Tuesday, May 11, 2010

What it takes to be a TSCM tech for a U.S. government contractor...

"The candidate will assist in all aspects of of TSCM management that involves technical security (including TEMPEST) entailing new construction, modification, accreditation, re-accreditation, withdrawal and advice and assistance (SAV). The candidate will help schedule and perform TSCM evaluations and security staff visits of facilities locate CONUS/OCONUS, provide comprehensive, risk-based technical security advice, guidance, and general security support to program offices and contractor facility security offices. The candidate will prepare written correspondence to include facility file reports, cable messages, approvals, status/technical briefs and inspections reports, SAV reports, maintain databases; which includes entering new data and correspondence and quality controlling file records. Conduct analysis of complex technical, surveillance, counter surveillance, surveillance detection or other technical vulnerabilities. Provide technical support to projects in areas such as training, logistics, acquisition and technical counterintelligence investigations. Assists in developing and monitoring project tasks and schedules. Maintain a thorough knowledge of all technical security governing directives.

The candidate must be a graduate of the Interagency Training Center for TSCM and an EXPERT in two of the following areas: a) Counterintelligence , b) Automated Information Systems, c) Lock and Key Control Systems, d) Access Control Systems, g) TEMPEST, h) DoD SCIF construction standards.

Experience using a variety of ADP systems that include Microsoft Office applications (e.g. Word, Excel, Outlook, PowerPoint). Requires a Bachelors degree and 10-12 years experience." (more)

I believe subjecting people to PowerPoint goes against the Geneva Convention. P.S. The job requires 75% travel.

Monday, May 10, 2010

It Didn't Start With Nixon

UK - MI5 used hidden electronic surveillance equipment to secretly monitor 10 Downing Street, the Cabinet and at least five Prime Ministers...

The extraordinary disclosure comes despite a succession of parliamentary statements that no such bugging ever took place.

...top-secret files held by the Security Service show it installed electronic listening devices in three highly sensitive areas of No10 – the Cabinet Room, the Waiting Room and the Prime Minister’s study.

It means that for nearly 15 years, all Cabinet meetings, the offices of senior officials and all visitors to the Prime Minister – including foreign leaders – were being bugged... 

[Harold] Wilson hired private security firms to sweep his office for listening devices and was said to have pointed out electric light fittings to Downing Street visitors, indicating that they might be bugged. (more)

SpyCam Story #578 - The Case of the Silent H

UK - A university lecturer planted a camera in a bathroom air freshener so he could spy on students as they showered.

Paul Hwang, who has taught and studied at Oxford, Cambridge and Harvard, hid the digital camera in the house he was renting out to six women.

Yesterday the 33-year-old's illustrious teaching career was in ruins after he pleaded guilty to voyeurism. (more)

Police Chief Sentenced for Bugging

MN - The former police chief of Gaylord was sentenced Monday on one charge of misconduct of a public official, for an alleged "bugging" scheme. 
 
Dale Lee Roiger, 60, was sentenced to a stay of imposition for one year and was placed on probation. As part of his probation, Roiger must complete 15 days of electronic home monitoring, 15 days of community service and pay a fine of $835, among other conditions.

Roiger was accused of having one of his officers secretly plant a digital recorder to see if City Council members were meeting illegally at the Chamber of Commerce office. (more)

SpyCam Story #577 - Turkish Delights

Mission Impossible? 
You decide.
The leader of Turkey’s main opposition party has resigned after the release of grainy video footage purporting to show him having an affair with one of his MPs.

The nine minutes and 23 seconds of silent footage, seemingly shot with a hidden camera, allegedly shows Deniz Baykal, 71, veteran leader of the opposition Republican People’s Party (CHP) and Nesrin Baytok, 50, his former private secretary and now a CHP deputy, speaking in the presence of another man in one clip, and getting dressed alone in a bedroom in another.

Mr Baykal claimed he was a victim of a government-orchestrated plot...
"This is not a sex tape, this is a conspiracy," he said. "If this has a price, and that price is the resignation from CHP leadership, I am ready to pay it. My resignation does not mean running away, or giving in. On the contrary, it means that I'm fighting it." (huh?) (more) (more)

Trend: Executive and high profile clients are requesting us to inspect hotel rooms and private aircraft more often these days. Calls from politicians might be next.

Sunday, May 9, 2010

Encryption Can't Stop The Wiretapping Boom

As encryption technologies have outpaced the mathematical methods of breaking crypto schemes, law enforcement has feared for years that scrambled messages between evildoers (or law-breaking activists) would thwart their snooping. But it seems that either lawbreakers aren't using encryption, or those privacy tools simply don't work...the number of cases in which law enforcement encountered encryption as a barrier: one.

According to the courts, only one wiretapping case in the entire country encountered encryption last year, and in that single case, whatever privacy tools were used don't seemed to have posed much of a hurdle to eavedroppers. "In 2009, encryption was encountered during one state wiretap, but did not prevent officials from obtaining the plain text of the communications," reads the report. (more) (annual wiretap report)


The information security consultant's delimena: How to convince business executives to use encryption when even the criminals can't be bothered with it?

Saturday, May 8, 2010

...and you thought volcanic ash was wild.

