Friday, July 3, 2009

What's in a spy suspect's bedroom?

The latest revelation in the curious case of accused Cuban spies: They kept a copy of The Spy's Bedside Book in their apartment.

A peek inside the apartment of husband-and-wife spy suspects reveals a shortwave radio, a sailing guide to Cuban waters -- and now a copy of The Spy's Bedside Book, according to new court documents in the case. (more)

Blind Justice Swats Blind Swatter

MA - A blind teenager was sentenced to 11 years in prison on Friday for hacking into the Verizon telephone network and using fake 911 calls to harass an investigator who was building a case against him...

Matthew Weigman, 19, from Revere, Mass., was part of a group of sophisticated and notorious telephone hackers who engaged in “swatting” calls. (Calls prompting police SWAT team dispatch.)

Swatters use spoofing technology to mask their real location when placing fake 911 calls. This makes it seem as though the call is legitimate, and coming from a potential victim’s home. Police are sometimes dispatched to the homes of these “victims,” allowing swatters to effectively harass their targets from a distance.

Weigman, known as “Little Hacker,” has been involved in telephone hacking since the age of 14. (more)

Trend - Phone Encryption

During Sweden’s EU Presidency (started July 1), Swedish government authorities and the defense forces will use Sectra’s Tiger XS personal voice encryptor for eavesdrop-secure communications. Sweden is the fifth country in Europe to use Tiger XS to protect telephone conversations from eavesdropping during its EU Presidency. (more)
from the web site...
One encryption device for all
Tiger XS is a personal encryptor that protects mobile and fixed communications. Use one encryption device to secure your voice, data, fax and SMS communications. Tiger XS is connected to your mobile phone via Bluetooth®. This enables a high level of security on communications networks such as GSM, PSTN, ISDN, IP networks as well as satellite systems. With Tiger XS you are safe to exchange classified information over GSM networks or ordinary telephone lines – from your office desk, at home or on the road. (more)

Thursday, July 2, 2009

Watergate. Bailout. They just sound right together.

According to a July 2 broadcast on National Public Radio, the famed Watergate Hotel in Washington, DC is likely to face foreclosure because the owners have defaulted on a $69.9 million loan on the property.

Watergate is well-known to many Americans because of the events of June, 17, 1972, when DC police arrested five men trying to break in and wiretap the offices of the Democratic Party located in the building. Along with two others, they were tried and convicted in January 1973.

All seven were connected with President Richard M. Nixon's reelection committee
, suggesting that what appeared to be a simple burglary/wiretap might involve high-level government officials. (
more)

FutureWatch - Watergate is purchased (bailed out) by the National Park Service. Tours daily. Most popular stop... The Frank Wills Memorial Door, with tape over the lock.

iOpener

If you own an iPhone, security researcher Charlie Miller can take control of it, and short of turning off the device, it appears there isn't much you can do to stop him. Not until Apple fixes the flaw, anyway.

Exploiting a bug in the way iPhones parse SMS messages, the principal analyst at Independent Security Evaluators has demonstrated how to send malicious commands to monitor the phone's location, turn on its microphone, or cause it to join a DDoS, or distributed denial of service attack, according to this report from IDG News.

The vulnerability is significant because there are few measures iPhone users can take to prevent an attack... (more)

Dumpster Diver Surfaces with New Identities

CA - Police have arrested a man who allegedly admitted to stealing the identities of more than 500 people by going through the trash of local banks and businesses.

The criminal complaint filed against 30-year-old suspect Jonah Nelson claims that he made more than 1,000 fake ID cards that he used to rip off people, stores and banks. Nelson also allegedly admitted to stealing the identities of more than 500 people all acro
ss Northern California, ranging from the Bay Area to the Central Valley.

Federal agents say Nelson said it was easy to find new victims: All he needed to do was visit a local bank and search their dumpsters. (
more)

My amazing bank shredder story...
I received a package cushioned with strips of shredded paper filler...
made from bank records!

Names, addresses, deposit amounts, account numbers, phone numbers, Social Security numbers. It was all there. Easily reconstructed.

This was worth looking into.

My secretary wrote to the company who sent us the box...
“Your packing material was most interesting (the recycled paper). Is there a company that supplies it? Is there a charge for it? If you have a company name I would appreciate your sharing it with me. Thanks!”

