Saturday, March 26, 2011

SpyCam Story #605 - Attention K-Mart Shopper!

Police in Georgia said they arrested a man who allegedly followed a woman around a Kmart store while filming her backside.

Cobb County police said Alejandro Paniagua Pretega, 28, followed the woman around the Mableton Kmart for several minutes just after 1:30 p.m. EDT Tuesday while filming her rear...  A witness said Pretega attempted the film up the woman's skirt without her knowledge.

Pretega was arrested on a felony eavesdropping count and ordered held in the Cobb County jail without bond due to an immigration hold. (more)

Saturday, March 19, 2011

Hacker Wins on Technicality

The Netherlands - Breaking in to an encrypted router and using the WiFi connection is not an criminal offence, a Dutch court ruled. WiFi hackers can not be prosecuted for breaching router security.

A court in The Hague ruled earlier this month that it is legal to break WiFi security to use the internet connection. The court also decided that piggybacking on open WiFi networks in bars and hotels can not be prosecuted. In many countries both actions are illegal and often can be fined.

The ruling is linked to a case of a student who threatened to shoot down everyone at the Maerlant College in The Hague, a high school. He posted a threat on the internet message board 4chan.org using a WiFi connection that he broke into. The student was convicted for posting the message and sentenced to 20 hours of community service, but he was acquitted of the WiFi hacking charges.

The Judge reasoned that the student didn't gain access to the computer connected to the router, but only used the routers internet connection. Under Dutch law breaking in to a computer is forbidden. (more)

Spooks' secret TEMPEST-busting tech reinvented by US student

A mysterious secret technology, apparently in use by the British intelligence services in an undisclosed role, has been reinvented by a graduate student in America. Full details of the working principles are now available.

...If you had the through-metal technology now reinvented by Lawry, however, your intruder – inside mole or cleaner or pizza delivery, whatever – could stick an unobtrusive device to a suitable bit of structure inside the Faraday cage of shielding where it would be unlikely to be found. A surveillance team outside the cage could stick the other half of the kit to the same piece of metal (perhaps a structural I-beam, for instance, or the hull of a ship) and they would then have an electronic ear inside the opposition's unbreachable Faraday citadel, one which would need no battery changes and could potentially stay in operation for years.

Spooks might use such techniques even where there was no Faraday cage, simply to avoid the need for battery changes and detectable/jammable radio transmissions in ordinary audio or video bugs.

Naturally, if you knew how such equipment worked you might be able to detect or block it – hence the understandable plea from the British spooks to BAE to keep the details under wraps.

Unfortunately for the spooks, Lawry has now blown the gaff: his equipment works using ultrasound. His piezo-electric transducers send data at no less than 12 megabytes a second, plus 50 watts of power, through 2.5 inches of steel – and Lawry is confident that this could easily be improved upon. It seems certain that performance could be traded for range, to deal with the circumstances faced by surveillance operatives rather than submarine designers. (more) (video 1) (video 2)

Alert - APT Strikes EMC

The RSA Security division of the EMC Corporation said Thursday that it had suffered a sophisticated data breach, potentially compromising computer security products widely used by corporations and governments...

RSA, which is based in Bedford, Mass., posted an urgent message on its Web site on Thursday referring to an open letter from its chairman, Art Coviello. The letter acknowledged that the company had suffered from an intrusion Mr. Coviello described as an “advanced persistent threat.” (more)

The breach is serious, but more interesting is use of the term “advanced persistent threat.” Sounds like a genetically altered mosquito. Good analogy.

infoworld.com gives us their definition... 
"Intruders engaging in APT-style attacks represent well-organized, well-funded groups -- often located in a "safe harbor" country -- and they're out to steal a company's intellectual property. They aren't out for quick financial gain like cyber criminals; they're in it for the long haul. Their dream assignment is to essentially duplicate their victim's best ideas and products in their own homeland, or to sell the information they've purloined to the highest bidder."

In other words, foreign governments.

Computer hacking is only one technique in their bag of spy tricks. If you spot this type of hacker probing your defenses, better give us a call.

