Wednesday, April 2, 2008

Everything You Wanted to Know About the Wiretap Debate in Congress

via wired.com
If you've been having trouble tracking what the various surveillance bills are all about, don't blame yourself -- there's been plenty of misinformation going around. Here's Wired.com's definitive guide to the congressional surveillance debate.

Why is Congress expanding the government's spying authority?
After 9/11, or possibly before, President Bush instructed the nation's spies to begin a secret spying program that reportedly includes data-mining records of U.S. residents' phones, travels and purchases in order to find targets to wiretap. The administration says its warrantless eavesdropping only listened in on international phone calls and e-mails... (more)

Congressman Ordered to Pay in Wiretap Case

A federal judge has ordered Rep. Jim McDermott (D-Wash.) to pay nearly $1.2 million to House Minority Leader John A. Boehner (R-Ohio), settling a legal dispute over McDermott's actions in leaking the contents of an intercepted 1996 conference call involving Boehner and other Republican leaders.

Chief Judge Thomas F. Hogan of the U.S. District Court for the District of Columbia,... had already levied a $60,000 civil fine against McDermott in 2004 for violating federal wiretapping statutes by receiving the intercepted audiotape of the conference call and releasing its contents to several members of the media....

Boehner was speaking on a cellphone in Florida, where his conversation was illegally recorded by a couple who heard it on a radio scanner. (more)

The Case of the Telepathic Ray Gun, or...

..."Does that ringing in my ears bother you?"
via Discovery.com
I know some of you may not want to believe this, but the U.S. government may well already have the ability to beam secret commands to you through the fillings in your teeth. Well, not exactly. But close.
A recently declassified 1998 U.S. Army report, “Bioeffects of Selected Nonlethal Weapons,” describes government plans for a microwave weapon that would transmit voice communication that seems to emanate from within a human target’s own brain. (It was obtained and posted on the Web by Freedom From Covert Harassment & Surveillance, a Cincinnati-based organization that advocates on behalf of people who believe they are being stalked and subjected to “electromagnetic harassment.”)

To quote the report:

Because the frequency of the sound heard is dependent upon the pulse characteristics of the RF energy, it seems possible that this technology could be developed to the point where words could be transmitted to be heard like the spoken word, except that it could only be heard within a person’s head.


This is possible because of something called the Microwave Auditory Effect, which was first discovered during World War II, when people working in the vicinity of radar transponders complained of hearing strange clicking noises that other people nearby didn’t notice. The effect is caused by thermal expansion of the region around the cochlea. In the 1960s, neuroscientist Allan H. Frey, who was the first to publish research on the effect, was able to induce it in human subjects with pulsed microwaves from a transmitter 100 meters away.


It’s unclear just how far the government’s microwave auditory research and development efforts have progressed since 1993, when the report was written... (more)

Tuesday, April 1, 2008

Corporate Espionage Arrest - AMX Corp. V.P.

Short version: AMX Corporation's Vice President, David Goldenberg, was "arrested for allegedly participating in corporate espionage practices against a competing manufacturer's representative firm."

The following is from the Bergen County (NJ) Prosecutor's press release...
NJ - Bergen County Prosecutor John L. Molinelli announced the arrest of David A. Goldenberg, D.O.B. 05/18/1962, of 432 Golf Dr., Oceanside NY. Goldenberg was arrested on March 28, 2008, on charges of Unlawful Access of a Computer System / Network (2C:20-25b); Unlawful Access of Computer Data / Theft of Data (2C:20-25c); and Conducting an Illegal Wiretap (2A:156A-27)...


The arrest stemmed from an investigation concerning the following: The Paramus Police Department received a complaint from a Paramus based corporation known as Sapphire Marketing, who specializes in high-end audio/visual systems. Representatives of Sapphire reported that they were being suspiciously and consistently underbid for contracts by a competitor for whom David Goldenberg works. They expressed suspicion of corporate espionage. Based on anomalies that the complainant noticed within their computer network and more specifically their electronic mail (e-mail) system, they suspected that the company’s e-mail system had been compromised and that e-mail was being intercepted. The Paramus Police Department (a member of the Computer Crimes Task Force) and the Bergen County Prosecutor’s Office Computer Crimes Unit initiated an investigation.

