Monday, May 23, 2011

Extortionography - Turkish Tacky Video Changes the Course of a Nation

Turkey - Just weeks before general elections in Turkey, six leading members of an opposition party were forced to resign from Parliament on Saturday after sexually explicit videos of one of them were posted on the Internet.

The Web site that posted the videos had threatened to release others that it said showed the five other members who resigned.

The resignations could severely weaken the Nationalist Movement Party, the second largest opposition group in Parliament, which is struggling to win the minimum of 10 percent of the vote required to be seated in Parliament.

Four members of Parliament from the same party resigned earlier this month after similar videos were posted on the same Web site.

The Web site, farkliulkuculer.com, has cast itself as part of a breakaway ultranationalist group aiming to cleanse and reform the nationalist movement in Turkey. The site’s administrators are anonymous. (more)

Sunday, May 22, 2011

Snidley Whiplash Visits the Home Security Store... by "Bob"

I know some pretty interesting people. Very talented. Very sharp. Very imaginative. I received the following from one of them this week. We'll call him "Bob". Bob's thought process is part Carnegie Mellon University's Computer Emergency Response Team (CERT) and part Snidely Whiplash. Enjoy... (emphasis below is mine)

"For about a year now I’ve been building this new office/shop/garage at my place. Being the engineer I am at heart I prewired it for video surveillance and alarm.

I found an online reseller with good prices and I purchased all the alarm components from them. www.homesecuritystore.com I installed each switch or sensor as a separate zone so later I can use this system as a whole house monitoring platform.

I decided it is time to add the video. They had good prices and I bought close to $2000 worth of quality cameras and a 16 Channel DVR.

Last weekend I started to bench test it and get familiar before I commit the installation. I noticed the box was repackaged.

Then I noticed it is still full of video. It was installed at a restaurant and then returned. Not sure if the restaurant did it themselves or they had a security professional help. In any case they gave me their weeks’ worth of video. Moreover Homesecuritystore.com didn’t verify the contents and in turn sold it to me.

I was hoping to find some incriminating footage or something to brag about. Fortunately for them it was pretty benign stuff.

Then I started to think of the possibilities of what could have happened and decided to write to them regarding their security practices.

See attached. I was surprised they just sent me a misspelled apology and are sending me a new unit. Totally dismissing my attempt to point out to them the underlying problem here.

I’m going to do a threat assessment of the linux kernel in this unit when I get a chance. These cheap DVR boxes with Dynamic DNS and internet reachability are a whole new potential platform for a hacker. A modern day Trojan horse even.

Take the following scenario for a moment:
1. I buy one of these units (or 100 each from a different internet vendor)

2. Change the linux kernel to add a few tools and backdoor username/passwords and maybe even a phone home daemon. Phone home would need to be a secure tunnel and internet proxy aware. So spoof the proxy on port 80 with ssl traffic embedded. Also use tools like Wireshark/tshark, or one of my all-time favorites


3. Return it to the vendor for a full refund.

4. In turn they sell the units to John Q Public or better yet a customer with other units already on premise just waiting to be exploited.

5. It gets installed and finds a routed path to the internet and updates its DNS record location dynamically.

6. Meanwhile back at the black hats cave: We see the DNS entries for these devices show up and / or our phone home packets arrived at home. The latter is riskier because it gives a deterministic home location, for that we run our APP in the cloud to obfuscate our location.

7. Login and start monitoring, gather content and exploit the target. Granted step 7 here is dependent on something good happening. I would beg to guess every video surveillance installation at one point in time or another captures illicit/illegal activity or some sort of blackmail material content.

8. The black hat could now also secure shell into the DVR over the phone home tunnel and use it as a spring board to then perform vulnerability scans internal to the video network thus finding other DVRs, IP cameras, and other trusted behind the firewall type devices. Once accessed install similar tool sets, rinse and repeat for all reachable devices.

9. Lastly a coordinated attack. You locate physical assets to steal. At a coordinated time perform a denial of service internal to their network and take out the security infrastructure. Use tools like NetCat or simple packet capture replays with tshark to confuse the lan devices and potentially crash them if not just deafen their abilities to report. ARP storms are great for this. Actually once an inventory of devise is determined fingerprint scan each and look for known vulnerabilities for those devie’s kernels. Move in and out all the while the systems are incapacitated. Ideally you want to have the devices perform self remediation on their own, avoid forcing a hang condition and do not require reboots for remediation to hide the existence that anything happened adding to the confusion of what happened and how.

