Friday, July 15, 2011

Ping! We know where you are, and people who will pay us to tell.

What is pinging?
Mobile phone networks have the ability to locate their customers' handsets (pinging). At a basic level, they can determine which cell the phone is using. In a city, that might narrow-down the location to a few hundred metres. In the countryside it could be several kilometres. It is also possible to triangulate the position of a phone more precisely using its relative position to several masts. Additionally, many modern phones contain GPS technology to help determine their exact longitude and latitude.

Mobile operators are reluctant to discuss exactly what level of detail they are able to provide to law enforcement, although there are examples of police tracking criminals, accident victims and missing persons by their mobile phones.

A former News of the World journalist's allegation the newspaper paid police to track mobile phones raises serious questions about the UK's eavesdropping laws, according to experts. Sean Hoare said it was possible to "ping" a handset's location for £300. (more) (DIY Ping) (How to)

50 Ways to Get in Ethical Trouble with Technology

Originally written for attorneys, but great advice applicable to many of us...

Technology makes everything easier and faster. In fact, it makes it possible to commit malpractice at warp speed. We can fail to represent diligently, lose our clients data, perform incompetently, and violate the rules regarding attorney advertising—all in sixty seconds or less.

There are so many ways to potentially commit malpractice with technology that it is impossible to list them all. Still, let us make a credible stab at some of the more common missteps. (more)

Jersey Girls Spy Hard - Court Approves Cell Phone Bill Request

New Jersey officials who use taxpayer funded cell phones cannot keep information on the destination of outgoing calls secret, a state appellate court ruled earlier this week.

In Livecchia v. Borough of Mount Arlington, the Superior Court of New Jersey, Appellate Division, ruled on Wednesday that the public interest in information on the city and state of the location of cell phone calls outweighed the privacy interests of state officials. It also rejected an effort by the state to absolutely bar such information from becoming public.

The court said “there is no absolute bar to the release of the destination location of telephone calls placed by public employees using publicly funded cell phones and the same would not impinge upon individual privacy interests.”

The case began when resident Gayle Ann Livecchia submitted a public records request for two months’ worth of cell phone records documenting the use of publicly funded phones by all employees in the borough.

Livecchia wanted to use the records to see whether employees exceeded limits placed on the taxpayer-funded phones and also whether individuals were using the phones for personal reasons without reimbursing the borough, according to the court. (more) (ruling)

Thursday, July 14, 2011

Your Old Smartphone's Data Can Come Back to Haunt You

Your smartphone probably contains data in places you might not think to look. People--and companies--that sell old phones often do a lousy job of erasing all that info, according to our research with 13 secondhand phones. 

Stands at the flea market were selling stolen phones. The owners had not been able to wipe the phones remotely. Your old cell phone data can reemerge from the past to haunt you. Whether it’s because sellers are lazy or naive, cast-off phones still contain troves of information about their former users. And as phones get smarter, they’re ever more likely to hold bank account passwords, personal email, or private photographs that anyone with the right kind of motivation could exploit. (more)

Tip: Always protect your cell phone with a passcode PIN. Some smartphones allow their passcodes to be longer than the usual four digits and will automatically erase your data if the wrong code is entered too many times. ~Kevin

Smartphone Hacking Becomes News of the World

It's never this obvious.
The “phone hacking” scandal unfolding in the UK has demonstrated how trivial it is to gain unauthorized access to voicemail and other information stored on smartphones. Ignoring basic security steps only makes it easier.

With the help of Kevin Mitnick, CNET reporter Elinor Mills demonstrated just how easy it can be to hack into someone’s voicemail. This was done in the wake of the “phone hacking” scandal that has erupted in the UK in which employees for News of the World hacked into a murdered girl’s phone and materially interfered with the then ongoing police investigation. It’s now grown much larger even than that one terrible incident, and this is, of course, an extreme example of the harm that can be done to people with unsecured mobile phones. (more)

If you own a smartphone you are a viable target,
and you really need to ask yourself, 
"Is my cell phone bugged."

Interesting Smartphone Hack & Spy Links

Thanks to our West Coast secret agent for compiling and sharing these interesting smartphone-related links...

