Thursday, February 5, 2009

When a butterfly flaps its wings from China...

...you won't know it.
From the seller's web site...
Dualband GSM 900/1800 Spying Bug Audio Transmitter
$33.98, Free shipping!

Model: XF-168 - Ultra easy to use: simply insert SIM card and turn the device on. After the "phone" registers on your cell phone network, simply dial the SIM card's phone number to start listening.

- Perfect for monitoring home and office environments
- Fills the curious mind of eavesdroppers (note the law in some countries requires you to inform people you are eavesdropping on)
- Works silently to prevent exposure
- No location and no distance constrains. Works as long as there is GSM 900/1800 cell phone coverage
(an even cheaper model)

Last year, this was a very difficult eavesdropping attack to detect - even when the bug was transmitting.

Murray Associates developed a special detection technique. It is very effective. We use it on our corporate and government sweeps.

GSM Bugs
$33.98!
Free shipping!
Internet distribution!
You know these bugs are out there.

"What have you done to protect your company?
"
Call us, before someone else asks you that question.
Like, your boss.

Wednesday, February 4, 2009

...and they heard you say, "Who isn't."

Russian private security companies are no longer permitted to use special surveillance equipment, Russia's official newspaper, Rossiyskaya Gazeta, said on Tuesday.

According to recent amendments to the law on private security companies, they are banned from using special spy, surveillance and tapping equipment. They are also not permitted to use any police or security service identification in their work...

Over 200,000 people are currently employed as private investigators in Russia
. (
more)

Spybusting Can Be Dangerous

Peru - Gunmen tried to kill Peru's attorney general amid a high-profile corruption investigation... Saturday's attack on Attorney General Gladys Echaiz was an assassination attempt... Echaiz is overseeing the investigation of an alleged bribery involving state oil executives, and an illegal wiretapping ring allegedly run by Peruvian navy officers.

Echaiz's bodyguards engaged the gunmen in a shootout and repelled the attack, taking the attorney general to safety.

The suspects, who fled in an SUV, have not yet been identified, officials said. (
more) (background)

"Beware of...," still sayeth the Turks.

Beware of strangers bearing high-tech gifts
Turkey - As the country is mired in wiretapping claims, a parliamentary committee has warned against giving phones as gifts and also proposed a ban on the sale of communication devices to anyone other than the intended user, as part of preventive measures against such invasions of privacy.

The Parliamentary research committee, which was established to search the wiretapping claims made by senior politicians, judges and newspapers, released its report last week.

"Telephones, keyboards or other electronic devices given by unknown people or organizations should not be accepted as gifts. E-mails or phone messages from unknown sources should not be opened and read," the report read. (more)

Extra Credit:
We all know the historical expression
"Beware of Greeks bearing gifts,"
and the
definition of a Trojan Horse.
Where is Troy?
Pay attention to the Turkish Parliamentary research committee.
They know what they are talking about.
(answer)

Every teacher has eyes in the back of their head

Spy High - Staff accuses principal of spying on them...
CA - One Jesse Bethel High School employee who didn't want her name published, said the principal has been pointing the cameras on classrooms "to spy on his teachers, to see when they're late," the employee said. "He tells the teachers he's doing it. Something tells me that's not what they're for." (more)

Too late. Already built into many CCTVs.

Face-blurring Technology in CCTV Systems
Could Protect Privacy, Researcher Says

According to New Scientist, Hewlett-Packard computer scientist Jack Brassil and his team have created "Cloak," a technology designed to protect individuals' privacy when CCTV operators share images. If fielded, the system's participants would be akin to those on the national "do-not-call" list, which targets unwanted telephone solicitation, Brassil says.

To opt into Cloak, a person would first need a "privacy enabling device" - most conveniently a mobile phone with GPS capability. The device would wirelessly beam the user's position, direction, and velocity to a central system server. (more)

SpyCam Story #515 - Showered With Gifts

A 39-year-old Michigan man was charged Monday after the Macomb County Sheriff's Office said he allegedly videotaped a neighbor's daughter in her Bruce Township home.

Macomb County Sheriff Mark Hackel said the 10-year-old's parents found a wireless camera mounted in the girl's bathroom and notified the sheriff's office.

Hackel said the girl's parents suspected a neighbor, Stephen Ray Keller, because he had been "over friendly" with the girl recently and had given her gifts. (more) (more)

This week in... Spying's Hidden Costs

The recent massive Heartland Payment Systems data attack...
Area banks are issuing new credit and debit cards
after a data breach at a New Jersey company that processes payments.

Gate City Bank sent letters this week to about 25 percent of its cardholders, telling them they will get new ATM and check cards... Alerus Financial also has sent letters saying it is issuing new cards. (more) (notification costs, lost good will, reissue costs, etc.)

Did you know...
A study by the Ponemon Institute found the average cost of data breaches - from detection to notification to lost business - is rising. The No. 1 cost to companies is lost business, which now accounts for 69 percent of total costs. (more) According to a report released Monday by the Ponemon Institute and funded by encryption firm PGP, the cost of a data breach for companies has risen to $202 per lost record, up from $197 in the institute's 2007 study. For the 47 companies audited in the study, those costs added up to $6.6 million per incident. (more)


From the Deutsche Bahn spying scandal...
Deutsche Bahn Chief Executive Hartmut Mehdorn is battling to save his job over a staff snooping scandal, and keep alive his dream of a partial privatisation of the railway operator...

