A web service that will make it easy and inexpensive to crack the GSM A5/1 encryption protocol, quickly enough for a call that is still in progress, is slated to launch at the end of April. Living right at the intersection of open hardware, open source software, software as a service, and cryptography, the service will reduce the cost and effort of cracking GSM call encryption by at least an order of magnitude.
The service is being developed by members of the GSM Software Project and demonstrates just how much things have changed in the world since the GSM system was designed. Various approaches to cracking both A5/1 (the European standard) and A5/2 (the weaker US standard) have been available for some time but this one is unique in that it should be available to researchers and hackers at the end of April in hosted api form instead of pdf.
Back in 1997, this overview of the GSM system declared that "Enciphering is an option for the fairly paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers." After all, such a radio encoding scheme made the signals invisible to typical radio band scanners.
Today, however, the availability of the Universal Software Radio Peripheral (USRP), an open hardware software defined radio that sells for about $700, combined with work being done at GNU Radio project to codify the GSM waveform (also targeted for the end of this month), makes this once reasonable point of view seem quaint. Good encryption is now a must and it appears that A5 no longer qualifies. (more)
Friday, April 18, 2008
Wannabea Spy?
The Shin Bet website now features recruitment blogs by four high-tech spies.Israel’s domestic intelligence agency shed some of its shadowy mystique three years ago when it went online to draw new applicants. Recently, the site launched a new page, on which four Shin Bet computing experts discuss what they like about their jobs.
The Hebrew-language texts are sparing on details, with only silhouette portraits of the authors, whose names are withheld. Security sources said the Shin Bet hopes the blogs will help win over recruits from the private high-tech industry. (more) (What does a Spy look like?)
Thursday, April 17, 2008
Night Flight
Two men attempting to board a plane to China with nearly a dozen sensitive infrared cameras in their luggage were arrested... Yong Guo Zhi, a Chinese national, and Tah Wei Chao, a naturalized U.S. citizen, were arrested for investigation of trying to take thermal imaging cameras with potential military use to China without the proper export licenses... Ten of the cameras, which measure about 2 inches square and cost about $5,000 each, were found in the men's checked luggage... (more) (related video) (the other Night Flight)
Corporate Espionage - Contractor Pleads Guilty
A U.S. Department of Defense (DOD) contractor from Baltimore pleaded guilty today to conspiring to steal competitive information concerning contracts to supply fuel to DOD aircraft at locations worldwide, the Department of Justice announced.
Matthew W. Bittenbender has entered into a plea agreement, filed in U.S. District Court in Baltimore, where he was originally charged on January 7, 2008. According to the terms of the plea agreement, which is subject to court approval, Bittenbender has agreed to cooperate in the government's investigation...
...Bittenbender conspired to steal trade secrets from his employer Avcard, a division of Kropp Holdings LLC, and sell that information to his competitors, FERAS, and Aerocontrol. In return, Bittenbender received cash and a percentage of the profit earned on the resulting fuel supply contracts. According to the plea agreement, Cartwright, Wilkinson, FERAS and Aerocontrol, in turn, used that information to underbid Avcard at every location where the companies were bidding against each other. Avcard ultimately lost each of the contested bids. (more)
Matthew W. Bittenbender has entered into a plea agreement, filed in U.S. District Court in Baltimore, where he was originally charged on January 7, 2008. According to the terms of the plea agreement, which is subject to court approval, Bittenbender has agreed to cooperate in the government's investigation...
...Bittenbender conspired to steal trade secrets from his employer Avcard, a division of Kropp Holdings LLC, and sell that information to his competitors, FERAS, and Aerocontrol. In return, Bittenbender received cash and a percentage of the profit earned on the resulting fuel supply contracts. According to the plea agreement, Cartwright, Wilkinson, FERAS and Aerocontrol, in turn, used that information to underbid Avcard at every location where the companies were bidding against each other. Avcard ultimately lost each of the contested bids. (more)
Wednesday, April 16, 2008
"...and she went to the hospital to have it removed! Blahaaaaaa..."
Australia - Attorney-General Robert McClelland says the proposal to let some employers access workers' emails without consent is only being considered as a way to stop cyber terrorist attacks.
He says it would not be targeted at personal communications.
"What you would be looking and permitting access to is information that would reveal an attempted infiltration," he said.
But deputy Opposition leader Julie Bishop says...
"Employers should not be burdened with the responsibility of intercepting emails involving staff suspected of behaviour that threatens Australia's national security."
