USB Memory Stick Failed Encryption - UPDATE

In our January story, USB Crypt Stick - design flaw, or... design back door discovered, several USB stick manufacturers were identified as having their encryption cracked. Subsequently, two clients asked me to research this. They wanted to know if the flawed encryption included all encrypted USB stick manufacturers.

So far, I have found one manufacturer who affirms their crypt-sticks remain secure.

from their press release...

"In response to the reports that certain hardware-encrypted USB flash drives have been hacked on Monday, Jan. 4, IronKey, maker of the world's most secure flash drive, today announced that its devices are not vulnerable to the serious architectural flaw that has compromised many 'secure' USB storage devices. IronKey customers remain safe." (more)

Imagine getting this far without a roadmap!?!?

"Networks are like roads," Michael Markulec explains. "And we provide the road map."

Markulec's company, Lumeta, is about to start drawing maps that will reveal every intersection, cul-de-sac and IP address in the U.S. military's vast and sprawling NIPRNet (Non-classified Internet Protocol Router Network). The "non-classified but sensitive" network is used around the world by several million U.S. personnel and about 10 million devices, Markulec said.

IPSonar, will find and identify all devices on the NIPRNet and tell network operators how they are interconnected, Markulec said. "Without that knowledge, you can't manage the network. And if you can't manage it, you can't secure it."

Mapping isn't IPSonar's only talent. The software, which is costing the Defense Department more than $10 million, also searches for leaks. (more)

By the way, do you know what electro-leaches have latched on to your LANs, your Wi-Fi networks? Help is out there.

Business Espionage - The Cost of Spying II

News Corp. agreed to pay $500 million to settle an ongoing, four year, lawsuit initiated by Valassis charging anti-competitive practices. Insert printer Valassis sued News Corp.'s News America Marketing unit in three separate cases, alleging price fixing and other predatory practices. Last year a jury in Michigan awarded Valassis $300 million in that case...

Last year, News America Marketing was accused by Floorgraphics Inc. Hamilton, NJ, of corporate spying. Floorgraphics, a producer of graphics placed on retails stores' floors, accused News America of illegally accessing its computer system and obtaining proprietary information, and disseminating false, misleading and malicious information about the company to its clients. The case was settled, and then days later News Corp. purchased Floorgraphics for an undisclosed sum. (more)

Business Espionage - The Cost of Spying

Italy - Telecom Italia and former parent Pirelli on Monday said they agreed to settle a criminal probe into a suspected spy ring that used phone data records, freeing the companies from lengthy court proceedings.

Italian newspaper Corriere della Sera said Pirelli and phone giant Telecom Italia agreed to pay 7.5 million euros ($10.43 million dollars) in the plea bargain deal filed on Saturday. (more)

Snitch Culture Rule Switch

MD - A Maryland delegate is proposing changes to state wiretap law after he was inspired by two filmmakers who claimed to be a pimp and prostitute seeking tax advice while surreptitiously taping ACORN staffers in Baltimore.

Delegate Richard Sossi, an Eastern Shore Republican, wants to provide immunity for people who intercept a wire, oral or electronic communication that provides evidence of the commission of a felony.

Right now in Maryland, it is illegal to record private conversations unless both parties consent to the taping. (more)

This is one way to deter James O'Keefe from showing up at your political headquarters with a team of fake telephone technicians with hidden cameras.

Pssst... (BARTNICKI v. VOPPER (99-1687) 200 F.3d 109) already accomplished this in a 2001 Supreme Court ruling. 
 "Privacy of communication is an important interest. However, in this suit, privacy concerns give way when balanced against the interest in publishing matters of public importance. One of the costs associated with participation in public affairs is an attendant loss of privacy."  
See Extortionography.

Drew Peterson Tapes?

IL - A teen who was a neighbor of the late third wife of former Bolingbrook, Ill., police Sgt. Drew Peterson testified Monday that Kathleen Savio was terrified of her husband and felt that the police department was not doing enough to help her...

Nick Pontarelli, 19, testified during the pre-trial hearing in Joliet, Ill., that Savio, found dead at home in 2004, feared Peterson was bugging her telephone calls and showed him tapes that she believed were recordings of her calls, the Breaking News Center reported.

