Thursday, July 14, 2011

Smartphone Hacking Becomes News of the World

It's never this obvious.
The “phone hacking” scandal unfolding in the UK has demonstrated how trivial it is to gain unauthorized access to voicemail and other information stored on smartphones. Ignoring basic security steps only makes it easier.

With the help of Kevin Mitnick, CNET reporter Elinor Mills demonstrated just how easy it can be to hack into someone’s voicemail. This was done in the wake of the “phone hacking” scandal that has erupted in the UK in which employees for News of the World hacked into a murdered girl’s phone and materially interfered with the then ongoing police investigation. It’s now grown much larger even than that one terrible incident, and this is, of course, an extreme example of the harm that can be done to people with unsecured mobile phones. (more)

If you own a smartphone you are a viable target,
and you really need to ask yourself, 
"Is my cell phone bugged."

Interesting Smartphone Hack & Spy Links

Thanks to our West Coast secret agent for compiling and sharing these interesting smartphone-related links...

The Vodafone Femtocell Hack

Femtocells are "small cellular base stations, typically designed for use in a home or small business. It connects to the service provider’s network via broadband (such as DSL or cable); current designs typically support 2 to 4 active mobile phones in a residential setting, and 8 to 16 active mobile phones in enterprise settings. A femtocell allows service providers to extend service coverage indoors, especially where access would otherwise be limited or unavailable."

Though esoteric at first glance, most people will get the gist of this cell phone intercept hack.

Summary:
• Can be used worldwide via VPN tunneling.
Allows eavesdropping, calling, text messaging... via someone else's SIM card.
• Inexpensive.

The GSM Association says...
"In addition to attacks against deployed femtocell access points, it is important to remember how the equipment itself could potentially be used for illegal purposes. It is important that femtocell equipment is only supplied to reputable buyers as failure to do so opens up the possibility of femtocell access points being used to support illegal call selling and traffic routing activities, avoidance of lawful interception, use as a false base station to launch man in-the-middle attacks, etc. Of particular concern is the potential for femtocell access points to facilitate the placement of fraudulent calls on 3G networks." (more)

Wednesday, July 13, 2011

Accused SpyCam'er Aquitted - Non-HD SpyCam Saved Her Butt... and His

Australia - An army corporal accused of secretly filming a woman while she showered at an Adelaide Hills barracks has been acquitted in the Adelaide Magistrates Court...

Magistrate Kym Boxall rejected claims by the defence that the card may have been stolen and worn to disguise the identity of the perpetrator.

"I find that rather the actual perpetrator inadvertently filmed himself, including the identification card, and thereby almost gave himself away," he said...

"There is no doubt that a crime of indecently filming a female person was committed at Woodside Army Base using a small filming device that looked like a vehicle remote control unit," he said.

However, he said he was not satisfied beyond reasonable doubt that Freeman was the person who planted the device. Freeman was found not guilty and the charge was dismissed. (more)

Etienne Labuschagne on Business Spying and Eavesdropping

“Many people think that this sort of thing isn’t happening — that corporate espionage is just something you see in movies,” says Etienne Labuschagne. “But that’s just not the case. As more people use these kinds of methods, more of them are getting caught. We live in an era where you can buy bugging gear for a few dollars … and where people will move mountains to get information first.”

Labuschagne says News of the World was simply “one of the unlucky ones that got caught doing it”. He suggests the newspaper got complacent after having gotten away with the practice for so long.

“It used to be easy to say people were just paranoid,” says Labuschagne. “I’m dealing with more and more clients every day who have these problems.”

The only way to ensure one’s phone calls, SMS messages and voice mails are entirely secure is to encrypt conversations, he adds. “The only way to be 100% sure is by using point-to-point encryption, where your unit and mine are both encrypted.”

