Spy Device Can Read Book Text from Nearly a Mile Away

Scientists say they've developed a ludicrously keen-eyed laser device that can read the text in a book from a whopping 0.85 miles away.

As detailed in a new paper published in the journal Physical Review Letters, the team used interferometry, a commonly used technique in the world of astronomy that uses superimposed waves of light to create interference patterns, to develop the spy system.... Put simply, researchers applied a technology that space observatories use to a ground-based laser system to zoom across vast distances — with promising and somewhat creepy results. more

Surveillance News in the Digital World

• AI companies, including Google and OpenAI, are intensifying their screening of new hires due to the threat of Chinese espionage. more

• MICROSOFT ADMITS THAT MAYBE SURVEILING EVERYTHING YOU DO ON YOUR COMPUTER ISN’T A BRILLIANT IDEA... After announcing a new AI feature that records and screenshots everything you do, Microsoft is now delaying its launch after widespread objections. The company broke the news in a blog post detailing its decision not to ship the feature, dubbed Recall, on new computers so that it can continue to "leverage the expertise" of its Windows Insider Program (WIP) beta-testing community. more

• Zoom wants to make sure you’re paying attention. The company filed a patent application for “scrolling motion detection” in video calls.

• Chinese Spy Tech Driving Junta Internet Crackdown: Justice For Myanmar... China supplied the spy technology and technicians that allowed Myanmar’s junta to intensify its internet surveillance and censorship late last month, Justice for Myanmar (JFM) said on Thursday, warning that China’s increased support for the junta will cost more lives. This support will allow the junta – which has imprisoned more than 25,000 people since the 2021 coup – to identify and jail more people who express dissent. more

• Canada - Public servants uneasy as government 'spy' robot prowls federal offices... A device federal public servants call "the little robot" began appearing in Gatineau office buildings in March. It travels through the workplace to collect data using about 20 sensors and a 360-degree camera, according to Yahya Saad, co-founder of GlobalDWS, which created the robot. "Using AI on the robot, the camera takes the picture, analyzes and counts the number of people and then discards the image," he said. more

'Big brother' Satellite Set to Launch in 2025

'Big brother' satellite capable of zooming in on ANYONE, anywhere from space is set to launch in 2025 - and privacy experts say 'we should definitely be worried'

Privacy experts are sounding the alarm on a new satellite capable of spying on your every move that is set to launch in 2025.

The satellite, created by startup company Albedo, is so high quality it can zoom in on people or license plates from space, raising concerns among expert that it will create a 'big brother is always watching' scenario.

Albedo claims the satellite won't have facial recognition software but doesn't mention that it will refrain from imaging people or protecting people's privacy. more

How Companies are Using AI to Spy on Slack

Several employers are now using an AI-powered app to analyze and monitor messages across Slack, Microsoft Teams, Zoom, and other platforms.

What spy is this?

It’s called Aware, an Ohio-based startup that launched in 2017, per CNBC, and its clients include Nestle, Walmart, Delta Air Lines, and Starbucks.

It uses AI, trained on previous employee interactions, to analyze messages and determine:

• How various groups of employees feel about the company or decisions it makes.
• If bullying or discrimination is happening.
• If employees are sharing confidential info.
• If employees are sending inappropriate texts, photos, or videos.
• How often teams communicate with one another.

In theory, this makes it easier for employers to stay on top of employee sentiment and potential risks in an increasingly online world. more

Ford's Anti-Eavesdropping Tech Is Straight Out Of A Spy Movie

As in-car Zoom meetings become a reality, Ford wants to protect occupants from eavesdroppers.

Ford has filed a patent for a new motor vehicle workspace with enhanced privacy, effectively preventing eavesdroppers from listening to calls you take in your car. CarBuzz discovered the patent, filed with the United States Patent and Trademark Office, and while it may sound like some James Bond-like technology, it's simply a way to ensure that your conversations aren't being listened to by passersby and other occupants in the vehicle.

As we move closer to higher levels of autonomous driving, the occupants of a car will need something to pass the time. That's why several new vehicles are equipped with teleconferencing facilities. It may sound silly, but don't forget we now live in a world where a Mercedes-Benz E-Class comes standard with TikTok and a selfie camera. more

Intense Competition Leads to Attempted Corporate Espionage

via Lexology - from the Troutman Papper law firm.

