Watch out for:
• Unexplained drops in battery power.
• Random screen flashes.
• Unusual billing activity.
• Text messages with random numbers and symbols.
Of course, lock your phone with a password and pop out the battery (if you can) for added security. (more)
Tuesday, May 26, 2009
Background Check Goes Undercover
Croatia - The manager of a Croatian subsidiary of Germany's Deutsche Telekom has said she will sue the parent company after a report that it spied on her sex life, Croatian media reported on Tuesday...
Deutsche Telekom said last week it did not routinely commission reports on the private lives of potential staff, although the allegations are the latest in a series of scandals to have rocked the company. (more)
Last year, authorities informed Schroeder that Deutsche Telekom had secretly combed through his cellphone records, apparently to root out the source of leaks to the news media. Schroeder, a union representative on the company's board of supervisors, was stunned. (more)
Deutsche Telekom said last week it did not routinely commission reports on the private lives of potential staff, although the allegations are the latest in a series of scandals to have rocked the company. (more)
Last year, authorities informed Schroeder that Deutsche Telekom had secretly combed through his cellphone records, apparently to root out the source of leaks to the news media. Schroeder, a union representative on the company's board of supervisors, was stunned. (more)
"While you're down there, check on the Constitution."
The National Archives lost a computer hard drive containing Clinton administration records, including personal data of staffers and visitors, officials said.
Archives officials say they don't know how many confidential records -- including Social Security numbers -- are on the external hard drive, CNN reported.
Congressional aides briefed on the matter said the drive had "more than 100,000" Social Security numbers, including one for a daughter of then-Vice President Al Gore, as well as Secret Service and White House operating procedures. (more)
Acting National Archives director Adrienne Thomas is being pilloried for Tuesday's revelation that the library has misplaced a hard drive containing enough Clinton administration data—including Social Security numbers, addresses, and Secret Service operating procedures—to fill literally millions of books. But important government documents have walked out of the storied library before—and not just in a Nicolas Cage movie. Despite a security system worthy of an adventure flick, the National Archives and Records Administration has long been a prime target for pilfering. (more)
Archives officials say they don't know how many confidential records -- including Social Security numbers -- are on the external hard drive, CNN reported.
Congressional aides briefed on the matter said the drive had "more than 100,000" Social Security numbers, including one for a daughter of then-Vice President Al Gore, as well as Secret Service and White House operating procedures. (more)
Acting National Archives director Adrienne Thomas is being pilloried for Tuesday's revelation that the library has misplaced a hard drive containing enough Clinton administration data—including Social Security numbers, addresses, and Secret Service operating procedures—to fill literally millions of books. But important government documents have walked out of the storied library before—and not just in a Nicolas Cage movie. Despite a security system worthy of an adventure flick, the National Archives and Records Administration has long been a prime target for pilfering. (more)
Saturday, May 23, 2009
Hobbiest Spies
In the propaganda blitz that followed North Korea's missile launch last month, the country's state media released photos of leader Kim Jong Il visiting a hydroelectric dam and power station.
Images from the report showed two large pipes descending a hillside. That was enough to allow Curtis Melvin, a doctoral candidate at George Mason University in suburban Virginia, to pinpoint the installation on his online map of North Korea.
Mr. Melvin is at the center of a dozen or so citizen snoops who have spent the past two years filling in the blanks on the map of one of the world's most secretive countries. Seeking clues in photos, news reports and eyewitness accounts, they affix labels to North Korean structures and landscapes captured by Google Earth, an online service that stitches satellite pictures into a virtual globe. The result is an annotated North Korea of rocket-launch sites, prison camps and elite palaces on white-sand beaches.
"It's democratized intelligence," says Mr. Melvin. (more)
Images from the report showed two large pipes descending a hillside. That was enough to allow Curtis Melvin, a doctoral candidate at George Mason University in suburban Virginia, to pinpoint the installation on his online map of North Korea.
Mr. Melvin is at the center of a dozen or so citizen snoops who have spent the past two years filling in the blanks on the map of one of the world's most secretive countries. Seeking clues in photos, news reports and eyewitness accounts, they affix labels to North Korean structures and landscapes captured by Google Earth, an online service that stitches satellite pictures into a virtual globe. The result is an annotated North Korea of rocket-launch sites, prison camps and elite palaces on white-sand beaches.
"It's democratized intelligence," says Mr. Melvin. (more)
FutureWatch - 100% Vehicle Tracking
UK - A national network of cameras and computers automatically logging car number plates will be in place within months...
