Thursday, September 4, 2008

"Left 2, right to 15... uh, no, maybe right 2, left 15..."

Former attorney general Alberto R. Gonzales told investigators that he could not recall whether he took home notes regarding the government's most sensitive national security program and that he did not know they contained classified information, despite his own markings that they were "top secret -- eyes only," according to a Justice Department report released yesterday.

Gonzales improperly carried notes about the warrantless wiretapping program in an unlocked briefcase and failed to keep them in a safe at his Northern Virginia home three years ago because he "could not remember the combination," the department's inspector general reported.

A National Security Agency official who reviewed the notes said they contained references to operational aspects of the wiretapping initiative, including a top-secret code word for the program, information that had been "zealously protected" by the agency and was "not a close call" in terms of its sensitivity, the report said. (more)

Now, before you snicker...
How well are you safeguarding your company's top secret information?

UPDATE...
One answer I received came with this office photo. Apparently, others have experienced not being able to remember a safe combination.

The answer in this case was, not leaving the door open, but rather writing the combination on a post-it note!

In days gone by, we didn't have as many gadget operational directions to remember and remembering a safe combination was easy and important. Now, there are too many directions, passwords, etc. to remember, and all of them are important. Time for a better way. Send me your ideas, please."

SpyCam Story #462 - Landlord Spies Students

NY - Two Hofstra University students moving into an apartment discovered that the landlord had hidden spy cameras in smoke detectors to wirelessly transmit video of their bedrooms to his personal computer, Nassau police said.

The landlord, Michael Muratore, 44, who lives on the first floor of the house, was arrested Monday at the home and charged with unlawful surveillance.

Muratore, a married financial adviser, told police he had installed the cameras to protect his property, "to make sure there was no damage being done to the apartments," said Det. Sgt. Anthony Repalone, a police spokesman.

The secret installation plan began to unravel when the students asked a friend to check the detectors to make sure they were working properly. The friend tested the devices and realized they were not functioning, police said.

The friend brought one of the detectors to a local firehouse, where a volunteer firefighter realized "the guts were removed from that smoke detector and in its place was a digital video camera and some sort of a transmitter," Repalone said. (more)

Survey - IT Savvy Employees Likely to Steal Company Data Before They Leave

Most IT staff would steal sensitive company information, including CEO's passwords and customer details, if they were laid off, according to a new survey from Cyber-Ark.

• 88 percent of IT administrators admitted they would take corporate secrets, if they were suddenly made redundant. The target information included CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords.

• ...a third would take the privilege password list to gain access to valuable documents such as financial reports, accounts, salaries and other privileged information.

• 35 percent admitted to sending highly confidential information via email or couriers.

• ...one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails.

• A quarter of companies surveyed admitted to suffering from internal sabotage and/or cases of IT security fraud.

• One third of companies believe that industrial espionage and data leakage is rife, with data being leaked out of their companies and going to their competitors or criminals, usually via high gigabyte mobile devices such as USB sticks, iPods, Blackberry's and laptops or even sent over email. (more)

Wednesday, September 3, 2008

CSI Stick - The Cell Phone Mosquito

If someone asks to borrow your cell phone, or you leave it unattended, beware!

Unless you actually watch them use it, they may be secretly grabbing every piece of your information on the device, even deleted messages. If you leave your phone sitting on your desk, or in the center console of your car while the valet parks it, then you and everyone in your contacts list may be at risk, to say nothing of confidential e-mails, spread sheets, or other information. And of course, if you do not want your spouse to see who you are chatting with on your phone, you might want to use extra caution.

Paraben's CSI Stick can be used to make a copy of all data on a cell phone.

...a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly. (more)

The Tale of Sheriff Judgejury and Ms. Dewright

CA - County Sheriff Pat Hedges punished himself for secretly taping a chief deputy in his office and docked his (own) wages for a day... (more)

Meanwhile in Pennsylvania... Linda Majer-Davis, a school board technician who admitted she had secretly recorded a department meeting with the superintendent because she was concerned about waste and mismanagement... could face one to seven years in prison. (more)
OUT-freakin-rageous!!!
There aughtabe a law!
No, wait.

