Thursday, May 3, 2007

Have we gotta phone fur U!

(from gizmodo.com)

The press release says "Controversial Smartphone Spy Software Introduced," and I bit.

It's exactly what you'd imagine: an invisible piece of software, running on Windows Mobile smartphones, picks up the call log and all incoming and outgoing text messages, which it then uploads to an account you can check online. It does it in "total stealth mode," so that the user of the phone can't see it, even if he or she knew where to look.

Suggested uses and more shady details... (more)(more)

Wednesday, May 2, 2007

Phone taps in Italy spur rush toward encryption

Drumming up business would seem to be an easy task for those who sell encrypted cell phones in Italy. All they have to do is browse the major newspapers for likely customers.

Piero Fassino, national secretary of the country's Democratic Left Party, could have benefited from an encrypted phone before comments he made regarding a delicate bank takeover made the front pages.

Luciano Moggi, the former head of the Juventus soccer club, could have used one too. His phone conversations, intercepted by investigators and then leaked to the media, led to Italy's soccer game-fixing scandal.

And Prince Victor Emmanuel might wish that he had a secure cell phone before his conversations, made public, resulted in his arrest last year on charges that he provided prostitutes and dealt in illegal slot machines.

Not even Nicolo Pollari, the former head of Italy's top spy agency, was immune; transcripts of some of his conversations found their way into the newspapers. (more)

Security Misconceptions & The Jersey Bus Driver

In the secret world of Lou Lamoriello there shall be no leaks.

And to make sure, New Jersey's president, coach and GM (of the Jersey Devils) brought his own security, bus and doctors to Ottawa.


He brought four physicians to Ottawa, along with his own security detail and a bus with a New Jersey bus driver. Usually, the visiting team would bring two doctors that would work with the local doctors should a player be injured. That may prompt Ottawa doctors to talk about various injuries to the home team, however unlikely that may be.

Same goes for the security guard, who will man the bench and dressing room, and is a former FBI agent.

Even more unusual, the Devils sent an empty bus from Jersey in order to shuttle the team back and forth from their hotel so as to avoid spilling secrets to an eavesdropping local bus driver. Wow. (more) (more)

Wow, indeed. DIY brain surgery is a safer bet. How about a security briefing for the team? If they don't discuss business in public places, or around outsiders, there will be nothing to leak! Is a Jersey bus driver really more effective than that? Will anyone check the bus, locker room or hotel rooms for bugs? Probably not. What about a subtle disinformation campaign? And, how/why did a Canadian newspaper learn about The New Jersey team's "security strategy" in the first place??? What the team really needs is professional counterespionage assistance.

...thus, obtaining full control of one's head-quarters.

Iran - The Islamic Republic’s Telecommunications Ministry has been empowered by the ayatollahs to eavesdrop on any and all mobile phone calls in the state’s relentless quest to drive out dissipated utterances, debauched SMS and dissolute video messages. ...

Meanwhile, as an adjunct to the crackdown on SMS and MMS traffic, barbers across Iran have been ordered to stop offering men “Western or other unconventional haircuts” on pain of closure of their business and possible imprisonment. (more)

Wal-Mart Faces More Eavesdropping Allegations

Wal-Mart Stores Inc. has used a myriad of tactics, including some that are illegal, to hinder the ability of its workers to form labor unions, a human rights group said in a report to be released on Tuesday.

According to Human Rights Watch, the world's largest retailer has restricted the dissemination and discussion of pro-union views, threatened to withhold benefits from workers who organize, interrogated workers about their union sympathies and sent managers to eavesdrop on employee conversations. ...

