Weird Science #342 - E-proboscis

Device can detect distress signals from plants that are harmed, under attack It turns out the best way to hear a plant scream is to smell it.

Scientists are using an electronic nose tailored to eavesdrop on plants that have been damaged or are under attack. The nose successfully discriminated among the various distress signals different plants emit, depending on the pests plaguing them — discerning, for example, a tobacco hornworm attack from assault by powdery mildew. (more)

Not so strange.
Our noses have always been talking.
"I smell a rat." (lying)
"The smell of fear." (fear)
"The smell of death." (sickness)
"The scent of a woman." (attraction)
...and dog's noses talk even louder.

Say "cheese" for details.

All visitors to internet cafés in Beijing are to be required to have their photographs taken in a stringent new control on the public use of cyberspace.

According to the latest rules, by mid-December all internet cafés in the main 14 city districts must install cameras to record the identities of their web surfers, who must by law be 18 or over.

All photographs and scanned identity cards will be entered into a city-wide database run by the Cultural Law Enforcement Taskforce. The details will be available in any internet café. (more)

MINOX Agent M - One-Stop SpyCam Shopping

Agent M DSC DigitalSpyCam
DSC is the name of the new mini MINOX model: Digital SpyCam. This outstanding masterpiece in minimalist design and photo technology packs remarkable features into dimensions of just 86 x 29 x 20 mm. With a resolution of five million pixels it can compete with traditional digital cameras with ease. The bright viewfinder allows spontaneous, fast shots, even in critical light conditions. In twilight the integrated flash switches on automatically. In total these features make the new DSC a very sound optical notebook.
229,00 EUR / $308.47

Agent M Digital Sunglasses Camera
This pair of sunglasses has more than just one surprise in store: a micro camera is integrated in one of the earpieces and can be controlled via a remote control without attracting attention. The other earpiece houses a MP3 player. The lenses are replaceable, making this ingenious eyewear adjustable to the diopter strength required by the person wearing them.
169,00 EUR / $227.65

Agent M Spy Sunglasses 180°
These unusual sunglasses have lenses that are mirror-coated on the inside, at their outer edges. They reflect everything going on behind the back of the person wearing them to allow perfect observation without having to turn around. The new MINOX spy sunglasses are also exactly what they look like, a perfectly normal pair of sunglasses with excellent UV protection.
99,00 EUR / $133.35

Agent M Digital Belt Camera
Camouflaged as an inconspicuous belt buckle the MINOX Belt Camera enables videos to be taken without being noticed. The micro-optics are perfectly concealed on the front of this ingenious camera, allowing undercover surveillance to be recorded inconspicuously in 3GP format. The controls are arranged on the underside of the buckle and are within easy reach.
229,00 EUR / $308.47

Agent M Digital Pen Camera
This normal-looking pen would appear to be just another ball-point. But hidden behind its clip there’s a micro video camera that records video films in AVI realtime format. The high-power microphone is additionally integrated in the chrome-plated clip. A USB port for downloading the videos is built into the front part of the pen. 189,00 EUR / $254.69
Special... The secret spy brochure.
Bonus... MINOX DSC has its own internet forum on www.license-to-shoot.com. Original and exciting “Agent M Shots“ can be placed on this site and contacts made to other “agents” all over the world.

FutureWatch - VoIP Encryption for All

by Patrick Thorel, Alcatel-Lucent
Over the last few years adoption of VoIP has grown rapidly. ...migration to an IP network also brings a host of new security challenges that are driving a trend toward voice encryption.

Voice communication ... needs be assured 24/7 and always go to all the right people and none of the wrong ones. In recent times eavesdropping has led to a number of information leaks in legal cases. Certain industries are particularly susceptible to this type of security risk and are thus driving the trend toward voice encryption.

In finance, for example, worldwide agreements which dictate data security in the banking and finance industry make data and voice protection a legal requirement. Healthcare professionals are also aware of patient confidentiality, although no government or company is excluded from the threat of industrial espionage...

