Sunday, April 3, 2011

This Week in World Spy News

The Pakistani government has given another one-year extension to the chief of its powerful spy organization, the Inter-Services Intelligence Directorate. (more)

Musa Kusa, the former Libyan intelligence chief who defected to Britain, was acting as a double agent for the MI6 and the CIA for a decade, an official said. (more)

The recently exposed Iranian spy network could just be the tip of the iceberg, a part of Iran’s larger conspiracy against Kuwait and the Gulf Cooperation Council (GCC), Al-Seyassah daily quoted a high-level security source as saying. (more)

Australia (sports spy) - Melbourne and Hawthorn have re-ignited their spy games as the two clubs prepare for the twilight clash at the MCG today. The Demons asked a Hawthorn spy to leave a closed Melbourne training session at Casey Fields in Cranbourne on Friday after he was caught monitoring the Demons from up a tree. (more)

The U.S. military likes to be a little sneaky with its robotic space planes. Unlike typical spacecraft, these vehicles can shift their orbits, frustrating the global network of skywatchers who keep track of just about every man-made object rotating the planet. But the sleuths have their tricks, too. They’ve tracked down the X-37B on its second secret mission. And the information the skywatchers are finding says quite a bit about the classified operations of this mysterious spacecraft. (more)

A federal class action claims that 3-D software developer Transmagic secretly planted surveillance technology in its software that "commandeered the computers of its customers, spied on them, and used the ill-gotten intelligence to build a recurring revenue stream exacted from an involuntary customer base." (more)

Friday, April 1, 2011

As Water Seeks its Own Level... Watergate Redux

CA - Most presidential libraries are as much celebrations of a president as historical repositories. They are packed with official papers, photographs, limousines, proclamations and baby shoes representing the president’s life and times; dark chapters are traditionally ignored or at least understated.

That tradition was exploded Thursday as the Watergate Gallery opened here at the Richard Nixon Presidential Library and Museum. The unveiling ended a nearly yearlong struggle between national archivists and the Richard Nixon Foundation, a group of Nixon loyalists who controlled the former president’s papers until ceding them to the National Archives four years ago. The fight was over how to portray the scandal that led to Nixon’s resignation.

From the first words a visitor sees entering the gallery — a quotation from Nixon, “This is a conspiracy” — the exhibit offers a searing and often unforgiving account of one of the most painful chapters of the nation’s history. The timeline methodically chronicles the stream of misdeeds leading up to the Watergate break-in, followed by the attempts to cover it up, which led to Nixon’s resignation.

It is a far cry from the library’s original Watergate exhibition, “The Last Campaign,” created by the Nixon Foundation with the former president’s direct involvement. That installment portrayed Watergate as an orchestrated effort by Democrats to overturn the 1972 election. (more)

Security Director Report - Emergency Satellite Phone Review

There are 3 main choices in "global" satellite phones. Here is a quick summary. 
(If you only need coverage in specific regions contact me and I'll fill you in on your other options.)

click to enlarge
• Globalstar (partial global coverage - low Earth orbit satellites)The map above shows expected coverage for all USA Globalstar satellite phone subscribers using the Globalstar GSP phone series. For customers using the Globalstar FAU-200 fixed satellite phone calls can be placed from US/Caribbean Home Service Area and Canada to any standard phone number in the world.

Airtime minutes included in the Globalstar satellite phone service plans only apply to the United States and Caribbean Home Service Area. Roaming rates apply outside of the United States and Caribbean.

The Globalstar GSP-1700 satellite phone offers an ergonomic design that makes it comfortable for hand-held operation. The phone measures 225cc in total volume and weighs 200 grams (including battery). The height is 135 mm, the width is 55 mm and the thickness is 37 mm. The satellite antenna, when held in a vertical position, communicates with the Globalstar satellite at elevations more than 10 degrees above the horizon. The Globalstar antenna rotates and stows into the handset for convenience when not in use.


• Inmarsat (global - excepting polar regions - geosynchronous satellites)

click to enlarge
Inmarsat IsatPhone Pro, LandPhone, and FleetPhone Coverage

The map depicts Inmarsat's expectations of coverage, but does not represent a guarantee of service. The availability of service at the edge of coverage fluctuates depending on various conditions.

"The new IsatPhone satellite cell phone provides voice and data over the I4 satellite network. This is the newest satellite phone on the market, now providing some competition with Iridium.

The IsatPhone Pro, using high quality satellite phone service from Inmarsat, currently provides coverage over the entire planet, except the polar regions, using Inmarsat's latest generation Inmarsat-4 satellite network.  This phone is packed with features and compares very competitively with satellite cell phone offerings from Iridum.

