Thursday, May 5, 2011

Company Customer Database Hacked? Kicker... it's a password company!

Password management system LastPass has reset users' master passwords (1.25 million of them according to security expert Brian Krebs) as a precaution following the discovery of a possible hack attack against its systems...

The worst case scenario is that miscreants might have swiped password hashes, a development that leaves users who selected easier-to-guess passphrases at risk of brute-force dictionary attacks. Once uncovered, these login credentials might be used to obtain access to all the login credentials stored through the service, as LastPass explains in a blog post. (more)

Wednesday, May 4, 2011

World's Smallest Video Camera - Less than 1mm in diameter!

Medigus has developed the world's smallest video camera at just 0.039-inches (0.99 mm) in diameter. The Israeli company's second-gen model (a 1.2 mm / 0.047-inch diameter camera was unveiled in 2009) has a dedicated 0.66x0.66 mm CMOS sensor from TowerJazz that captures images at 45K resolution (approximately 220 x 220 pixels) and no, it's not destined for use in tiny mobile phones or covert surveillance devices, instead the camera is designed for medical endoscopic procedures in hard to reach regions of the human anatomy. (more)

Computer Store Caught Spyware Bugging Computer They Sold

A computer rental store has been caught spying on customers through their webcams, court papers reveal.
 
Rental chain Aaron’s installed secret software on laptops that let it track the keystrokes, screenshots and even webcam images of clients as they used their computers at home, it is claimed.
 
Under surveillance: Rental chain Aaron's is alleged to have installed secret spying software on laptops that let it take photos of customers at home
A Wyoming couple are suing the rental giant, which has 1,679 stores, for breach of privacy after they discovered covert images taken of them using their rented laptop.

Court papers allege that Aaron’s told police that they install the software on all their rental computers.
 
Brian and Crystal Byrd learned that snooping software had been installed on their laptop when an Aaron’s store manager came to their home and wrongly accused them of not paying for the computer.

The manager tried to repossess the laptop and showed them a picture of Mr Byrd using the computer, which had been taken by the machine’s webcam. (more)

Spybusters.com History Page Now Assigned Reading at Harvard

(You know you are in a tough course at Harvard when your professor uses his initials as his email address.)

Scott O. Bradner teaches Security, Privacy, and Usability (CSCI E-170) at Harvard University. One of his reading assignments for this Spring 2011 course is a history I compiled about The Great Seal Bug. I am honored. 

Hey, does this mean I can say I am a teaching assistant at Harvard!? Probably not, but if you like bugs, spies and government espionage, this fascinating story really is a must read. It starts off like this...

"In 1946, Soviet school children presented a two foot wooden replica of the Great Seal of the United States to Ambassador Averell Harriman. The Ambassador hung the seal in his office in Spaso House (Ambassador's residence). 

During George F. Kennan's ambassadorship in 1952 (six years later!), a secret technical surveillance countermeasures (TSCM) inspection discovered that the seal contained a microphone and a resonant cavity which could be stimulated from an outside radio signal." (more)

Tuesday, May 3, 2011

360º Video Surveillance: Cool... on an iPhone 4, VERY COOL!

Watch the video first.
Use your mouse to move what you see to the left or right.


"The GoPano micro is a lens for the iPhone 4 to make 360º panoramic videos! Just snap the lens to your iPhone 4 and press record to make cool interactive 360º videos. Use it to record all the action of your favorite sport, record your next meeting in 360º or just as a fun toy for the summer.

The GoPano micro will record everything around you simultaneously. You can go back to the recorded video and choose to view any perspective, any angle at any point in time. The GoPano app allows you to upload your 360º video onto our web platform and share 360º videos with your friends. You can watch 360º videos uploaded by others in the app or on the web site. (the GoPano lens records everything simultaneously and not just the scene on the screen, you can pan & zoom in/out anywhere in your recorded video)."