They're Bolder in Boulder

CO - A 37-year-old man has been accused of stalking his ex-girlfriend by repeatedly sneaking into her residence over a period of months, installing voice recorders in the home, spyware on her computer and sending her threatening e-mails.

Sarah Huntley, spokeswoman for the Boulder Police Department, identified the suspect as Christopher Spiewak of Boulder.

Huntley said Spiewak is being held for investigation of domestic-violence related to stalking, second-degree burglary, computer crimes and repeated harassment. (more)

Business Espionage - Government Bugs Taps & Hacks

UK - The security service MI5 has accused China of bugging and burgling UK business executives and setting up “honeytraps” in a bid to blackmail them into betraying sensitive commercial secrets...

The warning to British businessmen adds: “Hotel rooms in major Chinese cities, such as Beijing and Shanghai, which are frequented by foreigners, are likely to be bugged ... hotel rooms have been searched while the occupants are out of the room.”  

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.” (more)

The Bigger Picture - Many countries engage in business espionage. Bug and wiretap attacks happen more in the business's country than in the spying country – that's where the strategic conversations are held. If your organization does not have a coherent counterespionage strategy yet, consult with a specialist before your pockets are picked, and your executives fall victim to blackmail. Good start... Regularly scheduled inspections of your offices for electronic surveillance devices an espionage vulnerabilities.

Detecting Unwanted Cell Phone Use

There are places when you just don't want cellular communications... financial trading floors, certain hospital areas, conference and Board rooms where sensitive meetings are held, to name a few. "What's the solution?"

Forget the obvious. Although radio-frequency jamming gadgets are easy to obtain, they are not legal here in the United States.

Here is what you can do...

• Establish a written "no wireless" policy for your organization.

• Set up a system for storing electronic communications gadgets before allowing entry into a secured area.

• Alternatively, ask people to turn off their communications devices.

• Monitor compliance. "How?"

Here are two detection methods...

General Alert - Install a low-cost cellular receiver (SureSafe, pictured above). It will trip an alarm, turn on a light, or make a voice announcement whenever it detects a cellular transmission within its 1-20 meter range. (more)

Specific Alert - This pricier system, called AirPatrol, can pinpoint on a computer map (to ≈2 meters) where the offending device is located. It can also be used to locate rogue Wi-Fi devices. Very cool! (more)

Press Tapper Convicted

Italy - Giuliano Mignini, the chief prosecutor in the Meredith Kercher trial, has been convicted of abuse of office and bugging the phones of journalists. 

Mr Mignini, who succeeded in having the American student Amanda Knox jailed for 26 years for murdering her British flatmate in Perugia in 2007, was convicted in relation to a separate case regarding a notorious serial killer known as the Monster of Florence.

He was sentenced by a Florence court to a year and four months in prison, but will remain free pending the two stages of appeal available to him under Italian law and will be allowed to continue working. (more)

ZigBee Eavesdropping

Software error in ZigBee radio modules facilitates eavesdropping.

As reported by developer Travis Goodspeed on his blog, a weakness in the way Z-Stack, Texas Instruments' open source wireless communication protocol stack used in its ZigBee radio modules, generates pseudo-random numbers makes it easier for an attacker to eavesdrop on encrypted communications. This is not the first occasion on which Goodspeed has hit the headlines for his cryptographic analyses of ZigBee modules.

The weakness allows attackers to eavesdrop on wireless communications for devices such as automation systems and sensors and potentially even to access these devices. The vulnerability is of particularly concern in view of the widespread use of smart electricity meters in the USA. Some electricity providers use ZigBee to transfer data from electricity meters to base stations. (more)

Wiretapping at the DMV

A published report says North Carolina's former Division of Motor Vehicles commissioner had telephone equipment installed that would let them eavesdrop on calls to any phone line at the agency's headquarters. The News & Observer of Raleigh reported Friday that the technician who installed the equipment testified about the system before a federal grand jury. George Tatum, who resigned as DMV commissioner in 2007, did not respond to phone messages and an e-mail seeking comment Friday. (more)

UPDATE

Federal authorities are investigating whether the former commissioner of the state Division of Motor Vehicles illegally wiretapped the phone calls of agency employees.

George Tatum, who resigned in 2007 amid a corruption scandal, had a special telephone in his office that allowed him to listen in on the calls of his subordinates without their knowledge, according to current DMV officials. Greg Lockamy, who retired unexpectedly last year after serving as the agency's internal affairs director, also had a phone set up for secret eavesdropping.