Thousands of Automatic Number Plate Recognition cameras are already operating on Britain's roads. Police forces across England, Wales and Scotland will soon be able to share the information on one central computer. Officers say it is a useful tool in fighting crime, but critics say the network is secretive and unregulated.
Kent's Chief Constable, Michael Fuller, commented: "We've seen an increase of some 40% of arrests since we've been using this technology. "I'm very confident that we're using it properly and responsibly, and that innocent people have nothing to fear from the way we use it." (more)
Remember the uproar over how RFID toll tags (E-ZPass, FasTrak, I-Pass, etc.) were a threat to privacy? No? Oh well, that was back near the top of the slope. Slippery, isn't it? Hey, what's that down there? Wow, a remote DNA reader!
Thousands of Automatic Number Plate Recognition cameras are already operating on Britain's roads. Police forces across England, Wales and Scotland will soon be able to share the information on one central computer. Officers say it is a useful tool in fighting crime, but critics say the network is secretive and unregulated.
Kent's Chief Constable, Michael Fuller, commented: "We've seen an increase of some 40% of arrests since we've been using this technology. "I'm very confident that we're using it properly and responsibly, and that innocent people have nothing to fear from the way we use it." (more)
Remember the uproar over how RFID toll tags (E-ZPass, FasTrak, I-Pass, etc.) were a threat to privacy? No? Oh well, that was back near the top of the slope. Slippery, isn't it? Hey, what's that down there? Wow, a remote DNA reader!
Wednesday, May 20, 2009
"Social engineering has become the confidence trick of the 21st century."
TSCM is an acronym for Technical Surveillance Countermeasures; inspecting for bugs, wiretaps, etc.. It is a standard tool used to protect an organization's information.
Thwarting human trickery (social engineering) is also defense tool. Good information security consultants take both into account when designing information protection programs.
The BBC recently reported...
Have you ever wondered whether that unfamiliar face in the office is actually an intruder about to steal your data? Probably not, but maybe it is time to think again.
At one FTSE-listed financial institution the managing director himself opened the door to a stranger who, within 20 minutes of gaining entry to the building, had found a highly sensitive document outlining a half a billion pound merger lying on a desk.
Luckily, on this occasion, the data was not used for nefarious purposes because the intruder was Colin Greenlees, a consultant of Siemens Enterprise Communications.
He was there at the request of the firm's IT director to test the resilience of the company to social engineering attacks.
In a similar experiment conducted at the BBC, Mr Greenlees targeted five BBC employees. Pretending to be an IT engineer - with the prior permission of BBC bosses - he managed to obtain all of their usernames and passwords with a simple phone call. (more)
Thwarting human trickery (social engineering) is also defense tool. Good information security consultants take both into account when designing information protection programs.
The BBC recently reported...
Have you ever wondered whether that unfamiliar face in the office is actually an intruder about to steal your data? Probably not, but maybe it is time to think again.
At one FTSE-listed financial institution the managing director himself opened the door to a stranger who, within 20 minutes of gaining entry to the building, had found a highly sensitive document outlining a half a billion pound merger lying on a desk.
Luckily, on this occasion, the data was not used for nefarious purposes because the intruder was Colin Greenlees, a consultant of Siemens Enterprise Communications.
He was there at the request of the firm's IT director to test the resilience of the company to social engineering attacks.
In a similar experiment conducted at the BBC, Mr Greenlees targeted five BBC employees. Pretending to be an IT engineer - with the prior permission of BBC bosses - he managed to obtain all of their usernames and passwords with a simple phone call. (more)
Tuesday, May 19, 2009
Cautionary Tale - Tapped Out
You are never more vulnerable to information abuse and theft than during a recession. Put your independent information security consultant into overdrive. Skimp on something else to save money.
A cautionary tale...
An insider at the California Water Service Company in San Jose broke into the company's computer system and transferred $9 million into offshore bank accounts and fled the country.
Abdirahman Ismail Abdi, 32, was an auditor for the water company, which delivers drinking water throughout the state and is located in San Jose, Calif. Abdi resigned from his position on April 27. Allegedly, that night he went back to work and made three wire transfers totaling more than $9 million from the company's accounts to an account in Qatar.
Abdi is not a U.S. citizen and was ordered deported to Somalia in 2005, the Mercury News reported. (Don't skimp on background checks either.)
“The downturn in the economy is raising the internal security threat levels dramatically, as more and more disgruntled ex-employees take advantage of the fact that their ex-employer did not decommission their access credentials,” Torsten George, vice president, worldwide marketing, ActivIdentity, told SCMagazineUS.com on Friday in an email.