Now, imagine the uses for this in the security field.
• Surveillance - Set it and forget it.
• Technical Surveillance (TS) - Comparison of room items and locations upon completion of installations.
• Technical Surveillance Countermeasures (TSCM) - Comparison of room items and locations upon re-inspection.
• Crime scene documentation.
• Event management documentation.

You get the idea and I am sure you can come up with more.

Problem... You can't buy a GoPano for your iPhone 4, yet. But you can help this project get off the ground for a $50. contribution and get one free once they are manufactured. (more)

SpyCam Story #608 - SpyCam to the Rescue!

The state has revoked a Delaware County nursing-care facility's license following the arrest this month of three workers on allegations that they abused a patient...

The three "care managers" were charged with taunting and physically abusing Lois McCallister, a 78-year-old dementia patient, for 12 minutes and blocking her door when she tried to escape.

McCallister's family contacted Quadrangle administrators in March after she complained of being punched and slapped, but said they were told the allegations were products of McCallister's dementia. The relatives then installed a camera disguised as a clock in her room and turned over the resulting video to Haverford police. (more)

Mclay Surveillance Hat Trick Caps Happy Meal Romance

Perth, Australia - An Alfred Cove man alleged to have stalked his estranged partner and planted bugging devices in her home and in her car will fight charges against him.

Dougal John Mclay, 53, has been charged with one count of stalking his 40-year-old former partner over an 18-month period. Mr Mclay was in a relationship with the woman for several years before it ended in mid-2010.

It is alleged that Mr Mclay installed listening devices and recording devices in the woman’s home and that he placed a GPS tracker in her car and in her mobile phone. (more)

Monday, May 2, 2011

Hi-Tech Surveillance Plus Old-Fashioned Intelligence Work Found Osama Bin Laden

Sept. 11 accelerated a shift to personal tracking that culminated last week when U.S. Navy SEALs gunned down Osama bin Laden in his Pakistani compound. Over the last decade, technologies that monitored phone calls, engaged in complex computer searches and provided constant drone surveillance isolated, disabled, and finally found the world's most wanted man.

More than simply finding bin Laden, advanced surveillance technology boxed in the al-Qaida leader. He knew that the U.S. could track his phone calls, watch his Internet traffic and follow his movements, so he avoided electronic communication and travel at all costs. That fear of technology turned bin Laden into a stationary target, and led him to create of a compound whose absence of incoming phone lines actually made it easier to identify...

Computer power has increased so substantially that the U.S. National Security Agency can -- and does -- search nearly all of the world's phone and email traffic for specific keywords, said John Pike, director of GlobalSecurity.org and an expert on defense technology and policy. When not listening, the U.S watches. Drone aircraft fill the sky by the hundreds, allowing American intelligence officers to follow targets of interest on a camera feed every minute of every day, Pike told InnovationNewsDaily. Some even credit a specially designed persistent camera system called "Gorgon Stare" for single-handedly reducing the scale of violence in Iraq.

The advances in computer and drone technology have also drastically reduced the cost of running wiretapping and airborne surveillance every hour of every day. The intelligence aspect of the operation that finally found bin Laden likely only cost a few million dollars, Pike said, a cost far below the expense of a single day of combat in Iraq or Afghanistan.

When combined, these two technologies allow intelligence officials to take the classic police procedures of wiretapping and stake outs and expand both to a global reach.

"Persistent surveillance [by drone aircraft], in particular, is the modern equivalent of good old- fashioned police work," Pike said. "It's a stakeout, isn't it? In the good old days, you'd park across the street and order in pizza. Well, the drone doesn’t need pizza." (more)

How Businesses Keep Their Secrets Secret

Corporate espionage is becoming more common, with bribery and bugging playing a large part in businesses keeping up with their competition.

Eavesdropping on a rival is expensive, but trying to prevent it can cost even more.  

