Sunday, November 2, 2008

If they can 'see' your key, they can duplicate it!

High powered optics and a computer program is all that is needed to duplicate your keys according to three people at the University of California, San Diego...

"Our SNEAKEY system correctly decoded the keys shown in the above image that was taken from the rooftop of a four floor building. The inlay shows the image that was used for decoding while the background provides a context for the extreme distances that our system can operate from. In this case the image was taken from 195 feet. This demonstration shows that a motivated attacker can covertly steal a victim's keys without fear of detection. The SNEAKEY system provides a compelling example of how digital computing techniques can breach the security of even physical analog systems in the real-world. (their paper)

Moral: Don't leave your keys where others can "see" them. But, you already knew that.

Saturday, November 1, 2008

SpyCam Story #487 - Families vs. Carers

UK - A carer has been spared jail despite admitting the 'despicable' theft of cash from the home of a 77-year-old widow with Alzheimer's Disease. Michelle Bradshaw, aged 40, was caught after relatives of the pensioner marked notes in her purse with ultraviolet pen and set up a covert video camera. (more)

FutureWatch – This is the second story like this within two months. Carer steals from patient. Patient's family gets suspicious and installs hidden camera. Carer gets nailed. We see fewer bad nanny stories these days. Maybe spycams have them scared straight. Let's hope professional care givers get the message as well.

Thursday, October 30, 2008

Quote of the Day - Corporate Espionage

"...the episode serves as a reminder of just how extensive, sophisticated and sometimes ruthless corporate 'snooping' operations can become." ~Mike Hamilton, talking about the Dell - HP incident. (more)

Snooping on a Spouse's Emails - Crime or Tort?

via Martha L. Arias, Director, Internet Business Law Services...
We may not need scientific data to prove that with the increasing use of the Internet, men and women have eavesdropped, or considered eavesdropping, their spouse's e-mails.

Eavesdropping spouses' e-mails may constitute a crime under both federal and state law but careful factual analysis is required. For instance, the United States Code (U.S.C.), title 18- crimes related to interception of wire and electronic communications, may apply to e-mail eavesdropping but there must be an actual "interception" within the meaning of the statute. Also, most U.S. states have criminal statutes penalizing the interception or eavesdropping of electronic or telephonic communications; analysis of technical terms is also required in these cases.

Lastly, some state tort claims may apply to these snoopy conducts; it seems that these claims are easier to win.

18 U.S.C § 2512 makes it a crime to possess, manufacture, distribute, and advertise wire, oral, or electronic communication intercepting devices... A Michigan case illustrates how this federal statute and these state tort claims have been used in spouse cases involving e-mail eavesdropping. In Bailey v. Bailey (2008 U.S. Dist. LEXIS 8565), husband eavesdropped his wife's yahoo e-mail and found compromising information.

As the Bailey's case shows, typifying eavesdropping of e-mails within title 18 of the U.S.C. is not an easy task. Factual analysis and careful review of the term "interception" as interpreted by state law is required. If the spouse's conduct does not qualify as actual "interception," a claim under title 18 may not be successful. Torts claims of invasion of privacy may prove to be more victorious in e-mail eavesdropping cases. (
more) (background) (18 U.S.C.)

Three Basics of Successful Security Policies

1. Unambiguous Rules – Put the policy in writing. Send out reminders. Make compliance easy.
Examples:
Block off-limit web sites.
Place shredders where they are needed.
Configure Wi-Fi systems automatically force compliance.

2. Consequences – Educate employees about the consequences of poor security practice. Explain how it affects the company's stability, and consequently, their jobs. Establish consequences for not following the policy.

3. Unobtrusiveness – Do not establish a security policy which either hinders productivity, or is ultimately unenforceable. Find a better way to achieve the security goal. Work with employees and they will work with you. ~Kevin

When Private Conference Calls Go Public

The New York Times – and others – will listen to your private conference calls... if you let them.

Published in The New York Times this week...
"In point of fact, the dirty little secret of the banking industry is that it has no intention of using the money to make new loans. But this executive was the first insider who’s been indiscreet enough to say it within earshot of a journalist.
(He didn’t mean to, of course, but I obtained the call-in number and listened to a recording.)" ~Joe Nocera, The New York Times (more)

When a corporate eavesdropping detection specialist tells you...
• Give each participant their own – one-time – passcode.
• Distribute conference call numbers and passcodes discretely.
• Do not send them via mass emails.
• Do not let admins post passcodes on their cubicle walls.
• Do advise all participants to keep the codes secret.
• Change the passcodes for reoccurring calls.
• Assign passcode distribution responsibility to one person.
Please listen.
...or, skip the call and buy The Times.

