GSM Bug Prices Continue to Drop!

A few months ago, we found GSM bugs being sold on ebay in the $19-$60 range. Today, direct-from-the-manufacturer samples are advertised for $13.05. (Quantity pricing is even lower.)

Finding these normally dormant eavesdropping bugs is problematic. Digital Surveillance Location Analysis™ (DSLA™) is one very effective detection technique.

Business executives – You can no longer skate on the chance that one of these won't end up in your Boardroom. 

Quarterly eavesdropping detection audits are more important than ever. Be sure your TSCM provider is aware of this new threat, and can effectively deal with it. (Click graphic to enlarge it.)

(Update) One of our sharper colleagues noted the logo on this thing and mused... "Wonder what they think about the use of their logo?"

Hummmm... I seem to recall (this) (and this). But, nah. That would be too much of a stretch :)

An Old Score Settled

Italy - Italian magistrates and media are up in arms over a government attempt to restrict wiretaps and slap fines and jail sentences on newspapers that publish transcripts, saying it will help criminals and muzzle the press.

While the centre-right coalition of Prime Minister Silvio Berlusconi says it wants to protect privacy, the opposition says the government is just scrambling to cover up widespread corruption in its ranks with yet another tailor-made law...

The bill languished in parliament for months. But the government quickly dusted it off after newspapers published leaked transcripts from a high-profile graft probe into public work contracts that has tainted Berlusconi's cabinet. (more) (background)

Quote of the Week - The BugNets are Coming

"Remote surveillance is a significantly invasive threat, arguably even more so than identity theft. As it stands now, most vulnerable devices (mobile devices and computers) do not have the protection necessary to distinctly address microphone or camera hijacks. As a growing number of mobile devices with exploitable operation systems gain more reliable Internet access, this long standing problem is reaching a critical potential." 

from Roving Bugnet: Distributed Surveillance Threat and Mitigation
by Ryan Farley and Xinyuan Wang

Mobile Phone Eavesdropping - The Next Level

Imagine sitting in a café and discussing the details of a business proposal with a potential client. Neither you nor the client has a laptop; you're just two people having a conversation. But unbeknownst to you, someone half a world away is listening to every word you say. Later, as you leave, you receive a text message referring to the proposal and demanding money in exchange for silence.

Recent research from two universities suggests that such a remote-eavesdropping scenario may soon be possible.

According to George Mason University researchers Ryan Farley and Xinyuan Wang, cell phones make excellent surveillance devices for remote snoops. In a paper, Farley and Wang discuss a "modernized mic hijacker" [PDF] that an attacker could control over what they call a "roving bugnet." The eavesdropper would use a piece of malware called a "bugbot" to listen in on in-person interactions via a nearby smartphone or laptop. Such attacks would be more likely to target specific people (a wayward spouse, say) than to play a role in widespread attacks on the general public. (more)

Commercial Quantum Cryptography System Hacked

It is supposed to be absolutely secure – a means to transmit secret information between two parties with no possibility of someone eavesdropping. 

Yet quantum cryptography, according to some engineers, is not without its faults. In a preprint submitted late last week to arXiv, Hoi-Kwong Lo and colleagues at the University of Toronto, Canada, claim to have hacked into a commercial quantum cryptography system by exploiting a certain practical “loophole”.  

So does this mean high-profile users of quantum cryptography – banks and governments, for example – are in danger of being eavesdropped after all? (more)

Don't even think of saying "pampas ass."

The mayor of the Argentine capital, Buenos Aires, has been indicted on charges of illegal wiretapping of citizens including political and business leaders.

Mauricio Macri has allegedly authorized the secret recordings of many individuals, including politicians and business moguls, in the 1990s...

Despite his indictment, Macri says he will not resign. (more)

Cordless Phone Question

via The Journal Times...

When we're using cordless phones, can others pick up our conversations?

"Yes, depending on the kind of phone you use," according to a fact sheet from the Privacy Rights Clearinghouse, a nonprofit consumer-oriented group based in California. "In most cases, your cordless phone conversations are probably overheard only briefly and accidentally. But there are people who make it a hobby to listen to cordless phone calls using radio scanners."

