Monday, May 18, 2009

Next Year's Dayton Celebrities

Brazil and the U.S. have been arresting people who have been illegally using obsolete, but still functioning, U.S. Navy FLTSATCOM communications satellites...

As the navy stopped using FLTSATCOM in the late 1990s (shifting over to the more efficient UFO satellites), ham radio users in Brazil
discovered that the FLTSATCOM satellites had no security on them. If you knew the frequency and had a satellite dish, you could send a signal to the FLTSATCOM satellite, that would then automatically be rebroadcast by the satellite over a wide area below...

Brazilians found that they could simply use FLTSATCOM to communicate over a wide area (the interior of the country) that lacked telephones. (
more)

Saturday, May 16, 2009

Lebanon Displays Captured Spy Gear

Lebanon put on public display equipment an official said was used by alleged Israeli spy networks inside the country, including a water cooler equipped with a mapping device.

In addition to the water cooler the gadgets included a leather purse and keychains with secret compartments as well as a can for motor oil used to hide mini tapes, a radio and forged identification papers.

The alleged spies used the seemingly innocuous items to communicate with Israel using encrypted messages, the official said. (more)

"Get a room."

Joe Paradiso and Yasuhiro Ono of the Massachusetts Institute of Technology have just patented a system for a roving cone of silence, so that you can walk around your office building without anyone ever eavesdropping on you.

The inventors are trying to fix a common problem in open-plan offices: the sound of conversations that carry across the room, making your every phone call into fodder for other people's gossip sessions.

So they devised a sound-damping sensor, comprised of an infra-red motion-detector, a speaker and a microphone. These would be scattered around the walls of an office.

You can then activate your personal mute button from your computer. The system locks onto you, identifies anyone close enough to eavesdrop, and hits them with a murmur of white noise so they can't hear you.


The downside is that this system requires lots of infrastructure, not to mention the creepiness of having your moves watched by a computer that tags you as a nosey eavesdropper.
(more)

If your conversations are really that important, get a room, your own office, a conference room. Sweep your rooms regularly for bugs, of course. ~ Kevin

Spies Need a Safe Place to Eat

The Safe House is located on the hard-to-find Front Street, which is basically an alley that runs one block west of Water Street between Wells and Mason Streets. The building -- adorned with a few flags -- does not have a Safe House sign, but does have a small placard that reads "International Exports Ltd."

After trying two other locked doors, the boys finally found an unlocked door that led them into a very small room with a large book shelf.

At night, guests are greeted by a person -- playing the role of "Ms. Moneypenny" from the James Bond films -- who asks for the password. During the day, however, a voice pipes through a speaker (this is a new feature) and asks if you know the password.


The password has not changed in four decades, but if you do not say it exactly right, you are asked to take a special "spy test" proving that you are indeed a spy who deserves entry into the Safe House.
At night, the spy test can get a bit sassy, but when kids are involved, the test is G-rated, requiring those that don't know the password to like act like a monkey or hop on one foot.

Video cameras are hidden in the wall of the Safe House entry way, so unbeknownst to the new guests, diners are watching their antics on television screens inside the restaurant.


If you whisper the password correctly into the speaker, or once you pass the spy test if you didn't know the password, the faux book shelf opens like a door and allows you to walk down a hallway to the bar / restaurant.
The Safe House opened in the late '60s, and since then, very little has changed. (more)

Prove you are a worthy secret agent, man.
Figure out Safe House's home city.
Be seeing you.
~ Kevin

Would You Trade Privacy for Communications?

How much information do you think your mobile phone company has about you? Your address, your bank details... what about your religion? Or your sexuality? Does it know if you've been speeding?

Well at the moment, probably not.

But a new report (from FIDIS - Future of Identity in the Information Society) is warning that if we sign up to agreements without reading them properly, this could become a reality. (more)

Give this a few seconds of thought. The phone companies already have a pretty good idea of who you are, where you are and where you go - especially if your phone has GPS capabilities. Valuable info. They would love to sell it.

FutureWatch... They will sell it. Keep an eye on future service contracts. You will ride the slippery slope. Think you'll protest? Not if they give you "free" calls in exchange. That's how much your privacy is worth to someone else.

Thursday, May 14, 2009

Alert: In-Flight Internet... aka InfoButterfly.Net

via Netragard, LLC...
Airline passangers' personal computer information can be easily hacked while in flight.


