SpyCam Story #647 - Unintended Exhibitionists

Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password.

Internet addresses which link to the video streams have been posted to a variety of popular messageboard sites. Users have expressed concern after finding they could view children's bedrooms among other locations.

Oops...

Click to enlarge.

US-based Trendnet says it is in the process of releasing updates to correct a coding error introduced in 2010...
 
"We first became aware of this on 12 January," said Zak Wood, Trendnet's director of global marketing.

"As of this week we have identified 26 [vulnerable] models. Seven of the models - the firmware has been tested and released. We anticipate to have all of the revised firmware available this week. We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight." (more) (example) 

Spybusters Security Alert: Check to see if you are operating any cameras made by Trendnet. If so, contact Trendnet for a firmware update. Then, change your password.

SpyCam Story #646 - Today in Video Voyeurism

VT - A Bellows Falls man is facing up to 15 years in prison for allegedly taking sexually explicit photographs and video footage of a woman and uploading them onto a pornographic website.

DOH!

John G. Lawlor, 38, pleaded not guilty last week to one felony and five misdemeanor counts of voyeurism. If convicted, he could also face up to a $10,000 fine.

Lawlor’s computer and a video camera were taken as evidence and contained seven digital videos, five of which had been previously deleted but were recovered using file recovery software... in at least four of the videos Lawlor’s face can be clearly seen hiding the video camera in a floor grate.  (more)

WA - The trial of a former Washington state hatchery manager charged with a single count of voyeurism has been pushed back two months.

Edwin Carl Jouper of Shelton had been scheduled to appear in court yesterday, Jan. 31, but according to Mason County Superior Court, he waived his right to a speedy trial. It's now scheduled for April 3.

Jouper, then 57, was arrested at the Department of Fish & Wildlife's George Adams Hatchery outside Shelton on Nov. 10 following an investigation into a camera discovered in the women's bathroom there. (more)

Satellite Phone Encryption Cracked

Security researchers have warned that the satellite phones relied on by businesses, charities and government agencies in trouble spots and emergencies worldwide can be easily intercepted and deciphered.

German academics said they had cracked two encryption systems used to protect satellite phone signals and that anyone with cheap computer equipment and radio could eavesdrop on calls over an entire continent. Hundreds of thousands of satellite phone users are thought to be affected.

“We were able to completely reverse engineer the encryption algorithms employed,” said Benedikt Driessen and Ralf Hund of Ruhr University Bochum as they announced their report, "Don't Trust Satellite Phones". (more)

Security Director Alert - Conference Call Eavesdropping

A conference call between Scotland Yard and the FBI has been intercepted and published by a member of the computer hacking group Anonymous.

The hacker apparently managed to access the call after getting into an FBI email which gave details of the call. The email was also posted online. (more)

Murray Associates advice:
Conferencing numbers and passwords are often posted on cubicle walls, sent via email and sometimes written underneath the table-top speakerphones themselves. This is a common, but dangerous, employee habit in many of the companies we visit. Conference call information should be held confidential and distributed on a need-to-know basis. To do otherwise, invites unauthorized call participants.

Teleconferencing Checklist
• Change all current passcodes.
• Tell employees they should not email or post the new passcodes.
• Switch to a conference call system where:
-- each participant is given a unique passcode,
-- the passcode is changed for each new conference call,
-- only the pre-authorized number of callers may be admitted,
-- and a record of all call participants is available to the call leader.

Think this is a rare problem?

Think again...

More Conference Call Intercepts & Advice

http://spybusters.blogspot.com/2008/10/question-of-week-secure-conference.html

http://spybusters.blogspot.com/2008/10/when-private-conference-calls-go-public.html

http://spybusters.blogspot.com/2008/12/extortionography-private-conference.html

http://spybusters.blogspot.com/2009/09/business-espionage-nintendo.html

http://spybusters.blogspot.com/2010/02/business-espionage-famous-last-words.html

http://spybusters.blogspot.com/2010/10/state-republican-party-staff-members.html

http://spybusters.blogspot.com/2011/06/when-board-members-phone-it-in-one-anti.html

http://spybusters.blogspot.com/2011/06/beef-board-admits-ceo-eavesdropped-on.html

Kevin's Security Scrapbook Voted Top 10 Investigator Blog!

 
Congratulations! Your blog has been selected as one of PInow’s Top Investigation Blogs. We reviewed blogs in the investigation industry and selected yours because of the quality posts and the voice of your blog.