Friday, March 18, 2011

Security Director Alert - E-data Disposal

Stories like this one pop up with unusual regularity, but this one hits close to home...
There was a story today in the New York Times about New Jersey State Comptroller Matthew Boxer's discovery during an audit of surplus state computers slated for auction that 79% of them still had readily accessible information on their hard drives.

Information was found on 46 of the 58 computers scheduled to be sold, and on 32 of those 46, the information found was highly personal in nature that should have never been made public.

For instance, one computer - a laptop - had been used by a judge, and "contained confidential memos the judge had written about possible misconduct by two lawyers, and the emotional problems of a third," the Times article stated. Personal financial information about the judge, including tax returns, were also found on the laptop. (more) (video about photocopier drives)

Questions to ask...
What happens to my company's old hard drives? (sold, auctioned, recycled, returner to lessor, donated)
Do I even know where all of them are? (desktops, laptops, photocopy print centers, tablets)
What about other old media? (old floppies, CDs, DVDs, smart cell phones, x-rays, videotapes, product samples, prototypes, old promotional materials)

Tip: This is not the IT department's job. It's a security issue. It's security's job. "Erasing" "degaussing" and even "smashing" is not good enough to protect the most sensitive information. Keep your hard drives. Give the leasing company the money for a new one. Then crosscut shred your e-media. (Hey, you do it for your sensitive waste paper.)

I was talking to Kevin Kane and Jason Moorhouse, two sharp guys from the Shredit company, yesterday and learned that they operate globally and have shredders that can even handle old refrigerators! 

In case you need an additional reason to shred e-media, I also learned that non-compliance with HIPPA regulations, for example, can bring heavy fines and even jail time. So, gather your junkers and clunkers and find someone (I don't care who) to shred it. ~Kevin

Spying... A dirty job, but something has to do it...

Computer translated from Korean...
"Samsung Electronics, along with cleaning and video search feature in a robot vacuum cleaner with a home video 'taenggobyu (VC-RL87W)' introduced. Tango view when the cleaning is used for localization and imaging using a camera, and external cleaning can be monitored in the interior. Using a PC or a smartphone and a PC remote control from outside the voice over the microphone is also available. Equipped with lighting in a dark room is available in an emergency, you can always respond quickly." (more)

Apparently you can play Whack-A-Dust Bunny with this from work (or any Wi-Fi hot spot). Once you've cleaned up your OK-corral you can then creep up on your kids and see if they are really doing their homework. If not, use the 'voice over microphone' feature to Ra-parent the situation. FutureWatch... Someone will stash one under their boyfriend's couch for night patrol "is he cheating on me" reconnaissance. Why there? Because no guy ever cleans under their couch.

Thursday, March 17, 2011

The Case of the Managers Who Talked Too Much

IA - Some employees at a medical clinic in Iowa claimed a supervisor used a baby monitor to eavesdrop on them. According to a labor representative for the University of Iowa medical clinic employees, workers found the monitor sitting on a shelf near the reception area...

"If that monitor was there for even one day, that's the potential for 100 HIPPA violations if that thing was being monitored the whole time, and that's pretty egregious," said union rep Jon Stellmach.

Managers of the office say the monitor was used to see if staff members were talking too much. (D'oh!)

The supervisors say the monitor was removed after workers complained, and University of Iowa officials say the case is being handled by the human resources department. (more)

Disposable Endoscope - 1 Cubic MM - World's Tinest Spycam?

Germany - Tiny video cameras mounted on the end of long thin fiber optic cables, commonly known as endoscopes, have proven invaluable to doctors and researchers wishing to peer inside the human body. Endoscopes can be rather pricey, however, and like anything else that gets put inside peoples' bodies, need to be sanitized after each use. A newly-developed type of endoscope is claimed to address those drawbacks by being so inexpensive to produce that it can be thrown away after each use. Not only that, but it also features what is likely the world's smallest complete video camera, which is just one cubic millimeter in size.
 