Tuesday, September 2, 2008

Amazon-Sized Watergate Wiretapping Scandal

Brazil's president is working to contain a wiretapping scandal after a Brazilian news magazine accused the national intelligence service of tapping the phone of the Supreme Court's chief justice and other top officials.

Opposition politicians are calling for the president's impeachment over this latest scandal. (more)

UPDATE...
President Luiz InĂ¡cio Lula da Silva suspended the entire leadership of Brazil’s intelligence agency on Monday after it was accused of spying on the Supreme Court chief and members of Congress. Opposition leaders had demanded an investigation when Veja, a news magazine, reported that the agency had spied on the president of the Supreme Court, Gilmar Mendes, and tapped his telephones. (more) (more)

UPDATE...
Low-ranking Brazilian police and security officials are known to tap the phones of politicians and others in attempts to mount extortion schemes, said David Fleischer, a political scientist at the University of Brasilia. But he said such schemes rarely reach someone as powerful as the head of the Supreme Court. He predicted the scandal would die down if top administration officials can show they weren't involved. "If they determine it was done by freelancers, and not as part of a deliberate policy decision, there will be no real repercussions for Lula," Fleischer said. (more)

A Watergate in Landlocked Macedonia

Macedonia - The Court of Appeal in Skopje judged that journalists involved in the “Big Ear” case have been tapped, Macedonian Vecer newspaper writes. The Court of Appeal decided that the journalists receive MKD 250,000 compensation ($589.85)...

...and, ascertained that the Ministry of Interior and the Telecom disposed of equipment to eavesdrop and tap. (
more) (background)

Meanwhile, journalists in Turkey face prison for reporting nationwide eavesdropping...

Turkey - A lawsuit has been filed against journalists Gökçer TahincioÄŸlu and Kemal GöktaÅŸ for making a story about Ankara’s 11th High Criminal Court’s giving permission to the Police Department, the National Intelligence Organization (MÄ°T) and the Gendarmerie Head Quarters to monitor others.

TahincioÄŸlu and GöktaÅŸ had received the Media Freedom Award for this story from the Turkish Journalists Association (TGC) on the Traditional Journalists Day of July 24. (more)

Meanwhile, Macedonia's Neighbor Buys Bugging Gear. Just Coincidence?

Kosovo - Post and Telecom of Kosovo (PTK) has helped buy wiretapping equipment for legal needs of the Kosovo Police Service (KPS)...

"This is a major project for the Kosovo Police, and the Kosovar society in general, with the aim of offering a safe legal environment for all our citizens," said Police Colonel Rifat Marmulluku. (more)

The Return of Shame as a Crime Prevention Tool

Chicago resident and journalist Adrian Holovaty started a site called ChicagoCrime.org in 2005 after persuading city police to share crime data with him... His project is now called Everyblock.com, and covers nine of the largest U.S. cities, including New York, Washington D.C., and Seattle.

Holovaty said he will soon offer the software he's developed for free to municipalities around the country. "It's an experiment in journalism," he said.

Crimereports.com, based in Utah, uses a different model. The firm charges local police departments $99-$199 per month to publish their data on the CrimeReports' Web site. So, far, says founder Greg Whisenant, 260 cities have signed up since the service launched in May of 2007.

"I think CrimeReports is the future," said Utah attorney general Mark Shurtleff. "People are really excited about it here." He says about half of Utah cities are already up and running on the site. (more)

More about 'Shame as a Crime Prevention Tool'.

Monday, September 1, 2008

Idea - A UFO Narrating Elvis

India - Can you build a micro spying gadget that flies and can transmit real time video information?

This challenge was thrown to engineering students Saturday by the Defence Research and Development Organisation (DRDO).


Commemorating its 50th anniversary, DRDO has invited engineering students to design and develop the prototype of a lightweight, low cost, electronic aerial surveillance system. (more)

Think, before you jump on a cloud.

