Friday, October 19, 2007

Unchecked Eavesdropping Kills Bottom Lines

Rarely do we see an exact corporate dollar figure loss caused by eavesdropping and wiretapping. Vodafone must hold the world's record with $136+ million in fines, not to mention good-will and revenue losses.

Greece's telecoms regulator has fined the Greek unit of Vodafone 19.1 million euros
for breaching privacy rules.


The fine is the second imposed over a wiretapping scandal that rocked the country last year. In 2006, Greece revealed that more than 100 people, including the country's prime minister, had their mobile phones tapped around the time of the Athens 2004 Olympics.

In December 2006, Greece's privacy watchdog fined Vodafone Hellas 76 million euros for a "number of infringements attributed to the company", without giving details.

Last month, the privacy watchdog also fined the Greek unit of telecom equipment maker Ericsson more than 7 million euros over the wiretapping affair.

The bugged phones were found to have been tapped mostly before and during the Athens Games by unknown eavesdroppers. (more)

Moral: Ignorance of eavesdropping and wiretapping is no excuse. You need to pro-actively conduct inspections as part of your due diligence.

You think the airport security lines are long now?

The Department of Homeland Security (DHS) has gone to many strange places in its search for ways to identify terrorists before they attack, but perhaps none stranger than this lab on the outskirts of Russia's capital. The institute has for years served as the center of an obscure field of human behavior study -- dubbed psychoecology -- that traces it roots back to Soviet-era mind control research.

What's gotten DHS' attention is the institute's work on a system called Semantic Stimuli Response Measurements Technology, or SSRM Tek, a software-based mind reader that supposedly tests a subject's involuntary response to subliminal messages.

The "player" -- a traveler at an airport screening line, for example -- presses a button in response to the images, without consciously registering what he or she is looking at. The terrorist's response to the scrambled image involuntarily differs from the innocent person's, according to the theory.

Gear for testing MindReader 2.0 software hangs on a wall at the Psychotechnology Research Institute in Moscow. Marketed in North America as SSRM Tek, the technology will soon be tested for airport screening by a U.S. company under contract to the Department of Homeland Security. (more)

Free 'Safe Room' Design Guide

Free, 264-page .pdf book, from FEMA...

"...intended to provide guidance for engineers, architects, building officials, and property owners to design shelters and safe rooms in buildings. It presents information about the design and construction of shelters in the work place, home, or community building that will provide protection in response to manmade hazards."

"...will assist in the planning and design of shelters that may be constructed outside or within dwellings or public buildings. These safe rooms will protect occupants from a variety of hazards, including debris impact, accidental or intentional explosive detonation, and the accidental or intentional release of a toxic substance into the air. Safe rooms may also be designed to protect individuals from assaults and attempted kidnapping, which requires design features to resist forced entry and ballistic impact."

Risk Management Series - Design Guidance for Shelters and Safe Rooms (download)

Thursday, October 18, 2007

16 SpyCams - Vote for the silliest!

from the oobject.com website...
"The progress of technology has overtaken the mystique of the hidden camera such that we have been invaded by a million spy cams embedded in wholesale crap.
Vote for the silliest." (vote here)
Cameras hidden in everyday objects may seem silly... until the lens is aiming at you.

Take, for example, the Number 1 voted 'silly' spycam - the Wireless Hairdryer Spycam. Funny, unless you just stepped out of the shower and are holding one - embarrassing.

SpyCams in the office are worse; embarrassing, with expensive consequences.

We are really good at finding spycams. Here is how we do it... (more)

Spybuster's Tip #102 - Technical Security Website

Bookmark Secunia.
They publish technical security vulnerability alerts every day.
The following is an excerpt from an alert earlier today...


Secunia Advisory: SA27234
Release Date: 2007-10-18

Description:

Some vulnerabilities have been reported in various Nortel products, which can be exploited by malicious people to cause a DoS (Denial of Service) and to eavesdrop with affected devices.

...it is possible to send spoofed "Open Audio Stream" messages to an IP phone. This can be exploited to open an audio channel and eavesdrop with the IP phone. (more)

Find Your Password!

Possibly, the top 10 most common passwords...
• password
• 123456
• qwerty
• abc123
• letmein
• monkey
• myspace1
• password1
• link182
• (your first name)
What? You don't see your password here?!?!
Congratulations.
Source: pcmag.com

iPhone... 'A Perfect Spying Device'

"A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list, and phone hardware," renowned hacker HD Moore said regarding a security vulnerability in Apple's iPhone. "Couple this with 'always-on' Internet access over EDGE and you have a perfect spying device," he added. (more)

HD Moore, one of the developers of the Metasploit pen-testing (and hacking) tool, has posted exploits and detailed instructions on how to attack an iPhone. The information takes hackers -- and the FBI and NSA -- one step closer to being able to remotely and surreptitiously take control of an iPhone and turn it into a surveillance device. (more)

Colleges Take Spying As Serious Threat

OK - High fences. Seven security guards. No, this isn't the look of a low-security prison; it's daily protocol for safeguarding Oklahoma football practice from spies.

