Thursday, April 10, 2008

"Pick-up in aisle Ten."

Supermarket chain Lidl has apologised to staff after being accused of systematically spying on them.

It took out of series of newspaper adverts in Germany saying: "We regret it profoundly and apologise explicitly if co-workers feel discredited and personally hurt by the described procedures."

Earlier German magazine Stern reported that Lidl had hired detectives who installed surveillance cameras to monitor the staff's work performance, and even to find out how often they used the toilets and whether they had affairs with co-workers. (more)

But wait! There's more!
Germany was shocked to learn that Stasi-like techniques were used to spy on employees of supermarket giant Lidl. Now a report has emerged showing that the chains Plus and Edeka may have done the same... (more)

And, more!
BT has admitted that it secretly monitored customers' internet surfing activities in trials of new software in 2006 and 2007. (more)

Idea for new sitcom... Plain Stupid! - "Should you be caught, we will disavow any..."

A spy who infiltrated a direct action anti-aviation group has been exposed after making a series of elementary errors that aroused the suspicions of genuine activists.

Toby Kendall joined Plane Stupid, the group that occupied the roof of the Houses of Parliament last month, after graduating from Oxford last year. He told the activists that his name was “Ken Tobias” and said that he was deeply concerned by the impact of the aviation industry on climate change and that he wanted to help to organise protests.


But his habit of wearing a Palestinian scarf with his Armani jeans and designer shirt made some members question his identity. He was also the only member to turn up early to every meeting but had no friends in the activist community...


Plane Stupid began a mole hunt
and, after feeding him false information that found its way within two days to the aviation industry, discovered his real name and employer.


Mr. Kendall, 24, works for C2i International, a counter-intelligence company run by former special forces officers. It claims that its agents are “hand-picked from Special Operations at New Scotland Yard”...

Justin King, C2i’s managing director, claimed to have been unaware of Mr. Kendall’s infiltration of Plane Stupid. He said Mr. Kendall was employed to carry out counter-surveillance such as “debugging company offices”. (D'oh!) (more)

This is a cautionary tale for corporations and protest groups alike.
1. Espionage is multifaceted - eavesdropping, wiretapping, dumpster diving, moles, etc.
2. Failed attempts end up in the newspapers. Successes go unnoticed.
3. Attacks fail when people start looking.
4. Start looking.
In this case, "...a contact at Oxford University recognised a photo we'd taken. Our spy wasn't called 'Ken Tobias', but Toby Kendall - an Oriental Studies student from Wadham College. A quick google search revealed a Bebo page with a photo. Snap! It also took us to Linked In, a high-flying corporate networking site, where 'Ken' claimed to be an analyst at C2i International, working in "Security and Investigations".
Note: Even Austin Powers had a better cover story. Don't expect your mole to be as obvious.

From Alligator Clips to Data Rips

The digitization of information has made wiretapping incredibly easy, while at the same time making legislation around warrants and civil liberties exponentially more complex, said experts during an afternoon panel at RSA yesterday.

“Two and a half years ago, me and my partners at the New York Times exposed a national wiretapping program and we still can't tell what it's all about,” said Eric Lichtblau, investigative reporter, who officiated the panel. (more)

Tuesday, April 8, 2008

"What's in your IT department?"

by Naomi Grossman, bmighty.com
Caught up in the high profile case of Anthony Pellicano -- the detective on trial for racketeering and wiretapping in a case that involves lots of big names in Hollywood -- is the manager of IT security for Conde Nast publications. How exactly did that guy get his job?...


On Gawker, Ryan Tate asks the second most obvious question: "The guy who runs tech security for Condé Nast has admitted lying to the FBI and lending his services to private detective Anthony Pellicano even though he knew Pellicano was tapping people's phones. He's also been accused, in the course of Pellicano's racketeering and wiretap trial, of leaking a pre-publication copy of Vanity Fair that Pellicano mysteriously obtained, and of bragging about bugging the office of his Condé Nast supervisor. So why does he still have a job?"...

...the lessons here go beyond the need to move decisively in hiring and firing. If Reynolds could do that stuff in a huge company like Conde Nast, imagine the damage your IT guy could do in your smaller business -- where there aren't the same resources to weather a disaster. Put the time and effort into checking your IT guys out. Each one could mean the difference between life and death for your company. (more)
Well said!
You've been warned.

Monday, April 7, 2008

India Wants to Eavesdrop on BlackBerrys

BlackBerry users, beware of the snoops. India's Telecommunications Dept. told telecom carriers, Internet service providers, and officials at Research In Motion (RIM), the Canadian company that makes BlackBerrys, that it wants to eavesdrop on transmissions from every BlackBerry phone in the country. To comply, RIM might have to route calls and e-mails through government computer servers based in India. (more)
FutureWatch... Look for other countries to jump on this bandwagon.

