Wednesday, April 15, 2009

"Wolfgang, this is the wrong funkybuddha club."

UK - Three German journalists breached the tight security cordon around the April 2 Group of 20 summit in London and managed to eavesdrop on the three-hour discussion between heads of governments...

Despite wearing the wrong identification badges Marc Hujer, Wolfgang Reuter and Christoph Schwennicke walked unchallenged into the G20 “listening room”, where government officials were listening in on talks between government heads such as Barack Obama, the US president, and Nicolas Sarkozy, his French counterpart, said one person present during the incident. “It’s not that they sneaked in, they just walked in.”

The reporters went on to write a detailed account of the discussions, which appeared in Spiegel, the weekly magazine, on April 6, detailing the debate that led to the drafting of the final summit communiqué and repeatedly using verbatim quotes from the discussions. (more)

We see similar tactics attempted at corporate off-site meetings we protect. Everything from "blenders" (people who meld with the herd) to pre and post meeting "paper-hunter-gatherers." Make sure you have a knowledgeable counterespionage specialist watching over your meetings. They will do more than just catch bugs.

The Annoy-a-tron 2.0 Strikes Again

Word went out on the wires yesterday to police and private forensic examiners...
Does anyone recognize the device in the attached photograph?


A female RP found it taped under her computer desk in her bedroom. The device is about 1.75" x 2.25". It has 3 batteries, a 2-position switch (on-off?), a 6-position sliding switch (frequency?), a cogwheel (volume or recording level?), a speaker or microphone, and possibly a reset switch. It has no ports and was not connected to anything.

Correct answers (including mine) sprayed in faster than an AA-12 ejecting shells!

Yes! The Annoy-a-tron 2.0 strikes again.

Kinda makes you wonder about forensic geeks :]Dumb-de-dumb-dumb

Monday, April 13, 2009

Take a security hint... from the most profitable company in the world!

via The Wall Street Journal...
The whole country is now worried about the specter of cyber attacks that will bring down the electricity grid.
Big Oil is worried about another kind of cybersecurity: eavesdropping.

Exxon spent $222,985 last year on security for chairman and chief executive Rex Tillerson. The bulk of that went for standard-issue stuff: a car and driver, and residential security. But just over $9,000 apparently went... “for mobile phones and other communications equipment for conducting business in a secure manner.”...

...cor
porate chieftains—especially globe-trotting oil execs–can’t live in a communications-free bubble, which would explain Exxon’s expenditure on Mr. Tillerson’s secure mobile phones.

If you’re a high-profile person, you’re going to be a target. Especially for big oil companies, when so many countries want to know what they are thinking, what their strategy is, it makes sense,” says James Andrew Lewis, senior fellow for technology and public policy at the Center for Strategic and International Studies...

Michael Klare, author of “Rising Powers, Shrinking Planet: The New Geopolitics of Energy,” says
electronic surveillance could touch executives anywhere from Moscow to their home office in suburban Dallas. “It might not only be state competitors that would be using this technology, it could be corporate competitors that would want to listen in on conversations,” he says.

Espionage in the oil business dates back to the industry’s earliest days and hasn’t remitted. Two hard drives belonging to Brazilian oil company Petrobras and containing vital data on giant offshore oil deposits were stolen last year. Brazilian authorities called it “industrial espionage.”

Exxon spokesman Alan Jeffers declined to comment on the specifics of Mr. Tillerson’s phone. All he would say is: “
Security of information is a vital part of our business controls and we take it very seriously.” (more)

Phones are just the tip of their information security iceberg.
Want Exxon-smart protection?

Click here.

Sunday, April 12, 2009

Security Risk: 802.11 FHSS networks

Rob Havelt, practice manager for penetration testing at Trustwave's SpiderLabs unit, will demonstrate how easy it is to attack legacy 802.11 FHSS networks, which are often seen as inherently secure because so few off-the-shelf tools are available for remote eavesdropping.

The 802.11 FHSS technology has been outmoded in most wireless applications, but it is still commonly used in warehousing facilities because it works so well with inventory management equipment, such as handheld bar-code scanners and printers.