We are going to announce your top blogger status to the rest of the investigation profession in an article that will go out to over 6,000 investigators on February 3rd.

"With changing legislation, licensing, laws and crazy stories there's a lot for investigators to keep up with. Many investigators use blogs to share their experiences, provide updates and reviews on products and to discuss experiences with databases. A blog is also a great way to market your business, connect with potential clients and become a leader in your industry. There's a wide array of investigations blogs out there, and since maintaining a blog is no easy feat PInow decided to compile a list of the top investigation blogs.

There was no specific, formulaic ranking used when creating the list, but we did take into account industry relevancy, consistency and recency of posts, variety of content and professionalism. Please keep this in mind if you disagree with the rankings."

And, congratulations to all my colleagues who also made the list. Nice to see your hard work is appreciated.
Thanks, PInow.com!

The Apple Bug That Let Us Spy on a Total Stranger’s iPhone

via Gizmodo...

Every single iMessage to and from this man's iPhone—his friends call him Wiz—has been sent to us by accident. We know about his job, sex life, and address. Apple, you might want to fix this. The story is simple... this is like a wiretap we didn't ask for—and Wiz has no idea I'm looped in on the whole thing. He texts throughout the day like usual, oblivious to the snooping. Now we see just how big of a deal this obscure "bug" is: Your entire personal life could be flung open, and you'd never know. Take our word for it—we've gotten to know Wiz pretty well. (more)

P.S. They even figured out that "Wiz" is an Apple employee, and at which store.

SpyCam Story #645 - Today in Video Voyeurism

Scotland -  A spy camera has been found hidden in a changing cubicle at a Scots leisure centre. Police are investigating the discovery of the pinhole camera at a sports facility in Fife. The tiny device was spotted by a male gym user getting changed at the Beacon Leisure Centre, Burntisland. The find sparked searches of at least eight other sports facilities in the area.

One worker, who did not wish to be named, said: “I believe this has been happening at other places in Fife as well. “I think the public should know what’s going on. A man found the camera in a cubicle and handed it in. (more)

WA - The Spokane County Sheriff’s office is investigating reports of voyeurism by a security guard at a North Spokane Fred Meyer... A search warrant says “the video is not clear enough to show him holding his phone in his hand at the time of the contact, but preceding footage shows he was using his phone and kept it in his hand.” (more)

WA - A woman called 911 to report a man was inside the women's locker room of LA Fitness in Tukwila taking photographs, according to Sgt. Eric Lund with the Tukwila Police Department. The woman confronted the man and he fled. About an hour later employees of the Fairwood LA Fitness identified the suspect (he was a member who checked in). Tukwila officers and King County deputies arrested the suspect in Fairwood. (more) 

FL - A Marion County Sheriff’s Office corrections officer and a health care official employed at the county jail were arrested Wednesday in connection with video voyeurism of young children in a joint investigation involving sheriff’s detectives and the Florida Department of Law Enforcement. (more)

The French Cuff Connection - For the Well-Dressed Bond

Polished Silver Oval WiFi and 2GB USB Combination Cufflinks.
These cufflinks feature 2GB USB storage plus they provide a WiFi hotspot to multiple devices! You can also access media servers from the host computer. Perfect for business meetings, travel and techies everywhere.

WiFi Connection
Simply download the accompanying installation software to an Internet ready host computer, insert the USB hotspot cufflink into that computer’s USB port, and the computer then becomes a high-speed WiFi hotspot. It also enables the computer to wirelessly share media files with electronic devices like tablets and smartphones.

What Connects?
Smartphones, tablets or any other wireless device! (more) 

Spybusters Security Tip #721 - Periodically check your computer for items (like these) plugged into the USB ports on the back of your box.

FutureWatch: Mindreading - Advances another step

Opening up the possibility that a sort of mind-reading might one day be possible, scientists say that through a kind of surgical wiretapping they were able to translate brain electrical signals back into single words overheard by patients, and to do it with 89 percent accuracy.

“We’re trying to figure out how the brain decodes acoustics into words,” says study senior author Bob Knight of the University of California-Berkeley...

“The real advance is that it shows we are closing in on the code that the brain uses to give meanings to words,” says New York University neuroscientist David Poeppel. (more) 

Meanwhile, at the Murray Associates, Countermeasures Compound lab... work is beginning on a new brain eavesdropping detection and prevention service.