Cloud Computing: Yahoo, Gmail, Facebook, Flickr, Linkedin and similar business-oriented social networking sites. By some definitions, very useful. By other definitions, "using some service that is out of your control, and storing your information there."

Think, before you jump on a cloud. Do you really want all your information out there, under someone else's control? A little here, a little there, combined it may be your dossier.

Did you know...
Facebook's Terms of Use agreement states: "... The Company may, but is not obligated to, review the Site and may delete or remove (without notice) any Site Content or User Content in its sole discretion, for any reason or no reason, including User Content…"

Yes, Personal Cloud Computing is different than Business Cloud Computing. If Flickr flickers you may loose all the personal photos you stored there. No big deal, you have back-ups. You did back-up didn't you?

Linkedin's User's Agreement states: "...you actually grant by concluding the Agreement, a non-exclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, and use and commercialize, in any way now known or in the future discovered, anything that you submit to us, without any further consent, notice and/or compensation to you or any third parties." Yikes! Read that again! Is this the wording of a benign B2B service, or are these folks thinking way ahead of you?

Business Cloud Computing?
What information are you putting out there: sales, contact, purchasing, email, medical, financial?
Can you afford to have that co-opted, lost or re-sold?
And, what are the legal ramifications?
What laws have you broken (HIPPA, SOX, etc.)?
What lawsuits might rain on you?
Think, before you jump on a cloud. (more)
~ Kevin

Friday, August 29, 2008

Pellicano & Christensen convicted of wiretap plot

Private investigator Anthony Pellicano and attorney Terry Christensen were convicted today of conspiring to illegally wiretap the ex-wife of billionaire Kirk Kerkorian.

Christensen, who was an attorney for investor and casino mogul Kerkorian, was accused of hiring Pellicano to listen in on the phone conversations of Lisa Bonder Kerkorian during a bitterly fought child support case. The lawyer and investigator were each charged with two felony counts relating to the alleged wiretap. The federal jury verdicts give a green light to a slew of pending civil lawsuits. (more)

Blow Your Phone's Mind...

...before you sell it!
Check out
Reset Codes and Procedures for your phone's neuralyzer.

Cell Phone Security Issues on the Rise

More small companies are allowing employees to use their personal smart phones for work. But that move could lead to big trouble, thanks to a new breed of hackers who are starting to target mobile phones.

Hackers can use spyware to keep an eye on what you type and what messages you receive, possibly gleaning company secrets. They can even can track your device's location, potentially allowing them to figure out your clients or plans by looking at where you go...


Mobile spyware,
according to experts, is readily available. Many point to FlexiSPY, a program sold by Thai software company Vervata Co. The company promotes the product as a way for
husbands and wives to catch their cheating spouses. Once installed on a person's phone, FlexiSPY tracks the device's whereabouts and monitors incoming and outgoing calls, text messages and emails. The information is then uploaded to a central server and can be viewed by the person who originally installed the software.

Nobody is accusing Vervata of stealing information, but some security experts argue that the software is ripe for abuse. It can be used by anyone to steal personal information and company secrets, they argue. A business might install the software on a rival's phone, for instance, to steal a contact list or monitor email traffic.


Phones that use the Symbian operating system, meanwhile, are vulnerable to a program that can capture the keystrokes of the device...

BlackBerrys may also be vulnerable to attack. ...Research In Motion Ltd. says that security policies built into the BlackBerry Enterprise Server software can guard against such spyware. Many small businesses, however, can't afford the BlackBerry server.


Even Apple Inc.'s iPhone may be vulnerable... While the iPhone offers password protection, it lacks other capabilities such as data encryption...
The iPhone does offer the ability to create a secure virtual-private-network connection to company headquarters... But small businesses often lack VPN capabilities. (more)

One Solution for You...
Secure Mobile Systems (SMobile), designs security applications for mobile devices. They offer a comprehensive product suite that protects users of mobile devices from viruses, data compromise, the effects of device theft, and unauthorized data access.