The wireless inflight airline internet access service, GoGo Inflight Internet ("GoGo"), which enables travelers to access the internet while in flight
does not encrypt communications between users (passengers) and the Wireless
Access Points on the aircraft.

As a result of this lack of encryption it is easy to intercept and record all data sent and received by passengers. This poses significant risk to passengers and their respective businesses as sensitive information is sent over the air without encryption. This information can include, emails, email attachments, email content, usernames and
passwords,credit card information, social security numbers, methods for accessing business networks, trade secrets, etc.

This information can be intercepted and recorded by anyone on the aircraft with a WiFi capable
laptop/device. (more)

P.S. Things named GoGo seem to be really cool but don't last. Just sayin'.
(Goggo mobile) (GoGo National Airlines) (GoGo dancers) (sing-a-long) (Psycho a Go-Go) (Secret GoGo) (Beat GoGos) (Surf GoGo) (GoGo!7188-C7) (Road Runner GoGo) (88 GoGo) (Tokyo A Go Go) (Goin to a GoGo) (GoGo Brothers) (Ghoul A Go-Go) (GO GO HAPPY DAY) (Penn Gillett Rescuing a Go-Go Dancer NSFW) but I digress.

Remember... Don't do anything more sensitive on the airplane than read USA Today... no email, no accessing your corporate web site, no bidding on ebay, no buying viagra, etc., etc.

UPDATE - Gogo Inflight Internet service deserves equal time. It is, after all, providing a very useful and wanted service. The information released by Netragard, LLC applies to all public Wi-Fi hot spots, and to single out Gogo makes their motives suspect.

The problem of public Wi-Fi spying is why I mentioned Hotspot Shield
, a FREE VPN, a while back. (more)

Gogo would like you to know...
"To date, Aircell and its carrier partners have not identified any network security vulnerabilities in the Gogo Inflight Internet service that are threats to our customers. Credit card transactions to access Gogo are encrypted and fully secure. Other Internet traffic on the Gogo network is as secure as any public Wi-Fi hotspot in a hotel, airport or coffee house. For users who wish a higher level of information security, Gogo supports virtually all VPN clients. Aircell is committed to our customers' safety and security both in the air and online and will do all we can to ensure our customers' information remains secure and private."
Go with Gogo and be as cautious as you would at any public Wi-Fi hotspot. VPN it. ~ Kevin

Business Espionage - Crestron vs AMX

Security Directors - A $10 million dollar loss is being attributed to poor password practices.

Suggest a password management program which forces new and effective password creation regularly. Use this article to back-up your brilliant suggestion. ~ Kevin


NJ -
A Long Island man has pleaded guilty to illegal wiretapping in a corporate espionage case that targeted two Bergen County companies.

David A. Goldenberg of Oceanside, N.Y., admitted to accessing internal e-mail at Sapphire Marketing LLC in Woodcliff Lake, a regional sales representative for Crestron Electronics in Rockleigh, which makes audiovisual equipment. He worked for Crestron's rival, Texas-based AMX Corp., at the time.


"He was able to figure out what their default passwords were, which they never changed," said Brian Lynch, chief of the white-collar crime unit in the Bergen County Prosecutor's Office.


Goldenberg was arrested in March 2008, accused of stealing e-mail and information over a nine-month period, allowing AMX to underbid Crestron on competitive contracts. Crestron has said it lost more than $10 million in business as a result. (
more)

DOD official charged with espionage

DC - A civilian employee of the Defense Department was arrested Wednesday on espionage charges that he sold classified information and passed other sensitive documents to a spy for the Chinese government who has been convicted of compromising another Pentagon employee.

James Wilbur Fondren Jr., 62, was charged in federal court in Virginia with conspiracy to communicate classified information to an agent of a foreign government. He faces up to five years in prison if convicted.

Mr. Fondren, who has been suspended since February 2008 from his job as deputy director of the U.S. Pacific Command's Washington liaison office, turned himself in to federal agents Wednesday morning and was released without having to post bond, but will be on GPS monitoring. (more) (more)

Business Espionage - Power from The Peoples

Russia - A Moscow court convicted two brothers with dual Russian-U.S. citizenship of industrial espionage Thursday and gave them one-year suspended sentences, according Russia's top domestic security agency.