10 Cell Phones Tips - Before Traveling Overseas

We’ve all seen people on TV and movies casually using their cell phones as they travel to various countries around the globe. No big deal right? Not until you get your monthly statement. Post-vacation cell phone bills are the stuff nightmares are made from. 

Here is the condensed version of the 10 tips cell phone users need to know before traveling overseas. (Full version here.)

1. Plan ahead
2. Call your provider
3. Check bandwidths
4. Get phone unlocked
5. GSM phone
6. Check plans carefully
7. Check data plans
8. Don’t switch too early
9. International charger adapter
10. Change SIM card

Security Director Tip: Prepare here... before it hits the fan.

In any enterprise, stuff happens. When you hear about it, it is probably bad stuff.
Here's a great resource to prevent some of the bad stuff from happening - and to deal effectively with the consequences of the bad stuff that can't be prevented. 

Business Survival(tm) is a blog filled with great information and resources for key decision-makers from Rothstein Associates Inc.  

It covers:  
• Business Continuity, 
• Disaster Recovery, 
• Enterprise Resilience, 
• Crisis Management, 
• Crisis Communication, 
• Emergency Management, 
• Risk Management and 
• Root Cause Analysis.  

Recent posts include:
Role of Social Media in Crisis Communication
Thousands of Industrial Systems Unwittingly Hooked Up to Internet 

New Models for Addressing Supply Chain and Transport Risk 

Solar flare impacts life on Earth 

How to improve your disaster recovery preparedness
 
Business Survival(tm)  has been published (in various formats) since 1997 by Philip Jan Rothstein - FBCI. Bookmark this gem, and check-in frequently, or you can subscribe for free, here.

1960's - 1980's Spy Satellites Now Museum Pieces

Three formerly classified spy satellites went on public display Thursday at the National Museum of the U.S. Air Force, in Dayton, Ohio.

The satellites -- Gambit 1 KH-7, Gambit 3 KH-8 and Hexagon KH-9 -- were among the most important U.S. photo reconnaissance systems from the 1960s to the 1980s, according to an Air Force report. They used specially-designed film and cameras to take photos from orbit. (more)

SpyCam Story #644 - The Faculty Restroom Can Cam

AR - A former Lavaca Middle School science teacher received a five-year suspended sentence Wednesday after pleading guilty in Sebastian County Circuit Court to video voyeurism.

Michael Allen Clark, 44, was arrested May 20 after he admitted to an Arkansas State Police investigator that he placed a school-issued video camera in the faculty restroom at the middle school, according to a police report.

The camera was discovered by a custodian in a wicker basket, on a shelf located in front of the toilet in the bathroom. The custodian turned it over to Jerri Schaffer, a math teacher at the middle school. (more)

Weekend Project - OTS Some Spy Gear for $50. or less

DARPA-Funded Hacker's Tiny $50 Spy Computer Hides In Offices, Drops From Drones

Security researcher Brendan O’Connor is trying a different approach to spy hardware: building a sensor-equipped surveillance-capable computer that’s so cheap it can be sacrificed after one use, with off-the-shelf parts that anyone can buy and assemble for less than fifty dollars.

...the F-BOMB is designed to be a platform for all sorts of applications on its Linux operating system. Outfit it with temperature or humidity sensors, for instance, and it can be used for meteorological research or other innocent data-collecting. But install some Wifi-cracking software or add a $15 GPS module, and it can snoop on data networks or track a target’s location, O’Connor adds.

One version attaches to the Parrot Drone, an iPhone-controllable quadcopter, sucking power off the drone’s rechargeable battery and allowing the user to hover over a target, land it on a roof, or drop the F-BOMB from a hook attachment on the drone. Another version fits inside a carbon monoxide detector, and can be plugged into a wall socket to hide in plain sight inside a target’s building. (more)

SpyCam Story #643 - The Town Hall Spy

Shirley Town Hall

MA - A former Shirley town administrator has pleaded guilty to charges that he videotaped female employees in a town hall restroom, and also secretly wiretapped and spied on other town workers.

Middlesex District Attorney Gerard Leone said Kyle Keady pleaded guilty Friday in superior court in Woburn and was sentenced to three years in prison, followed by seven years' probation. Keady was fired after he was charged in 2010.

He pleaded guilty to charges including video recording a person in a state of nudity, wiretapping and breaking and entering.

Just coincidence?

Prosecutors said Keady put a pen camera in the ceiling above a women's restroom stall, and recorded other workers in offices more than 100 times, using pen devices, video cameras and a baby monitor. He also allegedly broke into one home four times. (more)