The prototype endoscope was designed at Germany's Fraunhofer Institute for Reliability and Microintegration, in collaboration with Awaiba GmbH and the Fraunhofer Institute for Applied Optics and Precision Engineering. ...They hope to bring the device to market next year. (more)

Wednesday, March 16, 2011

U.S. 'may' enact a Privacy Bill of Rights

FutureWatch - The Obama administration plans to ask Congress Wednesday to pass a "privacy bill of rights" to protect Americans from intrusive data gathering, amid growing concern about the tracking and targeting of Internet users. (more)

"...and what about the 18 second flatulence gap?"

GA - A Clayton County Grand Jury meets Wednesday to hear charges against a sheriff's deputy accused of making a recording of another employee in the restroom.

The District Attorney's Office is bringing a proposed indictment charging Sheriff's Deputy and Public Information Officer Alicia Parkes with unlawfully eavesdropping on the job. Parkes is alleged to have made a recording with her cell phone of a co-worker in the bathroom. A half-dozen witnesses are expected to testify. (more)

HBO Announces Cold War Drama with ‘80s Spy Series ‘Reds’

HBO has announced it is developing a new series tentatively titled Reds, inspired by the real-life occurrence of a KGB sleeper agent infiltrating the United States during the 1980s.

The series will be drawn from an encounter writer/director Martyn Burke had while filming a documentary across the United States in the early part of the decade. Unknown to Burke, and the rest of his crew, the soundman they were all working with was actually a colonel in the KGB. Before being found out, the Soviet spy managed to successfully establish a base of operations just outside New York City, and sought to conceal his true identity further by trying to start and raise a family. (more)

Pakistan frees CIA spy charged with murder

Raymond Davis, the CIA spy charged with murder in Pakistan, has been freed after the families of two dead men agreed to drop charges in exchange for financial compensation. (more)

Tuesday, March 15, 2011

How not to handle your surly survant problems in Maryland...

More bad neighbors.
MD - A 42-year-old city woman accused of recording private conversations of employees at a Salisbury apartment complex has been charged on a warrant for wiretapping.

Cassandra Denise Baytops was arrested in connection with an alleged January wiretapping incident, according to the Salisbury Police Department. An investigation revealed that the suspect made both video and audio recordings of conversations by the victims, then presented the data to another apartment complex employee, police said. Baytops was charged with four counts of wiretapping, then jailed at the Wicomico County Detention Center. Bond was not determined. (more)

Maryland state law requires that all parties to a recording consent to being recorded.

Dom, Le Espion... or, "The guard probably did it."

France - A security agent for Renault has been charged with fraud and accused of inventing industrial espionage claims that led the French carmaker to wrongly suspect — and suspend — three executives, the state prosecutor said Monday...

Preliminary charges of "organized fraud" were filed Sunday against Dominique Gevrey, once employed by the Defense Ministry intelligence service and now a member of Renault's security service, prosecutor Jean-Claude Marin told reporters Monday.

Gevrey had been detained Friday at Paris' Charles de Gaulle airport as he prepared to board a flight for Guinea, and has since been jailed. (more)

FutureWatch - Let insurer spy on driving, get a discount

“Romper, bomper, stomper, boo.
Tell me, tell me, tell me do.
Magic Mirror, tell me today.
Did all my friends have fun today?”



More auto insurers are rolling out programs offering discounts to drivers who let the company electronically spy on their driving habits.

Progressive, one of the nation's largest auto insurers, today launches a nationwide ad campaign for its "Snapshot" program, in which drivers can elect to install a small data recorder in their cars that tracks how hard they brake, how far they drive and whether it's day or night driving. Based on the results, drivers can save up to 30 percent on their insurance. Average savings: $150 a year.

Progressive is one of a growing list of insurers with discounts for monitoring:
• Allstate. The Drive Wise program begun last year in Illinois will expand to other states.
• GMAC. Only total mileage is tracked - up to 54 percent off - drive fewer than 2,500 miles a year.
• State Farm. Mileage also is tallied via OnStar mileage for its "Drive Safe & Save" plan in California and Ohio. Texas will be added next month, Illinois later this year.


Although the programs are voluntary, they've raised the eyebrows of privacy advocates. One worry is that the insurers eventually will make the monitoring mandatory. (more)