Short Story: Beware the "free" USB memory stick.Long Geeky Story:From: David Lesher Subject: AMEX sends USB trojan keyboards in adsA fellow user group member reported getting a USB-fob from American Express. When he plugged in to a port, it attempted to send his xterm command line to {the dots were hex digits, it appears.... [and PGN changed x to dot to avoid filtering]} but didn't succeed. [It may be Windows and Mac compatible, but not Linux...]That address redirects to an Amex URL: It identified itself on the USB chain as: Bus 003 Device 003: ID 05ac:020b Apple, Inc. Pro Keyboard [Mitsumi, A1048/US layout]Since it's clearly NOT an Apple Pro Keyboard; one wonders why the manufacturer chose that false identity. The masquerade as a keyboard might also have been to penetrate those machines that do not blindly mount USB storage devices.Risks: While we now look for incoming malware on the TCP/IP connections, clearly we need to similarly monitor the other ports as well; you can do just as much damage (or more) with a insider keyboard attack, given some social engineering. Is the power line next?
Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer.Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation until taking jobs with a competing company in Ohio, according to an indictment filed in federal court. On at least 12 occasions, they used old passwords to access their former employer's computer and access proprietary information, prosecutors allege.Although the men left their jobs in 2004 and early 2005, they were able to use the outdated passwords successfully as late as September of 2006. On at least two occasions, administrators at Stens grew suspicious and terminated old passwords. The men simply tried different login credentials - and succeeded several times. (more)
"For years, Broward County's socially and politically connected marveled at the astonishing success of Fort Lauderdale lawyer Scott Rothstein and wondered: How does he do it?......Sakowitz said Rothstein boasted of having sophisticated eavesdropping equipment and that former cops would sift through potential defendants' garbage. With compromising evidence in hand, the firm urged the targets of the claims to pay a settlement without a public lawsuit." (more)
Until now, there were few ways to stop shoulder surfers from reading your computer screen: place a polarizing screen over your computer screen (not very practical for laptops), or mount a mirror on the side of your screen so you could see someone sneaking a peek from behind.This way sends peepers to the eye doctor...Oculis Labs has a product called PrivateEye, a simple, low-cost (from $19.95), easy-to-deploy software application for enterprise and consumer use. It requires no special hardware, just a standard embedded webcam. PrivateEye significantly improves on older technologies such as 3M privacy filters, and screen savers by performing active user-centric protection of all content displayed on the screen.PrivateEye uses a webcam sensor to continuously assess the user’s area of interest, and uses this information to control what is displayed. In the simplest mode, when PrivateEye determines that the user is looking at the display, the contents are presented normally. When the user looks away, the display is quickly blurred to protect the contents and when the user looks back, display is instantly cleared again. The effect is that contents are displayed only as needed by the authorized user. This feature alone significantly reduces the opportunities for eavesdroppers.In addition to protecting the display when the user is not attending to it, the system will reduce susceptibility to eavesdropping when the user is actively reading the screen. PrivateEye can identify when unauthorized viewers are looking at the display, and take action to reduce potential eavesdropping. (Video demonstration)Oculis Labs also sells a higher-priced version, Chameleon, which lets the user see clearly, and scrambles the view for others... all at the same time. Cool, eh?
Where Intelligence Goes to Work
Intelligence. It's the ability to think abstractly. Challenge the unknown. Solve the impossible. And at NSA, it's about protecting the Nation.
A career at NSA offers the opportunity to work with the best, shape the course of the world, and secure your own future. Isn't it time to put your intelligence to work? (more)
US - The government has agreed to pay $3 million to a former agent of the Drug Enforcement Administration who sued CIA officers for illegal eavesdropping.
The proposed settlement followed a ruling by U.S. District Judge Royce Lamberth in July that CIA officials committed fraud to protect a former covert agent against the eavesdropping allegations.
The lawsuit was brought by former DEA agent Richard Horn, who says his home in Rangoon, Burma, was illegally wiretapped by the CIA in 1993. He says Arthur Brown, the former CIA station chief in Burma, and Franklin Huddle Jr., the chief of mission at the U.S. Embassy in Burma, were trying to get him transferred because they disagreed with his work with Burmese officials on the country's drug trade.
Horn sued Brown and Huddle in 1994, seeking monetary damages for violating his civil rights. The CIA itself was a defendant in the lawsuit until early this year. (more)
UK - Councils have been criticised for using surveillance powers designed to combat serious crime and protect national security to spy on the public for minor crimes such as littering or unlawfully selling pot plants.They were also found to be using them to investigate parents accused of lying about where they live to get their children in to better schools. But Alan Johnson, the Home Secretary, will today announce plans to change the law to ensure authorities only use the intrusive techniques, under the Regulation of Investigatory Powers Act (Ripa), for serious offences. (more)
CA - Scott Gerber, the communications director for Attorney General Jerry Brown who admitted recording phone conversations with reporters without their permission --- including Chronicle senior political writer Carla Marinucci -- resigned Monday. (more)
People are often ashamed, scared or afraid of being called paranoid when they suspect eavesdropping or wiretapping. In most cases, something is wrong. The information leaks and subsequent feedback may not always be caused by a bug or wiretap, but something is wrong.
