Friday, October 1, 2010

SpyCam Story #583 - Pushed to Suicide

NJ - Rutgers University students wore black on Friday to remember a classmate who committed suicide as a lawmaker proposed stiffer penalties for invasion of privacy - the charge levied against the roommate accused of secretly streaming online video of the victim having sex with a man. (more)

When SpyCam Story #1 was published laws against video voyeurism didn't exist. Although many states now have laws, more has to done. I hate posting tawdry SpyCam stories, but do so to raise awareness. The victims deserve the support.

BlackBerry Responds to Government Monitoring

RIM co-CEO Jim Balsillie has no objections if companies that make use of its secure BlackBerry smartphones want to hand over their encryption keys to government officials. However, RIM itself has no way of providing the unencrypted content of the emails that passes through its network operating center (NOC), since it doesn't have the keys in the first place.

This was the most direct answer to date given by RIM in response to government sanctioned wiretapping, a topic that was brought to the front even as countries such as the United Arab Emirates and India have threatened to ban the BlackBerry service unless RIM accede to their demands to a backdoor into its encryption system. Other countries such as Lebanon, Indonesia and Saudi Arabia were reportedly considering similar steps. (more)

Are governments going to accept this explanation, or say with finger poking their lips, "You will change your NOC, Mr. Berry. Un-zip it." 
Stayed tuned.

Monday, September 27, 2010

FutureWatch - The Privacy Party is Over

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.

Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages. 

The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally. (more)
It will.

Corporate Espionage in India

India - Corporate espionage is on the rise in the country, with the digital medium offering an extremely fertile ground for its perpetuation.
An increasing number of companies are also hiring private detectives to keep tabs on both their employees and business partners. Detective agencies says they are flooded with strange requests from companies to plant spies in rival firms, to fish for confidential data, engineering designs, software codes or to manipulate rate contracts to favour their clients.

"An entire gamut of corporate espionage is happening around us and it is a huge industry by itself," says cyber law expert and supreme court advocate Pavan Duggal. On an average, detective agencies get 5 to 10 requests a day for such services. The fee could range from Rs 30,000 to a few lakh of rupees, depending on the complexity of the job.

"Such things are rampant and we get a lot of requests, though we do not entertain it as a matter of policy," says Ravi Kapoor, chairman of ACE Detectives. He says that usually a person is hired for the job who has access to passwords and other information. It could be a data entry operator, security personnel or even a driver.

"Hiring spies is prevalent in IT firms, especially where big tenders are underway ," confirms Manpreet Sidhu, head of Top Secret Detective Agency. (more)

Sunday, September 26, 2010

Eavesdropping Suit Settled During Secret Phone Call

CA - After meeting in closed session by teleconference with attorney Susan Trager, Bighorn-Desert View Water Agency directors announced Tuesday night that litigation had been settled in an unlawful eavesdropping case brought by former director Maryan Barkley. The amount of the settlement was not made public. (more
What most people settle for... video.

"Ruff, ruff, I'm going to get tutored!"

VA - "The Danville Area Humane Society will have more options for spying and neutering dogs and cats belonging to residents of Danville and Pittsylvania County during the week of Oct. 11-15." (more)

Laser Eavesdropping - 50 year old technology...

...still amazing the newbies.
"Here’s a surprisly (sic) simple way to build yourself a laser-based listening device. It consists of two modules, a transmitter and a receiver. The transmitter is a set of lasers, one is visible red for aiming, and the other is infrared for measuring the vibration of a surface. Point the transmitter at the window of the room you want to listen in on and the laser can be reflected back to the receiver. The receiver module has a phototransistor to pick up the infrared laser light, and an LM386 audio amplifier to generate the audio signal sent to a pair of headphone. The need to be well-aligned which is easy enough using a pair of tripods. Check out the demo." (more) (more)

Spy Story #771 - Famous Last Words

"Let's go with the low bid on this sweep thing." 
(Corporate takeover victim. Not a member of the Murray Associates client family.)

Saturday, September 25, 2010

OSS Memorabilia - Warning & Request

If you have been saving OSS memorabilia and would like to see it properly preserved, or you have inherited OSS items and don't know what to do with them, please consider the following message from The OSS Society in Washington, DC.

"OSS Artifacts — It has come to our attention that private collectors of OSS artifacts may have been identifying themselves as 'official' historians. The OSS Society does not have an official historian. If anyone identifies themselves as such to you or has done so previously, please contact us immediately.

The same collectors may be inducing OSS veterans and others to part with their OSS memorabilia by promising not to sell items donated to them or promising to return them and not doing so. It is also our understanding that collectors have not been properly documenting these gifts. Without such documentation, anyone to whom you donate OSS items is free to do with them as they choose, including selling them.

If you have OSS artifacts in your possession, The OSS Society would be honored to receive them. We respectfully ask that you consider donating them to The OSS Society and not to private collectors so that your donations can be properly documented and preserved. You can also rest assured that your donated items will never be sold or donated to a third party by The OSS Society."

If you have items that you wish to donate, please contact:
6723 Whittier Ave. 200
McLean, VA 22101
703-356-6667
oss ( at ) osssociety.org

Wednesday, September 22, 2010

The "Thousand Grains of Sand" Approach to Business Espionage

American counter-intelligence efforts are snagging more Chinese spies. This may be more because of increased spying effort by China, than more success by the FBI and CIA...

