Sunday, March 16, 2008

Are Your Floor Plans Serialized and Accounted For?


UK - Detailed top-secret plans of MI5's fortress HQ have been sensationally handed to News of the World.

The lost 66-page dossier of floor layouts—once used by trusted contractors at the high-security Central London base—would be gold dust to terrorists.


The plans were given to us by a worried member of the public, who got them from a friend who worked at the building and never handed them back.


Our source said: "It's shocking that such high-level paperwork is out of MI5's control. These are many possibilities once a terrorist has detailed information like this."


The drawings, which we have blurred to protect national security [and are no longer shown], detail 11 of the 13 floors at Thames House—the real-life HQ well-known on the outside to viewers of TV's Spooks.


They reveal lift shafts, ventilation pipes and other places perfect for hiding BOMBS and spy TRANSMITTERS. They also show where the fibre optic cables are that transfer electronic data— a godsend for COMPUTER HACKERS. (more)

Wiretapping's true danger (LA Times - Political Opinion)

History says we should worry less about privacy and more about political spying.
By Julian Sanchez

As the battle over reforms to the Foreign Intelligence Surveillance Act rages in Congress, civil libertarians warn that legislation sought by the White House could enable spying on "ordinary Americans." Others, like Sen. Orrin Hatch (R-Utah), counter that only those with an "irrational fear of government" believe that "our country's intelligence analysts are more concerned with random innocent Americans than foreign terrorists overseas."

But focusing on the privacy of the average Joe in this way obscures the deeper threat that warrantless wiretaps poses to a democratic society. Without meaningful oversight, presidents and intelligence agencies can -- and repeatedly have -- abused their surveillance authority to spy on political enemies and dissenters.

...for decades, intelligence analysts -- and the presidents they served -- had spied on the letters and phone conversations of union chiefs, civil rights leaders, journalists, antiwar activists, lobbyists, members of Congress, Supreme Court justices -- even Eleanor Roosevelt...

...Political abuse of electronic surveillance goes back at least as far as the Teapot Dome scandal that roiled the Warren G. Harding administration in the early 1920s. ...

In 1945, Harry Truman had the FBI wiretap Thomas Corcoran...

...John F. Kennedy's attorney general, brother Bobby, authorized wiretaps on lobbyists, Agriculture Department officials and even a congressman's secretary...

...Lyndon Johnson found the tactic useful when he wanted to know what promises then-candidate Richard Nixon might be making to our allies in South Vietnam...

...Johnson famously heard recordings of King's conversations and personal liaisons with various women. Less well known is that he received wiretap reports on King's strategy conferences with other civil rights leaders...

...Few presidents were quite as brazen as Nixon, whom the Church Committee found had "authorized a program of wiretaps which produced for the White House purely political or personal information unrelated to national security."...

...It's probably true that ordinary citizens uninvolved in political activism have little reason to fear being spied on, just as most Americans seldom need to invoke their 1st Amendment right to freedom of speech. But...

...
if you think an executive branch unchecked by courts won't turn its "national security" surveillance powers to political ends -- well, it would be a first.

Julian Sanchez is a Washington writer who studies privacy and surveillance. (more)

Saturday, March 15, 2008

Cell Phone Spying Victim? Tell Your Story.

Have you ever been a victim of cell phone spying?

If your significant other or family member has ever plotted to listen in on your calls, even check your records or download spying software on your phone, we want to hear from you.

GMA is looking for guests who can talk about their experience with cell phone spying.
Fill out the info below and you might just end up on GMA. (more)

On the Road to Thought Eavesdropping

FOP Bug By Cop?

TN - A former Nashville police officer/union organizer has been indicted on federal charges in connection with the break-in and illegal surveillance of a Fraternal Order of Police youth camp.

Calvin Edward Hullett was indicted on bribery, misappropriation of union funds and other charges.

Investigators have alleged the hidden cameras were placed at the Wilson County camp in an effort to discredit the FOP by catching officers engaged in some type of misconduct.

Hullett, a national organizer for the Teamsters, is accused of using union funds to purchase the surveillance and recording equipment. (more with video)

Industrial Espionage in South Korea

Prosecutors were investigating a former LG Electronics technician Thursday for allegedly spying and providing a Chinese firm with South Korea's leading plasma display technology. (more)

7 Security Rules Employees Love to Break

Research from the Ponemon Institute finds that either companies are not setting, or employees are not following, data security procedures in several high-risk areas.

“Data Security Policies Are Not Enforced,” a survey of 893 corporate IT workers, examined the risks associated with storing and transporting sensitive information and looked at how well companies are implementing and enforcing policies to protect against this risk.

1. Copying confidential information onto a USB memory stick.
2. Accessing web-based e-mail accounts from a workplace computer.
3. Losing a portable data-bearing device.
4. Downloading personal software onto a company computer.
5. Sending workplace documents as an attachment in e-mail.
6. Disabling security and firewall settings.
7. Sharing passwords with co-workers.
(more)
122 Federal Aviation Administration safety inspector badges have been stolen or lost in the past five years. The credentials are one of the few forms of identification that give complete and unfettered access to airport facilities, including the cockpits of planes in flight.

