Saturday, May 2, 2009

Man Used Baby Monitor to Eavesdrop on Woman

CT - A 37-year-old city man was arrested on eavesdropping charges after a baby monitor was found hidden under a women's bed in Belltown, a police sergeant said.

(The man) was charged with third-degree burglary and eavesdropping. Police believe (the man) set up the monitor to listen to the victim's room, Sgt. Paul Guzda said.

The 34-year-old woman reported to police March 30 that after hearing a strange noise sounding like electric static, she found a baby monitor under her bed, Guzda said. The monitor was plugged into a nearby electrical socket. (more)

People we love... Antonio Prohías

48 years ago, this month, Mr. Spy vs. Spy came to the United States. The rest is history...

Antonio Prohías
(January 17, 1921 – February 24, 1998), born in Cienfuegos, Cuba, was a cartoonist most famous for creating the comic strip Spy vs. Spy for MAD Magazine.

In the late 1940s, Prohías began working at El Mundo, the most important newspaper in Cuba. By 1960, he had become an internationally recognized and awarded political cartoonist. At this time, Fidel Castro's government took over the paper, and Prohías left Cuba for New York, where he found himself attracted to Mad.

El Hombre Siniestro: (The Sinister Man) wore a wide-brimmed hat and overcoat and had a long pointed nose, becoming the prototype for the Spies. (more)

In the late 1950s Antonio Prohias was the president of the Association of Cuban Cartoonists. On the first of May 1960, he fled from Cuba to America flat broke. Once in the states, he went directly to work at Mad magazine, and became an internationally respected and beloved cartoonist. He started 'Spy vs. Spy' as an anti-Castro cartoon, but it ended up as one of the most popular features in Mad magazine. Prohias drew 'Spy vs. Spy' for Mad until he retired in 1990. Even though Antonio Prohias passed away in 1998, 'Spy Vs. Spy' can still be enjoyed in every issue of Mad Magazine. (more) (NPR audio report) (The first "Spy vs. Spy")

Visitors to my office smile when the see Mr. Black Spy riding atop a 3-foot bomb, on its way down to pay Mr. White Spy a visit. One can only guess what the next frame of this story will be. One thing we all know, the last frame will be MAD... Mutually Assured Destruction. Wry Prohías humor. Neither side ever wins.

Need something to make you, or a friend, smile? Go MAD. Let The Spy Guys make it happen. The International Spy Museum has an army of them waiting for you. Click here.

Friday, May 1, 2009

2008 U.S. Wiretap Report

A total of 1,891 intercepts authorized by federal and state courts were completed in 2008, a decrease of 14 percent compared to the number terminated in 2007. The number of applications for orders by federal authorities fell 16 percent to 386. The number of applications reported by state prosecuting officials dropped 14 percent to 1,505, with 22 states providing reports, two fewer than in 2007. Installed wiretaps were in operation an average of 41 days per wiretap in 2008, compared to 44 days in 2007. The average number of persons whose communications were intercepted decreased from 94 per wiretap order in 2007 to 92 per wiretap order in 2008. The average percentage of intercepted communications that were incriminating was 19 percent in 2008, compared to 30 percent in 2007. (report)

Used Laptops - Hidden Costs

OH - Susan Jeffrey needed a computer, so she decided to buy a used laptop. She hooked up her Webcam and started chatting online with a childhood sweetheart in Boston. After a few weeks of sending messages and what she called private pictures to him, police showed up at her Springfield home.

"They shook a little paper and they said, 'We have a warrant for your arrest,'" Jeffrey said. "I said, 'What?'"

It turned out that the laptop Jeffrey bought was stolen... The computer was equipped with Absolute Software's Computrance LoJack for Laptops.

Jeffrey noticed officers holding a picture of her friend from Boston. She recognized the picture from one of their Web chats. "I was totally stunned," Jeffrey said. "I said, 'How did you get that?'"

Absolute Software's LoJack technology goes beyond tracking. It allows the company to tap into a computer and access files, pictures and essentially anything on the laptop.

"I was just totally stunned," Jeffrey said. "I could barely talk. I just couldn't believe that you could sit in America and be tapped into your own (computer), in the privacy of your own living room." (more, with video)

While LoJack is a good product, it can produce unexpected consequences.

Worse, your new "used" laptop could also be deliberately outfitted with criminal spyware. Blackmail, business secret loss, identity theft and credit card fraud are the unexpected consequences here. These costs can't be pre-calculated.

Expect the unexpected. Be sure to add the cost of having your new "used" laptop - professionally - sanitized to the final purchase price. ~ Kevin

"Chineeesee spy museum. Now, you go away!"