Six weeks ago, the New England Patriots made spying a national story, when the NFL punished coach Bill Belichick and the Patriots for spying on the New York Jets.

But long before, college coaches — especially at OU — have taken spying as a serious threat. (more)

Interesting observation...
Business executives (who have much more to lose) don't take spying as seriously as
college athletic departments.

Peeping Neighbor Faces Prison Time (update)

OH - A Jackson Township man pleaded guilty today to spying on his neighbors and having child pornography on his computer.

Aaron A. Ridenbaugh, 32, of 4336 Foxhaven Ave. NW, is charged with:
• Three counts of felony interception of wire, oral or electronic communications.
• Three counts of pandering sexual-oriented materials involving a minor.
• A single count of felony illegal use of minors in nudity-oriented material and performance.

Ridenbaugh also is charged with four counts of voyeurism, all misdemeanors.

In May, township police arrested Ridenbaugh for making a secret audio recording of his neighbors’ sexual exploits. He later admitted to making a recording and told investigators about two prior acts of voyeurism at the same apartment complex.

At the time of his arrest, he was an associate at a law firm in Cuyahoga Falls. (more)

Apparently, everyone got tired.

PA - Rescue crews freed a woman trapped under a sport utility vehicle.

Police said the woman feared her husband was cheating on her. They said she went to spy on him by crawling under an SUV outside her husband’s alleged girlfriend’s house. She apparently fell asleep under the vehicle and became trapped after someone let the air out of the tires.

Police are trying to determine who let the air out of the tires. So far, no charges have been filed. (more)

Spying - Personally Appalling vs. Business Reasonable

First, Progressive Insurance spied on its own customers during a private church confessional.

Then, the CEO admitted the actions on the company's Web page, took full responsibility, described them as "appalling" and apologized. Now, in legal documents Progressive's denying any wrongdoing, saying its actions were "reasonable."

It's all enough to make a cynic out of even the lawyer suing Progressive over the spying incident.

Lawyer Wayne Grant, who represents the couple that sued Progressive, now contends the public apology was just a ruse.

"There is no way you can say appalling can be reasonable," Grant said. "Now they are trying to act as if the CEO never made the statements." (more)

Wednesday, October 17, 2007

Rat Race - Art Immitates Life

Rat Race, an episodic comedy adventure (Sony PS3 computer game) set in a crazy sitcom styled office. ... Rat Race is described thusly: "Sometimes we describe Rat Race as an interactive sitcom, but that doesn’t do it justice. There’s more to the experience than funny dialogue. Along the way you’ll sneak, sprint, solve puzzles, eavesdrop, steal..." (more)
...not to mention your kids will learn sarcasm, wisecracking and generally poor workplace etiquette.
Out just in time for the holiday season.
"Ho, ho, ho!"
Hey, who you callin' a Ho?!?!

Tuesday, October 16, 2007

When does intelligence become spying?

Lessons from the NFL...

"Yes, business spying really does happen. This may be old news, but it’s a timely reminder for those companies wanting to stay out of the courtroom." ...

"When it comes to spying, major corporations sometimes succumb to the same temptation as the Patriots did, with the same embarrassing results. Big names like Oracle, Procter + Gamble, Hitachi, and Hewlett Packard are among the more notable firms that have been accused of spying in recent years. Each incident received embarrassing front-page treatment. The press has a heyday with these corporate moral pratfalls. But are they breaches of the law or just severe ethical lapses? Mike Sandman, Fuld & Company Senior Vice President, was interviewed by CNBC on September 12, about how companies can avoid crossing over the line and still watch their competition." ~ Leonard Fuld, pioneer in the field of competitive intelligence. (more)

Moral: Don't spy... and, don't be someone else's victim.

Monday, October 15, 2007

Workplace Eavesdropping - Hidden Voice Recorder

AL - A hidden recording device was found at a Valley college. The interim president (Lavell Thrasher) of Snead State Community College in Boaz contacted the FBI after a mini-cassette tape recorder was found attached to the underside of a desk. ...

The device was found in the maintenance director's office, who apparently didn't know about it. Employee evaluations have recently been taking place in that office. This incident is still under investigation.

Thrasher doesn't know how long it will take to get to the bottom of it. (more)

This bugging device was found by accident.
Everyone should be so lucky.
Security directors who don't depend on luck call
us.

FutureWatch - The Death of the Cubicle

Cubicles have become jokes.
Their popularity is waning.

One major reason...
Eavesdropping
and privacy issues.

"It (a cubicle) gives you this incredibly false sense of privacy," said Carl Bass, chief executive of software maker Autodesk Inc., who is pushing for more open layouts at his own company. (more)