Side Note: Troutman Pepper has formed a Corporate Espionage Response Team to help clients combat the increasing incidence of corporate espionage.

Arthur AI, a New York-based AI company, received a request for a Zoom demonstration of its technology from a startup called OneOneThree. The head of technology at OneOneThree, Yan Fung, expressed interest in purchasing Arthur AI’s technology. But there were some immediate red flags.

First, prior to the Zoom meeting, Arthur AI employees recognized that OneOneThree had no website. The Timesarticle says that Fung told Arthur AI at the time that OneOneThree was in “stealth mode,” which is why it had no website. Then, when Arthur AI asked Fung to sign a nondisclosure agreement (NDA), he reportedly asked Arthur AI to “hold off on the NDA,” and Arthur AI agreed.

Despite these issues, a Zoom meeting was arranged to demo the technology. Fung said Karina Patel, OneOneThree’s “main engineer,” would dial in to the meeting. However, during the Zoom meeting, an attendee logged in under the name of Aparna Dhinakaran, which an Arthur AI employee immediately recognized as a founder of Arize AI, a rival startup. When recognized, the attendee quickly logged off. Arthur AI later deduced that Fung was, in fact, an employee of Arize AI named Dat Ngo, and OneOneThree was an inactive company of his.

After the call concluded, one of Arthur AI’s employees messaged Ngo via LinkedIn direct messaging. Ngo responded by trying to recruit the Arthur AI employee, according to the Times article. more

Lessons Learned:

• Require NDAs Every Time.
• Perform Proper Due Diligence and Act Consistently With Your Findings. 
• Only Use Secure Communication Channels and Restrict Recording.
• Train Employees on Spotting and Responding to Potential Threats.
• Conduct a Prompt and Careful Investigation Into Suspected Activity.

Eavesdropping on the Sounds of Your Typing

New acoustic attack steals data from keystrokes with 95% accuracy

(a little background music, please)

A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still dangerously high, and a record for that medium.

Such an attack severely affects the target's data security, as it could leak people's passwords, discussions, messages, or other sensitive information to malicious third parties. more

Investigation-driven Findings Identify Major Spikes in Industrial Espionage Incidents

 Key findings of the DTEX Systems 2022 Insider Risk Report include:

• The ‘Super Malicious Insider’ accounted for 32% of malicious insider incidents...

• 72% year-over-year increase in actionable insider threat incidents;

• 42% of actionable incidents were related to IP and data theft, including industrial espionage incidents related to the theft of trade secrets, source code, and active collusion with a foreign nexus;

• 75% of insider threat criminal prosecutions were the result of remote workers;

• 56% of organizations had an insider data theft incident resulting from employees leaving or joining companies;

• +200% year-over-year increase in data loss associated with users taking screenshots during confidential Zoom and Microsoft Teams meetings; and

• +300% year-over-year increase in employees utilizing corporate assets for non-work activities.

For more than a decade, insider threats have been categorized as either malicious, negligent or compromised. Based on the findings of the DTEX i³ team, a fourth persona has emerged—the Super Malicious Insider. 

The Super Malicious Insider is a technically proficient employee who is acutely aware of an organization’s cyber security architecture, solutions, and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators. more

It is time for your organization to implement a corporate counterespionage plan.

Recent Hot Mic News...

Eavesdropping Bugs and Hot Mics have something in common... both capture private conversations not for publication. Technical Surveillance Countermeasures  (TSCM) inspections can combat the bugging. Hot Mic avoidance is more a do-it-yourself exercise. It requires you listen to your mom's advice, "If you don't have anything nice to say, don't say it."

Judge Ridicules Attorney After Hearing
IL - A Cook County judge this week was caught on a YouTube livestream mocking an attorney who had appeared before him for arguments earlier in the day.

“Can you imagine waking up next to her every day? Oh, my God,” Judge William Raines said of attorney Jennifer Bonjean. “... I couldn’t have a visual on that if you paid me.”

A link to the video of Tuesday’s livestreamed court call was available for viewing as recently as Thursday morning. After Raines had finished hearing cases, he began to chat with two Cook County prosecutors and a Cook County assistant public defender about the legal argument Bonjean had participated in earlier that day. He apparently did not realize the conversation was still being broadcast live on YouTube.