For over two decades, China has been attempting to do what the Soviet Union never accomplished; steal Western technology, then use it to move ahead of the West...

China gets around this by making it profitable for Western firms to set up factories in China, where Chinese managers and workers can be taught how to make things right. At the same time. China allows thousands of their best students to go to the United States to study. While most of these students will stay in America, where there are better jobs and more opportunities, some will come back to China, and bring American business and technical skills with them. Finally, China energetically uses the "thousand grains of sand" approach to espionage. This involves China trying to get all Chinese going overseas, and those of Chinese ancestry living outside the motherland, to spy for China, if only a tiny bit. (more)

In many societies, this activity is considered normal and patriotic. This highly organized info-harvesting for the sake of the tribe is not the norm in Western society. We have a difficult time fathoming this mentality. Our natural reaction is to treat the threat as unreal. Crime victims often mention this phenomena when describing their experience. 

Accepting the evidence is the first step in defending yourself from an international mugging. Put yourself in the other society's shoes for a moment. Think about it. Their strategy makes sense. Look around. Their strategy works. Accept the evidence. There is no reason for them to change tactics. There is every reason for it to continue and intensify.

They have a working strategy. You need a counter strategy, before your pockets are picked. Call us or the person who hosts Kevin's Security Scrapbook on their web site. Get a counterespionage strategy... while you can still afford one.

Eavesdrop on Cell Phones? Beware Divine Justice

A new study shows that the overheard half of cell phone dialogue can steal our attention from other tasks, with potentially dangerous outcomes.
Currently a doctoral candidate in psychology at Cornell University, Lauren Emberson and her co-authors recently published a study that helps explain why hearing only one half of a cell phone conversation is so aggravating, yet so captivating. The researchers argue that such "half-alogues," as they dub them, make for dissonant eavesdropping because they are unpredictable. The less information we glean from a conversation, the harder our brains work to make sense of what we hear and the more difficult it is to stop listening. The findings, published online September 3 in Psychological Science, further suggest that cell phone half-alogues demand more of our attention than dialogues and decrease our performance on other cognitive tasks—whether we are sitting at a computer in the lab, trying to read on the subway or driving a car. (more)

Low Tech Still Works - Bin Noc'ed Up

WI - A Racine County man is accused of spying on ATM customers with binoculars, and then using ID numbers to grab money from their bank accounts.

33-year-old Thomas Kasprovich of Mount Pleasant is charged with 27 felony counts of identity theft. 

Prosecutors said bank employees were the first to alert police that their ATM’s were being watched. Some victims told police they never closed their ATM sessions when they drove away, and Kasprovich allegedly tried to get money. Video from a convenience store was eventually used to arrest the man. (more)

What's Worse Than One 'Cash Cab'?

3,024 Spy Cabs!
Apparently not content the with the more than 2.75 million surveillance cameras they already have blanketing public spaces, Chinese security forces have decided to push a new frontier in video-assisted vigilance.

According to a recent Xinhua report, authorities in Wuhu, a city of 2.3 million in Anhui Province, are installing security cameras in all 3,024 of the city’s taxis–much to the dismay of the local cab-riding public. (more) (sing-a-long)

Hand-Powered Paper Shredder

Shredsors - 9-blade portable shredding scissors 
  • Perfect for destroying junk mail, bank statement, old credit cards, top secret memos and photos of your ex!
  • Easy grip plastic handle with 9 metal shredding blades
  • Size: 7-1/2" long x 1" thick blades (19 cm x 2.5 cm)
  • Not a toy: use only under adult supervision 
  • (more)

Tuesday, September 21, 2010

The Pit and the Password Pendulum

via Risks-Forum Digest Monday 20 September 2010 Volume 26 : Issue 17
"The discussion about overly complex password rules reminds me of sage advice that Digital once published in a VAX security manual. I'll paraphrase: The definition of security must be broad. Security aims to see that authorized users, and only authorized users, succeed in doing their jobs.

The modern definition of computer security seems much narrower. It focuses on preventing unauthorized uses, and malware. If security procedures hinder authorized users from doing their jobs, security still succeeds under the narrow definition, but fails under Digital's broader definition.

An onerous password policy is a form of denial of service attack. 

Might things improve if we made security people responsible for productivity of the good guys as well as denial of the bad guys?"

--------

Also…
An additional irony of keyloggers is that the bad guys can typically see your password better than you can, since they don't have every character replaced by a black blob. Only a very few programs (7-Zip, when asking for a password on a protected archive, springs to mind) allow you to check a box to say "I do not fear Tempest scanning, and there is nobody else in the room. Please let me see this password as I type it." 

To impose passwords like fH%JK43-oe9 and then prevent people from seeing what they're typing is just sadism. It must cost millions per year in password reset costs, even with automated delivery of new passwords to e-mail addresses. 

I've added this functionality to the Web applications which I maintain. I suggested its addition to a site which I use frequently, where I have contact with the development team, and which has no major, banking-style security issues. Their reply was, "We've decided not to do this, because it's not an industry-standard practice". 

Review your password policy. Make some innovative improvements. The easier it is for employees to use, the more effective it will be. Here is your mantra for the day, "Death to passwords on sticky notes." Come on, say it!