China - A new Chinese spy museum exhibits guns disguised as lipstick, hollowed-out coins used to conceal documents and maps hidden as a deck of cards.

What you won't find there, however, are foreigners.


A sign outside the Jiangsu National Security Education Museum in a park in the eastern city of Nanjing states that
only Chinese citizens are allowed inside, a policy designed to keep the communist regime's cloak and dagger methods secret — no matter how timeworn they may be.

"
We don't want such sensitive spy information to be exposed to foreigners, so they are not allowed to enter," a spokeswoman for the museum, who would only give her surname as Qian, told The Associated Press by telephone. (more)

SpyCam Story #526 - Up-see Daisy

GA - Police say a Loganville man was caught filming up the skirt of a female shopper Sunday at a Home Depot - and that it doesn't appear to be the first time he's done so.

Police have charged Joseph Davidson, 35, with felony eavesdropping for allegedly recording the lewd footage via a palm-size, home video camera concealed in a flower pot. (more)

Thursday, April 30, 2009

Reflect on this... Visual Eavesdropping

I began warning my city clients about visual eavesdropping back in the 1970's. I still do today. My concern then was not computer screens; clients didn't have them.

My concern was lip reading, and it wasn't theoretical. We had a case where this was the method of eavesdropping. The president had a corner office on Park Avenue. Big glass windows. Scores of vantage point offices across the street. We caught them in the act.


The visual eavesdropping info-target is bigger these days. Lip reading concerns have expanded to concerns about: whiteboard / projection / computer screen reading and now... reading the reflections off of shiny objects in the room. ~ Kevin

via Scientific American...
"Through the eyepiece of Michael Backes’s small Celestron telescope, the 18-point letters on the laptop screen at the end of the hall look nearly as clear as if the notebook computer were on my lap.

I do a double take.

Not only is the laptop 10 meters (33 feet) down the corridor, it faces away from the telescope. The image that seems so legible is a reflection off a glass teapot on a nearby table.

In experiments here at his laboratory at Saarland University in Germany, Backes has discovered that an alarmingly wide range of objects can bounce secrets right off our screens and into an eavesdropper’s camera. Spectacles work just fine, as do coffee cups, plastic bottles, metal jewelry—even, in his most recent work, the eyeballs of the computer user. The mere act of viewing information can give it away." (
more)

Monday, April 27, 2009

"Dude, let's go for a drive!"

"There are going to be thousands of victims." Anthony Muzichenko, the owner of L.A. Management, who lost 25 computers.

CA - In a bold, systematic hit on a landmark Ventura Boulevard office building,
burglars stole scores of computers from at least 60 of the 80 businesses there, taking machines containing sensitive legal documents, credit card numbers and the tax information of thousands of people, police said Saturday.

The overnight theft at the Chateau Office Building in Woodland Hills
left accountants, a talent agent, property management companies, attorneys and other businesses in the three-story structure scrambling to assess their losses as police scoured the premises... Several concluded that the thieves' target must have been the information contained on their hard drives, not property.

In one office, a pile of hard drives had been stacked in a corner, ready to be hauled out... thieves left a backup drive, positioned atop the server, leading him to believe that the theft was aimed at "the information, definitely. The computers by themselves are not worth much."

One businessman said the credit card numbers of 7,000 clients were stolen. Accountant Richard Levy said his stolen computer held the tax documents of 800 clients. Attorney Marshall Bitkower said only three computers were taken from his office, but "they had all kinds of stuff. Everything: people's names, credit cards, clients, e-mails back and forth -- who knows what."

Muzichenko, a talent manager, said that when he heard the news he was "very hysterical. I was crying. I have to restore my business." (
more)

Moral: Backup and Encrypt.

History of U.S. Privacy - Ben Franklin's Web Site

via amazon.com...
Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet
This book explores the hidden niches of American history to discover the tug between Americans' yearning for privacy and their insatiable curiosity.

The book describes
Puritan monitoring in Colonial New England, then shows how the attitudes of the founders placed the concept of privacy in the Constitution. This panoramic view continues with the coming of tabloid journalism in the Nineteenth Century, and the reaction to it in the form of a new right - the right to privacy.

