Friday, February 5, 2010

SpyCam Story #568 - Community Control?

OH - A Fostoria lawyer who had a pinhole camera in the restroom at his office was placed on community control for four years yesterday and ordered to pay a $5,000 fine. Sitting in Seneca County Common Pleas Court, visiting Judge Russell Wiseman of Crawford County also ordered Donald Guernsey, 57, to undergo a psychological evaluation and any ordered treatment. (more)

...thus adding insult to injury.

IL - An Elizabeth man is awaiting a court date in Jo Daviess County Circuit Court following charges of battery and eavesdropping.

According to court records, on Jan. 4, Brian D. Tessendorf, 33, knowing and intentionally caused bodily harm to his ex-girlfriend and mother of his child...

The day after the incident, Tessendorf allegedly used an eavesdropping device to record at least two different telephone conversations between him and the battery victim without her consent, a class 4 felony in Illinois that carries a maximum penalty of three years in prison and $25,000 for each count
. (more)

Business Espionage - Famous Last Words

NY - A former state lottery official is accused of eavesdropping on a confidential meeting in an apparent retaliation attempt after he was fired from his $148,000-a-year position.

John Charlson, 46, of Saratoga Springs, was the public information officer for the Division of Lottery from June 2007 until he was terminated Jan. 13, 2009, for failing to be a team player. Lottery executives say Charlson, who was responsible for media and public relations, supervised his staff poorly and made inconsistent statements.

A report released Tuesday by the state Inspector General’s office found that after being fired, Charlson accessed 16 Lottery e-mails and forwarded out-of-context information on video lottery terminals to state Racing and Wagering Board chairman John Sabini. He’s also accused of eavesdropping on lottery officials by using his former state code to dial into an executive meeting and conference call held nearly a week later.

Charlson reportedly told Lottery Director Gordon Medenica “you’re going to be sorry,” upon being fired. (more)

Thursday, February 4, 2010

Shocks from down under...

Darwin, Australia - An internal police investigation has been launched after a security camera was allegedly used to "zoom in on the rear of a lady" in Darwin's CBD. CCTV equipment at the Darwin police station has been disabled until software is installed to keep a record of the officer controlling the equipment at the time. (more)

NSW, Australia - Australia Post has been accused of secretly monitoring Sydney postal workers using computerised street-side red letter boxes in breach of NSW surveillance laws. But the postal service says it is entitled to spy on its staff because it is not subject to state laws. (more)

USB Memory Stick Failed Encryption - UPDATE

In our January story, USB Crypt Stick - design flaw, or... design back door discovered, several USB stick manufacturers were identified as having their encryption cracked. Subsequently, two clients asked me to research this. They wanted to know if the flawed encryption included all encrypted USB stick manufacturers.

So far, I have found one manufacturer who affirms their crypt-sticks remain secure.

from their press release...
"In response to the reports that certain hardware-encrypted USB flash drives have been hacked on Monday, Jan. 4, IronKey, maker of the world's most secure flash drive, today announced that its devices are not vulnerable to the serious architectural flaw that has compromised many 'secure' USB storage devices. IronKey customers remain safe." (more)

Wednesday, February 3, 2010

Imagine getting this far without a roadmap!?!?

"Networks are like roads," Michael Markulec explains. "And we provide the road map."

Markulec's company, Lumeta, is about to start drawing maps that will reveal every intersection, cul-de-sac and IP address in the U.S. military's vast and sprawling NIPRNet (Non-classified Internet Protocol Router Network). The "non-classified but sensitive" network is used around the world by several million U.S. personnel and about 10 million devices, Markulec said.

IPSonar, will find and identify all devices on the NIPRNet and tell network operators how they are interconnected, Markulec said. "Without that knowledge, you can't manage the network. And if you can't manage it, you can't secure it."

Mapping isn't IPSonar's only talent. The software, which is costing the Defense Department more than $10 million, also searches for leaks. (more)

By the way, do you know what electro-leaches have latched on to your LANs, your Wi-Fi networks? Help is out there.

Tuesday, February 2, 2010

Business Espionage - The Cost of Spying II

News Corp. agreed to pay $500 million to settle an ongoing, four year, lawsuit initiated by Valassis charging anti-competitive practices. Insert printer Valassis sued News Corp.'s News America Marketing unit in three separate cases, alleging price fixing and other predatory practices. Last year a jury in Michigan awarded Valassis $300 million in that case...

Last year, News America Marketing was accused by Floorgraphics Inc. Hamilton, NJ, of corporate spying. Floorgraphics, a producer of graphics placed on retails stores' floors, accused News America of illegally accessing its computer system and obtaining proprietary information, and disseminating false, misleading and malicious information about the company to its clients. The case was settled, and then days later News Corp. purchased Floorgraphics for an undisclosed sum. (more)

Monday, February 1, 2010

Business Espionage - The Cost of Spying

Italy - Telecom Italia and former parent Pirelli on Monday said they agreed to settle a criminal probe into a suspected spy ring that used phone data records, freeing the companies from lengthy court proceedings.

