbage can, or otherwise lose it—hundreds of laptops are lost every day. People also steal it when they become greedy, spiteful, conned, blackmailed, or caught up in a “cause.”

Investigating an information loss, however, begins with an electronic surveillance detection audit.

Here’s why...
• Serious espionage will include electronic surveillance.
• The possibility must be resolved before accusing people.
• Bugging is the easiest spy technique to discover.
• Electronic surveillance evidence helps prove your case.

Best advice...
Conduct audits on a regular basis. Uncover signs of espionage during the intelligence collection stage, before your information can be abused. (more)

A client reports back...
"I think of all of the trinket type things we’ve accumulated over the years, the spy coin is *by far* the coolest, and is made even cooler with the background story provided on the chip!!

I took mine with me to the FBI building today and had the guards there X-ray it along-side of a normal quarter to see if its secret contents could be seen on an “airport quality” X ray machine.  They printed out a copy of the scan image, I’ve attached it to this email for your amusement as well. 

Several agents commented on how well it was made, and how hard it would be to detect such a thing."

Tuesday, October 26, 2010

Sunday, October 24, 2010

Why Wiretap When You Can buy the Phone Company?

A proposed deal between Sprint Nextel, Cricket and two Chinese telecom companies has raised a few eyebrows, with some U.S. senators concerned about security.

The Hill reports a bipartisan group of legislators wrote a letter seeking reassurance about the deal from Federal Communications Commission Chairman Julius Genachowski.

The letter, signed by Susan Collins (R-Maine), Jon Kyl (R-Ariz.) and Joe Lieberman (I-Conn.), contends the two Chinese companies, ZTE Corporation and Huawei, have ties to the Chinese military and are financed by the Chinese government.

The letter raised the specter of the Chinese government or military using the companies to spy on American communications. (more)

How to Solve a TSCM vs, CCTV Mystery

Chicago, IL - It may sound like cloak and dagger fiction, but FOX Chicago News has learned something very odd happened Wednesday night on the fifth floor of the Cook County building. The latest bizarre twist in the ongoing corruption scandal in Stroger's office involves high-tech surveillance experts caught leaving the office of Cook County Board President's office.

A deputy sheriff patrolling the building stopped a group of five men leaving Todd Stroger's office around 9:30 p.m. Wednesday.

One of the men identified himself as the county's Homeland Security Director David Ramos. The other four men were asked to provide identification.

They did, and at least three of them have experience in surveillance and counter-surveillance... (One of the men) would not comment on what they were doing in Stroger's office, but there is rampant speculation at the County building they were sweeping the offices for electronic bugs.

Cook County Inspector General Pat Blanchard said his staff visited Stroger's office Thursday afternoon and removed some evidence related to the ongoing investigation into sham contracts...
 
David Ramos, the county's Homeland Security Director who escorted the men into the office, said through a spokesman they were simply scouting locations for placement of security cameras in the President's office. (more)

Solution: Ask the Deputy if the "visitors" were leaving empty-handed. A sweep requires several cases of instrumentation. Conducting a CCTV design layout does not.

Friday, October 22, 2010

CSI - Who Poo'ed

What can property managers do when dog owners don’t pick up after their dogs? Under normal circumstances, not much, because there is no way of knowing who the violators might be. But now, with a new program called PooPrints that uses DNA to identify the dog in question, managers can catch the culprit (dog owner) in a matter of days.

PooPrints is a dog DNA identification program from BioPet Vet Lab built on a scientific foundation, providing communities with a means to enforce community regulations for pet waste clean-up. “The problem of pet owners not picking up after their pets is tearing apart communities,” says BioPet Vet Lab CEO Tom Boyd. Consumer Reports lists ‘dog poop’ as one of the nation’s top ten personal gripes. So BioPet Vet Lab used its research in animal DNA identification systems to help provide community leaders with a tool to bring peace back to the neighborhood. (more)

Thursday, October 21, 2010

Ex-Chief Legal Counsel Pleads Guilty

OH - The former state lawyer behind an electronic eavesdropping scheme agreed yesterday to plead guilty to three misdemeanor charges and cooperate in other investigations, including one into an aborted operation at the Governor's Residence.

Joshua Engel, the former chief legal counsel for the Ohio Department of Public Safety, faces three misdemeanor counts of intercepting and disclosing sensitive, confidential information from investigations by the state inspector general, the Ohio Ethics Commission and federal authorities. (more)

Wednesday, October 20, 2010

Weird Wiretap Story of the Week

How does watching a football game land you in court facing wiretapping charges?
You're a former police detective. Your accuser is a former judge.
Care to judge this one yourself? 
If you have the time... (more)
P.S. Wiretapping is a McGuffin.

In the Land of the Lords, no tenant skips

Australia - Tenants' groups say they are outraged by a service that enables real estate agents to find out when a tenant is considering moving house. The service is offered by the database company TICA and involves the company sending an email alert to an agent if a tenant submits an application for another property. (more)

Tuesday, October 19, 2010

U.S. Pushes to Ease Technical Obstacles to Wiretapping

Law enforcement and counterterrorism officials, citing lapses in compliance with surveillance orders, are pushing to overhaul a federal law that requires phone and broadband carriers to ensure that their networks can be wiretapped, federal officials say.

The officials say tougher legislation is needed because some telecommunications companies in recent years have begun new services and made system upgrades that create technical obstacles to surveillance. They want to increase legal incentives and penalties aimed at pushing carriers like Verizon, AT&T, and Comcast to ensure that any network changes will not disrupt their ability to conduct wiretaps. (more) (sing-a-long)

Monday, October 18, 2010

Business Espionage - The Feds are Warning You

via The New York Times...
Huang Kexue, federal authorities say, is a new kind of spy.

For five years, Mr. Huang was a scientist at a Dow Chemical lab in Indiana, studying ways to improve insecticides. But before he was fired in 2008, Mr. Huang began sharing Dow’s secrets with Chinese researchers, authorities say, then obtained grants from a state-run foundation in China with the goal of starting a rival business there...

Law enforcement officials say the kind of spying Mr. Huang is accused of represents a new front in the battle for a global economic edge. As China and other countries broaden their efforts to obtain Western technology, American industries beyond the traditional military and high-tech targets risk having valuable secrets exposed by their own employees, court records show.

Rather than relying on dead drops and secret directions from government handlers, the new trade in business secrets seems much more opportunistic, federal prosecutors say, and occurs in loose, underground markets throughout the world.

Prosecutors say it is difficult to prove links to a foreign government, but intelligence officials say China, Russia and Iran are among the countries pushing hardest to obtain the latest technologies.

“In the new global economy, our businesses are increasingly targets for theft,” said Lanny A. Breuer, the assistant attorney general in charge of the Justice Department’s criminal division. “In order to stay a leader in innovation, we’ve got to protect these trade secrets.” (more)

If you still don't have a counterespionage strategy, or your current one isn't working, call me. ~ Kevin

WSJ Finds Sheep Are Easy to Track

The down side of social not-working...
Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people's names and, in some cases, their friends' names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook's strictest privacy settings. (more)