Friday, February 15, 2008

SpyCam Story #431 - Sticky Fingers

Security Guard Arrested For Vending Burglary
NC - A covert machine/changer camera was installed at the location to help determine the cause of these chronic unexplained shortages.

The video revealed evidence that a security guard from the location, a federal facility, was opening a vending machine and stealing cash. This machine was used to store the account vending collections in a mother bag from all the machines. The security guard was taking the cafeteria manager's vending key from an unlocked desk drawer in the cafeteria office. Audit records indicate that this individual stole $1,000 over three months. (more)

This is a commom problem. Many of our counterespionage reports contain this obvious recommendation...
Do not leave keys behind.

The most common offense we see is: Admin locks the executive's office door at night and leaves the keys in their
unlocked desk just a few feet away.

"Would locking the desk help?"
No. Desk locks are easily pickable (or destructible)... as are filing cabinet locks.

"What could be worse?"
Those big key control cabinets which hold all the spare keys!

Most of their locks are as easily pickable as the desk locks... and, by the way, where is this key "hidden"? Can't find the key? Can't pick it? No problem. People rarely secure key-cabinets to the wall properly, anyway. Just grab it and go.

A few key control solutions for you...
FREE - Guide to Developing and Managing Key Control Policies and Procedures
Traka Key Control System
KeyTrak

"An ye, leave nae stone unturned..."

Isle of Arran, Scotland - Local police are on the look-out for a large quantity of rock that has gone missing from Hawthorn Quarry near Whiting Bay. The Forestry Commission alerted the police to the quarry theft last Friday, and are now being forced to install covert video surveillance at the quarry... (more)

SpyCam Story #430 - Spiderman Cam

Australia - A HI-TECH peeping tom rigged his house with an elaborate network of miniature hidden cameras to spy on his housemates, a court was told yesterday.

But police have been unable to view the footage Gold Coast man Rohan Wyllie is suspected to have recorded because he has refused to give them his computer password.

Mr Harris said he discovered an "amazingly small" camera hidden behind the wall and "kilometres" of cable in the roof cavity leading to Mr Wyllie's locked bedroom.

"I followed the wires - they all went from his room and fanned out across the roof trusses," he said.

Ms Chilcott said Mr Wyllie "lived in the roof and in his bedroom" and the roof was like "another home". She said there were so many hidden cameras she lost count "but I can tell you it was more than 10". (more)

Snuggly, The Security Bear speaks...

to... apparently, anyone who can be persuaded by a talking cartoon bear whose head is filled with fluff.

Let's join Snuggly now as he she it explains why a new federal wiretap law is being passed. (video)

Thursday, February 14, 2008

"And, the Number One security threat is..."

"YOU!"

When it comes to security, human threats score much higher than those posed by technology. So says a new survey by consulting firm Deloitte of more than 100 technology, media and telecommunications companies worldwide. (more)

Facing the music in Hitsville

Wall Street Journal - 2/13/08
Hit of the Day
Hezbollah today said the fugitive militant Imad Mughniyeh, who was indicted in the U.S. for the 1985 hijacking of a TWA airliner in which a Navy diver died, has been killed by Israeli agents. Israel denied involvement in his death. (more)

Wall Street Journal - 2/14/08
Quote of the Day
"This guy had it coming to him," former Mossad official Yossi Alpher tells Newsweek, in describing how "there are many intel agencies who had a score to settle with" Hezbollah's Imad Mughniyeh. (more)

Tuesday, February 12, 2008

Ultra-wideband (UWB). Now a TSCM reality.

UWB materializes on an RSA6114A Tektronix spectrum analyzer.

New Eavesdropping Threat. Bug transmissions via Ultra-wideband. Standard eavesdropping detection techniques don't 'see' it.

Research Electronics explains it nicely...
"Ultra-Wide Band (UWB) transmitters represent a new method of RF modulation, typically consisting of extremely narrow pulses (in the range of 250 picoseconds). The modulation scheme is a time division multiplexed system based on the timing of the pulses across a large frequency range. It is suspected that this new method of modulation will likely be used for short-range communications (approximately 10 meters), but other applications will certainly be developed. With a potential frequency band of 2GHz to 10GHz, the new UWB modulation represents some interesting characteristics from the technical security perspective, specifically with regard to the detection of UWB transmissions potentially used in eavesdropping devices."

Murray Associates recognized the threat early.
(from Kevin's Security Scrapbook - February, 2002)

FutureWatch
Ultra-wideband (UWB) makes it debut...
(this will be big)

Applications...
- Ground Penetrating Radar Systems
- Wall Imaging Systems
- Through-wall Imaging Systems
- Medical Systems
- Surveillance Systems
- Vehicular Radar Systems
- Communications and Measurement Systems
Not to mention, low-probability-of-intercept bugging devices.
(Shhhhhh! We told you not to mention that.)

Because of this foresight, Murray Associates can counter UWB eavesdropping threats today. Knowledge and military-level TSCM instrumentation (from REI and Tektronix) are being used now to protect their client family.

Consider the advanced TSCM services of Murray Associates if your current TSCM team can't show you what UWB looks like.

"Please, speak into my lapel."

Wireless CCTV, a UK-based provider of mobile surveillance systems, has launched its 3G body-worn services that are aimed at providing enhanced security to agents in the field.