The Isatphone Pro is an affordable satellite cell phone option for people who work, live, or travel to areas where communication may be non-existent or emergency back up communications is needed.  The Isatphone Pro is one of the smallest satellite phones on the market today.  It is easy to use, lightweight, and rugged. It even has a built-in GPS receiver. Your can text or email your position!" 


• Iridium (fully global - low Earth orbit satellites)
This is the smallest of the Iridium handsets.

"Iridium provides complete coverage of all ocean areas, air routes and all landmasses - even the Poles. Iridium delivers essential services to users who need communications access to and from remote areas where no other form of communication is available. Select from our range of Iridium satellite phone rental or Iridium satellite phone purchase solutions, and we will deliver a ready-to-use handheld IRIDIUM Satellite Phone kit to you overnight anywhere across North America.

Standard Voice Services
The Iridium system provides true global voice services by covering areas that cellular and landline do not. Voice services are supported using the smaller, lighter, water resistant 9505 satellite phone. The excellent signal strength provided by the Iridium constellation supports reliable connectivity across wide ranging landscapes and situations.

The three Restricted Countries where the Iridium phone will not complete a call to the local phone system are: N. Korea, Poland, and Hungary.

The embargoed countries where a satellite phone will work in these countries (we cannot guarantee service), but there (may be) issues taking an Iridium phone into these areas at customs/border patrols: Cuba, Iran, Libya, Sudan, Angola & Yugoslavia. You may need special government permission to bring a satellite phone into embargoed countries.

The Iridium 9555 satellite phone is designed to withstand the toughest environments and will work from anywhere on the planet to anywhere. All that is required is a clear view of sky.

Users can choose from prepaid service plans or monthly service plans to complete the package. With Irdium there are no roaming and no long distance charges, just one simple rate."

I'll keep you posted on worthwhile advancements as they emerge. ~Kevin
Data courtesy of: http://www.globalcomsatphone.com

Thursday, March 31, 2011

eBlaster'ed Wife Kicks Butt

TX - An Austin man is accused of spying on the e-mails of his estranged wife and one of her friends, using the information to build a case for divorce...

Austin police investigators charged Karl Redden Dalley, 41, with unlawful interception of electronic communication -- a second-degree felony. He allegedly spied throughout much of 2010.

Investigators said Dalley used eBlaster, made by SpectorSoft , to monitor his wife's e-mails from their home computer. They also claim he used the same software to spy on a computer at an Austin karate school.

Police said Dalley's wife also claimed her estranged husband used photos from her cell phone as evidence during their divorce proceeding in November 2010.

Police first learned of the case in February 2010, when Dalley's wife told them that he had sent an e-mail to all of the brown and black belts in the Austin area karate school. Dalley's wife was an instructor there, and the e-mail accused her of having an affair with the school's president. (more)

Cell Phone Panic Button App

There's a new app being developed by the U.S. Government and it seems like everyone should want to add it to their phone for all kinds of different reasons. If a cell phone is confiscated by police or government agency, the panic button app will wipe the cell phone's address book, history, text messages and broadcast the arrest as an emergency alert to fellow activists...

 Since 2008, the U.S. has budgeted about $50 million to promote new tech to help out social activists. Secretary Hillary Clinton is behind the U.S. technology initiative to "expand Internet freedoms." (more)

Several cell phone operating systems, like iPhone's iOS, already have a similar capability built in. The emergency broadcast is a new twist... but would that identify who all the cohorts are?

Security Tip - $5 p/m Stolen Laptop Solution

Eighteen-year-old "technology entrepreneur" and Bentley College student Mark Bao had his MacBook Air stolen in February. Unlike other bright-eyed college freshmen, Bao didn't write his laptop off as gone forever (ok, maybe he did--he went out and purchased another laptop the very same night it was stolen), he set out to find the thief.

Using online backup software BackBlaze that he'd installed on his laptop, Bao was able to see the machine's browser history and track any hard drive updates.

"Woah. Thanks to @Backblaze, I think I might be able to figure out who stole my MacBook Air at college. Creeping through the Safari history!" Bao Tweeted on March 19.

(D'oh!)
Apparently the first thing the thief did was take a photo of himself using the laptop's Photo Booth program... After discovering the photo, Bao discovered a video the thief had taken of himself dancing to Tyga's "Make it Rain." Bao uploaded the video to Vimeo, managed to hunt down the guy's Facebook page using the aforementioned Safari history, and then turned everything over to the police. 

