Thursday, October 14, 2010

Do You Know How to Protect Your Cell Phone Calls?

...So, the problem of cell phone interception is real, growing and unlikely to be eliminated in the foreseeable future.

For an organization, knowing that phone calls have been intercepted at all is difficult. There is rarely a test that can be done, other than looking at the consequences of a lost deal or secret information in the public domain. In fact, in 2010, the Ponemon Institute found that 80 percent of CIOs admitted they would not find out directly if they had been intercepted.

The problem shows a wide geographical variation, both in the number of instances and in the public perception of risk. 

In the United States and mainland Europe, the perception of risk is relatively low. However, travel to Latin America or some parts of Asia, and the perception of an issue has reached the consumer with advertisements on mainstream television for protection equipment. 

Yet few executives traveling around the world have taken special measures to secure their cell phone conversations.

Research from ABI shows that 79 percent of companies' cell phones were routinely used to discuss information that, if intercepted, would lead to material loss to the business. Yet less than one in five had in place adequate measures to address this risk. (more)

New book coming soon...  
Stay tuned for details.

PA Spycam Suit Settled - Lawyers Win

PA - A suburban Pennsylvania school district accused of spying on students using school-issued laptops has agreed to pay $610,000 to settle litigation stemming from its controversial practice.

Under the proposed settlement, the Lower Merion School District will pay $185,000 to two high school students who had sued the district earlier this year for allegedly snooping on them. The remaining $425,000 will go to attorneys fees. (more)

Wednesday, October 13, 2010

Business Espionage - Conference Call Eavesdropping

State Republican Party staff members eavesdropped on a conference call organized by party activists to strategize ways to convince GOP candidates adopt more of the party platform, according to several people who participated in the meeting.

S.C. GOP 1st Vice Chairman Patrick Haddon organized the call with party activists including Randy Page, Chad Connelly and Justin Evans. Organizers said the call was intended as brainstorming session for fall campaigns, and not to discuss party leadership or direction.

But when the call ended, the list of participants contained an unknown number. Organizers called the number and reached a phone within Republican Party offices. State party officials declined to discuss the conference call.

No comment,” S.C. GOP executive director Joel Sawyer said. “I’m not confirming or denying anything.” (more)

To all Murray Associates clients, please re-read the Conference Call section of your reports again. This problem is real and surfaces in the news quite often. Thank you, Kevin

Tuesday, October 12, 2010

A New Suite of Phone Espionage Software

Phone Creeper V0.9 (BETA) for Windows Mobile Cell Phones - "This is a phone espionage suite. It can be silently installed by just inserting an SD card with the files below on it. The program does not show up under installed programs or running programs and allows for a useful array or features. Phones running this software can be remotely controlled by SMS text messages. All commands will be silently received and deleted immediately and results will be issued back to sender. Pre-configured settings can be added to the installer to have your own default password and phone number to receive live updates. By default, this program will silently reinstall itself even after a hard reset, if the memory card with these files is still in the device." (more)

P.S. There is even an Anti-Creeper app. Both are FREE but donations are solicited.

"Used car... or 'copter, Mr. Bond?"

Three James Bond sports cars – and one helicopter – will be auctioned Oct. 27 at RM Auctions’ Automobiles of London sale at the Battersea Evolution arena.

The highlight of the lot is a 1964 Aston Martin DB5 driven by Sean Connery in “Goldfinger”. There’s also the green 1998 Jaguar XKR driven by the villain ‘Zao’ in “Die Another Day” and the 1969 Lamborghini Islero GTS driven by Sir Roger Moore in “The Man Who Haunted Himself”.

The helicopter at stake is a 1960 Hiller UH -12 E4, which was flown by actress Honor Blackman in her role as Pussy Galore. (Its first time on film was for a 1963 movie called “The VIPs”, which starred Elizabeth Taylor and Richard Burton.) RM says the chopper will likely go for nearly £400,000. (moore, Roger Moore)

Time to Recycle the Quote of the Century

“The growing use of the electric automobile, with its many advantages of simplicity, ease of operation and noiselessness, has resulted in a demand for some means of conveniently charging the batteries.” — GE Bulletin No. 4772, September 1910.