“I’m reliving (Assistant State’s Attorney) Todd Dombrowski’s conversation with Miss Bonjean,” he said, apparently unprompted. “... Did you see her going nuts? Glasses off, fingers through her hair, the phone’s going all over the place, it’s insane.” more

---

Secret Audio Sheds Light on Toppled Dictator’s Frantic Last Hours
Tunisia - The recordings - obtained by BBC News Arabic Documentaries - have been forensically analysed by audio experts who found no evidence of tampering or manipulation...

"When we see that you can come back, we'll let you know, Mr President," Ammar tells Ben Ali...

"There's anger on the streets in a way that I cannot describe," Grira says. He seems keen to be clear with the president, adding: "So that you cannot say that I misled you, and the decision is yours."

Ben Ali tries to defend his reputation. "What have I done to the street? I served it."

"I'm giving you the situation, not an explanation" Grira replies. more

---

WHOU broadcasters fired after hot mic catches -shaming of girls basketball players...

ME - The broadcasters, who didn’t realize their microphones were on, made the derogatory remarks about players in a girls’ game between Central Aroostook and Easton that they were watching on a monitor while they prepared for their game at Caribou.

In a 40-second video posted to Twitter, the two are heard making derogatory comments about the weight of some players. One of the broadcasters was heard to say, “two girls out here extremely overweight. Awful.” Other derogatory comments were followed by laughter.

---

Hot Mic Revenge - The FAUCI Act
DC - After Dr. Anthony Fauci was caught on a hot mic calling Senator Roger Marshall a moron, Marshall publicized his financial records and announced the impending introduction of the FAUCI Act. more

---

Rebecca Maddern's Explosive Leaked Rant About Novak Djokovic
Australia - In a moment that is surely every live TV host's worst nightmare, Rebecca Maddern was caught this week branding unvaccinated tennis champion Novak Djokovic a 'lying, sneaky a***hole' in leaked footage that was never supposed to air. more

---

Hot Mic at Anchorage Community Council Zoom Meeting
AK - Two members of Anchorage Mayor Dave Bronson’s administration attended a community council meeting this week over Zoom to talk about COVID-19 testing and other issues... The two inadvertently left their microphone on during the meeting while speaking to each other, and at one point, Bronson’s director of legislative affairs said he thought someone they had been talking with “needed a little slapping around.” more

 

---

 

Dr. Oz's Hot Mic Moment
A hot mic moment captured Dr. Mehmet Oz seemingly trying to distance himself from the Republican Party despite his Senate run as a GOP candidate.

In a new profile by New York magazine's Olivia Nuzzi, Oz and his wife, Lisa, were overheard discussing Nuzzi as well as a friend of the couple who spoke to Nuzzi about the doctor's recent announcement that he was running in Pennsylvania for the U.S. Senate.

In the story, Nuzzi described a call with Lisa Oz, during which the latter thought she had hung up but had left the reporter on the line as she and her husband "engaged in paranoid conversation and argument for more than four minutes" while Nuzzi listened. more

 

Cautionary Tale: What's Worse Than Being Caught on an Open Microphone?

Being caught on an open camera...

"I believed I was not visible on Zoom," he told Vice. "I thought no-one on the Zoom call could see me. I thought I had muted the Zoom video."

Jeffrey Toobin, 60, also a prominent CNN commentator, has been in demand as the US election campaign intensifies.

The incident, first reported by Vice News, happened during an election simulation involving the New Yorker and WNYC radio last week.

Mr Toobin, in a statement to Vice, said: "I made an embarrassingly stupid mistake, believing I was off-camera." more

Spybuster Tip #840:
• Always assume the mic and camera are live, and act appropriately.

Spybuster Tip #841:
• Know how to use your tech.

The Atlas of Surveillance

Documenting Police Tech in Our Communities. 

Explore 5,300 datapoints in the U.S. collected by hundreds of researchers.

TOGGLE the Legend to reveal how each technology is spreading. ZOOM into any region to see the technologies in greater detail. If an area has no markers, it means it hasn't been researched yet.

Click to enlarge. Go to website to explore. Wired article here.

Eavesdropper Scams Financial Advisor | Prevention Tips

Early in April, a financial advisor and her team met with an insurance company wholesaler via the video conferencing platform Zoom.