Often, no controls are in place between these networks and corporate LAN environments, leaving a large hole for hackers to penetrate, according to the company. (more)

SpyCam Story #525 - Yet another Landlord

ND - Skylar Holte and Heather Sondrol, claim Wahpeton resident Anthony Siemieniweski, their landlord, had placed a camera with a microphone in a heating vent in their bedroom.

Siemieniweski, who lives next door, allegedly ran wires from the camera to his house, which when plugged in, would allow him to view and hear anyone in the bedroom of the rental home. The charges, sworn by Wahpeton Police Officer April Jose, state Siemieniewski set up the camera approximately two years ago.

Siemieniewski is now scheduled to appear in court for a preliminary hearing at 1 p.m. Thursday, May 7. (more)

Mr. Roger's Fascist Neighborhood

AZ - Slow economy pushes sales of spycams at home, work
As the economy teeters and people look for new ways to protect themselves and their property, the hidden surveillance market is booming says Rick Rogers, owner of Extreme Surveillance.

Rogers said his Scottsdale business has seen a 20 percent increase since the economic downturn began.

"If you're doing your job and you're doing what you should be doing, then you shouldn't have any issues with being watched," said Rogers. (more with video)

"By that pseudo line of logic you could dispose of the whole Bill of Rights." James Lawrence Fly - U.S. Senate, Subcommittee of the Committee on the Judiciary, Wiretapping for National Security: Hearings on S. 832, S. 2753, S. 3229, H.R. 8649, 83rd Cong., 2d sess., 1954, 230, 250, 15, 118; U.S. House, Subcommittee no. 3, Committee on the Judiciary, Wiretapping for National Security: Hearings on H.R. 408, H.R. 477, H.R. 3552, H.R. 5149, 83rd Cong., 1st sess., 1953, 4, 86. (more)

Proper Public Eavesdropping Etiquette...

...by Al Kratina, The Gazette
Canada - I worry about Montreal's eavesdroppers. Every week, they provide this very page with the overheard morsels in the box at right, many of which sound like contributors have been hiding under the desk of Gossip Girl script meetings.

But there's an art to eavesdropping, a delicate balance between subtle espionage and outright home invasion. And I'm concerned some of our eavesdroppers might inadvertently blur the lines and end up either imprisoned or nursing a nasty staph infection caused by rifling through a target's refuse.

So, I spent an afternoon testing out a few techniques, and came up with these four helpful pointers...

1. Wear headphones
2. Pick a high-traffic location
3. Don't listen to high school kids
4. Don't dress like a sex offender from a 1930s movie
(more)

Smoke in Pokomoke as they Duke it out

MD - A local blogger was charged with wiretapping after he allegedly recorded a conversation between himself, his wife -- a City Council candidate -- and Pocomoke City Mayor Michael McDermott and later posted it on a Web site.

According to court documents, William Burke -- an auctioneer who along with his wife, Stephanie Burke, publishes pocomoketattler.com -- used a digital recorder March 27 to tape about 37 minutes of a conversation with McDermott on the steps of Pocomoke City Hall...

The attributed post links to a short audio clip of a man saying, "Hey, you know what, I have a plan for you. Why don't you move?" and states the speaker is McDermott.


Burke was charged with wiretapping two days later. If found guilty, he could face a maximum penalty of five years in prison and a fine of $10,000. Burke will go before a judge for a preliminary hearing May 7.

The Maryland Annotated Code states it is illegal to record a conversation unless "all of the parties to the communication have given prior consent."


University of Maryland Media Law Professor Deborah Nelson said there is a lot of legal gray area with the situation since the recording was made in a public area. (more)

Sacrier Than An Escaped Bumper Car

UK - New CCTV cars that could capture drivers on film using mobile phones or eating at the wheel are being used in a road safety pilot by Greater Manchester Police.

The small smart cars have a 12 foot mast with a camera attached to them to film the behaviour of drivers.