The Federal Security Service said Ilya and Alexander Zaslavsky were convicted of attempting to acquire classified commercial data from state-owned Russian energy company Gazprom. (more)

Business Espionage - America's Cup

A suspect has been arrested in the south of France for allegedly conducting industrial espionage against the America's Cup holders, Alinghi.

The Swiss-backed team felt that their jealously guarded secrets in sailing's equivalent of formula one were under threat. Police sources in the south of France confirmed that a team of officers had travelled down from Paris to conduct a surveillance operation around the Alinghi base.


It is understood that at least one individual was arrested in the French town of Villeneuve. The suspect is believed to be under interrogation by specialist officers in Paris but the operation is so secret that police sources refused to provide any details, instead referring inquiries to the central information office of the French legal system.


Intriguingly, a 3D model of the "Alinghi vehicle assembly building – interpolated from spy photos" appeared on the YouTube website a fortnight ago. It is not known if the two incidents are linked. (more) (YouTube video)

Wednesday, May 13, 2009

Today's Buzz - Palm-sized SpyCam Helicopter

Norway - PD-100 Black Hornet is a small video camera equipped helicopter not more than 100 mm long, weighing less than 20 grams.

It can be carried in your pocket and launched within seconds to give immediate situational awareness. This new ultra small aircraft is a valuable tool in situations where a closer look at a hostile area or inside a contaminated building is crucial.


Operational Concept

Deployment
• Complete PD-100 System Carried by One Man
• Ready to Fly – In the Air Within One Minute
• Requires No Prepared Surface

• Stealth – Small and Quiet
• Reusable with Fly Home Capability

• Low Cost
• Easy to Fly, Requires Little Training

Missions
• Look Behind Objects
• Birds Eye View of Areas of Interest
• Visual Information in Urban Operations

• Reconnaissance Inside Buildings

• Hover and Stare
• O
bject Identification
• Target and Damage Assessment

• Deployment of Special Payload

• and sneaking into offices to read paperwork (see video)
(more) (more video) (TV report)

Think Geek - Build Your Own BUG

from our
"Wow, this is cool!"
files...


What is BUG?
BUG is a baby monitor. BUG is a security system. BUG is a GPS device. BUG can read barcodes, draw pictures, update your twitter feed, and control robots. BUG is a platfor
m for learning, rapid prototyping, and experimentation. BUG is just about whatever you want it to be. So, the BUG can be anything, but what is it?

BUG is a set of tools that lets you create personalized gadgets and devices. It's open-source and modular, letting you literally snap together the device you need. Backed by a community of enthusiastic developers, BUG development continues to grow more exciting and diverse. (more) (video) (buglabs)

Porn Name Game Sucks in Twits

A web security expert is warning people to be careful with personal information they divulge on social networking sites, after the latest suspected identity fraud quest hit Twitter. (more)

Bottom line Tweets...

• Change your passwords regularly;

Don't use the default password or a common password;
Ensure your password is long and is not a word used in dictionaries;
Never write down or store your passwords on your computer;
Don't click onto links or attachments in emails obtained from someone you don't know;
Don't provide personal or security details in response to any email;
Scan new programs or files for viruses before you open, install or use them.

Tuesday, May 12, 2009

Dump Your FM Analog Wireless Microphones

FM analog wireless presenter's microphones are a security nightmare...
and an eavesdropper's dream.
Security-wise...
You're naked!
(
background)

If you have analog wireless microphones, dump them.

If your A/V company uses them, dump them too, until they upgrade to encrypted wireless microphones.

Replace your info-leakers with one of these digital systems...

Audio-Technica - SpectraPulse™ Ultra Wideband (UWB)
Lectrosonics (...and an Encryption White Paper)
Zaxcom
Mipro ACT-82
Telex SAFE-1000

The good news...

Your old wireless system may be eligible for a trade-in!

Most wireless microphone companies are currently offering rebates and free retuning due to changes in the FCC rules. Some are even offering trade-in money.
Check here for a partial list of programs.

Black Hat is Coming

Black Hat is the leading conference series for technical security professionals.

Black Hat Briefings and Training has earned cult status among security enthusiasts and leading technical influencers. Black Hat USA 2009, July 25–30 at Caesars Palace, Las Vegas. (
more) (register)