Next steps:
• Consider encryption for the call itself.
• Have the rooms/offices checked for bugs. (Sources: 1, 2)

Need a holiday present for a young one?

"50 Rules Kids Won't Learn in School: Real-World Antidotes to Feel-Good Education"

A sneak peek at Sykes’ sage advice:
1. Life is not fair. Get used to it.
7. If you think your teacher is tough, wait until you get a boss. He doesn’t have tenure, so he tends to be a bit edgier. When you screw up, he’s not going to ask you how you FEEL about it.
15. Flipping burgers is not beneath your dignity. Your grandparents had a different word for burger flipping. They called it “opportunity.”
42. Change the oil.
43. Don’t let the success of others depress you.

48. Tell yourself the story of your life. Have a point.
9. Your school may have done away with winners and losers. Life hasn’t.
14. Looking like a slut does not empower you.

29. Learn to deal with hypocrisy.

32. Television is not real life.
38. Look people in the eye when you meet them.

47. You are not perfect, and you don’t have to be.

50. Enjoy this while you can.


Sykes says the rules are a "blunt contrast to the thumb sucking, feel good infantilism that has become so common in American education and culture." (more) (more books by Sykes)

Tuesday, October 28, 2008

Enterprise Trade Secret Theft - Fight Back

Enterprises are stepping up efforts to counter spying operations that aim to steal their trade secrets, according to a former U.S. Federal Bureau of Investigation agent who now works for Xerox.

Companies such as Wal-Mart, DirecTV and Motorola have in recent years been victimized by employees or others who stole sensitive data, said David Drab, a principal in Xerox's information and content security services section. Drab spent 27 years in the FBI fighting organized crime and economic espionage.

"The payoffs are high and the risks of getting caught are low," Drab said.

A study by PricewaterhouseCoopers found that economic espionage costs the world's top 1,000 companies £22.4 billion (US$34.7 billion) annually, Drab said. Another study by the Society for Competitive Intelligence Professionals found companies spent $2 billion on spying activities in 2004. (more) (fight back)

Monday, October 27, 2008

Charlie Can Now "Get Off Of That Train"

"Let me tell you the story
Of a man named Charlie
On a tragic and fateful day
He put ten cents in his pocket,
Kissed his wife and family
Went to ride on the MTA"

© Jacqueline Steiner, and B. Lomax-Hawes
The MBTA, Massachusetts Bay Transportation Authority (Boston subways and street trains) - made famous in this song for their fare increase - is on the hot seat again.

From our Esoteric Files...
Back in early August, the Massachussetts Bay Transit Authority successfully prevented a small group of students from giving a presentation at DEFCON that would have highlighted failures in the CharlieCard RFID system that the MBTA currently uses. Although eventually overturned, the injunction and corresponding gag order that the MBTA was temporarily granted did prevent the students from giving their original presentation.

Now, ironically, it turns out that all the MBTA's effort was for nothing, as researchers based in the Netherlands have successfully cracked the MIFARE Classic crypotographic cipher that's currently used in multiple mass transit systems across the globe. (more) (
presentation)

Eavesdropping History - Mickey, Jack, Jim & Con

Modern bugging and wiretapping sprouted in the late 1940's and was really blooming big-time by the 1960's. Miniature electron tubes and the newly invented transistor were the seeds. The seediest places were New York City and Los Angeles.

Here are two short LA stories...


Mickey Cohen, high-tech gangster
This episode began (1949) when vice officers arrested another of Mickey's men for illegal
possession of a weapon. Enraged, Mickey arrived at his underling's trial with his personal bugging expert, 300-pound J. Arthur Vaus, and announced that they were going to blow the lid off the LAPD.

It seems that a vice detective working out of Hollywood had hired Vaus to eavesdrop on the Strip's leading madam, hoping to document her unholy relationship with a rival vice cop from downtown. But the madam insisted that she was paying off both cops,and Mickey's rotund bugger said he had the damning evidence on magnetic wire. They brought a recorder to court and plopped it on a table, daring anyone to call their bluff.

A grand jury did. It had the wire recordings seized and discovered they'd been erased. In one of the more bizarre chapters of a bizarre time, Vaus attended a Billy Graham crusade, found the Lord and confessed his sin -- he'd lied about the tapes. (more)

------

The mobster who died in pink pajamas
, or how The Gangster Squad got to Jack Dragna by bugging his mistress' bed.

