Sunday, May 18, 2008

The Geek Chorus Wails, "Beware VoIP. Shun GSM."

"Be careful what you say over that mobile phone or VoIP system."
The most widely used mobile phone standard, GSM, is so insecure that it is easy to track peoples' whereabouts and with some effort even listen in on calls, a security expert said late on Saturday at the LayerOne security conference.

"GSM security should become more secure or at least people should know they shouldn't be talking about (sensitive) things over GSM," said David Hulton, who has cracked the encryption algorithm the phones use. "Somebody could possibly be listening over the line."

For as little as $900, someone can buy equipment and use free software to create a fake network device to see traffic going across the network...

VoIP systems based on open standards are not encrypting the traffic, which leaves them at risk for eavesdropping, forged or intercepted calls and bogus voice messages, he said, adding that there are numerous tools for doing that, with names like "Vomit" and "Cain and Abel." (more)

Saturday, May 17, 2008

Wiretapping PI Pellicano Convicted

A Hollywood private investigator was convicted Thursday of federal racketeering and other charges for digging up dirt for his well-heeled clients to use in lawsuits, divorces and business disputes against the rich and famous.

Anthony Pellicano, 64, was accused of wiretapping stars such as Sylvester Stallone and running the names of others, such as Garry Shandling and Kevin Nealon, through law enforcement databases to help clients in legal and other disputes.

Pellicano was found guilty of all but one of the 77 counts against him. He looked at the judge with his arms crossed and didn't react when verdicts were read. (more)

Comverse - Smells like Sneakers

"Martin Bishop is the head of a group of experts who specialise in testing security systems. When he is blackmailed by Government agents into stealing a top secret black box, the team find themselves embroiled in a game of danger and intrigue. After they recover the box, they discover that it has the capability to decode all existing encryption systems around the world, and that the agents who hired them didn't work for the Government after all..."
...and now the news...

Friday, May 16, 2008

"My password is stronger than your password!"

"Oh, yea... Prove it!"
...even strong passwords can be cracked in seconds using an open source tool called Ophcrack.


Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days. (by Scott Sidel)

SpyCam Story #447 - The Neighbor

Q. "I am being overlooked by a neighbor's camera and was just wondering if there was a anything that could interrupt or jam the filming/picture of a WIRED night/day cctv. Any ideas would be much appreciated. Many thanks."

A. I love easy questions. Once you have tried all the civil things (a polite request to re-aim the camera, threat of filing a voyeurism complaint with the police, etc.) there is always the sharp stick in the eye approach.

Here is what other people are doing...
Ouch #1
Ouch #2
Ouch #3
Ouch #4
Ouch #5
Good luck!
Kevin

Wednesday, May 14, 2008

DIY Spy Tip #089 - "...with 'friends' like you..."

If you are still relying on Google to snoop on your friends, you are behind the curve.

Armed with new and established Web sites, people are uncovering surprising details about colleagues, lovers and strangers that often don't turn up in a simple Internet search. Though none of these sites can reveal anything that isn't already available publicly, they can make it much easier to find. And most of them are free.

Zaba Inc.'s ZabaSearch.com turns up public records such as criminal history and birthdates. Spock Networks Inc.'s Spock.com and Wink Technologies Inc.'s Wink.com are "people-search engines" that specialize in digging up personal pages, such as social-networking profiles, buried deep in the Web. Spokeo.com is a search site operated by Spokeo Inc., a startup that lets users see what their friends are doing on other Web sites. Zillow Inc.'s Zillow.com estimates the value of people's homes, while the Huffington Post's Fundrace feature tracks their campaign donations. Jigsaw Data Corp.'s Jigsaw.com, meanwhile, lets people share details with each other from business cards they've collected -- a sort of gray market for Rolodex data. (more)

Report: C-level execs more involved with security

The major data breaches that have received mass media coverage are driving so-called "C-level" executives to become actively involved in their organization's security policies, according to a new report from the (ISC)2.

There are several key "take-aways" from the report, titled "2008 (ISC)2 Global Information Security Workforce" and authored by Rob Ayoub, Frost & Sullivan's network security industry manager.

Ayoub told SCMagazineUS.com that these include the fact that C-level executives are paying attention to security...

"CEOs are asking their security professionals important questions about how they're prepared to not become another TJX," (answers) (more)

SpyCam Story #446 - The Diogenes Dilemma

NY - Matt Walsh finally had his day in front of the NFL, and as far as commissioner Roger Goodell is concerned, this chapter of the Patriots videotaping saga is closed.

Walsh, a former Patriots video assistant who last week turned over eight tapes showing the team recording opposing offensive and defensive signals, met for more than three hours with Goodell yesterday. In the commissioner’s view, he offered no new information worth reopening the league’s investigation into the Patriots’ videotaping practices.

Goodell said Walsh told him there was no tape of the Rams walkthrough prior to Super Bowl XXXVI. He said Walsh was unaware of any other violations of league policy, including the bugging of locker rooms, manipulation of communications equipment, or miking of players to pick up opposing signals...

He also told the commissioner that he had helped a small number of players scalp between eight and 12 Super Bowl tickets. (more)

Tuesday, May 13, 2008

From Spy Novels to CIA Papers

Washington, DC - Georgetown University’s newest addition to its special collections delves deep into the world of spies, espionage and secret intelligence...

Most recently, the university acquired a special collection from the family of the late Richard Helms, director of the Central Intelligence Agency from 1966 to 1973. Personal and professional papers and photographs paint a picture of a nation in turmoil from the Vietnam and Cold Wars – and how that turmoil forced U.S. intelligence gathering to adapt.