Hot Boardroom Topic - Counterespionage

Security is becoming a board-level issue as the number of cyber-attacks and corporate espionage incidents are growing significantly each year...

Few people would dispute the mystique that surrounds the boardroom. This allure has been around for some time, but it was recently heightened by the popular TV series "The Apprentice" with business icon Donald Trump. Boards of directors deal with sensitive issues and handle privileged information, and board meetings themselves call to mind strategy discussion, stock discussions and major contracts.

Taking advantaged of privileged information is illegal. As you can imagine, access to privileged financial and stock information could easily be used for insider trading. The sensitive information and financial data must be controlled in order to comply with Securities and Exchange Commission disclosure requirements.

What you may not think of are the discussions around information security, which has become a board-level issue. Cyber-attacks and corporate espionage are growing significantly year-over-year. In a training program developed by Spy-Ops, the company notes that corporate espionage worldwide is now more than a trillion-dollar problem annually and growing. Data breaches, theft of intellectual property, insider trading and other criminal acts now demand the attention of the board of directors.

"Enterprise risk management discussions and strategies have moved into the executive suites and boardrooms. This is due primarily to the significant implications associated with security breaches," said Paula Cordaro of Spy-Ops.
(more)

S(he) M(aybe) E(arliest) R(ussian) S(py) H(ero) - B. Badenov

Russia’s oldest counter-intelligence officer is 100 years young. And although she's long retired, Maria Lyovina is still barred from revealing sensitive details about her work in the past.

She may not look like your archetypal secret agent but Maria Lyovina was catching spies long before the world had ever heard of James Bond.


A great grandmother three times over, her Ulanovsk flat is filled with family photographs. One is a striking image of the young woman German agents came to fear.


Maria was working as a secretary in a Leningrad factory when the Soviet Union entered the Second World War.


She was recruited by Army officers looking for an experienced typist.


She joined SMERSH, a counter intelligence group dedicated to catching traitors and undercover Germans. Its name literally meant ‘death to spies’. (more) (video)

Sunday, April 6, 2008

"Blank Reg! Is that you?"

UK - Yobs wrecked CCTV cameras outside a Preston community centre just 48 hours after they were installed. But pictures of the vandals have been captured on the cameras they tried to destroy.

The community of Tanterton won government funding to put up four cameras at a notorious troublespot near the row of shops and community centre in Village Green Lane. (more) (video)

Wristwatch SpyCam

from the manufacturer's press release...
This Watch Spy Camera and Receiver is the ultimate covert operations kit, the camera in the watch is so small it's practically undetectable and looks absolutely normal.

Smart mounting of the camera results in the image being correctly orientated when the watch is upside down, for example when naturally resting your arm on a table. With stylish brushed aluminum and black a face no one will ever suspect they're being watch by such a well dressed person. The receiver unit comes with a 2.5 inch LCD and the capability of monitoring 4 wireless cameras at a time, playing music and even MPEG 4 movies if the mood takes you. The is quite simply the most covert spy camera we have seen yet and is now available direct to you at Wholesale-Star's excellent wholesale prices. Easily sell this to your eBay customers for great profits and take advantage of Wholesale-Star's drop shipping service. (more)
Yes, the watch keeps time.
Yes, the watch transmits audio, too.

Price Drop!!! GSM Bugs now on sale - $35.00

Alert - The hottest new bugging devices are now among the least expensive. GSM SIM bugs are like cell phones, but without the keypad. Eavesdroppers call and listen from anywhere in the world.

At one time these devices sold for $250.-$500. The price has plummeted to $35.-$55. Why? The same reason their sister product (the cell phone) is often a give-away item... Economy of scale; thus proving consumer demand is fueling mass production.

Corporate Concern...
At these prices, "salting" offices with bugs becomes practical. Imagine... Buy in bulk and get custom silk screening - "Air Quality Monitor - Do Not Disturb." Even if accidentally seen, it might be accepted - "Every office has one of these."

Corporate Solution...
Periodic Eavesdropping Detection Audits are now an integral part of corporate security. Not having an eavesdropping detection program is negligence.

from a seller's web site...
"The GSM SIM Bugs are advanced audio surveillance devices. The SIM spy ear comes with compact design and embedded microphone system. This audio surveillance listening system no need software and no configuration required. Very easy to use. The only one thing you need to do is insert a pre-paid GSM SIM card into SIM card slot of the spy sim bug. Then you could hide it in an inconspicuous location and starts excellent listening surveillance." (more)
Update: The seller has stopped selling this; claiming, "Because they are incompetent." This is likely as early models did not work well, hence the big price drop. Newer models seem to be selling very well, however.