His nighttime attire notwithstanding, Jack Dragna was everything Mickey Cohen was not: cautious to a fault and allergic to limelight. With Dragna, icy distance was the rule when the squad members camped outside his banana warehouse or the Victory Market, where he held meetings in a concrete-walled back room.

The squad's bugging expert, Con Keeler, did once get in
between the rounds of a night watchman, but he didn't have time to fully conceal his bug. Dragna's men found it, carried it outside and smashed it on a curb...

The younger Dragna's (law) suit was pending in 1951 when
the squad bugged the bed of his father's mistress. She was a secretary for the dry cleaners union, in which the mob had its hooks. If a dry cleaning shop didn't sign up, Dragna's men would send over suits with dye sewn inside so all the clothes in its vats turned purple or red.

The secretary had a wooden headboard with a sunburst pattern. While she was out,
Keeler picked the lock to her apartment and hid a mike in the center of the sun. Amid the pillow talk, the bug picked up occasional mentions of mob business, including plans for a new casino in Las Vegas...

Dragna's
lawyers could argue that the police didn't have a warrant to eavesdrop, but to no avail -- back then authorities could use illegally obtained evidence.

The misdemeanor case earned Dragna a mere 30-day sentence, but how and where he was bugged stood to cost him respect in the mob... he died in 1956.
(more) (background about these two stories) (one more really great bugging story - 2/3rds down the page)

30+ more great
electronic-eavesdropping history stories await you at Murray's Eavesdropping History Emporium.

FREE Encryption Programs

ZDnet.com is offering the following for free...
EncryptOnClick
is a very simple to use program that lets you securely encrypt and decrypt files. (more)
Free registration at ZDnet is required.
No Macintosh version :P


Better deal here...
TrueCrypt.org - Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux

Main Features:
• Creates a virtual encrypted disk within a file and mounts it as a real disk.
• Encrypts an entire partition or storage device such as USB flash drive or hard drive.
• Encrypts a partition or drive where Windows is installed (pre-boot authentication).
• Encryption is automatic, real-time (on-the-fly) and transparent.
Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography) and hidden operating system.
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
• Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
(download)

Saturday, October 25, 2008

The Most Bizarre Spy Story of the Year

UK - A schoolboy posed as a female British secret service spy in an internet chatroom to persuade a friend to try to murder him, a court heard yesterday.

The boy, John, now 15, groomed a 16-year-old boy, Mark (both pseudonyms to protect the children), with an "elaborate matrix of deceit" involving six fictional characters in the MSN chatroom and correspondence totalling 56,000 lines of text.


The fictions created by John, then 14, convinced Mark that he was murdering someone who had a terminal brain tumour.

He was told that his reward would be money, a job as a British secret service agent and sex with the spy, whom he believed was a middle-aged woman.


In fact, John was determined to get himself killed, which is why he never used the abort code - 6969 - he provided. (more... much more)

"Just checkin' my eyelids for holes, your Honor."

AL - A former city landscaping department superintendent who was fired for allegedly sleeping on the job, among other things, is suing the City of Huntsville, claiming the city violated his privacy by spying on him at work.

Jeff Rich, an attorney with the Huntsville office of the law firm Sirote & Permutt, filed the lawsuit Monday in U.S. District Court for Larry M. Bevil, a city employee for 32 years. The lawsuit seeks unspecified damages.

Bevil's lawsuit alleges the city intruded on his privacy and violated his rights through constant audio and video surveillance of activities in his office. He also said the city breached the employment contract with him by firing him, and not allowing him to resign. (more) (filing)

FutureWatch - "You snooze, you loose. Case dismissed."

On Craig's List - "Wiretapping for Dummies"

...via Craigslist
Wiretapping for Dummies
Privacy Invasion?

Wire tap concerns?
Compromised computer?
General harassment issues?
---
Free Services I provide for you:
- Visit and teach you how to find evidence of illegal surveillance
- Produce a video for you only (optional)
- Show you equipment you may want for your own continued protection
- Charges are for expenses only including equipment rental
- Privacy is number one - complete confidentiality - no taping of telephone calls or other conversations are authorized or approved
---
Business or Personal Services
Call for more information or reply through e-mail
Not affiliated with any organization - Not a PI or TSCM Specialist
440-479-XXXX (cell phone in the Willoughby, OH area)

Caution: "Free" advice can be hazardous to your wallet, and you.

Modern Spy Seppuku

Columbia - The head of Colombia's intelligence agency resigned Thursday amid allegations she had the agency spy on political opponents of President Alvaro Uribe. Maria del Pilar Hurtado presented her resignation to Uribe, to whose office the Administrative Security Agency (DAS) reports, as an "act of dignity," she said. (more)