Bao told the Daily Mail that he holds no grudges against the thief, because "I don't have time nor patience to. There are more important things in life." Mark no longer has any use for his old laptop, so he's selling it and donating the proceeds to the Red Cross Japan fund. (more)

Security Tip - Free Program Protects USB Ports from Maleware Infections

Did you find a USB memory stick and are afraid to plug it in? (good)
Does your friend want to insert their (possibly infected) drive into your computer? 
Panda USB Vaccine may help...

There is an increasing amount of malware which, like the dangerous Conficker worm, spreads via removable devices and drives such as memory sticks, MP3 players, digital cameras, etc. To do this, these malicious codes modify the AutoRun file on these devices.

Panda USB Vaccine is a free antimalware solution designed to protect against this threat. It offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices:

Vaccine for computers: This is a ‘vaccine' for computers to prevent any AutoRun file from running, regardless of whether the device (memory stick, CD, etc.) is infected or not.

Vaccine for USB devices: This is a ‘vaccine' for removable USB devices, preventing the AutoRun file from becoming a source of infection. The tool disables this file so it cannot be read, modified or replaced by malicious code.

This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows. This provides users with a simple way of disabling this feature, offering a high degree of protection against infections from removable drives and devices.

You can download Panda USB Vaccine free here.

Wednesday, March 30, 2011

Samsung - Installed Keylogger on their Laptop Computers! (UPDATE)

[UPDATE: Samsung has launched an investigation into the matter and is working with Mich Kabay and Mohamed Hassan in the investigation. Samsung engineers are collaborating with the computer security expert, Mohamed Hassan, MSIA, CISSP, CISA, with faculty at the Norwich University Center for Advanced Computing and Digital Forensics, and with the antivirus vendor whose product identified a possible keylogger (or which may have issued a false positive). The company and the University will post news as fast as possible on Network World. A Samsung executive is personally delivering a randomly selected laptop purchased at a retail store to the Norwich scientists. Prof. Kabay praises Samsung for its immediate, positive and collaborative response to this situation.]

By M. E. Kabay and Mohamed Hassan Mohamed Hassan, Network World...
The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.

...This is a déjà vu security incident with far reaching potential consequences. In the words of the of former FTC chairman Deborah Platt Majoras, "Installations of secret software that create security risks are intrusive and unlawful." (FTC, 2007).

Samsung's conduct may be illegal; even if it is eventually ruled legal by the courts, the issue has legal, ethical, and privacy implications for both the businesses and individuals who may purchase and use Samsung laptops. Samsung could also be liable should the vast amount of information collected through StarLogger fall into the wrong hands.
We contacted three public relations officers for Samsung for comment about this issue and gave them a week to send us their comments. No one from the company replied. (more)

"You vare personally responsible for your spy equipments...

...lose zem, and ve dock your pay!" 
You’ve gotta hand it to Russian intelligence, they’ve got chutzpah. First they planted a network of sleeper agents in the United States. Now, two of the busted and deported spies are demanding that the feds fork over their impounded spy gear...

...two former members of Russia’s Foreign Intelligence Service  (SVR) who hid in the U.S. for years, have hired lawyers to demand the FBI give them their stuff back. Vladimir and Lidia Guryev (a.k.a. Richard and Cynthia Murphy) are asking the Justice Department to return their cars, money, video cameras, computers, digital photos and unnamed “other equipment.” They’d also like the data on their digital gear back, too or, failing that, copies of it. Their tech gear and files have no “material value,” the request claims; it’s just “dear to the Guryevs.”(more)

Security Director's: The IT guys are stealing your lunch...

...and, unless you take control they will also eat your budget and make you irrelevant. 

Their recipe... Take accurate "S&P 500" statistics, add a pinch of "cyber" for a taste of scary, let it cook over "1,000 IT decision makers" with vested interests, serve as "hot news" written by... oh, no one in particular.

Cybercriminals understand there is greater value in selling a corporations’ proprietary information and trade secrets which have little to no protection making intellectual capital their new currency of choice, according to McAfee and SAIC.

The cyber underground economy is making its money on the theft of corporate intellectual capital which includes trade secrets, marketing plans, research and development findings and even source code.

McAfee and SAIC surveyed more than 1,000 senior IT decision makers in the U.S., U.K., Japan, China, India, Brazil and the Middle East. Their study reveals the changes in attitudes and perceptions of intellectual property protection in the last two years. (more)

Fight back...
Tell the boss:
1. All of the information IT claims it needs money to protect (and more) is available elsewhere long before it is ever reduced to computer data.