The book includes
histories of wiretapping, of credit reporting, of sexual practices, of Social Security numbers and ID cards, of modern principles of privacy protection, and of the coming of the Internet and the new challenges to personal privacy it brings. (more)

22 Fired During Illegal Eavesdropping Purge

Colombia’s DAS security service fired 22 detectives, apparently in connection with an investigation into the illegal wiretapping of leading public figures... “When questioned about the reason for the dismissals, spokespeople for the agency said Muñoz affected them making use of the discretionary authority the law gives him, and that there will another purge this Friday.” (more)

UPDATE - Colombia's domestic intelligence agency has fired another 11 people in a scandal over illegal eavesdropping of judges, journalists and politicians.

That brings to 33 the total number of people dismissed from the Department of Administrative Security since the scandal broke in February. (more)

Saturday, April 25, 2009

Staying Safe Abroad - The Blog, Edward L. Lee II

Last year, I gave all my clients a free copy of Edward L. Lee's book: Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World Yes, it was that good!

The feedback I received spanned from: "Thank you so much..." to one security director saying, "I am buying copies for all our key executives who travel."


If you travel, or know someone who does, buy the book and get FREE updates by following Staying Safe Abroad - The Blog.

"What makes Ed Lee the big expert?"
Ed Lee retired from the US State Department in April 2006, after a career as a special agent, Regional Security Officer, director of training, chief investigator of the Cyprus Missing Persons Program, director of security of the U.S. Agency for International Development and as a senior advisor in the Office of Anti-Terrorism Assistance.


Most of his work now is devoted to educating global companies and governmental entities in how to be successful and keep their people safe abroad.

His career also includes 15 years as an international security consultant; for ten years he served as the security advisor to the Inter-American Development Bank. Additionally, Ed served six years in the Marines before joining the US State Department as a special agent.

"Why the plug?"
I hear you say.
Just a film noir PI's cliche,
"Dead clients don't pay."

Top Seven Emerging Threats to VoIP Services

A clear, lucid article on VoIP security (or, bad stuff that can happen to that fancy new phone on your desk that plugs into the network instead of the old phone jack). Written by one of the many vendors who offer solutions.

Summary:
• VoIP DoS attacks
• Spam over Internet Telephony (SPIT)
• VoIP service theft
• SIP registration hijacking
• Eavesdropping
• VoIP directory harvesting
• Voice Phishing, or Vishing
"WatchGuard advices all businesses using VoIP systems to review their perimeter and VoIP security." (more)

Additional solution vendors:
Sipera
Radware
VoIP Security Buyer's Guide

FREE VoIP security information:
Mark Collier's VoIP Security Blog
Blue Box: The VoIP Security Podcast
Security Considerations for Voice Over IP Systems

Man gets prison for recording anger-management classes

...and is he pissed!
PA - An Allentown man who secretly recorded his court-ordered anger management classes and posted them on YouTube was sentenced to state prison Friday.

Richard P. Mason III told Northampton County Judge Paula Roscioli that he wanted his daughter to see the group therapy sessions, which were ordered as part of his sentence on a terroristic threats charge, said Second Deputy District Attorney William Matz Jr.

Instead, the recordings landed Mason, 41, with a probation violation and a new sentence of 18 to 36 months in state prison on the threats case. Prosecutors are also considering bringing new charges against Mason for violating the state's wiretap law, Matz said.

The case is ''unique,'' Matz said. ''First for me; I think the first for our office.'' (more)

Friday, April 24, 2009

Lost Laptop Cost Survey

A single lost or stolen laptop costs a business an average of nearly $50,000. At least, that's the word from an Intel-sponsored study by the Ponemon Institute.

That figure is based on Ponemon's recent voluntary survey of 28 US companies reporting 138 separate cases of missing laptops.

Value of missing kit was mathmagically calculated by factoring laptop replacement, data breach cost, loss of productivity, investigation cost, and other variables.

The value of a lost lappy to a firm cost an average of $49,246, according to Ponemon. Minimum damage calculated in the survey was about $1,200, and the maximum reported value was just short of a cool $1m.

By far, the cost of a data breach was found to be the most expensive part of losing a lappy, eating up about 80 per cent of the total average cost to a company. (more) (survey)

Laser Beam-ers on the loose...

Turkey - Eleven vehicles with laser eavesdropping systems were the sources for the wiretapping records that were recently broadcast by the media, daily Hürriyet reported yesterday.

"Two of these vehicles are at the disposal of a team that is under the authority of the Prime Ministry," said CHP deputy Ahmet Ersin, who is also a member of the Parliamentary Wiretapping Subcommittee.

Laser eavesdropping technology enables conversations to be taped without the need to install bugs on targets’ communication devices.

İzmir deputy Ersin said, "I learned that the vehicles were imported from Canada and Israel in 2005, but could not get the addresses of where these vehicles were delivered." (more)