The BBC's Joe Lynam spoke to Andy Williams, head of security for banking firm Nomura, and Crispin Sturrock from the WhiteRock, which works to prevent corporate espionage. (video) 

Many companies in the U.S. offer similar Technical Surveillance Countermeasures (TSCM) services. Unfortunately, most are not providing the level of service shown here. If you need a referral to a competent business counterespionage specialist, contact me directly.

Note to U.S. Navy Seals

You rock!
THANK YOU

Friday, April 29, 2011

The 12 Step Program to Securing Your Life

Nick Mediati, of PCWorld has written a good security article with very practical advice. The summary of tips appears below, but click (more) to read the full details for each item.

Being Security Scrapbook readers, you probably already know, or have done, all of them. 

I thought so until I hit #12. It had been a while decades, so I checked. Surprise, everything financial was correct, but they listed me as being employed by a company I had never heard of. Hummm. Should I correct it, or use it as a cover for my real work?

Secure Your Life in 12 Steps
1. Use Virtual Credit Card Numbers to Shop Online
2. Secure Your Wi-Fi
3. Encrypt Your Hard Drives
4. Keep Your Software Up-to-Date
5. Upgrade to the Latest Antivirus Software
6. Lock Down Your Smartphone
7. Install a Link-Checker Plug-In

8. Don't Neglect Physical Security
9. HTTPS Is Your Friend
10. Avoid Public Computers and Wi-Fi
11. Be Password Smart
12. Check Your Credit Report Each Year...
If you are a U.S. citizen, you're entitled to receive one free credit report every 12 months from each of the three major credit agencies--Equifax, Experian, and TransUnion--via AnnualCreditReport.com.  (more)

SpyCam Story #607 - Skyped

 Australia - Two cadets from the Australian Defence Force Academy (ADFA) have faced court over allegations they secretly filmed a female cadet having sex and broadcast it over the internet.

Police arrested Daniel McDonald, 19, and Dylan De Blaquiere, 18, early this morning...

The 18-year-old said she had consensual sex with another first-year cadet but it was transmitted via Skype to six cadets in another room without her knowledge. She said still photos were also taken and "then distributed to other people". (more)

Wednesday, April 27, 2011

"Is My Cell Phone Bugged?" - Urgent Reader Update

In the book, Is My Cell Phone Bugged? (just available this week), the chapter Spyware Scams, Misleading Notions & “Experts” warns readers about people who are taking advantage of them. This update is about a new scam.

Summary: Phoney anti-virus program attacks cell phone. Scam'er makes money.

via CA Security Advisory Research...
"We have seen countless number of rogue security products for Windows platform however this one is targeted to trick mobile users.

The sample masquerades itself as a certain AV (a bogus Kaspersky anti-virus program) for mobile and always reports that it has identified two threats in the mobile and pretends that it has encountered an error while trying to cure. It provides the users an error code as a reference token of the error scenario.

This sample is supposedly spread by some social engineering tricks where the users would have been provided with support numbers/email id to contact to resolve these error codes displayed in screen 5. This info was missing to conclude how the malware authors were actually getting the money.

As mentioned in our earlier blogs, the best defense against such social engineering tricks is the education of users coupled with a mobile security solution. With the exponential growth of the smart phone market, it is expected such kind of threats will be growing proportionately.

We advise users to exercise basic security principles while surfing and be skeptical of free downloads, and as always keep your security products up to date." (more)

Is My Cell Phone Bugged? comes with free updates. For now, the updates will be posted here. Eventually they will only be available to purchasers, via private email.

Tuesday, April 26, 2011

This Shourd ain't Tourin' in the Middle-East

Iran wants Sarah Shourd, one of three Americans arrested in 2009 on spying charges, to return from the United States to stand trial in May, her lawyer was quoted as saying on Tuesday.

Sarah Shourd was released on $500,000 bail last September while her two male companions, Shane Bauer and Josh Fattal, remain in jail in Tehran. (more)