Not far fetched to believe. And all from a simple buy and return to the store type activity.

"Bob, you got me thinking. All these items are made in China, right? Isn't it possible likely that secret code has already been planted in them for future use?"


On another subject:
Do you recall a police movie (maybe Beverly hill cop) where the cop submits into evidence a large permanent magnet and it takes out the surv. video evidence. Well take that same concept to data tape backups.

I recently toured an Iron Mountain Magnet tape vault and observed them picking and putting tapes in and out for customers. Much to my dismay not all customers co-locate their tapes next to their own. Many of the tapes are slotted into the next available slot intermingling them with other customer’s tapes.

They don’t even screen the boxes coming in and out for high levels of magnetic flux. So a passive magnet weighing similar to the tape that gets checked in and out over a long period of time could potentially be creating small magnet grenades to the data nearby. To be a bit more sexy make that an active magnetic device with a motion trigger. Wait for no movement with a 3d accelerometer also sense that it is not lying flat in the original box but upright as if it is in the library. I mocked up this accelerometer algorithm in a two chip device using a basic stamp.

Allow it to ‘Wake up’ and generate as large of an oscillating magnetic flux as possible and expend the batteries. If movement is sensed have it go dormant again. Cycle these rogue tapes in and out rapidly over time. To target an attack request your own tape vault location and try to steer it near your competitors location or just carpet bomb the library with multiple devices over time. Not as affective but very destructive in nature. Evil isn’t it.

Not that I would never ever do such a thing or advocate or assist anyone in this behavior. But, I can think of it and other ways to thwart simple best practices.

Just like when I was in college and I came up with the idea to use an IR laser to take out a security camera by shifting its AGC and blacking out the picture. Later in life I saw this applied in a movie. I was like HEY I thought of that a long time ago. The cameras I bought for my place have the Sony chip in them that knows how to black out bright objects selectively within the ccd field of view. Thus obsoleting this vulnerability a bit.

Well thank for your time. My mind wandered with possibilities when I realized I have that other customers video content handed to me.

Have a great day."

As you can see, "Bob" is smarter and more clever than I am. That's why I love hanging out with the "Bob's" of the world. Now I know what "Bob" knows... and now, so do you. ~Kevin

Are you thinking, "Gee, I wish I knew who this "Bob" guy was. I have a security consulting project for him. Does he do freelance work?" 

I don't know. You'll have to ask him. His name is Bob Blair and he is an engineer in Massachusetts.

Saturday, May 21, 2011

China is listening, and wants to listen in more places.

Wikileaks documents revealed that China had approached the newly independent East Timor in 2007, and offered large amounts of foreign aid, and other considerations (bribes), for permission to build a radar and electronic eavesdropping base there... China is listening, and wants to listen in more places. (more)

Sound familiar?
q.v. - Zimbabwe

SpyCam Apps and Gadgets - The Evaporation of Privacy


The smartphone spycam app market is booming. Recording gadgets are being built into everything (see previous story). You can no longer count on someone looking obvious while taking photos, recording movies or just recording sound. 

Tip: Be like the CIA. If you care about your privacy and/or the confidentiality of your surroundings, don't allow any type of foreign electronics into the area.

An android app from one seller's web page...
The silent spy camera. Take pictures quickly and silently with a mini preview display overlay for ultimate discretion. Have you ever wanted to take a picture but didn't want to use the noisy and conspicuous built-in Android camera app? Taking a picture of a questionable practice at work, a restaurant worker mishandling food, a camera-shy family member, or maybe your secret crush?

Secret Spy Cam is for you!

- 3 discreet preview sizes
- Runs as an overlay over any other app
- Single-tap picture taking
- Single-tap quick app exit
- No shutter sound while still allowing your phone to ring for incoming calls
- User manual available from the app's menu (more)

Examples of video from a high definition spycam sunglasses, key fobs, etc. (video) (video) (video)

SpyCam Story #610 - Starbuck's Naked Shot


Police said Friday they are still looking for dozens of victims recorded by a hidden camera found in a women's restroom at a Glendora Starbucks.

