Saturday, December 12, 2009

Wiretapping a Video Teleconference

John Kindervag discusses video teleconferencing wiretapping...
"Now while this technology has some real business value there are also inherent security flaws in video conferencing systems running across a corporate network. Because these internal networks are rarely, if ever, encrypted, it is possible to perform an eavesdropping attack on TelePresence or any other similar videoconferencing system.

Recently I was lucky enough to attend a hands-on VoIP and UC hacking class at VIPER Lab VIPER is run by my good friend and former colleague, Jason Ostrom. Jason and his team have been instrumental in developing new research and tools related to voice over IP (VoIP) and unified communications (UC) security. Their live distro VAST is available on SourceForge and contains several ground-breaking UC security tools.

Using one of the tools UCSniff I was able to recreate a scenario similar to the 30 Rock episode and intercept and view a live videoconference in real time. Here is a screenshot showing the UC Sniff tool intercepting a video call between Jason and me:


Anyone with access to your network can use this tool to eavesdrop on your voice or video conversations. This is why VoIP and UC security is so critical. Any unencrypted call is susceptible to this attack. Imagine that your employees can now listen in as your CEO discusses potential mergers or acquisitions. The risks are real but UC security is often overlooked." (more)

Supper Club Sale Reveals Owner's Bugs

Clarence Hartwig's Gobbler Supper Club, icon of Wisconsin, is heading for auction...
"Whoever buys the building will also get a few dozen gold-colored listening devices that were installed throughout the facility by Hartwig so he could eavesdrop on his employees..." (more)

Throw a dart at the map... Ok, Malmö, Sweden...

Cops bug wrong number. Listen for hours. (more)
Meter Maids put spycams in their caps. (more)

Friday, December 11, 2009

Just when you thought there was no place they haven't thought of for hiding a spycam...

...they present (rim shot)...
The Toilet Brush Hidden Spy Camera with Built-in Digital Video Recorder!

And now, the marvelous copy that could only have been conceived and written in a little factory, around the corner and down the block, somewhere in the Far Far East (rim shot)...
"This is a ultra-small digital spy camera that hidden in a toilet brush, it looks like an ordinary toilet brush, but it has a very powerful function, the most interest is that it internally hides a smallest camera DVR, it does not need any external plug-in card, built in memory 8GB itself, can work up to 4-5hours. there is time date stamp for the record, you can get the most authentic evidence for a variety of illegal behaviour.ideal for CIA agents, police, detector, and spy agency.this products is only developed by omejo for special offers." (more)

Why do I mention it?
So you will know what you are up against.

How to Properly Redact a PDF

When it comes to breaking into protected information, the NSA is the place to go. They know the tricks. They can also tell you how to keep your information secure. In a nutshell: Don't redact, sanitize.

Download their pdf...
Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF - Information Assurance Directorate, National Security Agency

I couldn't find anything redacted in it, but I am still suspicious about the second page.

Tuesday, December 8, 2009

TSA Document Leak - pdf Redaction Problem

Government workers preparing the release of a Transportation Security Administration manual that details airport screening procedures badly bungled their redaction of the .pdf file. Result: The full text of a document considered “sensitive security information” was inadvertently leaked.

Anyone who’s interested can read about which passengers are more likely to be targeted for secondary screening, who is exempt from screening, TSA procedures for screening foreign dignitaries and CIA-escorted passengers, and extensive instructions for calibrating Siemens walk-through metal detectors.

The 93-page document also includes sample images of DHS, CIA and congressional identification cards, with instructions on what to look for to verify an authentic pass. (more)

"The Point," for our clients - Be careful when using the redaction feature in Acrobat (especially the earlier versions). Redacted .pdf files can be hacked. Of course, keep your counterespionage strategy up-to-date to reduce leak loophole vulnerabilities.

Wi-Fi Hacker Helper...

...Time to upgrade your Wi-Fi encryption.
For $34, a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes,
its creator says.

Launched today, the WPA Cracker service bills itself as a useful tool for security auditors and penetration testers (and lazy hackers who seek easy access to your system) who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, which are used by some home and small-business users. (more)

First Came the Annoying Cell Phone'er

Then came the cell phone detector.
Then came the
cell phone jammer.
Then came the
cell phone jammer detector?!?!
"What next?"