Now, some left-wing leaders of the ruling Social Democrats, who oppose the IPO, and opposition parties have called on Mehdorn to step down over the scandal. Mehdorn apologised on Tuesday for the spying on staff. (more) (loss of employment, probable loss of IPO and investments in getting the IPO ready, lost good will, legal costs, etc.)


From Microsoft...
Microsoft begins lawsuit over ex-employee spying... (more) (legal costs, PR costs, lost good will, etc.)


From Lebanon...
Ministerial-level security talks will be held on Monday to address the issue of wiretapping which has threatened to increase political turmoil in a divided nation where tensions between rival political camps often turned bloody. (more) (loss of life)

NOVA's "Spy Factory"

NOVA's documentary about the NSA, "Spy Factory", aired last night. The production quality lived up to NOVA's usual excellence. Surprising, because they didn't have much first-hand information. It will no doubt be rerun and turned into a DVD if you missed it.

I did, however, walk away thinking this was a bit misleading. A true documentary about the NSA would have focused on history, organizational structure, people and explaining specific jobs. It would also have presented a balanced historical assessment of successes and failures.

This documentary left me feeling like I was watching a caged animal being teased. Lots of finger pointing and poking at something that was not allowed to defend itself, yet it continues to defend its pokers.

The focus was narrow; NSA's 9/11 role. The main criticism; NSA did not share information it gleaned; thus 9/11 was somehow their fault.

While building their point, NOVA conveniently glossed over some pieces of foundation information:
• The laws which limited NSA's scope and ability to share, in 2001.
• The inane turf protectionist mentality which permeated the entire Intelligence Community, in 2001. (There was very little inter-agency sharing of anything back then.)
• Osama bin Laden was not exactly an NSA pre-9/11 secret. The U.S. indited him in 1998.

Heck, you even read about him here in Kevin's Security Scrapbook in January 2001...

SPECIAL SECTION -- Osama bin Laden
He's famous; his days are numbered, and you still don't know him. Sound really smart on capture day. Stoke your sound bite file now... CIA Biography - Osama bin Laden - "the cave-dwelling lunatic suspected of ordering the August bombings of U.S. embassies in Kenya and Tanzania..." (and USS Cole)
(more)
Meanwhile... on an Arab satellite channel...
Osama bin Laden appeared happy and smiling at his son's wedding...
(more)
But... nobody likes mingy...
"...a Saudi millionaire ... is tight with cash... says a former employee..."
(more)

Tuesday, February 3, 2009

TUNE IN TONIGHT: "Spy Factory"

"Nova" (8 p.m., PBS, check local listings) presents "The Spy Factory," an exposé of the National Security Agency (NSA).

Three times the size of the CIA and many times more secretive, the NSA's own initials have inspired many nervous jokes, such as "No Such Agency" and "Never Say Anything."

"The Spy Factory" looks at two major concerns about the agency. Many worry about its potential to eavesdrop on ordinary Americans' phone calls and Internet activities. But the principal concern addressed in "Spy Factory" is the fact that the agency may be too secretive to be of practical use. (more)

Sunday, February 1, 2009

Eavesdropping Invention is a "Sickness" Detector

via crooze.fm
"If you thought the airport denizens of the TSA were already obnoxious, wait until they get their mitts on a Sick Traveler Detector. It's a software idea by Belgian company Biorics, which can determine if travelers are sick by the sound of their coughs...

The tech involves installing dozens of microphones around an airport security area or any public space
, and running all the coughs they pick up through a special software algorithm that can tell the difference between a dry throat-clearing hack and a loogy-dripping, bubbling and wheezing honk, aka a "productive cough."


In their patent application, the privacy-invading chutzpah of the inventors is astonishing, where they even suggest eavesdropping on cell phone conversations to glean their illness detection data." (more) (patent)

UK's Data Loss... Bad News, Good News, "Oh, no!"

"BAD NEWS."
from Steven J. Klein, via Risks Digest...
Bad news...
A National Health Service employee lost a flash drive containing personal information of up to 6,360 patients.

Good news...
The data on the flash drive was encrypted.

BAD NEWS...
The password was written on a sticky-note attached to the drive.

Paraphrased from the Lancashire Evening Post

Saturday, January 31, 2009

Q. Would you hire a long-distance baby sitter?

A. Depends on how old the baby is.

From those wonderful folks in Sweden who brought us SpyOn Voice... Now, a morphed and more palatable (ta-daaa) SpyOn Baby.

How could you resist a cute little program that calls itself, "A modern baby alarm that allows you to watch over your baby at home and over the internet." (for less than $10.00)

Besides, "If you are looking for specialists in VOIP (Voice over IP) then you have come to the right place. We are developing a series of applications based upon VOIP technology. If you can not find exactly what you are looking for maybe we can develop it for you."

And, oh, by the way, the company name is Spying Machines.

Why do we mention it?

So you know what your up against.

2009 State and Federal Privacy Laws Supplement

The 2009 Supplement to Privacy Journal's Compilation of State and Federal Privacy Laws (0-930072-17-0, 2002) has just been published. The price is $25, plus $4 for shipping. Need the original 2002 book as well? The price for the 2002 book and the current Supplement together is $35 plus $4 for shipping.

Contact:
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net

Employer Spying Increases

On Wednesday, the German rail spying scandal went from run-of-the-mill to flabbergasting: 173,000 -- and not 1,000 -- employees were spied on.

Politicians and the public are outraged, and commentators predict that the Deutsche Bahn CEO will take the fall. (more)