To limit the risk of such security breaches encryption of voice traffic is essential... In order to maintain total security everything within the network must be encrypted... One solution is to install hardware in front of the communication server in the gateways and use encryption-optimized firmware in the phones. (more)

Prediction...
Eventually, end-to-end telephone/data encryption will be standard – with CALEA access. Until then, the best choice is to call us (from a safe phone) to inspect for bugs and taps. We can also advise you on current encryption solutions.

What It Takes to be a Spy

Former MI6 spy Harry Ferguson has revealed the skills necessary to be a real-life James Bond.

Resourcefulness: "It might surprise people, but unfortunately in real life out gadgets often don't work when we need them and so you have to adapt."

Observation: "You have to understand what you see, like if someone has you under surveillance or if you spot a face you saw in a briefing a few months earlier."

Empathy: "People must have trust in you, and you must protect them."

Weapon skills: "In the past agents did not really have to use arms, but with the work now in Iraq and Afghanistan that has changed."

Coolness: "The ability to stay unshaken involves keeping your level of eye contact normal and retaining a relaxed body posture."

Social skills: "You have to move in playboy circles, and go to Monte Carlo and drive a flash car and be able to carry it off like a natural.

Languages: "The more easily you can slip intro a foreign country without drawing attention, the better."

"If we're going to use gadgets, a lot of the stuff you can get in shops will do. If you plant a commercially made bug and it's found, it's not tied to a government organisation. The last resort would be a gadget made by the technical sections at MI6." (more)

You might also want to review...
What does a spy look like?
Quiz - Would you make a good spy?
Why do I mention this?
So you will know who you are up against.

SpyCam Story #482 - Free SpyCam Gadget

Using Vista?
Using a Logitech Webcam?
Bingo!
Instant spycam.

from Logitech...
"Keep a watchful eye—even when you're not around. This Gadget acts like a motion detection sonar, triggering a recording whenever it senses movement within the field of view of your QuickCam. Recording stops when the motion stops, and an .AVI file is saved in a location you specify. The videos are even time & date stamped to help you keep track of what happened, when." (more)

The important stuff – "...an .AVI file is saved in a location you specify."

Make sure no one loads this on your computer without your knowledge. They could be collecting movies and storing them elsewhere on your network, or the Internet. Very bad for computers located in offices and bedrooms. ~Kevin

Book Review - The Shadow Factory - NSA

Once upon a time the NSA was so secret that its acronym was said to mean No Such Agency.

Today we know a great deal more about it, in part because of James Bamford, who in The Puzzle Palace (1982), a portrait of the agency, offered secrets so sensitive that the NSA attempted to block the book's publication.

Now, with The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America Mr. Bamford takes a close look at the National Security Agency's performance just before 9/11 and after. (more)

Bright Idea: LED WiFi Hotspots

Folks at Boston University's College of Engineering are researching a program aimed at developing the next generation of wireless communication -- based on visible light.

The aim of the initiative is to eventually develop an optical communication technology which would make an LED light, the equivalent of a Wi-Fi access point.

BU Engineering Professor Thomas Little paints the ideal scenario for these LEDs: "Imagine if your computer, iPhone, TV, radio and thermostat could all communicate with you when you walked in a room just by flipping the wall light switch and without the usual cluster of wires..."

Additionally, as these networks work on the "line of sight" theory, it would be impossible to eavesdrop into a network by a person sitting across the wall. (more)
Humm...
• Light reflects.
• Fiber optics channel.
• Photocells convert.
• Appearance points can be tapped.
Impossible-to-eavesdrop type "progress" often brings with it info-vulnerabilities to be discovered. I can't wait. ~Kevin

Meanwhile, from the minds at MIT...
Talking-Lights.com "The Talking Lights System (using fluorescent lamps) can be used to form a hybrid network that combines the advantages of optical location-finding with broadband WiFi duplex data transfer... The systems can also be used to offer information and guidance to shoppers, museum-goers and trade show attendees, improve security in office buildings and secure facilities..."