Wal-Mart spokesman David Tovar said the Human Rights Watch report is based on "unsubstantiated allegations"... (more)

From the report...
"Wal-Mart has also used several illegal techniques to gather information about union activity while simultaneously pressuring workers to stop organizing. The company has coercively interrogated workers about their and their co-workers’ union sympathies through direct and often hostile questioning and sent managers to eavesdrop on discussions among employees in a proposed bargaining unit. According to former workers and managers fromWal-Mart’s Kingman, Arizona, store, Wal-Mart has also monitored union security cameras on areas where union organizing is most active.15 These chilling effect on workers’ willingness to organize.

Terry Daly, a former loss prevention worker charged with preventing shoplifting at the Kingman, Mart, who was ambivalent about union formation, explained to Human Rights Watch that drive at his store:

"In loss prevention, we were to monitor any activity that we thought might be organized in certain areas. I was told with the cameras that we had to make shots more available, monitor a better area so we could see any activity going on that might be unusual."

He added that, in particular, they were supposed to focus on union leader Brad Jones. “[We were to] monitor cameras and report back what we saw. We needed to find a reason to fire Brad.” 16

15 See below, “VII. Freedom of Association at Wal-Mart: Anti-Union Tactics Deemed Illegal Under US Law,” subsection “Union Activity Surveillance.” The NLRB never addressed the allegations of camera-based surveillance at the Kingman store, however.

16 Human Rights Watch interview with Terry Daly, former Wal-Mart loss prevention worker, Kingman, Arizona, March 17, 2005.

World's Best Crabcakes (still)

Food Spy Diary

May 2001 -
While at the NSA this week I picked up the following bit of
intelligence... "Go to a non-descript strip mall in Linthicum, MD. Look for the 'G&M' sign."

I arrived at 10:54 AM. The door was locked. Other
people were milling around waiting... waiting for their fix. At precisely 11:00 AM the door was unlocked. Everyone filed in and took seats.

According to the Washington Post and the Baltimore Sun, I had
just entered the home of "the best crab cake platter." ... After barely finishing my baseball-sized crabcakes (you get two), I had to agree. These are The Best! ... P.S. You can order them over the Internet. Delivered FRESH (not frozen) by FedEx.

September 2002 - 'G&M' has baseball-sized crabcakes (you get two). Still 'the best'.

May 2007 - Nothing has changed. The place is still non-descript. The parking lot appears to be full of the same cars. The interior still makes me itch. Cryptonerds still populate the tables, and... 'G&M' is still pumping out "The World's Best Crabcakes". (more)

Repo Men Have Spy Problems Too

"I have a friend who owns a small company in a larger city here in the South. Not long ago, he discovered that someone was going thru his trash bin when he rolled it out the night before pick up. He happens to have his office and lot next to another business that has security cameras, one of which also covers the front of his building and trash bin in it's scope. When he asked to see the video from a certain night, he learned it was a longtime employee of a medium sized company that we both worked for at one time.

Apparently this guy was dumpster diving to get at any records that would show who his clients are, fee schedules, etc. When we worked together for this larger company, it was not uncommon for us to be told to go by competitor's lots and write down tag numbers on the repo's to get the lien holder info. ...

The last thing we should have to worry about is our fellow repossessor, yet unfortunately, we all need to realize that they are our biggest threat of all." ~ David J. Branch

Thursday, April 26, 2007

Errant listening aid sparks fears of executive session eavesdropping

RI - Town Councilman Kevin M. Blais may have compromised the confidentiality of a March 28 executive session of the Town Council when he left an assisted-listening device he uses to help him hear better at council meetings unattended in his car that night. ...

The incident has apparently warranted enough concern that the council Wednesday voted 6-1 to notify the attorney general’s office of "a possible/potential compromise" of the executive session in question...

Said Town Manager Michael C. Wood:
"The listening device has a fairly long range
and if someone had the device in their possession they could have listened to the meeting outside of the meeting room and within a reasonable distance of Town Hall."...

"Anyone who had the device in their possession could have been listening to the regular meeting and/or executive session outside of the meeting room. It’s very possible that the integrity of future executive sessions is compromised going forward." ...