The investigation revealed that Mr. Goldenberg had engineered the passwords protecting several of the complainant’s e-mail accounts. For a period of time, Mr. Goldenberg was intercepting and reading e-mails that related to potential contracts. Mr. Goldenberg then established a free e-mail account that he had control over, and created an automatic forward of the victim’s e-mail so that they would be sent to him directly. This afforded Mr. Goldenberg advanced knowledge of Sapphire’s customers and bid prices, thus further affording him an opportunity to underbid Sapphire. Sapphire Marketing estimates the loss in revenue from Mr. Goldenberg’s actions to exceed one-million dollars. Mr. Goldenberg was arrested without incident on this date. (more) (more - scroll down)

Goldenberg was hired by AMX June 11, 2007
...
“David has a proven track record of satisfying the needs of his customers while boosting sales and profitability. He is also an aggressive marketer focused on value creation,” said Rashid Skaf, AMX president and CEO. “David is a dynamic leader who has proven that he can successfully manage and motivate a diverse team of individuals. I am confident that he will fit well into the AMX culture and accomplish great things with our company.” (more)

The Original Hollywood Wiretapper

By Will Vaus
The trial of private detective Anthony Pellicano, who is charged with 110 counts of racketeering, wiretapping, conspiracy and other federal charges, has been capturing headlines for quite some time. No wonder. Its connections to the mob, eavesdropping on Hollywood conversations and the revolving door of movie industry personalities make for a good read. However, for me and my family, it is déjà vu.

Why? Because my father, "Big Jim" Vaus, was the original Hollywood wiretapper. He launched the practice of listening in on the stars in the 1940s and gained the same sort of notoriety then that surrounds Pellicano now. He was written up in the L.A. papers, and his story has been featured in Time, Life, Reader's Digest and in a 1955 movie, "Wiretapper." (more)

Will Vaus, author of My Father Was a Gangster: The Jim Vaus Story

Recordings of Jim Vaus talking about his life.
More stories about Jim Vaus...

The Hollywood Vice Queen (1948)
Wiretapping in Hollywood (1955)
Why Jim Vaus Quit Wiretapping (1946)

Monday, March 31, 2008

"But, IT said our data was secure."

Data Theft Carried Out On Network Thought Secure
Criminals involved in a massive data breach at the Hannaford Bros. and Sweetbay grocery chains stole the customer information from a part of a computer-network system that security experts had believed was secure.


As many as 4.2 million credit- and debit-card numbers were exposed in the breach.

The Hannaford data, which included customer account numbers and card expiration dates, was stolen between Dec. 7 and March 10. ...it has resulted in at least 1,800 cases of fraud.

A malicious software program, written by the thieves, intercepted the information as it went back and forth over a cable to a transaction processor in Denver. It was then transmitted to an Internet service provider somewhere outside the U.S. The software, known as malware, was planted on computer systems in every store in the two chains, the company says.

...it took a team of about 30 forensics experts and information technologists more than 10 days of round-the-clock troubleshooting to discover the malware. (more) (recent data theft list)

Investigative Techniques for the Trial Lawyer - Wiretapping: Part I

...we have probably all wondered if our conversations via phone were being taped.

There are federal and state (all 50 and DC) statutes governing the use of electronic recording equipment. The unlawful use of recording equipment may not only give authority for civil proceedings against the perpetrator of illegal taping, but may also give rise to criminal charges.

Today’s Bulletin gets right into the meat of how and where the taping of private telephone conversations is allowed...

Interesting exceptions to the rules...
In California, generally an all party consent state, one party alone can record if criminal activity (e.g. extortion) is anticipated or involved.

In Arizona, the subscriber to a telephone service can record telephone conversations with no party consent when criminal activity is involved. (more)

The Case of the Flacid Fob

Researchers from Ruhr University Bochum, Germany, presented a complete break of remote keyless entry systems based on the KeeLoq RFID technology. The shown vulnerability applies to all known car and building access control systems that rely on the KeeLoq cipher. "The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters" says Prof. Christof Paar. "Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key..."

A KeeLoq system consists of an active Radio Frequency Identification (RFID) transponders (e.g., embedded in a car key) and a receiver (e.g., embedded in the car door). Both the receiver and transponder use KeeLoq as encryption method for securing the over-the-air communication.