Their reply...

“Check with any local bank - they shred 6-10 bags per week - you can get it for free for the asking!”

Fortunately, this was an honest person. They could just as easily have been and investigator or spy... and, the bank could have been any business or government agency.

Were their hearts in the right place for recycling?
Probably.

Is this a good practice.
No.

Buy and use a good crosscut shredder. ~Kevin

Wednesday, July 1, 2009

The Search Engine That Didn't Snitch... and other disasters

Hey gang, it's almost Independence Day here in America. Yup, July 4th is just around the corner.

Fireworks are in America's bloodstream... but, did you know your on-line curiosity could get you in trouble with the terrorist chasers? Your fireworks search engine enquires might start popping red flags...

"Ludlow Kissel and the Dago Bomb That Struck Back"
"What is a Dago Bomb?"
"How can I build a Dago Bomb?"
"Dago Bomb ingredients"
"What was blown up by the Dago Bomb?"

(Knock, Knock)
"We're from Homeland Security..."


"Excelsior, you fathead!" Next time, don't use a search engine that captures your IP address. Search privately. Go to https://www.ixquick.com
ixquick is the only search engine which gives you anonymity.

Oh, and Ludlow... he had his 15 minutes of fame... about 2:17 into this Great American Fourth of July video. ~Kevin

UPDATE - NEW URL. Startpage.com

Monday, June 29, 2009

Security Director Alert - Fake Tweets

Twitter users have caused an uproar by impersonating celebrities on the popular micro-blogging service. Businesses, too, are targets of fake Twitter profiles -- sometimes from competitors.

Exxon Mobil Corp. has found at least two unauthorized Twitter accounts under variations of its name. Twitter -- a networking service where users create profiles and send out short messages, or "tweets" to their followers -- terminated one of the profiles last summer. An Exxon spokesman says the oil company is considering what to do about the second profile, which it discovered several weeks ago.

In a defensive move, AMR Corp.'s American Airlines in April "registered every possible Twitter name that could be associated with us," a spokesman says. The move came after airline employees last summer found a rogue profile in the name AmericanAir, which was shut down four weeks later.

At Elevation Burger, a seven-outlet chain owned by Elevation Franchise Ventures LLC, a vendor in March found an unauthorized Twitter profile with tweets promoting rival Z Burger. Hans Hess, Elevation's founder and chief executive, complained to Z Burger and Twitter, which later suspended the profile after a letter from Mr. Hess's lawyer.

Amusement-park operator Cedar Fair LP, of Sandusky, Ohio, received an email from a marketing consultant who had created a Twitter profile in the name of its Cedar Point amusement park. The consultant, David Goebel, president of Goebel Group Inc., offered to relinquish control of the account in exchange for season passes to the Cedar Fair park and suggested that the company hire his firm to oversee its Twitter account. (more)

Recommendation: Get to know Twitter. Monitor it for malicious content about your company, the same way you monitor the Web and chat groups.

You do monitor, don't you?


Ok, I'll give you this tip for free...
Plug yourself into Addictomatic.com. It's free too.

Bugs found in Georgian Opposition Party's office

In the office of Georgian opposition party “Way of Georgia” eavesdropping bugs were discovered to have been installed in the office’s electrical sockets.

The leader of the party, ex-minister of foreign affairs Salome Zurabishvili, said that the devices were found where meetings take place among leaders of the party, which is demanding the resignation of current Georgian President Mikhail Saakashvili.

“They were found by employees of the party in the electrical sockets of the room,” said Zurabishvili, who showed the devices to journalists. (more)

SpyCam Story #539 - The Watchful Neighbor

CA- Police in Newbury Park say they've found evidence that a man arrested for allegedly spying on his female neighbors with a hidden camera may have taped other people as well.

Police say Michael Farge, 38, recorded the daily activities of his neighbors, including them changing, for more than two years.

Residents of the community of condos near Wheelwright Lane told KTLA that Farge was good friends with the women he is accused of watching, a woman and her 19-year-old daughter.


They said Farge had a key to the victims' house and watched their house and pets when they were out of town. (more) (video)

Technical director of new product development... charged with 5 counts of spying

A federal grand jury indicted former Arlington Heights resident David Yen Lee on charges he stole trade secrets to divulge to a competitor.

