Two researchers at Defcon on Friday demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.
An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over the network.
The free UCSniff tool, available in Linux and Windows versions, offers a slick graphical user interface for sniffing video, said Jason Ostrom, director of the Viper Lab at Sipera Systems. The tool basically tricks the voice-over-IP network carrying the video into sending the data packets to the attacker's computer, he said.This could be used to spy on people. For instance, an attacker could listen in on and record confidential conversations between an executive who is on a video conference call with another remote executive, according to Ostrom.Ostrom and Arjun Sambamoorthy, a research engineer at Viper Lab, also have developed another free tool called VideoJak that can be used to intercept video streams.Thieves planning to steal from a museum, for example, could use the tool to change live surveillance video being watched by a museum security guard so that it replayed previous video of the art, giving thieves time to steal art without detection. (more)
Paris - The story has the elements of a corporate thriller: a cast of characters that includes former French spies and military men, an American cycling champion, Greenpeace activists and a dogged judge whose investigation takes him from a sports doping laboratory outside Paris to a Moroccan jail and to some of the top corporations in France.Like installments in a serial novel, new revelations have been dripping out since March. And while the climax is still probably many months away, the story is providing a rare glimpse into the shadowy and potentially lucrative business of gathering what corporations refer to as “strategic intelligence.” (more)
The whole story is as fascinating as it is revealing. Click "more" to read the full story.
High stakes business espionage is very real.
Smart executives have counterespionage programs. Doubters have their pockets picked. Stories like this represent espionage failures; the tip of the spyberg. Successful spying (by definition) goes unnoticed. ~Kevin
Canadians vow mass-mooning of US spy-blimp70+ Canadians in Sarnia, Ontario have committed to dropping their pants and mooning a spy balloon that a US company is launching to surveil the border, including their town. (more)View Larger Map
The owner of restaurant chain Mr. Chow alleges a rival restaurateur sent a spy to his soon-to-open Miami eatery to learn Mr. Chow's secrets. FL - Michael Chow, who started his first Mr. Chow store more than 30 years ago, added "corporate espionage" to the charges in his trademark infringement suit against Philippe Chow, a former employee who owns a restaurant across the street from the new Mr. Chow, the New York Post reported Friday.The lawsuit claims a 65-year-old man disguised as a chef was present when kitchen staff were being briefed on plans for the restaurant and, when confronted by an executive chef, said he was "incognito" so "your boss will not notice."Philippe and his partner, Stratis Morfogen, denied the charges."This is beyond bizarre and at this point we have no further comment describing Michael Chow's delusional and paranoid state of mind," Morforgen said. (more)
Ouch! That bites.
A pair of security experts have found a vulnerability in the iPhone that allows a hacker to take control of an iPhone through a text-message attack.
Cybersecurity researchers Charlie Miller and Collin Mulliner explained the security hole at the Black Hat cybersecurity conference in Las Vegas on Thursday. They said they informed Apple of the problem a month ago but the problem has not been patched, according to Forbes, which said Apple has declined to comment on the issue.
The iPhone, Miller and Mulliner said, can be controlled by an outside hacker through a series of mostly invisible SMS - short message service - bursts. That would give someone control over an iPhone user's phone, text messaging, Web browsing, microphone and camera functions. There is a similar flaw in Windows Mobile phones.
Should You Worry?
MyMobiSafe founder Eric Everson said it's highly unlikely they will be targeted. He said the attack would require hundreds of SMS texts (512 to be exact) to any phone. He said if any of the SMS messages are deleted before the attack is complete, then the hack will not be effective.
To be on the safe side, if you receive a text message with a square in it, turn off your iPhone or switch the device into airplane mode. (more)
◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊...
(just kidding :)UPDATE - "Less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone." - Apple spokesman, Tom Neumayr. (more)
from the seller's Web site...
"Do personal Investigations Do Secret Surveillance Gather Evidence"
Thumbcorder (AJ-024TC) is the smallest real USB Flash Drive Spy Cam hands free Camcorder in the world with Built in 8Gb USB Flash Disk, Use it as a normal flash drive, spy pen camera in your pocketRecord with single switchJust slide the Switch to Rec. will start recording, just slide switch to off to stop recording that's all... it will record sound and video. Really very easy to use.View Recorded filesSimply connect the Thumbcorder to any USB port of your computer and view or copy the files to view. No need for any cable or extension.Also, you can use it as USB disk drive. (more)BTW, they plan to advertise this on television (USA Network).Why do I mention it?So you will know it when you see it.
