...from the seller's web site..."Now here's a nifty way of popping your head over the fence to ogle the chapess next door without being spotted or otherwise denounced as a pervy interloper. Instead of popping your head over the fence from a height of 1.8 metres, pop it over the fence in the virtual sense, from a height of up to 25 metres.
Permit us to explain and expound. In all our years of deconstructing fiendishly complex gadgetry here in the lab, deep underground at gadgetshop HQ, we've never before come across a fusion of technologies so inspired as a high performance kite with a remotely-controlled digital camera slung underneath it." (more)
FL - A mysterious box with an antenna found hidden inside a Wal-Mart was a planted spy camera set up to beam customer credit card numbers to thieves in the parking lot, police said. (more) (video)
Over the years the Security Scrapbook has brought several blatant examples of industrial espionage to your attention. Take, for example, the...• Space Shuttle (USA, Russia)
• iPhone
• Nokia phones
• Pocket cameras (pick any of them)
• Twin Magazine Covers
And remember?
• 9/30/02 - Nokia, the world's largest cell phone maker, on Thursday unveiled its first "third-generation" handset, which has a camera so users can view and edit video clips and send them to another phone or an e-mail address. ... Minutes after Nokia's announcement Thursday, rival manufacturer Motorola unveiled new details about its own equivalent handset.
• "The World's Smallest Camcorder." Sony DCR-IP1 MICROMV released. Tuesday, September 02 @ 11:15:00 PDT. Panasonic SV-AV100 camcorder debuted. Friday, September 05 @ 15:30:00 PDT
• 12/2/01 - Two major rivals announce look-alike products.
Same size ad, same magazine - 4 pages away from each other - products offered the same benefits... "drug and explosive" detection, in one instrument.
What is the difference between espionage and a rip-off? Industrial espionage products hit the market at approximately the same time. There is a time-lag with reverse engineering and knockoffs.
See more! See more! See more!
Visit The Plagiarius Competitions and the Museum Plagiarius.
...and this is just in the past two weeks...
• Eleven people from at least five different countries are facing charges for their involvement in a wide-ranging scheme to hack into nine US companies and steal and sell more than 40 million credit and debit card numbers. "As far as we know, this is the single largest and most complex identity theft case that's ever been charged in this country," Attorney General Michael Mukasey said. Officials said the ring had stolen hundreds of millions of dollars. (more) ...when federal prosecutors disclosed that computer hackers swiped more than 40 million credit-card numbers from nine retailers in the biggest such heist ever, it was the first time that many shoppers had heard about it. That's because only four of the chains clearly alerted their customers to breaches. (more)
• About 150,000 people in the US have been affected by the theft of laptops with personal information about current and former employees of brewing giant Anheuser-Busch. (more)
• A new report from the California Department of Public Health discovered that 127 UCLA Medical Center employees viewed celebrities' medical records without permission between January 2004 and June 2006, which is nearly double the number first reported earlier this year. (more)
• UK - Data protection experts have called for hospitals to use more effective encryption techniques after a laptop containing the personal data of thousands of patients was stolen. An unnamed manager at Colchester Hospital in Essex has been sacked as a result of the theft... (more)
• Security researcher Joe Stewart has identified a Russian gang that infected 378,000 computers with malware over a 16-month period in an effort to steal passwords and other information. (more)
• Ireland - The loss of a laptop containing 380,000 records of social welfare and pension recipients is a wake-up call for the Government and public and private sector bodies to ensure all staff are trained properly in data protection and use of encryption. (more)
• The Transportation Security Administration suspended Verified Identity Pass from enrolling travelers in its pre-screening program after a laptop computer containing the records of 33,000 people went missing.
The company, based in New York, lost possession of the laptop at San Francisco International Airport. The laptop contained unencrypted pre-enrollment records of individuals... (more) UPDATES: ...unencrypted laptop was found in the same office from which it was reported missing. (more) The U.S. Transportation Security Administration has cleared Verified Identity Pass to resume enrollments in its Registered Traveler program... (more) The laptop had been stolen, but was returned, according to the Sheriff's Department.