Take Written Notes Next Time

NH - Anthony De La Pena, 37, of 668 Raymond St., Elgin, was arrested Monday on charges of felony eavesdropping and misdemeanor charges of obstructing and resisting a peace officer. De La Pena on Sunday allegedly recorded a verbal exchange between himself and an Elgin police officer without the officer consenting to be recorded, according to police reports. (more)

New Hampshire law requires all parties to a recording to consent to the recording.

Sunday, December 6, 2009

An Information Leak Can Even Make a Nobel Prize Winner Look Stupid

This is about information leaks, not about the global warming debate. Leaks can happen in any organization. The effects can be devastating, as this current event shows...

Cause
A leading climate change scientist whose private e-mails are included in thousands of documents that were stolen by hackers and posted online said Sunday the leaks may have been aimed at undermining next month's global climate summit in Denmark... About 1,000 e-mails and 3,000 documents have been posted on Web sites and seized on by climate change skeptics, who claim correspondence shows collusion between scientists to overstate the case for global warming, and evidence that some have manipulated evidence. (more)

Effect
Climate campaigner Al Gore has canceled a lecture he was supposed to deliver in Copenhagen. The former vice president and Nobel Peace Prize winner had been scheduled to speak to more than 3,000 people at a Dec. 16 event hosted by the Berlingske Tidende newspaper group. The group says Gore canceled the lecture Thursday, citing unforeseen changes in his schedule. (more)

A good counterespionage strategy will help you avoid problems.

Computer Stolen from Blagojevich's Attorney

Evidence in the Rod Blagojevich corruption case may have been stolen when burglars broke into the Chicago law firm representing the former Governor. They got away with eight computers and a safe which could have copies of those secret wiretap recordings provided by the F-B-I.... Blagojevich's attorneys don't think it will impact the June third trial date. (Stop snickering.) (more)

Street crime, or political espionage? You decide.

The Future of GSM Digital Cell Phone Taps

If you're still using a cellphone based on early digital standards, you better be careful what you say. The encryption technology used to prevent eavesdropping in GSM (Global System for Mobile communications), the world's most widely used cellphone system, has more security holes than Swiss cheese, according to an expert who plans to poke a big hole of his own.

Karsten Nohl, chief research scientist with H4RDW4RE, a Sunnyvale, Calif.-based security research firm, is mounting what could be the most ambitious attempt yet to compromise the GSM phone system, which is used by over 3 billion people around the world. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. However, Nohl, who earned a Ph.D. in computer science at the University of Virginia and is a member of Germany's Chaos Computer Club (CCC), intends to go one big step further: By the end of the year, he plans to make the keys available to everyone on the Internet. (more) (video - search HAR2009 GSM)

"Go to the Principal's office."

MI - Court papers filed in a federal lawsuit against the Bullock Creek School District allege eavesdropping and violations of constitutional rights... The case was filed by Michael Wittbrodt...

Superintendent John Hill and employee Jeffrey Taylor began to intercept and read e-mails... sent by Wittbrodt to a secretary.


The suit accuses the defendants of eavesdropping on private e-mail communications of others and divulging the contents in violation on the Electronic Communications Privacy Act of 1986, the Federal Wiretapping Act, the due process clause of 14th Amendment of the U.S. Constitution and invasion of privacy. (more)

A "Move on" turns into an Eavesdropping Arrest

IL - A Rogers Park neighborhood man was charged with felony eavesdropping after allegedly taping conversations -- including the voices of officers who arrested him -- without permission while selling art for a $1 Wednesday afternoon in the Loop. (more)

Learn how to make real Dollar Art!

Tuesday, December 1, 2009

New Communications Bunghole Opens Today...

...Tap arrives later.
Sweden - The highly discussed and controversial wiretap law takes effect today. But the signal intelligence agency FRA is far from ready with the technical implementation.


The “FRA law” last year was accepted by the Parliament and gives ‘Försvarets radioanstalt’, FRA ( the National Defence Radio Establishment) legal permission to tap communication cables passing the Swedish national borders, this despite protests by a large public opinion and many experts. (more)