The library’s espionage and intelligence division stands as just one subset of an overall special collection that boasts 100,000 rare books and 7,000 linear feet of manuscripts in addition to art and other media. The division began in earnest 25 years ago with the Russell J. Bowen collection, comprising of thousands of nonfiction books on intelligence. Bowen had worked for the CIA as a senior foreign technology analyst in the areas of non-nuclear energy and illegal technology transfer.

Georgetown celebrated the new collection, which will be on display at Lauinger Library (Gunlocke Room) through May 31. (more)

Spycraft 101: CIA Spytechs from Communism to Al-Qaeda

Tuesday, 3 June; 6:30 pm
Rubber airplanes, messages planted inside dead rats, and subminiature cameras hidden inside ballpoint pens…

Science fiction? Q’s imaginary tools? Think again. These are just a few of the real-life devices created by the ultra-ingenious CIA Office of Technical Services (OTS).

In support of their new book Spycraft: The Secret History of the CIA’s Spytechs from Communism to Al-Qaedathe former director of OTS Bob Wallace teams up with internationally renowned espionage historian H. Keith Melton to reveal the amazing life and death operations of OTS, the CIA’s shadowy “wizards.”

Presented against a backdrop of some of America’s most critical periods of history—including the Cold War, the Cuban Missile Crisis, and the war on terror—this is a unique chance to go inside the hidden world of America’s “Q” and see many of the actual gadgets.

Rare devices including concealments, microdots, and disguises will be on display, and all attendees will have the opportunity to have their photos taken (bring your own camera please) with an authentic (and official) freeze-dried CIA rat designed for covert communications in Moscow. It will be a memento of the evening you’ll treasure forever!
Tickets: $20 • Members of The Spy Ring® (Join Today!): $16 (more)

Quote of the Day

"Anybody can be a spy now."
– Todd Myers, President, Computer Sights

As a private investigator, Jim Bender has tracked everything from straying spouses to strung-out trust-fund babies - sometimes following them for days at a time.

But thanks to an innovative GPS device the size of a matchbox, he can now stake out a cheating husband without leaving his Fort Lauderdale office. Or, as he has done the last few weeks, help a major company figure out who is draining the diesel fuel from its big rigs.

Technological advances have revolutionized the surveillance business, making devices smaller, cheaper and more effective than ever. And not just for professional snoops like Bender, but for everyday people. (more)

Sunday, May 11, 2008

"Watch the donut, not the hole."

NY - Police arrested a Kings Park Dunkin' Donuts employee at 10:26 pm last Thursday for allegedly setting up an illegal surveillance camera in the shop's women's bathroom.

Danish Qureshi, 25, of Huntington Station, an employee of the Dunkin' Donuts at 101 Pulaski Road in Kings Park, allegedly installed a wireless pinhole surveillance camera in the women's bathroom, according to police. Qureshi was using his wireless laptop computer to observe occupants of the bathroom while he was sitting in his nearby vehicle, police claim.

An area resident who owns similar surveillance equipment called police after he intercepted the signal and observed the bathroom on his television, Suffolk police reported. (more)

Friday, May 9, 2008

She said the man in the gabardine suit was a spy

FB-I said "Be careful his bowtie is really a wi-fi"
Next time you flip open your laptop as you wait for a flight or work at a coffee shop, beware, says the Federal Bureau of Investigation. The person next to you may be stealing your personal bank account information, address book and other files from your computer.

The agency warned earlier this week that the information on your computers may not be protected when using some of the 68,000 Wi-Fi hot spots, or local wireless Internet connections, around the country.

"Odds are there's a hacker nearby, with his own laptop, attempting to 'eavesdrop' on your computer to obtain personal data that will provide access to your money or even to your company's sensitive information," the FBI said in a advisory on its Web site.

Think that's bad, the FBI goes further to warn that if a hacker hooks into your computer, you are also connecting to his computer. That means you could be unknowingly downloading viruses and worms.

Protect yourself:
• Update the security protection on your computer with current versions of operating systems, web browsers, firewalls and antivirus and anti-spyware software.
• When tapped into a Wi-Fi network, don't conduct financial transactions or use e- mail and instant messaging.
• Change the default setting on your laptop so you have to manually select the Wi-Fi network you connect to.
• Turn off your laptop's Wi-Fi capabilities when you're not using them. (more)
Clients... Ask us to demonstrate this during our next eavesdropping detection audit.

FutureWatch - Video Vigilantes

New Zealand - A Christchurch cul-de-sac has thwarted its boy-racer problem with secret video surveillance.

Business owners and the only resident of Dalziel Place in Woolston were fed up with weekly crowds of boy racers converging on their street, doing burnouts, defacing properties and throwing bottles.


Cameras set up by a surveillance company that has its headquarters on the street captured footage of six cars and their drivers breaking the law.

The footage was passed on to police and all six drivers last week had their cars impounded for 28 days. (more)

"World's smallest" GSM bug

from the seller's web site...
The PLM-JNGSMTX08 Micro GSM Listening Device is the pinnacle of GSM listening technology packed into an incredibly small package just 43 x 34 x 17mm. Just insert any SIM card, call the number and you will hear exactly what is going on in your absence.


UK customers can track its location at any time via the internet making it a compact dual purpose surveillance device. Supplied with mains charger and protective carry case. This is the ultimate micro miniature listening device! (more)
Why do I mention it?
So you know what you are up against.