• The University of Michigan Credit Union in Ann Arbor confirmed that a data theft has resulted in some of its members becoming identity theft victims. The credit union said that so far, "less than 100" people have had their identities stolen -- mostly to open fraudulent credit card accounts. The theft, involving documents that were supposed to have been shredded... (more)
• Greece - Hundreds of bank clients in Greece and other European countries have turned into hostages because of actions of groups that steal data from bankcards and do uncontrolled drawings, the Greek To Bhma daily reports. (more)
UK - The BBC has apologised after a memory stick containing details of hundreds of children who applied to take part in a TV show was stolen. (more)
• Wells Fargo & Co. is notifying some 5,000 people that their personal information might have been seen by someone using a bank access code illegally. (more)
Only an average of eight percent of Americans say they are very confident in the ability of U.S. retailers, government and banks to protect their personal information, according to a national survey commissioned by CA, Inc. (more)
"Everybody's doin' a brand-new dance, now"
A federal appeals court in California is reviewing a lower court's definition of "interception" in the digital age... The case, Bunnell v. Motion Picture Association of America, involves a hacker who broke into TorrentSpy's company server and obtained copies of company e-mails as they were being transmitted. He then e-mailed 34 pages of the documents to an MPAA executive, who paid the hacker $15,000 for the job, according to court docuWiretapments.
"I know you'll get to like it if you give it a chance now"
The issue boils down to the judicial definition of an intercept in the electronic age, in which packets of data move from server to server, alighting for milliseconds before speeding onward. The ruling applies only to the 9th District, which includes California and other Western states, but could influence other courts around the country.
"Jump up. Jump back. Well, now, I think you've got the knack."
In August 2007, Judge Florence-Marie Cooper, in the Central District of California, ruled that the alleged hacker, Rob Anderson, had not intercepted the e-mails in violation of the 1968 Wiretap Act because they were technically in storage, if only for a few instants, instead of in transmission.
"Now that you can do it, let's make a chain, now."
"The case is alarming because its implications will reach far beyond a single civil case," wrote Kevin Bankston, a senior attorney for the Electronic Frontier Foundation in a friend-of-the-court brief filed Friday. If upheld, the foundation argued, "law enforcement officers could engage in the contemporaneous acquisition of e-mails just as Anderson did, without having to comply with the Wiretap Act's requirements."
"Do it nice and easy, now, don't lose control"
Cooper's ruling also has implications for non-government access to e-mail, wrote Bankston and University of Colorado law professor Paul Ohm in EFF's brief. "Without the threat of liability under the Wiretap Act," they wrote, "Internet service providers could intercept and use the private communications of their customers, with no concern about liability" under the Stored Communications Act, which grants blanket immunity to communications service providers where they authorize the access.
"Move around the floor in a Loco-motion"
Individuals could monitor others' e-mail for criminal or corporate espionage "without running afoul of the Wiretap Act," they wrote.
"There's never been a dance that's so easy to do."
"It could really gut the wiretapping laws," said Orin S. Kerr, a George Washington University law professor and expert on surveillance law. "The government could go to your Internet service provider and say, 'Copy all of your e-mail, but make the copy a millisecond after the email arrives,' and it would not be a wiretap." (more)
...It even makes you legal when they're feeling screwed,
So come on, come on, do the Loco Motion with me.
"Next stop!
Voicemails, ISPs, and bucket brigading of phone calls.
All aboard!"
The following information is available to the public at blackhatlibrary.com. Excerpts reprinted below highlight the need for adding WLAN Security Audits to corporate TSCM inspection programs.
"Wireless Network Hacking and Spying Made Simple"
Here’s a quick and simple guide on how to get on to so called “secure” networks as well as a few things you can do to amuse yourself after you are in. Enjoy!
Finding the network
Most wireless networks are configured to broadcast their SSID (Service Set Identifier), when looking for a network to have some fun with I like to start with these if they are available.... If you know that a network exists but you don’t see a SSID in your available networks, or are just curious to see if any are out there, there are a few tools that will get this job done for you.
For Linux users I recommend:
AirJack- A lightweight program.
Kismet- Unquestionably the most powerful wireless program.
For Windows users I recommend:
AirSnort
AirMagnet
Bypassing WEP or WPA
Let me start this section by saying that WEP encryption is a joke. The only thing turning on WEP does is add some extra information to the packets. Aircrack is a free Windows/Linux tool that can break both WEP and WPA-PSK.
Modifying the network
It never fails to surprise me how many routers are left configured to the default admin password and username- if this is the case you can easily hijack an entire network. If the default credentials work, you can easily change the passphrase, SSID or completely turn off the router.
Spying on Connected Users
On a wireless network, the router effectively screams out requested information from any computer to the whole broadcast radius. This means that you can use a program to eavesdrop on other users on the network. (more)
LA - Tai Shen Kuo, 58, long-time restaurateur and former tennis pro who pleaded guilty three months ago to spying for China was sentenced Friday to nearly 16 years in prison by a federal judge. “We had hoped to do a little bit better,” said John Hundley, of the Washington, D.C., law firm Trout-Cacheris. (more)
Hackers at the DefCon conference were demonstrating these and other novel techniques for infiltrating facilities...
Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections. (which makes our 24/7 rogue cellphone and wifi location service all the more valuable to you)
How about stealing someone's computer passwords? Forget trying to fool the person into downloading a malicious program that logs keystrokes. A tiny microphone hidden near the keyboard could do the same thing, since each keystroke emits slightly different sounds that can be used to reconstruct the words the target is typing.
As technology gets cheaper and more powerful, from cellphones that act as personal computers to minuscule digital bugging devices, it's enabling a new wave of clever attacks that, if pulled off properly, can be as effective and less risky for thieves than traditional computer-intrusion tactics. (more)
Morris Mbetsa, an 18 year old self-taught inventor with no formal electronics training from the coastal tourist town of Mombasa on the Indian Ocean in Kenya has invented the "Block & Track", a mobile phone-based anti-theft device and vehicle tracking system.
The real-time system uses a combination of voice, DTMF and SMS text messages over cell-based phone service that allows control of some of a vehicles' electrical systems including the ignition.
Another feature of the system is the capacity to poll the vehicle owner by mobile phone for permission to start, as well as eavesdrop on conversation in the vehicle. Mbetsa is now looking for funding to commercially develop his proof of concept and bring it to the market (video)
Good work, Morris. I hope you get your funding.
FL - A Gainesville man has been arrested for allegedly installing software on a woman’s computer, then using the software to remotely control the camera on her computer to take videos of the woman and her friends while they were clothed and while they were naked. The alleged victim is a Hialeah woman who told police she had a man perform some maintenance on her computer in early July. The woman told police she discovered the program on Monday along with about 20,000 photos of herself and her friends that had been made from the videos taken with the camera.The man arrested in the case was identified as Craig Matthew Feigin, 23, who was charged with modifying computer data and disrupting or denying computer system services.
Once he was taken into custody, he quickly admitted to this crime, but also admitted to installing these programs on other computers as well. The Gainesville Florida Police believe there are eight or nine other victims. (more) (more)
Smart spies can build their own bugs; ones which average TSCM detection equipment can't see.
One example of this are bugs which use off-the-shelf Bluetooth technology, like Bluegiga. Short range, but very effective.
Another example is second generation Zigbee which can transmit audio a much greater distance.
Both signals are digital. Both blend their transmissions into the sea of legitimate WiFi signals which surround us.
The cost for building these advanced bugging devices is less than $100. per bug.
Discovery requires the most advanced TSCM instrumentation... like what you will find only here.
Philadelphia - A gun-control activist who championed the cause for more than a decade and served on the boards of two anti-violence groups is suspected of working as a paid spy for the National Rifle Association, and now those organizations are expelling her and sweeping their offices for bugs.
The suggestion that Mary Lou McFate was a double agent is contained in a deposition filed as part of a contract dispute involving a security firm. (more)
The employee double-cross is an old and highly successful trick. Aside from the obvious, undercover employees also have the time and opportunity to plant bugs and wiretaps. If an employee-spy is discovered be sure to conduct a thorough bug sweep after they are fired. Better... Conducting thorough bug sweeps on a regular basis is a good way to uncover the undercover spy.
Your lovin teddy bearPut a chain around my neck,And lead me anywhereOh let me beYour teddy bear.
Australia - A Rivervale man has admitted to secretly filming his female housemate with a camera concealed in a teddy bear in her bedroom.
Russell Christopher Hounslow, 22, pleaded guilty to one count each of using an optical device to record a private activity and possessing an obscene article in the Perth Magistrate's Court today.
Magistrate Steven Heath heard how on April 22 this year, Hounslow's flatmate found a covert camera in the toy, linked to a transmitter under her bed.
Police prosecutor Steve Mayne said the woman then found a similar transmitter on top of a video recorder in the house. (more)
India - Telephone booth operators, taxi drivers and guesthouse owners in the national capital have been asked to keep an eye and eavesdrop on people calling Pakistan, Bangladesh, Nepal, Jammu and Srinagar as Independence Day approaches. Cyber cafes and guesthouses have been told to install closed circuit television (CCTV) cameras. (more)
China - Tens of thousands of taxi drivers in Beijing have a tool that could become part of China's all-out security campaign for the Olympic Games. Their vehicles have microphones -- installed ostensibly for driver safety -- that can be used to listen to passengers remotely.
The tiny listening devices, which are connected to a global positioning system able to track a cab's location by satellite, have been installed in almost all of the city's 70,000 taxis over the past three years, taxi drivers and industry officials say.
...those devices in Beijing taxis can be remotely activated without the driver's knowledge to eavesdrop on passengers, according to drivers and Yaxon Networks Co., a Chinese company that makes some of the systems used in Beijing. The machines can even remotely shut off engines. (more)
...from the seller's web site...