William Zafra Velasco, 25, allegedly used a plastic coat hanger spycam to record at least 45 women, said Glendora Police Chief Rob Castro. Some of those victims were juveniles, said Castro.

The device has a tiny camera hole atop the hanger, with two holes for audio and a USB hookup in the back. It is similar to the spycam seen here. (more)

Friday, May 20, 2011

Book—Compilation of State and Federal Privacy Laws—Now available in different formats.

The information in the Compilation of State and Federal Privacy Laws is now available in different formats. 

This book cites and describes more than 600 state and federal laws affecting the confidentiality of personal information and electronic surveillance. 

The laws are listed by state, grouped in categories like medical, credit, financial, security breaches, tracking technologies, employment, government, school records, Social Security numbers, marketing, telephone privacy and many more. Canadian laws too. (more) (Privacy Journal web site)

Android Malware Jumps 400 Percent as All Mobile Threats Rise

Mobile security is the new malware battlefield as attackers take advantage of users who don’t think their smartphones can get compromised.

Cyber-attackers are gunning for Google’s Android as they take advantage of a user base that is “unaware, disinterested or uneducated” in mobile security, according to a recent research report.

Malware developers are increasingly focusing on mobile devices, and Android malware has surged 400 percent since summer 2010, according to the Malicious Mobile Threats Report 2010/2011 released May 11. The increase in malware is a result of users not being concerned about security, large number of downloads from unknown sources and the lack of mobile security software, according to the Juniper Networks Global Threat Center, which compiled the report. (more)

Thursday, May 19, 2011

A Day at The International Spy Museum

The International Spy Museum is one of my favorite places. I spent the afternoon there yesterday.

If you have never been there, you "need to know" this... This is not some cheesy tourist trap one might find in Orlando. It is a quality museum in the finest sense of the word. The exhibits are first class, very educational, imaginative and entertaining—hard to do all in one shot, but they do it.

Visiting Washington, DC is always a compromise. There are so many great things to see and do. Do as many as you can, but save room for dessert. Visit the Spy Museum. It is history at its most relevant.

The newest exhibit – Cyber War – actually leaves people (me included) with a feeling of terror in the pit of the stomach. Yes, it is that well done. No, you won't like the feeling. I won't spoil it for you, but... think about what would happen if electricity were no longer available. All it might take are a few keystrokes.

"Aurora Experiment. In the Spy Museum’s new gallery dedicated to Cyber War, Weapons of Mass Disruption, video of an experiment conducted for the Department of Homeland Security depicts a simulated cyber attack on a generator control station. The simulation led to the generator’s destruction, demonstrating the all-too-real infrastructure vulnerabilities of the U.S power grid. On loan from four of the lead engineers who created and carried out the Aurora experiment, the Museum is pleased to display parts of the disabled generator."

As I was saying, they make espionage relevant. (more)

A Former KGB Lock Picker Discusses His Craft

Nicolai B. was, for thirty years, a senior operative of the KGB, stationed in Riga, Latvia. He and his colleagues were “laid off” in 1991 after the collapse of the Soviet Union and the reorganization of the Committee for State Security, one of the most feared entities by Soviet citizens. His comments and disclosures were of particular interest to me and my colleagues because of our work in designing, training, and using covert entry tools in connection with government operations. His job was to conduct sensitive “intrusions” into offices, homes, businesses and other facilities in order to gather information about suspected “enemies of the state.” The theft or covert copying of documents, installation of electronic eavesdropping devices and cameras, and the planting of evidence were all in a day’s job for this retired agent. (more)

AusCERT 2011 Conference — Smartphones: the perfect bugging device

Security experts at the AusCERT 2011 Conference in Queensland this week warned that serious attacks on mobile phones are expected before the end of this year, and that those attacks will involve tracking users, not just stealing their money.

On Wednesday, Amil Klein, CTO at Trusteer, explained how mobile malware has evolved to a stage where it can now bypass most banking security.

Graham Ingram, the general manager of AusCERT, backs this up.