According to a survey of more than 200 organizations globally conducted by Deloitte Touche Tohmatsu, the number one security problem reported by IT security auditors was “excessive access rights.”
The buzz...
In addition, only 28 percent of respondents rated themselves as “very confident” or “extremely confident” with regard to internal threats, which is down from 51 percent in 2008.
Companies can protect sensitive data by limiting information access to only those employees who must have it, the survey said. (more)
A cautionary tale...
An insider at the California Water Service Company in San Jose broke into the company's computer system and transferred $9 million into offshore bank accounts and fled the country.
Abdirahman Ismail Abdi, 32, was an auditor for the water company, which delivers drinking water throughout the state and is located in San Jose, Calif. Abdi resigned from his position on April 27. Allegedly, that night he went back to work and made three wire transfers totaling more than $9 million from the company's accounts to an account in Qatar.
Abdi is not a U.S. citizen and was ordered deported to Somalia in 2005, the Mercury News reported. (Don't skimp on background checks either.)
“The downturn in the economy is raising the internal security threat levels dramatically, as more and more disgruntled ex-employees take advantage of the fact that their ex-employer did not decommission their access credentials,” Torsten George, vice president, worldwide marketing, ActivIdentity, told SCMagazineUS.com on Friday in an email.
According to a survey of more than 200 organizations globally conducted by Deloitte Touche Tohmatsu, the number one security problem reported by IT security auditors was “excessive access rights.”
The buzz...
In addition, only 28 percent of respondents rated themselves as “very confident” or “extremely confident” with regard to internal threats, which is down from 51 percent in 2008.
Companies can protect sensitive data by limiting information access to only those employees who must have it, the survey said. (more)
Monday, May 18, 2009
Business Espionage - Spying on the Board
French car-parts maker Valeo SA said it had sued an unidentified person it says secretly recorded some board-member meetings and separately said it would try to recover €3.2 million ($4.3 million) in severance from ousted Chairman and Chief Executive Thierry Morin.
The suit, filed with a Paris court, identifies the person responsible for the recordings only as "X." Under French law, a suit can be filed without publicly identifying the accused. However, a person familiar with the matter said the company believed Mr. Morin was responsible for making the recordings. Telephone calls to Mr. Morin weren't returned Monday...
French radio station RTL last month reported that Mr. Morin had installed sophisticated recording technology in the boardroom, allowing him to eavesdrop on meetings from which he was excluded and at which he was discussed. (more)
The suit, filed with a Paris court, identifies the person responsible for the recordings only as "X." Under French law, a suit can be filed without publicly identifying the accused. However, a person familiar with the matter said the company believed Mr. Morin was responsible for making the recordings. Telephone calls to Mr. Morin weren't returned Monday...
French radio station RTL last month reported that Mr. Morin had installed sophisticated recording technology in the boardroom, allowing him to eavesdrop on meetings from which he was excluded and at which he was discussed. (more)
SpyCam Story #529 - "What's up Doc?"
The story you are about to read is real. Names have been dropped to protect the people involved and the city being sued. Just coincidence? You decide. (Dum-da-dum-dum...)
Charges were dropped against a ["revered for his expertise" professional] accused of spying on his patients... he was was arrested and spent a night in jail, after a patient falsely accused him of putting a hidden camera in an office bathroom.
He says a security lightbulb was used to keep an eye on his children in the backyard of his home, but the bulb was in his office because it was broken and he was ordering a new one.
His attorney said a construction worker grabbed the security bulb off the desk, and it was his account that helped drop the charges.
"The contractor went on his own volition and explained to the district attorney's office that he accidently put the non working security device in the bathroom thinking it was a lightbulb. It's really that simple, but again no one wanted to listen..."
The [city police] said they responded to a legitimate complaint.
Prosecutors dismissed the case saying in court, they had interviewed several witnesses, one of whom "offered an innocent explanation to the placement of the surveillance light bulb in the office bathroom of the defendant."
They went on to say, "[He] did not commit the crime with which he was charged."
[He] is suing the city for $[x] million.
from another report...
[He] said he used the bulb as an outdoor monitoring system to watch his kids while they played outside at home if he got called inside. The surveillance system wasn't a secret, he said.
"Everybody who knows me knows it didn't happen because everybody knew that I bought this thing for the backyard of my house," he said. "The kids helped me set it up."
[His] father was very ill with Parkinson's disease, and the family was in the process of moving from [the suburbs] to [the city], he said.
He brought the bulb down to the city to order a new encoder box that transmits the signal to a monitor. The original box was misplaced when the family was packing to move, he said.
from another report...