From the FutureWatch department...
In the 1990s, a researcher named Kris Pister dreamed up a wild future in which people would sprinkle the Earth with countless tiny sensors, no larger than grains of rice.

These "smart dust" particles, as he called them, would monitor everything, acting like electronic nerve endings for the planet. Fitted with computing power, sensing equipment, wireless radios and long battery life, the smart dust would make observations and relay mountains of real-time data about people, cities and the natural environment.

Now, a version of Pister's smart dust fantasy is starting to become reality... (not rice-sized yet, however)

The latest news comes from the computer and printing company Hewlett-Packard, which recently announced it's working on a project it calls the "Central Nervous System for the Earth." In coming years, the company plans to deploy a trillion sensors all over the planet. (more)

From our "never give a sucker an even break" files.

A businessman who supplied the Botswana Police Service (BPS) with spying equipment to eavesdrop on the cell phone and electronic mail conversations of all citizens without a search warrant, intends suing the government after the Police failed to pay him.

...it appeared that the transaction went sour when the equipment did not perform as the Police expected. The system was to detect all cell phone conversations without being detected by the service providers. It emerged that the system could only detect calls from only one of the three mobile operators and was unable to detect calls from the other two, thus failing the test. (more)
Moral: "You can't cheat an honest man."

Michelin Spy Re-tired

Marwan Arbache, a former Michelin executive, has been found guilty of trying to sell industrial secrets to the company’s main competitor Bridgestone. 

What particularly seems to have grieved Michelin, which already has a well-deserved reputation for stringent security surrounding its industrial secrets, is the fact that their former employee was trying to sell secrets relating to what the AFP news agency called “new tyre manufacturing techniques for heavy transport designed to improve durability.” (more)

How Do They Do It - Codebreaking

Seattle startup Pico Computing squeezes a cryptographic supercomputer into a breadbox...

...Not every customer has the know-how or the motivation to coax FPGAs into those cryptographical feats. But the three-letter agencies that buy Pico's code-breaking systems have both, and Pico offers them versions aimed at breaking everything from the Wireless Protected Access protocol used in Wi-Fi signals to the Filevault encryption found on Mac computers. (more)

Friday, May 7, 2010

Spyware Comes to the iPad

Retina-X Studios, LLC, announced today the immediate availability of Mobile Spy for the Apple iPad. ...users can silently view all email messages, web site visits and other information... even if histories are deleted. Mobile Spy runs in total stealth mode and no mentions of the program are shown inside the iPad. After the software is set up on the device, it silently records the contents of all emails sent or received. The software also records web addresses visited in Safari and any contact added to the iPad's contacts list. (more)

Thursday, May 6, 2010

Spybusters Tip #732 - Copy Center Warning

Many office photocopiers - especially the larger and networked models - store the data they copy on an internal hard-drive memory. While this is helpful, it also poses a very serious espionage vulnerability. Old copy jobs remain on the disk and may be easily reprinted by other people who have access to the machine. Even when the job is deleted the data remains on the drive waiting to be over-written. When the lease is up or the machine is sold anyone could get your information.
Recommendations...
1. Photocopy confidential information without using the memory feature. If this is not possible...
2. Use the delete feature immediately after photocopying sensitive documents. If the risk is extreme...
3. Photocopy using a simpler machine; one without an internal memory.

"If you don't wipe, they will swipe." ~Kevin

Some photocopiers have easily removable hard drives which may be placed in a safe at the end of the day. Others have disk wipe options available. Keep these options in mind when purchasing a high-end photocopier.

Manufacturer’s security solutions:
• Canon - imageRUNNER Security Kit   
• Sharp - Data Security Kit
• Xerox - Image Overwrite Option
• Konica Minolta - Security Strengthen Mode
• Lanier - DataOverwrite Security System (DOSS)
• Savin - DataOverwrite Security System (DOSS)
• Ricoh - DataOverwriteSecurity System (DOSS)
• HP - Security Documents (1) (2)

Still don't believe?
Watch this...

Combine it with e-ink and never recycle newspapers again!

Scientists at the Massachusetts Institute of Technology have successfully coated paper with a solar cell, part of a suite of research projects aimed at energy breakthroughs. (more) (e-ink)

Monday, May 3, 2010

The Security Scrapbook Mobile Phone App

Kevin's Security Scrapbook has a mobile phone app. 
FREE download at getjar.com.
Compatible with: Blackberry, Nokia, Motorola, LG and dozens more. Search: "Spybusters"
Special thanks to the crew at SachManya, app-smiths.

Security Director Alert: Cell Phone Warning

The Bad News...
Two researchers say they have found a way to exploit weaknesses in the mobile telecom system to legally spy on people by figuring out the private cell phone number of anyone they want, tracking their whereabouts, and listening to their voice mail. — Independent security researcher Nick DePetrillo and Don Bailey, a security consultant with iSec Partners.

The Really Bad News...
"These attack scenarios are applicable to corporations and individual users alike," DePetrillo said. "Corporations specifically should start to take a look at their security policies for executives as this can impact a business very hard, with insider trading, tracking of executives, etc." (more)

The Really Really Bad News...
It doesn't look like the phone companies will (or can) fix this situation.