"As I had indicated during the April 4 meeting, the wireless device used could compromise the integrity of executive session by virtue of its design and operating frequency," said Blais, adding
(finally the most important comment) that anyone with a scanner could potentially pickup the frequency. (more)

...in other words, all their meeting are bugged!
Funny he should that and allow the broadcast system to remain installed.

...whereupon the laughing cop's earphones fell off.

PA - Three people are accused of participating in a forgery scheme that netted $15,000 in furniture, electronics and frozen food.

Quick jump to the Idiot Award part...

Thomas Richards is charged with 20 counts of forgery and 19 counts each of theft by deception and theft... He also is charged with one count of disclosure of intercepted communications involving a police wiretap for allegedly bragging about "how the state police had wired him up to get his brother in trouble." (more)

Eye See, the Light




























Photo by Henri Banks.

'Evil twin' Wi-Fi access points proliferate

There is little consumers can do to protect themselves from hackers eavesdropping on wireless communications...

The next time you splurge on a double latte and sip it while browsing the Internet via the cafe's Wi-Fi, beware of the "evil twin."

That's the term for a Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers. Unfortunately, experts say there is little consumers can do to protect themselves, but enterprises may be in better shape. (more)

Enterprises are in better shape because they hire counterespionage specialists. As part of the overall eavesdropping / wiretapping detection effort - usually conducted quarterly - they also test for 'evil twins'.

Like Spying? Wal-Mart's Hiring!

Wal-Mart Stores Inc. has been recruiting former military and government intelligence officers for a branch of its global security office aimed at identifying threats to the world's largest retailer, including from "suspect individuals and groups".

Wal-Mart's interest in intelligence operatives comes at a time when the retailer is defending itself against allegations by a fired security employee that it ran surveillance operations against targets including critics, dissident shareholders, employees and suppliers. Wal-Mart has denied any wrongdoing.

Wal-Mart posted ads in March on its own web site and sites for security professionals, including the bulletin of the Association of Former Intelligence Officers, for "global threat analysts" with a background in government or military intelligence work.

The jobs were listed with the Analytical Research Center, part of Wal-Mart's Global Security division, which is headed by former senior CIA and FBI senior officer Kenneth Senser. The analytical unit was created over the past year and half, according to published comments by its head, Army Special Operations veteran David Harrison. (more)

Sheriff's Deputy Convicted of Computer Spying

NY - A Monroe County Sheriff's deputy was convicted Tuesday of felony eavesdropping and misdemeanor official misconduct.

Acting state Supreme Court Justice Stephen Sirkin found Investigator Michael Hildreth guilty of planting spyware on a neighbor's computer. The prosecution alleged that Hildreth conducted an unsanctioned investigation of his neighbor, whom he believed posed a threat to young girls in their Rochester-area neighborhood. (
more)

School finds illicit photos on cell phone

KS - Prairie Village police are investigating reports that a 12-year-old boy used a cell phone to take pictures under girls’ skirts without their knowledge at Mission Valley Middle School.

The alleged incidents were discovered April 16 by school officials acting on a tip. Police said investigators found three pictures of two female students. Police are investigating the matter as eavesdropping, a misdemeanor offense. No charges have been filed. (more)

Attorney Says Prosecutor Bugged Her

KS - A fired Johnson County domestic violence chief said she will fight for her job, which she feels she lost because she complained about the treatment of women in the prosecutor's office.

Jacqie Spradling alleged that District Attorney Phill Kline or one of his assistants planted a recording device in her office to tape her conversations before the firing. She said the alleged bugging came after she sent a memo to Kline saying she thought women in the office were being mistreated.

Kline denies the gender-bias allegations and the claims of electronic eavesdropping. "The comments about listening devices are bizarre, irresponsible and false," Kline said. (more)

Her termination is the latest in a string of dismissals that have come under Kline. Eighteen employees have either been fired or resigned since Kline took office in January. (more)