State law forbids intercepting phone calls without a warrant unless at least one person in the conversation is aware the monitoring is taking place.

Tatum, now the director of emergency management at Fayetteville State University, did not respond to repeated requests for comment this week...

Brent Parrish, a telephone technician at DMV, was subpoenaed to appear before the federal grand jury hearing evidence in a wide-ranging investigation of former Gov. Mike Easley. Parrish said Tuesday he testified Sept. 16 about the special features on Tatum's phone...

Parrish, the technician, said the DMV phone system allows managers supervising the agency's call center to monitor conversations with the public. Those calling the DMV with questions about license renewal and other issues hear a recorded disclaimer informing them their calls might be monitored for quality assurance.

Parrish said Tatum and Lockamy also had the function installed on their phones, allowing them to listen in on any phone line at DMV headquarters, including those of other high-ranking administrators.

The technician said the function allowed Tatum to program his phone so that a "busy light" would indicate when particular lines were in use. The commissioner could then pick up his phone and press a button to listen to the call, with his handset automatically muted. Those on the line would have no indication their call was monitored. (more)

Espionage Flash: Wiretappers Caught in the Act

LA - Alleging a plot to wiretap Democratic Sen. Mary Landrieu's office in the Hale Boggs Federal Building in downtown New Orleans, the FBI arrested four people Monday, including James O'Keefe, a conservative filmmaker whose undercover videos at ACORN field offices severely damaged the advocacy group's credibility.

Also arrested were Joseph Basel, Stan Dai and Robert Flanagan, all 24. Flanagan is the son of William Flanagan, who is the acting U.S. Attorney for the Western District of Louisiana, the office confirmed. All four were charged with entering federal property under false pretenses with the intent of committing a felony.

According to the FBI affidavit, Flanagan and Basel entered the federal building at 500 Poydras Street about 11 a.m. Monday, dressed as telephone company employees, wearing jeans,  fluorescent green vests, tool belts, and hard hats. When they arrived at Landrieu's 10th floor office, O'Keefe was already in the office and had told a staffer he was waiting for someone to arrive.

When Flanagan and Basel entered the office, they told the staffer they were there to fix phone problems. ...the staffer gave Basel access to the main phone at the reception desk. The staffer told investigators that Basel manipulated the handset. He also tried to call the main office phone using his cell phone, and said the main line wasn't working. Flanagan did the same.

They then told the staffer they needed to perform repair work on the main phone system and asked where the telephone closet was located. The staffer showed the men to the main General Services Administration office on the 10th floor, and both went in. There, a GSA employee asked for the men's credentials, after which they stated they left them in their vehicle.

The U.S. Marshal's Service apprehended all four men shortly thereafter. (more) (FBI Press Release) 

Spybusters Tip # 623 - Do not allow service people on your premises until you can verify who in your organization called them, and why. Photocopy their credentials. Conduct your proactive inspections for bugs and wiretaps, quarterly.

SpyCam Story #555 - Along Came Jones (Update)

MI - A former Brighton City Councilman charged with spying on female employees has entered a plea in the case. 54 year old Richard Gienapp, the owner of Mexican Jones restaurant in Brighton, pleaded guilty Friday to one count of surveillance of an un-clothed person. In exchange, prosecutors dropped two separate counts of installing and possessing an eavesdropping device.

The prosecution also agreed to not issue any other charges involving computer images of child sexually abusive material.

State Police say Gienapp placed a camera in an office at the restaurant where he spied on a female employee as she undressed. He faces up to two years in prison when he is sentenced on March 4th.

Gienapp has been in and out of court all month in separate cases. Last week, he pleaded guilty to failing to conspicuously post notice of his alcohol license being suspended at his restaurant. He was also recently convicted of filing a false police report. He was sentenced to 10 days of community service and 12 months of probation but soon filed a motion for a new trial, which was rejected by 53rd District Court Judge Theresa Brennan. (more) (original)

Man Bites Dog Story

China Accuses U.S. of Cyberwarfare
In the wake of a recent speech by U.S. Secretary of State Hillary Clinton condemning countries that censor the internet and engage in hacking, China has lobbed a return volley and accused the United States of hypocrisy and initiating cyberwarfare against Iran. (more)