"The FAA badge is probably of all the badges just as dangerous if not more so than any other," aviation expert Denny Kelly said.


Kelly, a former commercial pilot and a private investigator, said the badge can give a person free access to nearly every secure area of an airport.


"The FAA badge allows you not only on one airline, plus getting through security, it allows you to get on any airline, any airplane, anyplace," he said. (more) Photo is not representative of stolen ID.

Juju Security... What "badge" can give someone unfettered access to your business - to plant bugs and steal proprietary information, for example? Can you account for all of yours? Is a security amulet really the best solution? Other solutions... 1 2 3

Update: Possible motive for badge theft uncovered!
Special Offer for FAA Employees only...
Located in the Holiday Inn Airport, 2101 S. Meridian is offering FAA employees a 15% discount on their ALL-YOU CAN EAT Lunch Buffet. Just show your ID badge for discount.
Regular price is $9.95 + tax and includes: 21 item salad bar, soup, 2-3 hot entrees, veggies, rolls, dessert bar and drink. Menu selection varies from Bar-B-Q to Italian to Hors Devours.
Lunch hours are 11 a.m. to 2 p.m. on the dates indicated on the calendar.
Call the Holiday Inn at 685-4000 for more information. (more)

Romper Room Magic Mirror 2008

Tune into live surveillance cameras from around the world. Free computer screen saver turns you into Mr./Ms. Panopticon. (more)

Thursday, March 13, 2008

RFID Cards Hacked

Researchers and students of the Digital Security group of the Radboud University Nijmegen have discovered a serious security flaw in a widely used type of contactless smartcard, also called RFID tag. It concerns the "Mifare Classic" RFID card produced by NXP (formerly Philips Semiconductors). Earlier, German researchers Karsten Nohl en Henryk Plötz pointed out security weaknesses of this cards. Worldwide around 1 billion of these cards have been sold.

This type of card is used for the Dutch 'ov-chipkaart' [the RFID card for public transport throughout the Netherlands] and public transport systems in other countries (for instance the subway in London and Hong Kong). Mifare cards are also widely used as company cards to control access to buildings and facilities. All this means that the flaw has a broad impact. Because some cards can be cloned, it is in principle possible to access buildings and facilities with a stolen identity. This has been demonstrated on an actual system. (more)

"I reprogrammed a car fob, Mr. Cheney. Now I control you."

by Chris Soghoian...
A team of respected security researchers known for their work hacking RFID radio chips have turned their attention to pacemakers and implantable cardiac defibrillators.


The researchers will present their paper, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," during the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy, one of the most prestigious conferences for the computer security field...

By reading between the lines (millions of remotely implanted medical devices, able to administer electrical shocks to the heart, can be controlled remotely from distances up to 5 feet, designed by people who know nothing about security), it is easy to predict the gigantic media storm that this paper will cause when the full details (and a YouTube video of a demo, no doubt) are made public. (more)

Security and Spying With Nanotechnology as Tiny Spy Dust Chips Track Your Movements

Nox Defense has released an invisible perimeter defense technology, which combines high-resolution video pictures and radio frequency identification (RFID) tags, sometimes referred to as "spy chips", to track assets and people in real time. The system allows security officers to see a theft or intrusion as it happens, and track a stolen object even if concealed inside a briefcase, under a jacket, or stuffed inside a sock. The FBI is among early adopters of the Nox Intelligent Perimeter Defense system, though has not released details how it will use the system. (more)

"Let's see you tap your way out of this, honey."

Wiretap agent sued for bigamy...
Philippines - A military agent who claimed taping the conversations of President Arroyo and a former poll official in 2004 is facing a bigamy suit in a Quezon City court.

Arlene Sernal filed a complaint against her husband Vidal Doble, a former technical sergeant in the Intelligence Service of the Armed Forces of the Philippines before the sala of Regional Trial Court Judge Rosa Samson Tatad of Branch 105. (more)

Private Investigator Brags About His Bugging

Australia - A Melbourne-based veteran investigator, an old-fashioned human bloodhound who formerly ran the security for one of the local airlines, tells The Sunday Age: "If I wanted to bug your office, you could send 10,000 [de-]buggers in there and they'd never find out. Not unless the bug is live (activated). Otherwise you'd have to physically tear an office or boardroom apart to find it. A smart cookie will be listening across the road … and via a 10-cent capacitor can remotely deactivate the bug until there's something worth listening to."

This old-time operator is a $500-a-day man. "Plus expenses." No matter that there may be millions at stake, that's his price.


"I'm cheap," he says. (more) He is also [your thought here].

Tuesday, March 11, 2008

from EnergyBiz Magazine...
"Corporate espionage is big business. According to the FBI, such theft costs all U.S. companies between $24 billion and $100 billion annually. Interestingly, only about 20 percent of those losses are tied to cyber threats while the majority of them are associated with low-tech schemes such as unlawfully entering open offices." (more)
Eavesdropping, and low-tech espionage tricks, precede cyber-threats. They are also the easiest to spot. Discover the eavesdropping and espionage attacks and the cyber-threats die of starvation. The security secret... You have to look, to discover – on a regular basis. Start your schedule of detection audits, today.