Monday, October 11, 2010

SpyCam Story #585 - "Purely Platonic, your Honor."

GA - A man was arrested Friday for using his cell phone to take video of a woman in a dressing room.
According to a report released Saturday by the Athens-Clarke County Police Department, Vicente Bautista, 26 of Greensboro, Ga. was in the dressing area of the Plato's Closet located at 196 Alps Road shortly before noon. Police said he put his cell phone under the divider to tape a 36-year-old woman as she tried on clothes. (more)

Business Espionage - Bratz v. Barbie

Mattel Inc will answer accusations it spied on rival toymakers by infiltrating their private showrooms around the globe, after a U.S. court denied its motion to dismiss claims filed by rival MGA.

In an escalation of a long-running battle over MGA's popular "Bratz" dolls, MGA Entertainment Inc accused Mattel of gaining entry to toy fairs with false credentials to steal trade secrets. It says Mattel then concealed evidence about these activities, according to court filings.

MGA has accused Mattel employees of gaining access to private showrooms of toy makers -- including Hasbro Inc, Lego and Sony Corp -- armed with fake business cards and spy cameras, to steal price lists and other sensitive information. (more)

Legal Phone Taps Vulnerable to DOS Attacks

Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.

Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack. (more)

Business Espionage - This Zeus is no Cretan

The Zeus banking Trojan could be a useful tool in corporate espionage...

Zeus typically steals online banking credentials and then uses that information to move money out of internet accounts. In the past year, however, Gary Warner, director of research in computer forensics with the University of Alabama, who has been closely monitoring the various criminal groups that use Zeus, has seen some hackers also try to figure out what companies their victims work for...

"They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organisation."

That's worrying because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims' computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim's computer to break into corporate systems. (more)

Saturday, October 9, 2010

Espionage Life in the Fast lane

Luxury car manufacturer Porsche has banned employees from using Internet sites such as Facebook, Google Mail or Ebay during office hours, for fear of industrial spying, German media reported on Saturday. Corporate security chief Rainer Benne told business weekly Wirtschaftswoche that the company feared information could be leaked via social networking site Facebook in particular.

The magazine reported that foreign intelligence agencies systematically used Facebook to contact company insiders and win their trust in order to obtain information.

Roughly a quarter of Porsche's 13,000 global employees use Facebook and other social networking sites, Wirtschaftswoche reported. (more)

Espionage Research Institute - Day 2

Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.

This is what I heard today...

• Need to track down Cellular, Wi-Fi or Bluetooth signals?
Berkerley Varitronics RF Detection Products probably has just the little handheld instrument you need. Each instrument, with its own weird name (Yellowjacket, Swarm, Mantis, WatchHound, etc.) handles a very specific chore. You only buy what you need. That keeps the costs down. Need a special enclosure, like hiding their contraband cell phone detector in a water bottle, or secreting an antenna in a pocket pen? No problem. Very cool Jersey engineering dudes.

The rest of the day, ERI members taught what they know... 

• Protecting Your Computer Network - Dr. Gordon Mitchell
• Laser Eavesdropping Techniques - Dr. Gordon Mitchell
• Alternative Power Sources for the Eavesdropper - Mark Clayton
• Android App Vulnerabilities - Charles Patterson
• 4G LTE Cellular Network - Russ VasDias
• Covert Store and Burst Digital Stereo Bug - Vicente Garcia
• Display of most of the TSCM instrumentation designed and built by Glenn Whidden (with commentary by Glenn). Instrumentation provided by J.D. LeaSure.
• Discussions about topics for next year's meetings.

The discussions continue tomorrow.