Take the case of Courtney Love...Courtney Love's Paranoid Sounding Claims Backed Up By Other Sources...the New York Daily News quotes not only Love, but also a few corroborating sources who back up her story...investigator hired by Love not only co-signs her story, but states that there's proof! From the News: Adam DelMonte and Michael Kenworthy of AC Digital Services...say they recorded the "blitz" on security cameras they installed in Love's house. "These impostors then flipped the situation on Mrs. Cobain and tried to strong-arm her and scare her into feeling she needed to hire them for protection," DelMonte and Kenworthy assert in a letter. "Fortunately, we were able...to get them out of her life." They go on to say that Love's former staffers installed "numerous types of spyware on her computers and her phone. Both her camera and microphone on her cell phone were bugged at one point."...she says she's called law enforcement to look into her case, she's gotten no response. She chalks the disinterest in her claims, rightfully, to a less-than-stellar reputation, saying, "My biggest problem is that I'm Courtney Love."That doesn't mean, however, that she has a lesser right to privacy than anyone else.You can begin to solve your own spying problems without: buying spy detection gadgets, hiring a private investigator or sweep team, or even admitting your suspicions to anyone. Read Quit Bugging Me.
The US-CERT has issued a warning about a new, free BlackBerry application that transforms the phone into a bugging device.PhoneSnoop, which runs on the victim's phone, lets an attacker stealthily call the targeted BlackBerry, answer the call, turn on the speakerphone, and let the attacker listen in on the victim. The app has to be configured to recognize the attacker's phone number, and it automatically and quickly answers it to evade detection.
Sheran Gunasekera, the developer of PhoneSnoop, says he was surprised US-CERT identified his app in an advisory. "I am happy that they did, though, because it's one step further in getting the word out," says Gunasekera, who is director of IT security at Hermis Consulting in Jakarta, Indonesia.
"I think the reason my app was flagged was because it's free and more easily accessible" than more expensive commercial spy tools. (more) (video)
Side note: The attacker either needs to have physical access to your Blackberry to load the spyware program, or in some way, trick you into doing it.
MN - The police chief of Gaylord is now charged with two gross misdemeanors in an alleged "bugging" scheme.Police Chief Dale Lee Roiger is accused of having one of his officers secretly plant a digital recorder to see if City Council members were meeting illegally at the Chamber of Commerce office. (more)
Oddly, the article mentions a digital recorder, which stores the recording in a solid-state memory, yet shows a photo of analog cassette tapes.
Example photo of a digital recorder...
This one is high quality, voice activated and stores up to 300 hours of conversation; about $375. on ebay. Lower fidelity digital recorders are also being sold in the $10.-$40. price range. Be careful what you say, and have your office swept periodically.
UK - An article this week at The Register states that between November 2008 and September 2009, there were 356 self-reported data losses this year by UK companies and government departments. In the same time frame a year before, there were 190 such incidents reported.The information was compiled by Software AG, which used a Freedom of Information Act request to get the data from the UK Information Commissioner's Office. (more)
WI - An Appleton man charged with installing spyware on his ex-wife's computer was fined after he entered into a plea agreement on a lesser charge.Brent J. Walbrun, 47, W3291 Hartland Court, originally was charged with interception of an electronic communication under the state's electronic eavesdropping law for installing the spyware on the computer.In October, Walbrun's ex-wife discovered the spyware program when she realized Walbrun was intercepting her e-mails. Walbrun entered a no-contest plea Oct. 19 to a misdemeanor charge of disorderly conduct and was fined $476. (more)
Australia - Distributors for new software that allows parents to spy on their children's text messages say they are still hopeful, as they try to get approval for their product.The software, which allows parents to see every text message their child sends and receives, was due to be on sale in August, but the earliest it will now be available is early next year.Civil libertarians and technology experts have deep concerns about the privacy implications of the product. (more)
(Reports coming in from GA, MA, and IL)
...The unknown sharp object penetrates the door metal, hits the lock mechanism and disengages it. The burglar or burglars slip inside the vehicle without having to break a window or otherwise heavily damage the car, which would call attention to themselves.Because the damage is minor, the owners may not realize they are victims until they notice items missing from the car or items that were moved. The puncture hole that the intruders leave under the lock, usually on the driver's-side door, is only up to about a half-inch in diameter.The thieves prefer to hit General Motors cars, Golike said."Most were GM vehicles," he said. "Many of the GM cars have a lock mechanism that somebody's familiar with."He said some of the cars were Dodges.The thieves target just about anything of value, including cash, wallets, purses and guns left in the cars.The first such "punch" car burglary reported in the greater Alton area happened to a vehicle owned by Telegraph Photo Editor John Badman. That burglary happened Sept. 23 while his Chevrolet Impala was parked in the parking lot of Fast Eddie's Bon-Air tavern along East Broadway. The tavern is at 1530 E. Broadway.Once inside the car, the burglar popped the lid of the trunk, making off with $14,000 in camera equipment - after first relocking the car door. (more) (more) (more)