"Sunlight is the best disinfectant."

Trinidad & Tobago - Sweeping legislative changes, including a proposal to regulate the practice of wiretapping in the entire region, are among a series of recommendations agreed to by Caricom Heads of States, Bharrat Jagdeo, the Guyanese president, revealed yesterday.

Speaking to reporters outside of the Grand Ballroom of the Hilton Trinidad where a special security meeting of the Caricom Heads of Government was concluded. Jagdeo disclosed that he had personal knowledge that wiretapping is done throughout the region and revealed that it was agreed by heads of government that the practice should be regulated by legislation.

“People wiretap now,” he said, “but they can’t use it for evidence because it’s done illegally.” (more)

Bet you never heard of CARICOM.
Guess how many countries we are talking about here...
Full Members
Antigua and Barbuda
Bahamas
Barbados
Belize
Dominica
Grenada
Guyana
Haiti
Jamaica
Montserrat
Saint Kitts and Nevis
Saint Lucia
Saint Vincent and the Grenadines
Suriname
Trinidad and Tobago
Associate Members
Anguilla
Bermuda
British Virgin Islands
Cayman Islands
Turks and Caicos Islands
Observers
Aruba
Colombia
Dominican Republic
Mexico
Netherlands Antilles
Puerto Rico (U.S.)
Venezuela

That's a lot of wiretappers who will soon be able to present their evidence in court!
It may also change some old saws...
"Sunny places attract shady characters."
may now become...
"Sunlight is the best disinfectant."

Thursday, April 3, 2008

Spy Buster Locates Sophisticated Wireless Eavesdropping Devices

According to the Freedonia Group, a market research group in Cleveland, Ohio, companies spend over $95 billion annually on corporate security.


One of the fastest
growing areas for this spending is corporate espionage prevention.

Factors in this growth include everything
from globalization to decreased employee loyalty and the fact that the most valuable asset of a corporation these days is information, which can be easier to steal than a piece of machinery.

So what’s a worried executive or security professional to do?
Increasingly, companies and government agencies are turning to firms that specialize in detecting and removing eavesdropping and other surveillance devices... (more)

Wednesday, April 2, 2008

Track My Treads - The TPMS Privacy Blowout

via hexview.com
New technologies always come with privacy issues.
Tire Pressure Monitoring Systems (TPMS) is one of those technologies.


What is TPMS?

TPMS lets on-board vehicle computers measure air pressure in the tires.

How does TPMS work?
In a typical TPMS, each wheel of the vehicle contains a device (TPMS sensor) - usually attached to the inflation valve - that measures air pressure and, optionally, temperature, vehicle state (moving or not), and the health of the sensor's battery. Each sensor transmits this information (either periodically or upon request) to the on-board computer in the vehicle. To differentiate between its own wheels and wheels of the vehicle in the next lane, each TPMS sensor contains a unique id.


TPMS transmits data that uniquely identifies your car!

Here is where privacy problems become obvious: Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna.

Why is this a problem?

If you live in the United States, chances are, you have heard about the “traffic-improving” ideas where transportation authorities looked for the possibility to track all vehicles in nearly real time in order to issue speeding tickets or impose mileage-adjusted taxes...
Guess what? With minor limitations, TPMS can be used for the very purpose of tracking your vehicle in real time with no substantial investments! TPMS can also be used to measure the speed of your vehicle... (remember) car manufacturers know serial numbers of every part in your vehicle, including unique IDs of TPMS sensors.
("Your ticket is in the mail.")


Now, no article is complete unless it mentions terrorists...
It is now super easy to blow up someone's car. There's no need to fix the explosive to the vehicle. No more wires and buttons. No human factor. A high-school kid with passion for electronics can assemble a device that will trigger the detonator when the right vehicle passes by. (more)

"See anything, dude?" (crash!!!) "April Fool"

17-year-old accused of trying to spy
WI - Michael Q. Ruby (17) of Omro, Wisconsin was with two others who were trying to see into a Larrabee Street apartment when Ruby pushed one of the others through the window, damaging the screen.
Ruby told police he and his friends went to the Larrabee Street residence to see if they could find an acquaintance there with underage girls... (more)

Offer of a Murder Surfaces at Wiretap Trial

A hedge fund manager and art collector from New York testified under immunity Tuesday that Anthony Pellicano, the Hollywood private detective accused of wiretapping and racketeering, had once offered to have a movie producer killed for him. (more)