Historical Note: Both LEDs and fluorescent lights are already being used for electronic eavesdropping bugging purposes.

Spies, Get Ready For Halloween...

Learn from the Masters of Disguise
Magicians, like spies, excel at the art of misdirection and deception. Join Jonna and Tony Mendez, both former CIA chiefs of disguise, as they explore how magic and illusion have been used through the centuries to deceive the enemy.
Spy Magic: Disguise, Deception, Illusion and Espionage
At the International Spy Museum
Tuesday, 28 October; 6:30 pm $15.00 / Members $12.00 (more)

Get Your Disguise Gear Ready
Black Bar Glasses.
Make yourself photo-proof.
$8.99 (more)




And, above all...
Don't Act Furtive
Play this CD.
It features some really disturbing noises... unforgettable tracks like Unhappy Dog, the agonizing squeal of Violin Practice, and the exquisitely excruciating din of House Party.
$7.00 (more)

Remember Alex Allan?

Right, now do you remember Alex Allan?

If not check here. If so, read on and learn more about this spook.

Although the press knocked him a bit, his creative mental outlook and humor makes him perfect as an intelligence adviser. His resume is impressive. My kind of guy!

This Alex Allan caught the attention of Philadelphia, PA bookplate maven, Louis Jaffe...

"I was looking through an album of 20th century British bookplates this morning and selected a few of my favorites. There is never enough time to research every bookplate so the backlog grows.

If you know something about any of these owners or the artists please share it with us.

I purchased the Alex Allan bookplate in England after seeing it in The Bookplate Society Journal (vol.v11,1989). It is a wood engraving by Anne Jope and it is one of the earliest if not the first plate depicting a computer. The owner may be the larger than life Alex Allan, Chairman of The Joint Intelligence Commission Of The United Kingdom and Grateful Dead enthusiast." (more)
Update... This is, indeed, Mr. Allan's bookplate.

First quantum encrypted network goes live

The first network protected by quantum encryption has gone live at a scientific conference in Vienna...

The quantum cryptography systems rely on an application of the Heisenberg Uncertainty Principle, which broadly states that it is impossible to observe quantum information without altering it.

This makes eavesdropping impossible, since as soon as it takes place the change in data can be recognised and the network shut down. (more)

FutureWatch – Fistfights between network operators and governments demanding surveillance capabilities. Result: This level of protection may never trickle down to the average user of data services unless a back-door compromise can be reached. — Retrospect

Spy Toolkit Item #141 - Dissolving Paper

Sources:
Mitsui USA
Endless Technologies
Nic Law Enforcement Supply
Defense Devices

Bonus...
Next time you venture out into that unhygienic world of ours, make sure you bring along our Dissolving Paper Soap! Simply wet your hands and rub them together with one sheet of paper soap -- and watch as the "paper" transforms into sudsy lather!

Meanwhile, over at Xerox...
Scientists demonstrated paper that can be reused after printed text automatically deletes itself from the paper's surface within 24 hours. Instead of trashing or recycling after one use, a single piece of paper can be used a second time, and reused up to 100 times, said Eric Shrader, area manager at PARC. (more)

Corporate TSCM - Bug Sweep Demand vs. Supply

The Australian Securities and Investments Commission (ASIC) released a request for tender (RFT) to source technical surveillance counter-measure (TSCM) services. ASIC hopes to find a company to sweep its offices and IT systems for spying devices, a task ASIC is mandated to do.

The problem with ASIC's RFT is that it wants the TSCM — a phrase coined by military describing scanning a site for spying devices — from a single company.

"For TSCM, which is the bug detection process, there are not enough qualified people in Australia with the right level of industry training or government experience to provide the service," Les Goldsmith, managing director of Australian counter-intelligence firm, ESD Australia told ZDNet.com.au.