2. "Cybercriminals" is a self-serving label invented to scare. News and entertainment media glorify this one aspect of criminal behavior. Truth: Criminals don't care how they make a buck. Foreign governments don't have preferential spy techniques. Both want your intellectual property. The fresher, the better. Reality: Cybercriminals get the table scraps.

3. You are the front line of defense. Your job is more important today than every before in history. The proof is in the S&P 500 chart.

4. "I can take the lead in designing the overall company counterespionage strategy." 

Priority One: Realign the security budget.
• Is 80% of the budget being used to protect tangible assets? (20%) If so, change it.
• Is the budget strong enough to protect the intangible assets? (80%) If not, change it.

Need help implementing a counterespionage strategy? Call us.

P.S. Be kind to the IT guys. They have a hard time keeping up with the regular demands of their job, let alone the security issues. They will be happy you took control and can advise you on what they really need to keep their data safe.

Sell Spy Plane on Ebay? To Feds? Feedback? Arrest Warrant

FL - A Philippine man was arrested and charged with illegally selling an unmanned U.S. spy plane known as the Raven, the U.S. Attorney's Office in Tampa said on Monday.

A grand jury indicted Henson Chua, 47, of Manila on March 10 on charges that he sold the Raven to undercover federal agents on Ebay...

The Raven is a four-pound plane equipped with three cameras that U.S. troops use for battlefield surveillance. It can be taken apart and carried by troops and then reassembled for use.

According to the U.S. Attorney's Office, agents with the Homeland Security Department found out last May that Chua was offering a Raven for sale on Ebay for $13,000. (more)

Tuesday, March 29, 2011

Photo Sharing App Bares All

Critics of the much-talked-about new photo-sharing app Color can add another bickering point to the pot: A simple GPS "spoof" allows for spying on any Color user's photos. 

The problems with the highly publicized new iOS and Android photo-sharing app Color continue to mount. According to Forbes, the app has an easily exploitable feature that makes it simple for tech-savvy users to view all the photos of anyone who uses the app.

That’s not to say Color is known for its tight privacy settings — in fact, the exact opposite is true. When a user takes a photo with Color, the photo is automatically uploaded to the Color servers. Then — and this is what makes the app so notable — anyone within a set perimeter of where that photo was taken can see that picture, along with the pictures of any other Color user who happens to be snapping off shots in that particular location. (more)
Another cool use... establishing and identifying dead drops for spies.

High School Hacking Nets Great Grades... for a while

CA - Omar Khan worked the school like it was a movie, installing spyware, stealing passwords and breaking into administrator offices.

A former Tesoro High School senior was convicted Monday of breaking into his high school on multiple occasions to steal advanced placement (AP) tests from classrooms, alter test scores and change official college transcript grades.

Omar Shahid Khan, 21, of Coto de Caza, pleaded guilty to two felony counts of commercial burglary and one felony count each of altering public records, stealing or removing public records, and attempting to steal or remove public records. He is expected to be sentenced Aug. 26 to 30 days in jail, three years of probation, 500 hours of community service and more than $14,900 in restitution. 

A subsequent search by the Orange County Sheriff’s Department revealed that Khan had installed spyware devices on the computers of several teachers and school administrators throughout his senior year, according to the D.A. The devices were used to obtain passwords to access teacher computers in classrooms and school administrative offices. (more)

Oh, one more thing...

One security feature I would like to see on my future cell phone is the option of not using a password.

Think of this... all business-level cell phones have camera capability; all have (or could easily be designed to have) touch screen capability; and of course a microphone. The next logical step is adding facial, fingerprint or voice recognition to replace the access PIN code. 

In addition to the security benefit, it would sure make using the phone while driving safer. (Just kidding. I would never do that. Well... not often, anyway.) ~Kevin

Your Next Cell Phone May Seem Like a James Bond Gadget

10 Things Your Phone Will Soon Do 
via onlinedegree.net...
(more

Aston Martin teams with Mobiado for transparent touchscreen concept phone
British car maker Aston Martin is looking to leverage its luxury brand into the world of consumer electronics by teaming up with Canadian mobile phone manufacturer Mobiado to produce a line of high-end handsets to be launched in May of this year. Until then, the company has provided a tantalizing peek at possible future designs with the CPT002 Aston Martin Concept Phone that takes the 'slab of glass' design of many current smartphones to the next level. With a solid sapphire crystal capacitive touchscreen, the CPT002 is completely transparent. (more)