Wireless says that the systems, which have been developed in response to the growing demand for body-worn surveillance equipment whether overt or covert, offer evidential quality recording of suspects and enable security supervisors to coordinate and carry out tactical operations that involve multiple members. (more)

LinkedIn To Mine User Data For Corporate Espionage

(From Insider Chatter by Donna Bogatin...)
"LinkedIn’s Mike Gamson is touting an impending fee-based “Research Network” aimed at capitalizing on the reams of data LinkedIn houses on those millions of people:


The service will help hedge fund managers and investment banks find people who used to work at a company they’re interested in, or even who is working for a customer of a company they are interested in. (as cited by eWeek)

In other words, insider corporate intelligence, or espionage:

Let’s say I’m thinking about making an investment in a producer of product X. I might want to speak to people that sell that product, people that buy that product, or that used to work at that company as part of my research process to have a better understanding of how valuable that product is.

BUT, “let’s say” the “producer of product X” does NOT want current or past employees talking to hedge funds and investment banks about its proprietary, confidential, insider goings on. LinkedIn’s financial incentives to its “17 million professionals” may nevertheless be hard to resist. Gamson boasts, “If we can begin to help our members make money and help our clients find the right people, that’s when you create value on both sides and we like those situations.”

Corporations about which LinkedIn users divulge insider information to hedge funds and investment banks, however, will undoubtedly NOT “like those situations.” (more)

72% of Scots against CCTV eavesdropping

The Information Commissioner’s Office (ICO) launched its new CCTV code of practice at the Scottish Parliament today, and also released details of a survey of a thousand people in Scotland.

Seventy-two per cent of respondents to the survey were against CCTV cameras which record conversations. This supports an earlier survey in London and South East England which produced similar results (70% against). (more)

Most wall warts just look ugly. This one just looks.

But wait.
There's more...
This wall wart contains a hidden camera and a microphone!
But wait.
There's more...
It also contains a digital audio / video recorder!!
But wait.
There's more...
It can record up to 66 hours of audio and video on its internal 2GB SD memory card!!!
But wait.
There's more...
No long cords to hide.
No wireless transmissions to give it away.
(more)

Why do I mention this?
So you know what you are up against.

Perfect Passwords - GRC's Ultra High Security Password Generator

Every time you visit this page, you get (FREE) a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use.
Example...
If you decide to use these great passwords, you might also need this.

Who Are You (I really want to know... who, who)

Take the Internet Vulnerability Profiling test to see yourself as hackers and data-thieves see you. You may be surprised (and scared) by what you see. Hope you don't see anything. (music to hack by)

2136 Passwords You Should NEVER Use

Check the computer products you own against the manufacturer's default passwords database. (the list)

Think data theft is rare?

Think again.

Massive information theft occurs almost every day.
Every day, other information thefts occur massively.


One example of infotheft from the list below...
"Personal information on customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing. The missing information includes Social Security numbers for about 150,000 people." (Jan 17, 2008)

So far this year; by date, victim and records lost.
Jan. 2, 2008 Workers Compensation Fund (Salt Lake City, UT) 2,800
Jan. 3, 2008 Robotics Industries Association (Ann Arbor, MI) Unknown
Jan. 3, 2008 Dorothy Hains Ele. School (Augusta, GA) Unknown
Jan. 4, 2008 Health Net (Mountain View, CA/CT) 5,000
Jan. 4, 2008 FL Dept. of Children and Families (Osceola, FL) 1,200
Jan. 4, 2008 MD Dept. of Assessments & Tax (Baltimore, MD) 900
Jan. 5, 2008 NM State University (Las Cruces, NM) Unknown
Jan. 7, 2008 Sears/ManageMyHome.com (IL) Unknown
Jan. 7, 2008 Geeks.com (Oceanside, CA) Unknown
Jan. 8, 2008 WI Dept. of Health & Family Ser. (Madison, WI) 260,000
Jan. 8, 2008 University of Georgia (Athens, GA) 4,250
Jan. 10, 2008 Select Physical Therapy (Levelland, TX) 4,000
Jan. 11, 2008 University of Akron (Akron, OH) 800
Jan. 11, 2008 University of Iowa (Iowa City, IA) 216
Jan. 11, 2008 VA Dept. of Social Services (Richmond, VA) 1,500
Jan. 12, 2008 CA State University, Stanislaus (Turlock, CA) Unknown
Jan. 14, 2008 Tennessee Tech University (Cookeville, TN) 990
Jan. 15, 2008 Department of Revenue WI (Lakewood, WI) 5,000
Jan. 15, 2008 Naval Surface Warfare Center (MD) Unknown
Jan. 16, 2008 University of Wisconsin (Madison, WI) Unknown
Jan. 17, 2008 GE Money / Iron Mountain (Boston, MA) 150,000
Jan. 23, 2008 Baylor University (Waco, TX) Unknown
Jan. 24, 2008 Fallon Community Health Plan (Worcester, MA) 30,000
Jan. 24, 2008 OmniAmerican Bank (Fort Worth, TX) Unknown
Jan. 25, 2008 Penn State University (University Park, PA) 677
Jan. 28, 2008 T. Rowe Price Retirement Services (MD) 35,000
Jan. 29, 2008 Georgetown University (Washington, DC) 38,000
Jan. 29, 2008 Wake County Emergency Medical Services (NC) 4,642
Jan. 29, 2008 Horizon Blue Cross Blue Shield (Newark, NJ) 300,000
Jan. 30, 2008 Davidson Companies (Great Falls, MT) 226,000
Jan. 31, 2008 SC Dept. of Health & Environmental (SC) 400
Jan. 31, 2008 University of Minn. Medicine Center (MN) 3,100
Feb. 1, 2008 Marine Corps Bases Japan (Okinawa, Japan) 4,000
Feb. 2, 2008 Diocese of Providence (Providence, RI) 5,000
Feb. 7, 2008 Memorial Hospital (South Bend, IN) 4,300
Feb. 8, 2008 MLSgear.com Unknown

Attention infomasochistics!
You can see all the gory details, going back to 2005, here.

Attention smart security directors!
You can get non-IT Department infosecurity help, here.