A data breach at Internet domain administrator and host Network Solutions has compromised personal and financial data for more than 573,000 credit and debit cardholders. To add more pain to the breach, Network Solutions says it was PCI compliant at the time of the breach.
The PCI Security Council Weighs In...Just because a company has passed its compliance validation, it doesn't mean that the need for vigilance of security measures should stop, says PCI Security Standards Council General Manager Bob Russo. As for whether Network Solutions was PCI-compliant at the time of the breach, Russo notes, "Until a forensics investigation is completed, an organization can not comment accurately on its compliance status."(more)Effectiveness of any security measure is directly dependent upon the other security measures in place. Imagine your "wall of protection" as building blocks. One block is ineffective without the other blocks. Each block has its purpose and place... and you need every type of block to build a strong and effective wall.
The relationship is both symbiotic and synergistic.
According to the results of our recent poll (below), TSCM sweeps are a totally overlooked 'block' more than 80% of the time. Learn from the mistakes of others. Look at your wall, plug the holes.
In our latest poll, we asked our readership - mainly people with organizational security interests - "How often does your workplace conduct... "Bug Sweeps?"
17% responded that TSCM inspections are being conducted.
The frequency of these inspections are:
8% Monthly
3% Quarterly
3% Biannually
3% Yearly
3% "Don't know how often."
81% said, "They don't check."
No one indicated, "When problems arise," or "Other."
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Vietnam - Software that allows people to bug private phone calls or text messages is now offered for sale on many websites. A man who sold the software has been recently arrested in HCM City.Where does the spy software come from?According to IT experts, the software orginated in western countries. It is said that there are more than 200 companies trading spy phone software online, called Spy Mobile and Mobile Phone Spy, at a price of US$50-300. The service has become popular and for sale online like any other product...Nguyen Thanh Trung, representative of the Nam Truong Son Company, which supplies anti-virus software in Vietnam, said the company’s software Kaspersky Mobile Security was considered the most effective protection against spy software. “When this anti-tap software is installed, it will prevent unwanted software from being installed in mobile phones.” (more)
The New Hampshire Attorney General's office is planning to review a county investigation report regarding the wiretapping of civilian employees working in the Portsmouth Police Department's records office.In June, Rockingham County Attorney Jim Reams sent a letter to Police Chief Michael Magnant indicating his office didn't find sufficient evidence to bring charges against any police employee responsible for installing a microphone recording device. At least one police department employee complained upon learning they were being recorded.The chief noted the device allowing a supervisor to monitor conversations from their computers in other parts of the police headquarters was outdated, and the department has since changed policies to prevent such concerns. (more)
Philippines - Broadcast journalist Cheche Lazaro entered a “not guilty” plea on the wiretapping charges filed against her by a ranking official of the Government Service Insurance System. (more) (background)
It seems the line between paranoia, spying and diplomacy is blurry in New Zealand.
According to Sir Clive Woodward, spying is a fact of rugby life (and he would know) and few understand this better than New Zealand.Hardly a tour goes by without the Kiwi camp escalating tensions with claims of spying - and this year's Tri-Nations seems no exception.New Zealand take their 'game secrets' so seriously that they've a constant security protocol, they have food and nutrition specialists and a truckload of personal security specialists.Ahead of their Bloemfontein game, the All Blacks have allegedly again demanded exclusive use of facilities in Pretoria, where they have set up a 'bug-free' training camp. (more)
T-shirts that can snap photos or carpets that are able to report a buildup of dust may one day be possible, thanks to the creation of a fiber that can detect images. Researchers at the Massachusetts Institute of Technology have created a polymer fiber that can detect the angle, intensity, phase, and wavelength of light hitting it, information that can be used to re-create a picture of an object without a lens.”Once you have the phase and amplitude of a wave, you can then figure out what the object was that the wave emanated from,” says Yoel Fink, director of MIT’s Photonic Bandgap Fibers and Devices Group. (more) (more) (video profile of Yoel Fink)