"At 5 until 12 I get a call from my secretary saying this guy thinks you're watching him pee. He called 9-11. He called the cops," [he] explained.
One of [his] patients called police when he found a light bulb with a small hidden surveillance camera in the men's bathroom.
Turns out a contractor doing work at the office accidentally installed the light.
[He] took the bulb to work that day to get it fixed.
from another report...
He said he brought it to work because he needed the code number on the camera to order a new one.
A contractor working in the office at night as part of an office expansion project told investigators he could not find a bulb when the light blew out in the bathroom, so he screwed in the broken one he found on [his] desk.
The public is generally aware of only one "lightbulb camera;" code number SVS-1. Sold on ebay and from many Web sites. It does not light. Simply a camera in lightbulb clothing, it transmits video over power lines. A decoder box is required to receive the signal. What is your verdict? (Dum-da-dum-dum-daaa...)
Charges were dropped against a ["revered for his expertise" professional] accused of spying on his patients... he was was arrested and spent a night in jail, after a patient falsely accused him of putting a hidden camera in an office bathroom.
He says a security lightbulb was used to keep an eye on his children in the backyard of his home, but the bulb was in his office because it was broken and he was ordering a new one.
His attorney said a construction worker grabbed the security bulb off the desk, and it was his account that helped drop the charges.
"The contractor went on his own volition and explained to the district attorney's office that he accidently put the non working security device in the bathroom thinking it was a lightbulb. It's really that simple, but again no one wanted to listen..."
The [city police] said they responded to a legitimate complaint.
Prosecutors dismissed the case saying in court, they had interviewed several witnesses, one of whom "offered an innocent explanation to the placement of the surveillance light bulb in the office bathroom of the defendant."
They went on to say, "[He] did not commit the crime with which he was charged."
[He] is suing the city for $[x] million.
from another report...
[He] said he used the bulb as an outdoor monitoring system to watch his kids while they played outside at home if he got called inside. The surveillance system wasn't a secret, he said.
"Everybody who knows me knows it didn't happen because everybody knew that I bought this thing for the backyard of my house," he said. "The kids helped me set it up."
[His] father was very ill with Parkinson's disease, and the family was in the process of moving from [the suburbs] to [the city], he said.
He brought the bulb down to the city to order a new encoder box that transmits the signal to a monitor. The original box was misplaced when the family was packing to move, he said.
from another report...
"At 5 until 12 I get a call from my secretary saying this guy thinks you're watching him pee. He called 9-11. He called the cops," [he] explained.
One of [his] patients called police when he found a light bulb with a small hidden surveillance camera in the men's bathroom.
Turns out a contractor doing work at the office accidentally installed the light.
[He] took the bulb to work that day to get it fixed.
from another report...
He said he brought it to work because he needed the code number on the camera to order a new one.
A contractor working in the office at night as part of an office expansion project told investigators he could not find a bulb when the light blew out in the bathroom, so he screwed in the broken one he found on [his] desk.
The public is generally aware of only one "lightbulb camera;" code number SVS-1. Sold on ebay and from many Web sites. It does not light. Simply a camera in lightbulb clothing, it transmits video over power lines. A decoder box is required to receive the signal. What is your verdict? (Dum-da-dum-dum-daaa...)
Password Protection - Stick it in Your Ear
You are the victim of identity theft and the fraudster calls your bank to transfer money into their own account. But instead of asking them for your personal details, the bank assistant simply presses a button that causes the phone to produce a brief series of clicks in the fraudster's ear. A message immediately alerts the bank that the person is not who they are claiming to be, and the call is ended.
Such a safeguard could one day be commonplace, if a new biometric technique designed to identify the person on the other end of a phone line proves successful. The concept relies on the fact that the ear not only senses sound but also makes noises of its own, albeit at a level only detectable by supersensitive microphones.
If those noises prove unique to each individual, it could boost the security of call-centre and telephone-banking transactions and reduce the need for people to remember numerous identification codes. Stolen cellphones could also be rendered useless by programming them to disable themselves if they detect that the user of the phone is not the legitimate owner.
Called otoacoustic emissions (OAEs), the ear-generated sounds emanate from within the spiral-shaped cochlea in the inner ear. (more)
Such a safeguard could one day be commonplace, if a new biometric technique designed to identify the person on the other end of a phone line proves successful. The concept relies on the fact that the ear not only senses sound but also makes noises of its own, albeit at a level only detectable by supersensitive microphones.
If those noises prove unique to each individual, it could boost the security of call-centre and telephone-banking transactions and reduce the need for people to remember numerous identification codes. Stolen cellphones could also be rendered useless by programming them to disable themselves if they detect that the user of the phone is not the legitimate owner.