With corporate espionage on the rise, he says that many companies are opting for counter surveillance strategies to protect their information, particularly because prevention is always easier than prosecution. “I recently dealt with a company that knew it had been bugged by competitors. But the problem is that in order to prosecute, the company would have to produce extensive evidence. Even then, that doesn’t stop it in the interim.”  (more)

Could Your Hard Drives (and other electronics) be Time-Bombed?

A Department of Homeland Security (DHS) official acknowledged the persistent threat of pre-existent malware on imported electronic and computer devices sold within the United States, sparking renewed interest in a problem the federal government has been trying to mitigate for some time.

Calling the threat "one of the most complicated and difficult challenges we have," Greg Schaffer, acting deputy undersecretary for the National Protection and Programs Directorate for the DHS, said that he is "aware that there are instances where that has happened," although he did not go into specifics about those instances. (more)

Tuesday, July 12, 2011

In an effort to better live up to their name, Yahoo! now reads your email before you do.

Houyhnhnms - Yahoo! has recently changed certain settings in its email policy which will allow the company to eavesdrop on customer mail.

With the new service, the search engine uses a spam blocking technology to learn about its users so they can be targeted by display advertisements.

However, this is not where it ends – Yahoo! will also hold the right to scan emails from people using other email accounts if they send emails to Yahoo! users.

In addition to this, users hold the responsibility to warn others about the changes made to their accounts. (more)


Extra Credit: How to Encrypt Your Email

Jersey Girls Spy Hard - Court Approves their Private GPS Spying

NJ - Appellate court in New Jersey sees no issue with private use of GPS devices to secretly track motorists. 

Police are not alone in the ability to secretly use GPS devices to track someone without his knowledge, the New Jersey Superior Court's Appellate Division ruled Thursday. 

A three-judge panel made this decision in the context of a privacy invasion suit brought by Kenneth R. Villanova against Innovative Investigations Inc after his now ex-wife hired the private-eye company to spy on him. She intended to document alleged infidelities prior to filing for divorce in May 2008. At the firm's suggestion, Villanova's wife installed the tracking device on her husband's GMC Yukon-Denali which followed the vehicle's every move for forty days. (more) Villanova v. Innovative Investigations (New Jersey Superior Court Appellate Division, 7/7/2011)

Psst... Wanna buy some spy HQ blueprints?

Germany is investigating reports that a set of blueprints its future BND spy headquarters under construction in Berlin may have been missing for up to a year.

Several media were citing a German-language report in Focus magazine which, if confirmed, would likely pose a serious security risk — and be a huge embarrassment for the spy agency.

According to the Telegraph: The plans for the new building included details on alarms, emergency exits, wall thickness and the locking systems designed to protect the 4,000 personnel who will work there. Focus also said the blueprints could have been missing for a year before anyone noticed their absence. (more)

Oh, like this has never happened before...
 
UK - DETAILED top-secret plans of MI5's fortress HQ have been sensationally handed to News of the World.

The lost 66-page dossier of floor layouts—once used by trusted CONTRACTORS at the high-security Central London base—would be gold dust to terrorists.

The plans were given to us by a worried member of the public, who got them from a friend who worked at the building and never handed them back. (more)

Keep the Guards Awake - Make them Wear Point & Shoot BulletCams

12 Megapixel 1/2.5 HD CMOS Sensor
  • HD Video Resolution 720p (1280x720 Pixel)
  • 170° Wide angle
  • 10 m water proof
  • With Photo Capture Mode:Camera takes a photo every 3 seconds
  • Aluminum housing
Top-Details
  • High Definition Camcorder 1,280 x 720, 30 fps
  • Up to 2 h battery power
  • Incl. 4 GB Micro-SD Card
  • Incl. splash-proof camera head for improved sound recordings
  • Incl. adapter for helmet, goggles, handle bar, 360° universal mount, case, USB cable, power adapter, sealants, lithium-ion battery
Technical features
  • Image sensor 12 Megapixel 1/2.5 HD CMOS Sensor
  • Objective 170° Wide Angle | Aperture: f = 2.8
  • Memory Slot for Micro-SD Card up to 32 GB
  • Data format Movie: MPEG codec , AVI file format
  • System requierements PC: MS Windows XP / Vista / Windows 7 | Mac 10.6.6
  • Connectors Mini USB 2.0
  • Battery Life Video up to 2 hours with Micro-SD card 32 GB/Class 6
  • Power rechargeable Lithium-ion battery
  • Dimensions approx. 90 x 30 x 10 mm
  • Weight approx. 83 g (without battery)