Unbeknownst to them, another participant had joined the virtual meeting.

As the hacker captured details, the wholesaler named the price of a new policy and the advisor agreed to the terms.

...It’s likely that even before the meeting ended the eavesdropper generated an email to the advisor so that it appeared to come from the insurer. In a later forensic analysis, an overlooked detail revealed the spoof: a single letter the hacker changed in the insurance company’s name.

After the meeting ended, the advisor received the message with instructions to wire money — in the low six figures — to a New York bank account. She did as instructed, sending the money to the hacker. more

———How to prevent Zoombombing in your video chats in 4 easy steps———

1. Don't use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting. Zoom's support page offers a video walk-through on how to generate a random meeting ID for extra security.

2. Enable the "Waiting Room" feature so that you can see who is attempting to join the meeting before allowing them access. Like many other privacy functions, a skillful disrupter can sometimes bypass this control, but it helps to put another hurdle in their route to chaos.

Zoom offers a support article here as well. To enable the Waiting Room feature, go to Account Management > Account Settings. Click on Meeting, then click Waiting Room to enable the setting.

3. Disable other options, including the ability for others to Join Before Host (it should be disabled by default, but check to be sure -- see below). Then disable screen-sharing for nonhosts, and also the remote control function. Finally, disable all file transferring, annotations and the autosave feature for chats...

4. Once the meeting begins and everyone is in, lock the meeting to outsiders ... and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting. more

'Zoom-bombed' | Salary Cuts Call Eavesdropped on by Rival Company

Staff at national news outlet The Independent were on a ‘confidential and sensitive video’ Zoom call to learn about salary cuts and furloughs when it was ‘zoom-bombed’ by an employee from a rival media organisation. more

Mark Di Stefano, a reporter with the Financial Times, allegedly entered meetings held over the video conferencing app by the Independent and the Evening Standard.

Stefano, according to the Independent, brazenly joined the meeting by using his work email address. This caused Stefano’s name to appear on the call, although his camera remained disabled.

The journalist reportedly joined for 16 seconds before logging out but returned soon after by logging in with his phone number.

Not long after the call, Stefano sent out a series of tweets describing topics that the Independent says were discussed during the staff meeting.

Stefano described information on everything from pay cuts to the outlet’s issues with falling ad revenue. more

Related News...
DHS Reportedly Concerned Zoom May be Vulnerable to Foreign Spies 
The feds are concerned that Zoom’s security flaws could make the popular videoconferencing platform vulnerable to foreign spies, a new report says.

An intelligence analysis from the Department of Homeland Security found that Zoom’s explosive growth and its well-known security problems make it a “target-rich environment” for government spy services and other hackers, ABC News reported Tuesday.

“Any organization currently using — or considering using — Zoom should evaluate the risk of its use,” the department warned in the analysis, which was reportedly distributed to law enforcement agencies around the US. more
...and much more.

Zeroing in on Zoom’s Threat to Financial Services

COVID-19 has induced a significant shift in the way we work. Remote is the new reality.

There may be, however, a tremendous cost to Zoom’s convenience... For many, Zoom has been the answer to staying connected in the workplace.

Simply put, the widespread adoption of Zoom amid a global pandemic might be the security vulnerability of the decade. 

In fact, any financial services organization using the service should immediately assume their user credentials are under malicious parties’ control.

In recent weeks, New York Attorney General Letitia James has probed Zoom’s data security strategy, and whether the company’s security protections can keep up with the spike in users. It is also our understanding the FBI, among other federal government agencies, has also prohibited the use of Zoom and WebEx due to security concerns. more
Suit Claims Facebook, LinkedIn Eavesdropped on Zoom Calls
More Zoom news.

500,000 Hacked Zoom Accounts Given Away - Free On The Dark Web

New users have flocked to the Zoom video conferencing platform as businesses, schools, and other organizations look for ways to meet safely during the Coronavirus pandemic. Unfortunately many of those brand new accounts appear to have been secured with old passwords.

The cyber risk assessment experts at Cyble recently discovered a hacker selling stolen Zoom credentials at dirt-cheap prices — and in some cases giving them away for free.

Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company’s clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys. Cyble reached out and confirmed that the credentials were indeed valid.

Password re-use remains a huge security issue for the general public. Fatigued users feel like they can’t remember yet another password so they set up new accounts using an old stand-by.