"This places an unfair surveillance responsibility upon employers and effectively requires them to undertake what is a potential criminal investigation." (more)
Seriously bad idea...
- Pay IT guy to do a government intelligence agents' work?
- Pay twice!?!? Salary for IT guy and (via taxes) government intelligence agents'.
- Conflict of interest? Employees spying on friends and colleagues?
- Entrust national security to an army of untrained private employees...
- ...whose work product might equal less than educated guesswork?
- ...who may be tempted to use the snoop power for personal gain?
- Not to mention: loss of regular business productivity, opening new avenues of corporate espionage, data vulnerabilities, etc.
Outsourcing your job responsibilities should not be an option; especially when you have been entrusted with national security.
He says it would not be targeted at personal communications.
"What you would be looking and permitting access to is information that would reveal an attempted infiltration," he said.
But deputy Opposition leader Julie Bishop says...
"Employers should not be burdened with the responsibility of intercepting emails involving staff suspected of behaviour that threatens Australia's national security."
"This places an unfair surveillance responsibility upon employers and effectively requires them to undertake what is a potential criminal investigation." (more)
Seriously bad idea...
- Pay IT guy to do a government intelligence agents' work?
- Pay twice!?!? Salary for IT guy and (via taxes) government intelligence agents'.
- Conflict of interest? Employees spying on friends and colleagues?
- Entrust national security to an army of untrained private employees...
- ...whose work product might equal less than educated guesswork?
- ...who may be tempted to use the snoop power for personal gain?
- Not to mention: loss of regular business productivity, opening new avenues of corporate espionage, data vulnerabilities, etc.
Outsourcing your job responsibilities should not be an option; especially when you have been entrusted with national security.
Tuesday, April 15, 2008
Data Land Mines
1. A slip of the finger reveals the company secret.
- Turn off that auto-fill feature.
2. People give away passwords and other secrets without thinking.
- Engage brain. Shut mouth.
3. A trusted partner ends up not being so trustworthy with your data.
- Share sparingly.
4. Web-based apps can be portals to leaks and thieves.
- VPN it instead.
5. Hoping the worse doesn’t happen only makes it worse.
- Plan for disasters.
6. Avoiding or diluting response leadership makes breaches worse.
- Designate a buck-stopper.
7. Handling breach details sloppily tips off the perp.
- Practice 'need-to-know'.
8. Trusting "silver bullet" technology hides real threats.
- There ain't no Lone Ranger.
9. Spending unthinkingly wastes resources you might need for important threats.
- Gauge threats.
10. Don't save the wrong data.
- Only store what you need.
(more)
- Turn off that auto-fill feature.
2. People give away passwords and other secrets without thinking.
- Engage brain. Shut mouth.
3. A trusted partner ends up not being so trustworthy with your data.
- Share sparingly.
4. Web-based apps can be portals to leaks and thieves.
- VPN it instead.
5. Hoping the worse doesn’t happen only makes it worse.
- Plan for disasters.
6. Avoiding or diluting response leadership makes breaches worse.
- Designate a buck-stopper.
7. Handling breach details sloppily tips off the perp.
- Practice 'need-to-know'.
8. Trusting "silver bullet" technology hides real threats.
- There ain't no Lone Ranger.
9. Spending unthinkingly wastes resources you might need for important threats.
- Gauge threats.
10. Don't save the wrong data.
- Only store what you need.
(more)
"Afghanistan banana-stand!"
Police in Italy have issued footage of a man who is suspected of hypnotising supermarket checkout staff to hand over money from their cash registers.
In every case, the last thing staff reportedly remember is the thief leaning over and saying: "Look into my eyes", before finding the till empty. (more) (video)
('SNAP' of fingers)
Wake up!
In every case, the last thing staff reportedly remember is the thief leaning over and saying: "Look into my eyes", before finding the till empty. (more) (video)
('SNAP' of fingers)
Wake up!
Sunday, April 13, 2008
...and, 85% declined to answer.
"Me, My Spouse and the Internet"Oxford Internet Institute, University of Oxford,
Survey Results...
• 20% of married Internet users admitted to reading their partner’s emails and text messages; and
• 13% to having checked their partner’s browser history.
More than 6,000 married people were invited to take part in the study. The final sample involved 929 couples, with both partners completing a questionnaire. (more) (Project website.)
Surveillance Desensitization Continues
Hal Niedzviecki writes...