Called otoacoustic emissions (OAEs), the ear-generated sounds emanate from within the spiral-shaped cochlea in the inner ear. (more)
Hotel 56 "We'll leave the bug on for you."
Tanzania - Karatu member of parliament Dr Wilbrod Slaa has criticized the police for what he described as their continuing failure to charge anyone in the case of the eavesdropping devices placed in his hotel room during the last National Assembly session in Dodoma back in February.
Two such devices were discovered in the adjacent rooms of Dr Slaa, the deputy leader of the opposition camp in parliament on a CHADEMA ticket, and that of another opposition legislator, Dr Ali Tarab Ali (CUF), at Hotel 56 in the designated capital. (more)
Two such devices were discovered in the adjacent rooms of Dr Slaa, the deputy leader of the opposition camp in parliament on a CHADEMA ticket, and that of another opposition legislator, Dr Ali Tarab Ali (CUF), at Hotel 56 in the designated capital. (more)
Labels:
eavesdropping,
government,
police,
political,
privacy,
TSCM
Next Year's Dayton Celebrities
Brazil and the U.S. have been arresting people who have been illegally using obsolete, but still functioning, U.S. Navy FLTSATCOM communications satellites...
As the navy stopped using FLTSATCOM in the late 1990s (shifting over to the more efficient UFO satellites), ham radio users in Brazil discovered that the FLTSATCOM satellites had no security on them. If you knew the frequency and had a satellite dish, you could send a signal to the FLTSATCOM satellite, that would then automatically be rebroadcast by the satellite over a wide area below...
Brazilians found that they could simply use FLTSATCOM to communicate over a wide area (the interior of the country) that lacked telephones. (more)
As the navy stopped using FLTSATCOM in the late 1990s (shifting over to the more efficient UFO satellites), ham radio users in Brazil discovered that the FLTSATCOM satellites had no security on them. If you knew the frequency and had a satellite dish, you could send a signal to the FLTSATCOM satellite, that would then automatically be rebroadcast by the satellite over a wide area below...
Brazilians found that they could simply use FLTSATCOM to communicate over a wide area (the interior of the country) that lacked telephones. (more)
Saturday, May 16, 2009
Lebanon Displays Captured Spy Gear
Lebanon put on public display equipment an official said was used by alleged Israeli spy networks inside the country, including a water cooler equipped with a mapping device.
In addition to the water cooler the gadgets included a leather purse and keychains with secret compartments as well as a can for motor oil used to hide mini tapes, a radio and forged identification papers.
The alleged spies used the seemingly innocuous items to communicate with Israel using encrypted messages, the official said. (more)
In addition to the water cooler the gadgets included a leather purse and keychains with secret compartments as well as a can for motor oil used to hide mini tapes, a radio and forged identification papers.
The alleged spies used the seemingly innocuous items to communicate with Israel using encrypted messages, the official said. (more)
"Get a room."
Joe Paradiso and Yasuhiro Ono of the Massachusetts Institute of Technology have just patented a system for a roving cone of silence, so that you can walk around your office building without anyone ever eavesdropping on you.
The inventors are trying to fix a common problem in open-plan offices: the sound of conversations that carry across the room, making your every phone call into fodder for other people's gossip sessions.
So they devised a sound-damping sensor, comprised of an infra-red motion-detector, a speaker and a microphone. These would be scattered around the walls of an office.
You can then activate your personal mute button from your computer. The system locks onto you, identifies anyone close enough to eavesdrop, and hits them with a murmur of white noise so they can't hear you.
The downside is that this system requires lots of infrastructure, not to mention the creepiness of having your moves watched by a computer that tags you as a nosey eavesdropper. (more)
If your conversations are really that important, get a room, your own office, a conference room. Sweep your rooms regularly for bugs, of course. ~ Kevin
The inventors are trying to fix a common problem in open-plan offices: the sound of conversations that carry across the room, making your every phone call into fodder for other people's gossip sessions.
So they devised a sound-damping sensor, comprised of an infra-red motion-detector, a speaker and a microphone. These would be scattered around the walls of an office.
You can then activate your personal mute button from your computer. The system locks onto you, identifies anyone close enough to eavesdrop, and hits them with a murmur of white noise so they can't hear you.
The downside is that this system requires lots of infrastructure, not to mention the creepiness of having your moves watched by a computer that tags you as a nosey eavesdropper. (more)
If your conversations are really that important, get a room, your own office, a conference room. Sweep your rooms regularly for bugs, of course. ~ Kevin
Subscribe to:
Posts (Atom)