Thank you to our client family for adjusting your schedules to allow us time to attend this important meeting in Washington, DC. Tomorrow we are back on the road again completing visits this month to Virginia, Maryland, Ohio, Philadelphia, Anchorage, Boston, New York City, New Jersey and Illinois. ~ Kevin D. Murray
Kevin's Security Scrapbook is prepared fresh almost daily for the clients and friends of Murray Associates - Eavesdropping Detection and Counterespionage Consulting for Business and Government

Snuggly the Security Bear

A few posts ago, it was noted that the FBI is echoing the desires of several countries around the world about having backdoor keys to all communications encryption schemes. BlackBerry, Skype, etc. are seeing the beginning of the end of their privacy advantage. 

Some countries threatened to outright ban encryption they can't crack, but how can this concept be sold to the U.S. Congress? 

Political cartoonist Mark Fiore thinks he knows how it should be done. Pop over to his site for a few words (and an evil giggle) from his Snuggly the Security Bear.

Friday, October 8, 2010

Espionage Research Institute - Day 1

Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.

This is what I heard today...

Need to make sure the people outside of your room can't overhear you?
Dynasound to the rescue. As they say, "These are not your father's white noise generators." Made to be un-filterable, this white noise is injected directly into construction materials (as opposed to vibrated in with old piezo-electric transducers). The benefit... walls, windows, ceilings and floors transmit the sound outward. People in the room can hardly hear it. Bonus... Need a temporary solution (as in a hotel) or need to move the permanent installation? No problem. The new transducers are easy to move.

• Want to have 24/7 monitoring of an area for certain types of bugging devices?
Global TSCM Group has an answer. Their multi-faceted monitoring system may be monitored anywhere via the Internet. It may not be the total answer, but it helps when securing Boardrooms and creating secure conference rooms.

• Need to control Wi-Fi and cell phone usage in your building?
AirPatrol can do it. Once their system is installed, you will know where every rogue laptop, unauthorized Wi-Fi appearance point and cell phone is... within six feet of its exact location, plotted on a computer map. Also, monitorable via the Internet. (PS - There is a whole lot more their system does. Visit their web site.)

Ok... Lunch break.

• Need portable secure storage for cell phones and tablets when everyone enters the top secret meeting? Hey, you never know whose cell phone is infected with spyware, turning their phone into a bugging device. Vector Technologies has the answer, and if the answer doesn't suit you, talk to them. They will make whatever you need. Bonus... It won't look like an old pirate's chest. They make really nice looking stuff with pneumatic lids! Independent testing labs certify effectiveness. Call 540-872-0444.

The rest of the afternoon, ERI members taught what they know...
• "Finds in the Computer World" - Dr. Gordon Mitchell
• "Access Control / Physical Security" - Mark Clayton
• "Building and Using a UV LED Light Source" - Dr. Gordon Mitchell
• "Adventures with Software Defined Radio" - Kevin D. Murray

More tomorrow...
(MJD, DC can be fun. Make the TSCM hajj next year.)

Thus spiking battery sales for adult toys...

Back in 2007, when the Dutch government announced that all 7 million homes in the Netherlands would be equipped with smart meters by 2013, it anticipated little resistance. After all, who wouldn’t welcome a device that could save both energy and money? But consumers worried that such intelligent monitoring devices, which transmit power-usage information to the utility as frequently as every 15 minutes, would make them vulnerable to thieves, annoying marketers, and police investigations. They spoke out so strongly against these ”espionage meters” that the government made them optional...

Of more than 9000 consumers polled in 17 countries, about one-third said they would be discouraged from using energy-management programs, such as smart metering, if it gave utilities greater access to data about their personal energy use...

It all sounds less paranoid when you consider that each appliance—the refrigerator, kettle, toaster, washing machine—has its own energy fingerprint, or ”appliance load signature,” that a smart meter can read. Anyone who gets hold of this data gets a glimpse of exactly what appliances you use and how often you use them. (more)