Monday, July 11, 2011

Alert: ZeuS Trojan Runs on Android Phones - Steals Bank Passcodes

Criminals have developed a component of the ZeuS Trojan designed to run on Google Android phones. The new strain of malware comes as security experts are warning about the threat from mobile malware that may use tainted ads and drive-by downloads.

Researchers at Fortinet said the malicious file is a new version of "Zitmo," a family of mobile malware first spotted last year that stands for "ZeuS in the mobile." The Zitmo variant, disguised as a security application, is designed to intercept the one-time passcodes that banks send to mobile users as an added security feature. It masquerades as a component of Rapport, a banking activation application from Trusteer. Once installed, the malware lies in wait for incoming text messages, and forwards them to a remote Web server. (more)

When Computer Spy Art is Not Smart

Artist Kyle McDonald put a strange art project into practice when he installed what amounts to surveillance software on the public computers at an Apple store and used the images collected to create a presentation that he hoped would give us, by the facial expressions captured, insight into our relationship with the computers we use...

McDonald figured that Apple had decided the program wasn't a big deal. That was until four Secret Service men in suits woke him up on Thursday morning with a search warrant for computer fraud. They confiscated two computers, an iPod and two flash drives, and told McDonald that Apple would contact him separately. (more)

People Staring at Computers from Kyle McDonald on Vimeo. 

Dude, next time just Christo the store.

Need Expert Police & Security Advice? Check Police-Writers.com

Police-Writers.com was founded by Lieutenant Raymond E. Foster, LAPD (ret.).  An educator and prolific writer himself, Lt. Foster observed that many of the best people in law enforcement were sharing their expertise by writing books. He also recognized that their works needed a headquarters to be easily found. Hence, Police-Writers.com.

The book isles include diverse topic sections, such as:

Historically, a listing in Police-Writers.com was only granted to "anyone person who completed their probationary period in a state or local police or law enforcement organization." This has recently been expanded to include Other Law Enforcement Writers including Security Professionals, thus making the site an even more valuable repository of expertise.

As Mr. Peabody might say, "This is a site you should ...bookmark!"

Hacked Off - SuperSized - 9 Becomes Almost 4000

UK - Scotland Yard on Thursday night admitted that almost 4,000 people may have had their phones hacked by the News of the World's private investigator, placing further strain on the testimony of senior officers to Parliament that there were only a handful of victims.

In a statement, deputy assistant commissioner Sue Akers, indicated that the new investigation into the illegal eavesdropping of mobile phone messages was struggling to deal with the mass of evidence of wrongdoing contained in Glenn Mulcaire's notebooks. 

The Yard's latest statement sharply contrasts with the evidence given by Andy Hayman, the officer who led the original investigation into Mulcaire's activities in 2006-07, which led to prosecutions regarding nine victims, including three Royal aides. (more)

Hacked Off - Is Your Cell Phone Next?

If the cellphone hacking scandal that caused the downfall of Britain's best-selling tabloid, News of the World, made you wonder about your own vulnerability, consider these statistics.

Globally, telecommunications-fraud losses, which includes cases of mobile-phone fraud, were estimated to hit $72 billion to $80 billion in 2009, up 34 percent from 2005, according to a 2009 survey of security experts from the Roseland, N.J.,-based Communications Fraud Control Association. Hacking alone accounted for $3.2 billion in losses for the telecom industry, says CFCA. What's more, the problems have likely only expanded as smartphone use has escalated. (more)