Goldsmith said his company would not bid for the work due to the likely scale of it. However, he added, "I don't see for this contract they're going to find a single contractor that can do that scope of work."...

Goldsmith said that spying devices are found in around three out of every 10 inspections within Australia, with much higher rates in Asia, particularly in the government sector. (more)

Interesting statistic. Here in the US, the 35-year average I have seen (subjectively) is more like one in 20. (30% vs. 5%) This may be due to the already relatively high security posture of my client family. But, it doesn't matter. All it takes is one strategically located bug or wiretap to cripple a corporation.

More interesting, however, is the one-stop-shopping problem. The solution I had to develop about 10-years ago, due to client demand, can be seen here.

Note to ASIC: Don't let defeatist news reports fool you. I personally know of several quality TSCM providers in Australia who would pool their resources and offer you one-stop shopping, like I do. Please feel free to contact me if you need any help in getting this ball rolling.
Kevin

Question of the Week - Secure Conference Calls

"Are you aware of whether or not there is such a thing as a company that offers a 'secure' conference calling service? A company that provides an 800 number that people can call in to and participate in a 'secure' multi-party conference call?"

No one-stop solutions. How about a two-stop solution?

Set up encrypted conference calls via VoIP using ZFone. Combine this with an on-line conference call service which uses Asterisk software.

• Participant requirements
-- Access to the Internet.
-- ZFone software on their computer (lap or desktop). It's FREE.
-- Optional, for added privacy:
--- A plug-in headset $3.99
--- Or, plug-in ear-buds $23.99

• Teleconferencing requirements
-- Schedule calls with an Asterisk-based provider, like Rondee. It's FREE. (others)
-- Major carriers offer secure 'web-meeting' services for a fee. (example)
Note: Conference providers have access unencrypted calls; CALEA.

Other options
• VoIP telephony - Just route all calls through a Virtual Private Network (VPN). Good for inter-company conference calls.

"Very occasionally, there is a half second of delay when you have a few VPN-based users on a conference call together, but that has a nice social side effect of stopping people from trying to interrupt each other." Posted by Bradley M. Kuhn on June 20, 2008.

• Polycom Encrypted Video Conference Calling (Point to Point)

As I learn of new solutions I will let you know.
Until then, I hope this helps.
Kevin

SpyCam Story #480 - Clickjacking ALERT

A security researcher in Israel has released a demo of a “clickjacking” attack, using an JavaScript game to turn every browser into a surveillance zombie.

The release of the demo follows last month’s partial disclosure of the cross-platform attack/threat, which affects all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.

In Guy Aharonovsky’s demo game, a Web page is set up to seamlessly hide another page in the background that’s actually managing the target’s Adobe Flash Player privacy settings manager.

Using a series of clicks bouncing around the rigged page, Aharonovsky is able to silently hijack the user’s clicks to modify the Flash privacy settings and take complete control of the installed webcam.

The wet dream of every private eye and peeping tom. Imagine this scenario, you play a short game on the web and by doing that you unknowingly grant someone full access to your webcam and microphone.

If you don’t want to try it or don’t have a webcam connected, you can see the attack in action in this YouTube video.
[more]
[ SEE: Clickjacking: Scary new cross-browser exploit]
[ UPDATE: The details are out. Lots of unresolved clickjacking issues]
[Quote of the Day: "...the average end user would have no idea what’s going on during a Clickjack attack." – Ryan Naraine]

FINAL UPDATE – 10/15/08
Adobe Systems has released a new version of its Flash Player software, fixing a critical security bug that could make the Internet a dangerous place for Web surfers.

The new Flash Player 10 software, released Wednesday, fixes security flaws in Adobe's multimedia software including bugs that could allow hackers to pull off what's known as a clickjacking attack, wrote Adobe spokesman David Lenoe in a blog posting.

For those who can't update to this new version of Flash, a Flash 9 security patch is still about a month off, he added. Adobe rates the clickjacking bug as 'critical.' (more)