Italian newspaper Corriere della Sera said Pirelli and phone giant Telecom Italia agreed to pay 7.5 million euros ($10.43 million dollars) in the plea bargain deal filed on Saturday. (more)

Snitch Culture Rule Switch

MD - A Maryland delegate is proposing changes to state wiretap law after he was inspired by two filmmakers who claimed to be a pimp and prostitute seeking tax advice while surreptitiously taping ACORN staffers in Baltimore.

Delegate Richard Sossi, an Eastern Shore Republican, wants to provide immunity for people who intercept a wire, oral or electronic communication that provides evidence of the commission of a felony.

Right now in Maryland, it is illegal to record private conversations unless both parties consent to the taping. (more)

This is one way to deter James O'Keefe from showing up at your political headquarters with a team of fake telephone technicians with hidden cameras.

Pssst... (BARTNICKI v. VOPPER (99-1687) 200 F.3d 109) already accomplished this in a 2001 Supreme Court ruling. 
 "Privacy of communication is an important interest. However, in this suit, privacy concerns give way when balanced against the interest in publishing matters of public importance. One of the costs associated with participation in public affairs is an attendant loss of privacy."  
See Extortionography.

Drew Peterson Tapes?

IL - A teen who was a neighbor of the late third wife of former Bolingbrook, Ill., police Sgt. Drew Peterson testified Monday that Kathleen Savio was terrified of her husband and felt that the police department was not doing enough to help her...

Nick Pontarelli, 19, testified during the pre-trial hearing in Joliet, Ill., that Savio, found dead at home in 2004, feared Peterson was bugging her telephone calls and showed him tapes that she believed were recordings of her calls, the Breaking News Center reported.

They're Bolder in Boulder

CO - A 37-year-old man has been accused of stalking his ex-girlfriend by repeatedly sneaking into her residence over a period of months, installing voice recorders in the home, spyware on her computer and sending her threatening e-mails.

Sarah Huntley, spokeswoman for the Boulder Police Department, identified the suspect as Christopher Spiewak of Boulder.

Huntley said Spiewak is being held for investigation of domestic-violence related to stalking, second-degree burglary, computer crimes and repeated harassment. (more)

Sunday, January 31, 2010

Business Espionage - Government Bugs Taps & Hacks

UK - The security service MI5 has accused China of bugging and burgling UK business executives and setting up “honeytraps” in a bid to blackmail them into betraying sensitive commercial secrets...

The warning to British businessmen adds: “Hotel rooms in major Chinese cities, such as Beijing and Shanghai, which are frequented by foreigners, are likely to be bugged ... hotel rooms have been searched while the occupants are out of the room.”  

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.” (more)

The Bigger Picture - Many countries engage in business espionage. Bug and wiretap attacks happen more in the business's country than in the spying country – that's where the strategic conversations are held. If your organization does not have a coherent counterespionage strategy yet, consult with a specialist before your pockets are picked, and your executives fall victim to blackmail. Good start... Regularly scheduled inspections of your offices for electronic surveillance devices an espionage vulnerabilities.

Friday, January 29, 2010

Detecting Unwanted Cell Phone Use

There are places when you just don't want cellular communications... financial trading floors, certain hospital areas, conference and Board rooms where sensitive meetings are held, to name a few. "What's the solution?"

Forget the obvious. Although radio-frequency jamming gadgets are easy to obtain, they are not legal here in the United States.
Here is what you can do...
• Establish a written "no wireless" policy for your organization.
• Set up a system for storing electronic communications gadgets before allowing entry into a secured area.
• Alternatively, ask people to turn off their communications devices.
• Monitor compliance. "How?"

Here are two detection methods...

General Alert - Install a low-cost cellular receiver (SureSafe, pictured above). It will trip an alarm, turn on a light, or make a voice announcement whenever it detects a cellular transmission within its 1-20 meter range. (more)

Specific Alert - This pricier system, called AirPatrol, can pinpoint on a computer map (to ≈2 meters) where the offending device is located. It can also be used to locate rogue Wi-Fi devices. Very cool! (more)

Thursday, January 28, 2010

Press Tapper Convicted

Italy - Giuliano Mignini, the chief prosecutor in the Meredith Kercher trial, has been convicted of abuse of office and bugging the phones of journalists. 

Mr Mignini, who succeeded in having the American student Amanda Knox jailed for 26 years for murdering her British flatmate in Perugia in 2007, was convicted in relation to a separate case regarding a notorious serial killer known as the Monster of Florence.

He was sentenced by a Florence court to a year and four months in prison, but will remain free pending the two stages of appeal available to him under Italian law and will be allowed to continue working. (more)

ZigBee Eavesdropping


Software error in ZigBee radio modules facilitates eavesdropping.

As reported by developer Travis Goodspeed on his blog, a weakness in the way Z-Stack, Texas Instruments' open source wireless communication protocol stack used in its ZigBee radio modules, generates pseudo-random numbers makes it easier for an attacker to eavesdrop on encrypted communications. This is not the first occasion on which Goodspeed has hit the headlines for his cryptographic analyses of ZigBee modules.

The weakness allows attackers to eavesdrop on wireless communications for devices such as automation systems and sensors and potentially even to access these devices. The vulnerability is of particularly concern in view of the widespread use of smart electricity meters in the USA. Some electricity providers use ZigBee to transfer data from electricity meters to base stations. (more)