The Vodafone Femtocell Hack

Femtocells are "small cellular base stations, typically designed for use in a home or small business. It connects to the service provider’s network via broadband (such as DSL or cable); current designs typically support 2 to 4 active mobile phones in a residential setting, and 8 to 16 active mobile phones in enterprise settings. A femtocell allows service providers to extend service coverage indoors, especially where access would otherwise be limited or unavailable."

Though esoteric at first glance, most people will get the gist of this cell phone intercept hack.

Summary:
• Can be used worldwide via VPN tunneling.
Allows eavesdropping, calling, text messaging... via someone else's SIM card.
• Inexpensive.

The GSM Association says...
"In addition to attacks against deployed femtocell access points, it is important to remember how the equipment itself could potentially be used for illegal purposes. It is important that femtocell equipment is only supplied to reputable buyers as failure to do so opens up the possibility of femtocell access points being used to support illegal call selling and traffic routing activities, avoidance of lawful interception, use as a false base station to launch man in-the-middle attacks, etc. Of particular concern is the potential for femtocell access points to facilitate the placement of fraudulent calls on 3G networks." (more)

Wednesday, July 13, 2011

Accused SpyCam'er Aquitted - Non-HD SpyCam Saved Her Butt... and His

Australia - An army corporal accused of secretly filming a woman while she showered at an Adelaide Hills barracks has been acquitted in the Adelaide Magistrates Court...

Magistrate Kym Boxall rejected claims by the defence that the card may have been stolen and worn to disguise the identity of the perpetrator.

"I find that rather the actual perpetrator inadvertently filmed himself, including the identification card, and thereby almost gave himself away," he said...

"There is no doubt that a crime of indecently filming a female person was committed at Woodside Army Base using a small filming device that looked like a vehicle remote control unit," he said.

However, he said he was not satisfied beyond reasonable doubt that Freeman was the person who planted the device. Freeman was found not guilty and the charge was dismissed. (more)

Etienne Labuschagne on Business Spying and Eavesdropping

“Many people think that this sort of thing isn’t happening — that corporate espionage is just something you see in movies,” says Etienne Labuschagne. “But that’s just not the case. As more people use these kinds of methods, more of them are getting caught. We live in an era where you can buy bugging gear for a few dollars … and where people will move mountains to get information first.”

Labuschagne says News of the World was simply “one of the unlucky ones that got caught doing it”. He suggests the newspaper got complacent after having gotten away with the practice for so long.

“It used to be easy to say people were just paranoid,” says Labuschagne. “I’m dealing with more and more clients every day who have these problems.”

The only way to ensure one’s phone calls, SMS messages and voice mails are entirely secure is to encrypt conversations, he adds. “The only way to be 100% sure is by using point-to-point encryption, where your unit and mine are both encrypted.”

With corporate espionage on the rise, he says that many companies are opting for counter surveillance strategies to protect their information, particularly because prevention is always easier than prosecution. “I recently dealt with a company that knew it had been bugged by competitors. But the problem is that in order to prosecute, the company would have to produce extensive evidence. Even then, that doesn’t stop it in the interim.”  (more)

Could Your Hard Drives (and other electronics) be Time-Bombed?

A Department of Homeland Security (DHS) official acknowledged the persistent threat of pre-existent malware on imported electronic and computer devices sold within the United States, sparking renewed interest in a problem the federal government has been trying to mitigate for some time.

Calling the threat "one of the most complicated and difficult challenges we have," Greg Schaffer, acting deputy undersecretary for the National Protection and Programs Directorate for the DHS, said that he is "aware that there are instances where that has happened," although he did not go into specifics about those instances. (more)

Tuesday, July 12, 2011

In an effort to better live up to their name, Yahoo! now reads your email before you do.

Houyhnhnms - Yahoo! has recently changed certain settings in its email policy which will allow the company to eavesdrop on customer mail.

With the new service, the search engine uses a spam blocking technology to learn about its users so they can be targeted by display advertisements.