Anyone whose behaviour is considered distracting could face a fine and points on their licence. (
video)

Coronation Street Sweeps

UK - Every star in Coronation Street fears they could get the sack as recession-hit ITV slashes its budget, The People can reveal.

And to add to the panic,
Corrie bosses have launched the biggest mole hunt in the show's 49-year history after a spate of damaging leaks about secret storylines and unrest among the cast.

Senior production staff have been ordered to hand over records of their phone calls while script conference rooms have been electronically swept for bugs...

During the meeting where producers, script editors and other senior staff discuss storylines, they were stunned to see an eavesdropping expert sweep the conference room for BUGGING devices.


And in
another shake-up to keep confidential Corrie info in-house, the meetings previously held in hotels were moved to ITV's Quay Street studio complex in Manchester where the show is filmed. (more)

Wednesday, April 8, 2009

"I'm a Seoul man..."

Listenin' to ya on every mode
Good buggin' I got a truck load
I'm a Seoul man...


S. Korea - The National Intelligence Service (NIS) is engaging in more wiretapping than before. Wiretaps are five times more than what they were eight years ago, and of all government wiretaps, those by the NIS accounted for 98.5 percent. Cases like these cause members of the public to suspect the NIS is abusing its power. This suspicion is leading to a growth of opposition to a bill to revise the Communications Secrecy Protection Act Tong Bi Beop, proposed by the administration of President Lee Myung-bak and his ruling Grand National Party (GNP), which would make it possible to intercept mobile phone and internet communications. (
more)

I park my truck up on a side street
I learned how to bug ya before I could eat
I'm a Seoul man...
In this cartoon, a citizen protest the wiretapping,
however, a member of the National Intelligence Service agency says,
“Don‘t you be curious about this kind of matter.
"


Well grab a phone and I'll pull you in
Steth-o-scope and tie up all the loose ends
Yeah, yeah, yeah, yeah

I'm a Seoul man
You're a Seoul man
I'm a Seoul man
I'm a Seoul man
I'm a Seoul man
I'm a Seoul man

Tuesday, April 7, 2009

Cell Phone - Dead Giveaway

WA - A man who fatally shot his five children and killed himself had just discovered his wife was leaving him for another man, authorities said...

The night before, the father and his eldest daughter went in search of his wife, Angela Harrison. The daughter used a GPS feature in her mother's cell phone to find her with another man at a convenience store in nearby Auburn, said Ed Troyer, spokesman for the Pierce County Sheriff. (more)

Security Director takeaways...
Aside from the eavesdropping and text spyware vulnerabilities, GPS can also be a security issue (for bad or good). Get to know the capabilities of the corporate cell phones you are specifying for your executives.
• Do not give them more features than they really need.
• Make them aware of features which could be used against them. (Google Latitude, for example.)
• Caution them about opening email attachments or temporarily loosing physical control of their phones. Both are opportunities to plant spyware.
• Swap out phones with factory fresh phones on a regular basis for high-value executives. It is cheap insurance against spyware attacks.
• Remember our warning back in December? (this one) Although the news report mentions a cell phone GPS I suspect it is more likely someone slipped a GPS tracker, like Zoombak, into her car. Check your executive vehicles periodically for items like these.

Kyrgyz Base Klaimz

"This station can eavesdrop the whole world -- every fax, every e-mailed letter. Every call from a mobile or landline phone is being recorded and processed. Billions of messages are being intercepted."

Who said it?

A. немного цыпленок (Russian to English)
B. 小的鸡 (
Chinese to English)
C. The official web site. (
more)
D. Russian state television who accused the United States of spying on China and Russia after secretly turning its only remaining air base in Central Asia into a state-of-the-art surveillance center. (
more)

"How to Hack & Spy Through Anyone's Webcam"

Well, not exactly a 'how to' but a funny reality check nonetheless. Beware of Geeks bearing thumbdrive gifts! ~ Kevin (more)

Thus driving intelligence agencies, nuts.

Skype has become the world's single largest provider of international calls, surpassing even incumbent telcos like AT&T. (more)
Skype's strong encryption has been providing the illusion of "untappable" communications to many groups security agencies would like to monitor. (more)