The indictment, which U.S. attorney Patrick Fitzgerald announced Friday, charges Lee with five counts of economic espionage.

According to the indictment, the 52-year-old Lee worked as technical director of new product development for the Wheeling branch of Valspar Corp., a Minneapolis-based paint company, from 2006 to March 2009.

According to the indictment, Lee downloaded documents and data from Valspar and its China subsidiary, Huarun Ltd., to an external thumb drive... (more)

Building Spy Bats

Researchers are studying creatures that fly through the night in hopes of making tiny flying spies.

(right) AeroVironment's DARPA-funded prototype drone made a successful test flight, lifting itself and its energy source.

The most popular of these drones are called Ravens, built by the Monrovia, Calif., company AeroVironment. They are about 4.5 feet across, weigh six pounds and can stay aloft for about an hour and a half. (More, with two cool clips of a bat flying in slow motion.)

Friday, June 26, 2009

FutureWatch - Amazing MagLev

Is this cool, or what?!?!
Enjoy your weekend.
See you Monday.

Japan discovers 1970's 'Broken Window Theory'

A Tokyo district plagued with burglaries has turned to planting flowers to beautify its streets and help stamp out crime.

"'Operation Flower' began about three years ago. By planting flowers facing the street, more people will be keeping an eye out while taking care of the flowers or watering them," said Kiyotaka Ohyagi, a Suginami City official...

Suginami, with a population of 528,800, saw a record 1,710 break-ins in 2002... Suginami says its efforts have paid off, with the number of burglaries falling to 390 in 2008, down almost 80 percent from 2002.

Oh, by the way...
The flowers are part of a wider crime prevention campaign. The district also has 9,600 volunteer patrollers and 200 security cameras set up in areas where there are frequent break-ins. It also emails crime information daily to residents. (more)

Broken Window Theory... (via The Atlantic - March 1982)
...at the community level, disorder and crime are usually inextricably linked, in a kind of developmental sequence. Social psychologists and police officers tend to agree that if a window in a building is broken and is left unrepaired, all the rest of the windows will soon be broken. This is as true in nice neighborhoods as in rundown ones. Window-breaking does not necessarily occur on a large scale because some areas are inhabited by determined window-breakers whereas others are populated by window-lovers; rather, one unrepaired broken window is a signal that no one cares, and so breaking more windows costs nothing. (It has always been fun.)

Philip Zimbardo, a Stanford psychologist, reported in 1969 on some experiments testing the broken-window theory. He arranged to have an automobile without license plates parked with its hood up on a street in the Bronx and a comparable automobile on a street in Palo Alto, California. The car in the Bronx was attacked by "vandals" within ten minutes of its "abandonment." The first to arrive were a family—father, mother, and young son—who removed the radiator and battery. Within twenty-four hours, virtually everything of value had been removed. Then random destruction began—windows were smashed, parts torn off, upholstery ripped. Children began to use the car as a playground. Most of the adult "vandals" were well-dressed, apparently clean-cut whites. The car in Palo Alto sat untouched for more than a week. Then Zimbardo smashed part of it with a sledgehammer. Soon, passersby were joining in. Within a few hours, the car had been turned upside down and utterly destroyed. Again, the "vandals" appeared to be primarily respectable whites. (more)

"How does this apply to information security?"
If management doesn't care, employees won't care. When employees don't care, your company is easy pickings for info-vultures. Patch all the holes. ~Kevin

FutureWatch - Your Own Private Internet

For those struggling with privacy on the Web, security researchers at Hewlett-Packard might have found the light at the end of tunnel.

A duo from HP's Web security group, Billy Hoffman and Matt Wood, are scheduled to present an idea at the BlackHat security conference in July that could shed new light on an old idea about how to communicate privately over the Internet.

The researchers, who previewed their concept to Forbes, say
their model works like a private Internet on top of the existing public one: People can share information like files and messages via the Internet medium, but without the kind of public-facing personally identifiable information that Internet protocol addresses provide...

The darknet concept as we know it today has been around for a while, and current implementations usually rely on some sort of third-party technology to make it work. The model Hoffman and Wood are previewing is notable in that it uses the latest in rich Internet technologies to make using a darknet as simple as browsing a Web site. That innovation should drastically reduce the barrier to sharing secure information over darknets. (
more)