The problem is that by now all of those old stand-by passwords have been filed away in databases by criminal hackers. They’re actively using them to break into accounts using brute force attacks.
Usernames, email addresses, and passwords have been exposed by the billions over the past several years. Creating a new account on Zoom — or any service, for that matter — is simply not a good idea.

Hackers will come knocking. It’s not a question of if. It’s a question of when. more

Spybuster Tip # 053 - Upgrade all your passwords.
Spybuster Tip # 054 - Don't worry about having to remember all your passwords. Use a password vault.

Taiwan Joins Canada & More in Banning Zoom

Taiwan's cabinet has told government agencies to stop using Zoom Video Communications Inc.'s video conferencing app, the latest blow to the company as it battles criticism of its booming platform over privacy and security. more

Malaysia - The National Security Council (NSC) has warned that hackers could be listening to their conversations amid increasing use of video conferencing applications during the movement control order (MCO) period. more

New York City's education department is directing teachers and staff to “move away from using Zoom as soon as possible” for virtual instruction purposes due to cybersecurity concerns, department spokesperson Danielle Filson said on Saturday. more 

Google has banned Zoom from its staffers' devices. Google told its employees last week that it would block Zoom from working on their Google-provided computers and smartphones. This move comes after Taiwan tolds government employees not to use Zoom. Earlier, New York schools told its teachers to "gradually transition" from Zoom to another video-conferencing service. more

Zoom’s Encryption Is “Not Suited for Secrets” and Has Surprising Links To China, Researchers Discover

Meetings on Zoom, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto.

Related

Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing

The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.
Zoom could not be reached for comment. more


4/15/2020 UPDATE - More top companies ban Zoom following security fears. more

Being Zoom'ed on Zoom has Organizations Worried, or they should be...

...experts warn that a rush to hold virtual meetings through Zoom, which has close to 13m monthly active users, could pose security risks.

The threat is so significant that British Ministry of Defence staff were told this week that the use of Zoom was being suspended with immediate effect while "security implications" were investigated.

The biggest worry is that a sudden reliance on Zoom could allow opportunistic hackers to quietly observe video calls as executives are focused on responding to the spread of coronavirus.

...the idea of strangers barging into virtual meeting rooms should raise alarm. more

Online Zoom classes were disrupted by individuals spewing racist, misogynistic or vulgar content. Experts say professors using Zoom should familiarize themselves with the program's settings. more

 

Apple Temporarily Disables Walkie Talkie on Apple Watch Over Eavesdropping Concerns

Less than 24 hours after Apple issued a background update to remove a vulnerability in Zoom’s Mac app that installed a surreptitious web server that could activate the video camera without the user’s permission, Apple has disabled another app for a possible security breach. And this time it’s one of its own: Walkie Talkie.

Walkie Talkie was introduced with watchOS 5 as a quicker way to communicate between Apple Watches. Apple promotes it as “a new, easy way to have a one-on-one conversation with anyone who has a compatible Apple Watch.” However, it might not be as private as you think. Apple announced late Wednesday that it was temporarily disabling the Walkie Talkie on the Apple Watch due to eavesdropping concerns. more

FutureWatch: Smartphone Comes with Optical Spy Pen

Click to enlarge.

Electronic pen device having optical zoom – Patent # US 10,198,649 – Feb. 5, 2019

Abstract

The electric pen device includes an optical system including a lens and an image sensor configured to convert an image signal of light that has passed through the optical system to an electrical signal. The electric pen device includes a control board configured to interact with an electronic device and a communication module configured to communicate by wire or wirelessly with the electronic device, so that an image or a picture taken by a camera is confirmed and an optical zoom is controlled from the external electronic device. more

FutureWatch spy implications: Phone may be concealed in the pocket, backpack, or nearby desk drawer. Take high quality photos by aiming the top of the pen, pressing a button, and automatically transmitting the photo back to the phone. Pretty covert. No word about it transmitting audio, yet. Leaving phones outside of the conference room won't be enough. You'll have to check the pens, too. 

Need a spy pen camera you can actually buy today, or worry about being used to steal your secrets? Check here. ~Kevin

Thanks to our sharp-eyed Blue Blaze Irregular in the shadows of Pennsylvania for this.