I ask (Ursula) Lebana how things have changed since she opened Canada’s first spy store back in 1991.
“People who came into the store at that time were quite shocked,” she tells me. “They never realized cameras were that small. They said, ‘Oh my God, that’s scary. And isn’t it terrible to monitor the nanny? Where’s the trust?’”
Sixteen years later, business is booming. “Now people say, ‘Oh, I want a hidden camera,’” says Lebana, who has since opened SpyTech locations in Ottawa and London, Ontario. “They are more willing to use them now. They’re more familiar with it. I’m even getting repeat customers... (more)
I ask (Ursula) Lebana how things have changed since she opened Canada’s first spy store back in 1991.
“People who came into the store at that time were quite shocked,” she tells me. “They never realized cameras were that small. They said, ‘Oh my God, that’s scary. And isn’t it terrible to monitor the nanny? Where’s the trust?’”
Sixteen years later, business is booming. “Now people say, ‘Oh, I want a hidden camera,’” says Lebana, who has since opened SpyTech locations in Ottawa and London, Ontario. “They are more willing to use them now. They’re more familiar with it. I’m even getting repeat customers... (more)
"Youz gotta problem with dat?!?!"
from The Bay City Times Opinion page...
MI - When The Times looked into the money that road commissioners lavished on themselves, we found a board besotted with inflated retirement benefits and fancy junkets.
We also found that one commissioner, now retired, had used a Road Commission credit card to give himself quick loans at casinos. In another instance, the commission's former finance director was caught using a tape recorder to eavesdrop on employees.
In the lives of private citizens, both incidents might have resulted in felony charges. But in the buddy-buddy world of government, no charges stuck. (more)
MI - When The Times looked into the money that road commissioners lavished on themselves, we found a board besotted with inflated retirement benefits and fancy junkets.
We also found that one commissioner, now retired, had used a Road Commission credit card to give himself quick loans at casinos. In another instance, the commission's former finance director was caught using a tape recorder to eavesdrop on employees.
In the lives of private citizens, both incidents might have resulted in felony charges. But in the buddy-buddy world of government, no charges stuck. (more)
Saturday, April 12, 2008
Wireless Color SpyCam Pen
from the seller's web site..."Our covert Wireless Spy Cam Pen is ideal for undercover assignments, wear it innocently on your shirt pocket, place it on a desk, attach it to an organizer, or just start writing with it like you would a normal pen — all while transmitting live high-quality color video images. It’s the size of a regular pen, so you can bring it with you anywhere.
The Pen Camera cleverly conceals a quality color video camera inside a working pen. Minimal illumination makes it difficult to detect that you’re using it for anything more than writing.
To start transmitting, simply click the top of the pen, yeah it’s pretty cool. Just attach the receiver to any TV or VCR for easy recording, or even a security monitor.
This little hidden camera in a pen has a transmission range of more than 300 ft." (more)
Why do I mention it?
So you will know what you are up against.
SpyCam Story #440 - The Dentist
TX - An Ennis dentist accused of videotaping his female employees in their changing room with a hidden camera pleaded guilty...The employees went to authorities in August after finding a video camera in a room where they changed into and out of medical scrubs at Durbin's dental office. According to an affidavit, the women confronted Durbin, who admitted making video recordings.
Stephen C. Durbin, also a city commissioner in Ennis, got five years of community supervision with deferred adjudication in the plea agreement on a state jail felony charge of improper photography or video recording. (more)
"She said my boy I think someday
You'll find a way
To make your nat-u-ral tendencies pay!
Yooou'llll be a Den-tist!"
SpyCam Story #439 - Action Jackson (update)
CA - Three more victims have come forward in the Jackson spying case that began in October when a woman alerted police she saw a camera lingering above an uncovered opening of a changing room at Holiday Cleaners.Alex Ko, a 35-year-old Pine Grove resident, allegedly recorded digital videos and photographs of women as they undressed in the cleaner's changing room from May to August 2007. Ko runs the business with his parents and siblings. (more) (original story)
Crime Does Not Pay! (No, really, it doesn't.)
According to a new study dug up by Secrecy News, modern-day spies -- at least the ones who get caught -- don't appear to be making much money.The study (.pdf), conducted for the Defense Personnel Security Research Center based on its Espionage Database, concludes that "Two thirds of American spies since 1990 have volunteered. Since 1990, spying has not paid well: 80% of spies received no payment for espionage, and since 2000 it appears no one was paid.” (more)
Subscribe to:
Posts (Atom)