However, this is not where it ends – Yahoo! will also hold the right to scan emails from people using other email accounts if they send emails to Yahoo! users.

In addition to this, users hold the responsibility to warn others about the changes made to their accounts. (more)


Extra Credit: How to Encrypt Your Email

Jersey Girls Spy Hard - Court Approves their Private GPS Spying

NJ - Appellate court in New Jersey sees no issue with private use of GPS devices to secretly track motorists. 

Police are not alone in the ability to secretly use GPS devices to track someone without his knowledge, the New Jersey Superior Court's Appellate Division ruled Thursday. 

A three-judge panel made this decision in the context of a privacy invasion suit brought by Kenneth R. Villanova against Innovative Investigations Inc after his now ex-wife hired the private-eye company to spy on him. She intended to document alleged infidelities prior to filing for divorce in May 2008. At the firm's suggestion, Villanova's wife installed the tracking device on her husband's GMC Yukon-Denali which followed the vehicle's every move for forty days. (more) Villanova v. Innovative Investigations (New Jersey Superior Court Appellate Division, 7/7/2011)

Psst... Wanna buy some spy HQ blueprints?

Germany is investigating reports that a set of blueprints its future BND spy headquarters under construction in Berlin may have been missing for up to a year.

Several media were citing a German-language report in Focus magazine which, if confirmed, would likely pose a serious security risk — and be a huge embarrassment for the spy agency.

According to the Telegraph: The plans for the new building included details on alarms, emergency exits, wall thickness and the locking systems designed to protect the 4,000 personnel who will work there. Focus also said the blueprints could have been missing for a year before anyone noticed their absence. (more)

Oh, like this has never happened before...
 
UK - DETAILED top-secret plans of MI5's fortress HQ have been sensationally handed to News of the World.

The lost 66-page dossier of floor layouts—once used by trusted CONTRACTORS at the high-security Central London base—would be gold dust to terrorists.

The plans were given to us by a worried member of the public, who got them from a friend who worked at the building and never handed them back. (more)

Keep the Guards Awake - Make them Wear Point & Shoot BulletCams

12 Megapixel 1/2.5 HD CMOS Sensor
  • HD Video Resolution 720p (1280x720 Pixel)
  • 170° Wide angle
  • 10 m water proof
  • With Photo Capture Mode:Camera takes a photo every 3 seconds
  • Aluminum housing
Top-Details
  • High Definition Camcorder 1,280 x 720, 30 fps
  • Up to 2 h battery power
  • Incl. 4 GB Micro-SD Card
  • Incl. splash-proof camera head for improved sound recordings
  • Incl. adapter for helmet, goggles, handle bar, 360° universal mount, case, USB cable, power adapter, sealants, lithium-ion battery
Technical features
  • Image sensor 12 Megapixel 1/2.5 HD CMOS Sensor
  • Objective 170° Wide Angle | Aperture: f = 2.8
  • Memory Slot for Micro-SD Card up to 32 GB
  • Data format Movie: MPEG codec , AVI file format
  • System requierements PC: MS Windows XP / Vista / Windows 7 | Mac 10.6.6
  • Connectors Mini USB 2.0
  • Battery Life Video up to 2 hours with Micro-SD card 32 GB/Class 6
  • Power rechargeable Lithium-ion battery
  • Dimensions approx. 90 x 30 x 10 mm
  • Weight approx. 83 g (without battery)

Monday, July 11, 2011

Alert: ZeuS Trojan Runs on Android Phones - Steals Bank Passcodes

Criminals have developed a component of the ZeuS Trojan designed to run on Google Android phones. The new strain of malware comes as security experts are warning about the threat from mobile malware that may use tainted ads and drive-by downloads.

Researchers at Fortinet said the malicious file is a new version of "Zitmo," a family of mobile malware first spotted last year that stands for "ZeuS in the mobile." The Zitmo variant, disguised as a security application, is designed to intercept the one-time passcodes that banks send to mobile users as an added security feature. It masquerades as a component of Rapport, a banking activation application from Trusteer. Once installed, the malware lies in wait for incoming text messages, and forwards them to a remote Web server. (more)