Analog phones, which include most older ones, are more susceptible to eavesdropping. Nothing's a guarantee, the mildly paranoid-sounding fact sheet points out, but newer digital models often have better built-in security features.

Those include channel hopping, which constantly changes the frequency during a call, and more complicated stuff known as digital spread spectrum technology (DSST) and digital enhanced cordless technology (DECT). (more)

For more information on both cordless and cellular phone privacy click here.

Theft & Espionage Awareness Slide Show

(more)

I created life... and I own it!

Scientists for the first time have created a synthetic cell, completely controlled by man-made genetic instructions, which can survive and reproduce itself, researchers at the private J. Craig Venter Institute announced Thursday. Created at a cost of $30 million, the experimental one-cell organism opens the way to the manipulation of life on a previously unattainable scale.

Synthetic Genomics, a company founded by Dr. Venter, funded the experiments and owns the intellectual property rights to the cell-creation techniques. (more)

Hope they have a good counterespionage strategy. They will need it.

Testimonial - The Photocopier Security Problem

"Regarding photocopier security, I recovered 8,308 files from a high-capacity Xerox copier in the summer of 2008. The copier was several years old, shared by perhaps two dozen employees, and had a 4 gigabyte IDE hard disk. I recovered both scanned and photocopied TIFF images from user activity as well as TXT, HTML, DOC, PDF, and GIF files. I also recovered about 900 email addresses and file names." ~ from a newsgroup posting this week by a professional electronic evidence recovery specialist.

Photocopier security is only one element of an overall counterespionage strategy. If your organization does not have one. (Or, if you are not sure of the effectiveness of your current one.) Please engage the services of an independent counterespionage security consultant. Don't know where to find one? Click here for a jump start.

How Do They Do It - Cracking Your Wi-Fi

In China, they sell full Wi-Fi hacking kits. 
Any teckie can cobble together their own...

"The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network." (more) (videos)

SmartWater - "I've been slimed!"

Here is a theft deterrent idea... 

What if you could spray your valuables with an invisible DNA-like identifier, unique to you. What if this brilliant agua could also be used to link a suspect to the scene of the crime. What if this water could only be seen using ultra-violet light. You would probably say, "That's smart water." (knock, knock) Excuse me. (whisper, whisper)

Right, well then... apparently this has already been done.

"SmartWater delivers proven crime reduction strategies customised to the needs of your business. Widely used within intelligence-led policing operations, and proven to deter criminals on a sustained basis, SmartWater is now available to the commercial sector." (video)

Security Clearance - What you 'need to know'

FREE
Security Clearance Handbook
All you need to know to get cleared or stay cleared!

The shortage of IT professionals holding security clearances grows rapidly. To really accelerate your career you need to maintain or obtain a security clearance. To help you, the University of Fairfax has assembled a comprehensive handbook with 100's of facts and FAQs. The topics covered by this handbook include:
- How to obtain your security clearance.
- How to reactivate your inactive clearance.
- Who may or may not be eligible for a clearance.
- What can prevent you from getting a clearance.
- How long it can take to get a clearance.
- PLUS MUCH MORE! 

(booklet)

Can a Tin Foil Hat Protect Your Crazy Brain?

Mrfixitrick demonstrates the Faraday effect of a tinfoil hat by blocking the EMP (Electro-Magnetic Pulse) from a typical wireless modem. (video)

No word yet on whether the Bowler or Pork Pie style works best. Personally, I would opt for a Sandy Becker Hambone Pith Helmet.

A New Windows Virus (that nothing can stop?!?!)

via zdnet.com...

Are you a Windows user? Do you make sure that your antivirus program is updated regularly? Do you feel safe? You shouldn’t! Read on to find out why …

Security researchers at Matousec.com have come up with an ingenious attack that can bypass every Windows security product tested and allow malicious code to make its way to your system.

Yes, you read that right - every Windows security product tested. And the list is both huge and sobering... (more)