"The genie is out of the bottle. The hardware is there, the software is there, the capability is there ... these guys will turn it around quickly, now. They know what to do, as soon as the reward is there — and it is clearly there — they will move rapidly into it, and I think that is going to shock a few people because we will wake up one morning and it will all be happening."

But it's not just users' bank accounts that are at stake; modern smartphones make the perfect bugging device.

The implications of being able to turn on a remote device that has the capacity to look at emails, geo-locate users, look at SMSes, listen to phone calls, record meetings and even turn on a camera are stunning. Intelligence agencies with these capabilities with a remote "on" button would be ecstatic. (more)

Tennis Players?!?! Where did the Mossad get that idea?

Undercover agents tracked a Syrian official carrying nuclear secrets to London where they broke into his hotel room and stole the plans as part of a daring operation on foreign soil by Mossad, the Israeli secret service, it has been claimed...

The operation involved at least 10 undercover agents on the streets of Britain and led directly to a controversial bombing raid into Syrian territory that destroyed a nuclear reactor that was under construction.

It closely mirrored the assassination of Mahmoud al-Mabhouh, a senior Hamas arms trader, who was killed in his hotel room in Dubai last year using agents disguised as tennis players. (more)

SpyCam Story #609 - Largest Video Monitoring Contract in History

In what it says is the “largest video monitoring contract in history,” Iverify at the end of April announced it won a five-year contract valued at $39 million to provide guard replacement and shrink-reduction services to 529 Family Dollar stores, nationwide.

Iverify president Mike May said Iverify brought big savings to the table for the Family Dollar.

"[They are] using a robust application that uses Cernium analytics for location-based risk assessment that triggers local announcements in the vicinity of high-shrink products. Further, with sophisticated time-based analysis, it then escalates the risk profile and engages a live intervention from a protection specialist," May told Security Systems News. "They then assess and respond to a protocol based in the actual risk. This is a best case model leveraging intelligent video coupled with a loss-prevention certified specialist that responds and reduces the customer's potential shrink losses." (more)

Think about it. Dollar Stores, yes DOLLAR STORES is going to invest about $14,750.00 per store, per year (actually more factoring in the "protection specialist" cost) to protect their dollar items from "walking"! They know the value of a dollar.

How much have you invested in your business counterespionage program to keep your intellectual secrets from "walking", your corporate secrets from "talking", and your strategic conversations from "bugging"? We can help, call us.

Wednesday, May 18, 2011

U.S. Secret Service to Enhance its Telecommunications Intercept Capabilities

The U.S. Secret Service wants to replace its existing telecommunications interception system with a new, all-inclusive intercept platform that can collect, analyze, decode and reconstruct voice, data and Voice Over Internet Protocol (VOIP) communications.

The new system will be used by approximately 250 Secret Service analysts, monitors and administrators, on a 24/7 basis, according to a sources sought notice published on May 12 by the DHS component.

“The system must be able to decode multiple specified common telecommunications application & network protocols,” said the agency. It must also support the automatic translation of intercepted messages in “numerous highly specific foreign languages,” which the Secret Service did not identify. (more)

U.N. Nuclear Agency Diplomats "Fear" Cell Phone Bugging During Visit to Iran

The U.N. nuclear agency is investigating fears from its experts that their cell phones and lap tops have been hacked into by Iranian officials looking for confidential information.

Diplomats tell The Associated press that the hardware apparently was tampered with while left unattended during inspection tours in the Islamic Republic. (more)

Pssst... Buy the book. Know for certain.

Monday, May 16, 2011

Mini SpyCam Now with 720P HD Picture Quality. Awesome.

from the sellers web site... 
The Little Brother Key Chain Pinhole Camera has so many uses; Great DVR Surveillance for Private Investigators and Journalists. Let your Small Spy Camera be as hidden as you are. This light and covert tiny spy camera will let you get it done without incurring suspicion. Use as a Nanny Cam – No one will Suspect your tiny spy camera is Recording.


                       Change video setting to 720P.

College Students – Never miss a lecture by a Professor again! Currently House or Apartment shopping - Never get confused on another property again. Capture those Funniest Moments with just two clicks of the Little Brother wireless spy cam. Memorialize Every Wonderful moment with your Mini HD DV Camera. (more)

Why do I mention it?
So you will know what you're up against.