KeeLoq has been used for access control since the mid-1990s. By some estimates, it is the most popular of such systems in Europe and the US. Besides the frequent use of KeeLoq for garage door openers and other building access applications, it is also known that several automotive manufacturers like Toyota/Lexus (Chrysler, Daewoo, Fiat, GM, Honda, Volvo, VW, Clifford, Shurlok, Jaguar, etc.) base their anti-theft protection on assumed secure devices featuring KeeLoq.
(more)
(Hacker video explaining KeeLoq. Minutes: 36:18 - 41:35)
(How to Steal Cars - A Practical Attack on KeeLoq)

Sunday, March 30, 2008

Mama Hari

...a mother writes...
"It’s a tough call knowing when to spy and when to trust.
Though my own children, 4 and 7, are too young for me to be going through pockets looking for drugs, turning up mattresses looking for porno, etc., I plan on doing those things in their teen years.

In my own childhood, my parents were way too hands-off. Both of my brothers were doing serious drugs in high school and my parents didn’t find out until it was way too late. They wanted harmony in the house and took the path of least resistance. That meant my brothers were allowed privacy, didn’t have an enforced curfew, were given car keys before they could handle that responsibility. My parents prayed maturity would come soon.

With my own children, I’ve learned that I have to stay on top of things. On the computer, my son has tried to order things online. He even asked my mom for her credit card so he could buy a Ben 10 shirt. We’ve found that we need to set the rules for which Web sites he can look at. Anything not on the ‘Kids’ section of our Web browser’s bookmarks is off limits. Still, we walk by often while he’s online, and we remind him he needs to ask if it’s a new site." (more)

Money Talks - Cell Phones Squawk

Spying programs for mobile phones are likely to grow in sophistication and stealth as the business around selling the tools grows, according to a mobile analyst at the Black Hat conference on Friday.

Many of the spy programs on the market are powerful, but aren't very sophisticated code, said Jarno Niemela, a senior antivirus researchers for Finnish security vendor F-Secure, which makes security products for PCs and mobile phones...

One of the latest tools on the market is Mobile SpySuite, which Niemela believes is the first spy tool generator for mobiles. It sells for US$12,500 and would let a hacker custom-build a spy tool aimed at several models of Nokia phones, Niemela said. (more)

Money Talks - Spies Walk

UK - Thousands of Chinese spies are infiltrating Britain in the run-up to the Beijing Olympics.

They are hellbent on stealing scientific, military and industrial secrets in a bid to make China the world's No1 superpower. The spies are recruited from the 90,000 Chinese who visit Britain each year. Forty per cent of them are on business and a third are students.

A Whitehall source said: "They are told to hoover up everything they can get their hands on. "It can be anything from the results of university lab experiments to secret industrial technology." China's targets include banks, power and water companies, telecom firms and even Parliament.

But Foreign Secretary David Miliband fears any crackdown would upset China and jeopardise trade deals worth £20billion. (more)

Saturday, March 29, 2008

"Make a periscope" science class experiment gone horribly wrong?

Wales - A peeping Tom attached a mirror to the end of a piece of wood to spy on his next-door neighbour as she undressed, a court heard...

During the hearing, prosecutor Ian Kolvin produced the home-made spying device which consisted of a strip of wood with a broken piece of glass fastened to one end... "The defendant denied any sexual motivation," said Mr. Kolvin. (more)

"Whatever satisfies the soul is truth." W.W.

NJ/PA - The man who led police on a chase that eventually forced the closure of the Walt Whitman Bridge last Thursday was convinced that someone was bugging his phone and that his family was in danger, according to authorities. (more)

Thursday, March 27, 2008

Jury finds against Providence in wiretapping lawsuit

RI - A federal jury has returned a verdict against city of Providence authorities for illegally recording the phone calls of their employees at a public safety complex. City officials say the jury on Wednesday awarded compensatory and punitive damages of about $525,000... (more)

Wednesday, March 26, 2008

Details emerge about futuristic spy tech

The intelligence agencies have renamed their MASINT program and will now refer to the recondite spy discipline as the Advanced Technical Exploitation Program (ATEP). The name change surfaced in documents that describe a pending acquisition for contractor assistance in merging information from various types of sensors and systems to create cross-disciplinary intelligence...

The acquisition notice asked companies to describe their capabilities in working with the following types of sensors:
• Overhead non-imaging radar.
Synthetic aperture radar.
Spectral detectors.
Thermal infrared.
Ground-moving target indicator forensics.
Line-of-sight radar.
Over-the-horizon radar.
Airborne electro-optical sensors, known as Cobra Ball.
Laser intelligence.
Radio frequency MASINT.
(more)