Sunday, July 17, 2011

Project X: Murdock Phone Hacking Scandal Continues to Grow

"Argh, Miss Brooks"
The U.K. police investigation into alleged phone hacking took a dramatic turn on Sunday with the arrest of Rebekah Brooks, the former chief of News Corp.'s U.K. newspaper unit who resigned on Friday.

London's Metropolitan Police, known as Scotland Yard, said they arrested her around noon Sunday (7 a.m. EDT) when she appeared by appointment at a London police station. She remained in custody as of early afternoon Sunday and hadn't been charged.

It's the 10th arrest by police in a dual probe investigating allegations of voicemail interceptions and corrupt payments to police. The allegations focus on the News of the World, News Corp.'s Sunday tabloid that the company recently closed after 168 years amid an escalating scandal. (more)

"Our Miss Brooks"

Our Miss Brooks: Mr. Conklin's "Project X" is a sound system that allows him to eavesdrop on the entire school. (download MP3)

Friday, July 15, 2011

How to Write Like an Educated Spy

Writing a good spy report is not as easy as it looks. You need more than a copy of Strunk & White's manual, The Elements of Style. You need the National Security Agency (NSA) SIGINT Reporter's Style and Usage Manual!
 
Did you know...
• In nautical contexts in SIGINT reports, do not call a ship a boat. As a general guideline, a boat will go on a ship, but not vice versa. Lifeboats go on cruise ships. Submarines are boats. Most of the literate public, however, uses the term boat to refer to any floating contrivance of any size. Such use is standard in general contexts, but not appropriate in SIGINT reports.

• Do not use the terms A-bomb or H-bomb. Spell out the words. Do not capitalize atomic bomb, hydrogen bomb, etc.

• Never include obscenities in a report. If an obscenity is part of a quote, replace it with the phrase ((expletive deleted)).

• PDDG ... (Sorry, that's still classified.)

Military Intelligence: How to make unclassified information classified without classifying it!?!?

The Pentagon is proposing to keep under wraps all unclassified information shared between contractors and the Defense Department except that which is expressly released to the public.

That has sparked an outcry not only from open-government advocates but from contractors who argue they could be forced to pay millions of dollars to install systems to protect that information. Tens of thousands of companies would have to meet the new requirements, according to the Pentagon's own reckoning...
The proposed rule, published June 29 in the Federal Register, would impose new controls for unclassified Defense Department information that is not cleared for public release and that is either provided by DoD to a contractor or else developed by a contractor on the department's behalf. (more)

Military Intelligence: What happens to the real classified information?

The US Pentagon has admitted that a foreign intelligence service stole 24,000 files from a US defense contractor earlier this year.

US deputy defense secretary William J Lynn will not say which contractor was holding the data or which country stole it, but he says over the past few years, information about some of the Pentagon's most sensitive programs has been pilfered from military contractors. 

"Over the past decade terabytes of data have been extracted by foreign intruders from corporate networks of defense companies. Indeed in a single intrusion this past March, 24,000 files were taken," he said.

The admission came as the US defence department announced a new cyber warfare strategy, aimed at securing the military's secrets...

He says it is not the only attack... (more)

Ping! We know where you are, and people who will pay us to tell.

What is pinging?
Mobile phone networks have the ability to locate their customers' handsets (pinging). At a basic level, they can determine which cell the phone is using. In a city, that might narrow-down the location to a few hundred metres. In the countryside it could be several kilometres. It is also possible to triangulate the position of a phone more precisely using its relative position to several masts. Additionally, many modern phones contain GPS technology to help determine their exact longitude and latitude.

Mobile operators are reluctant to discuss exactly what level of detail they are able to provide to law enforcement, although there are examples of police tracking criminals, accident victims and missing persons by their mobile phones.

A former News of the World journalist's allegation the newspaper paid police to track mobile phones raises serious questions about the UK's eavesdropping laws, according to experts. Sean Hoare said it was possible to "ping" a handset's location for £300. (more) (DIY Ping) (How to)

50 Ways to Get in Ethical Trouble with Technology

Originally written for attorneys, but great advice applicable to many of us...

Technology makes everything easier and faster. In fact, it makes it possible to commit malpractice at warp speed. We can fail to represent diligently, lose our clients data, perform incompetently, and violate the rules regarding attorney advertising—all in sixty seconds or less.

There are so many ways to potentially commit malpractice with technology that it is impossible to list them all. Still, let us make a credible stab at some of the more common missteps. (more)

Jersey Girls Spy Hard - Court Approves Cell Phone Bill Request

New Jersey officials who use taxpayer funded cell phones cannot keep information on the destination of outgoing calls secret, a state appellate court ruled earlier this week.

In Livecchia v. Borough of Mount Arlington, the Superior Court of New Jersey, Appellate Division, ruled on Wednesday that the public interest in information on the city and state of the location of cell phone calls outweighed the privacy interests of state officials. It also rejected an effort by the state to absolutely bar such information from becoming public.

The court said “there is no absolute bar to the release of the destination location of telephone calls placed by public employees using publicly funded cell phones and the same would not impinge upon individual privacy interests.”

The case began when resident Gayle Ann Livecchia submitted a public records request for two months’ worth of cell phone records documenting the use of publicly funded phones by all employees in the borough.

Livecchia wanted to use the records to see whether employees exceeded limits placed on the taxpayer-funded phones and also whether individuals were using the phones for personal reasons without reimbursing the borough, according to the court. (more) (ruling)

Thursday, July 14, 2011

Your Old Smartphone's Data Can Come Back to Haunt You

Your smartphone probably contains data in places you might not think to look. People--and companies--that sell old phones often do a lousy job of erasing all that info, according to our research with 13 secondhand phones. 

Stands at the flea market were selling stolen phones. The owners had not been able to wipe the phones remotely. Your old cell phone data can reemerge from the past to haunt you. Whether it’s because sellers are lazy or naive, cast-off phones still contain troves of information about their former users. And as phones get smarter, they’re ever more likely to hold bank account passwords, personal email, or private photographs that anyone with the right kind of motivation could exploit. (more)

Tip: Always protect your cell phone with a passcode PIN. Some smartphones allow their passcodes to be longer than the usual four digits and will automatically erase your data if the wrong code is entered too many times. ~Kevin

Smartphone Hacking Becomes News of the World

It's never this obvious.
The “phone hacking” scandal unfolding in the UK has demonstrated how trivial it is to gain unauthorized access to voicemail and other information stored on smartphones. Ignoring basic security steps only makes it easier.

With the help of Kevin Mitnick, CNET reporter Elinor Mills demonstrated just how easy it can be to hack into someone’s voicemail. This was done in the wake of the “phone hacking” scandal that has erupted in the UK in which employees for News of the World hacked into a murdered girl’s phone and materially interfered with the then ongoing police investigation. It’s now grown much larger even than that one terrible incident, and this is, of course, an extreme example of the harm that can be done to people with unsecured mobile phones. (more)

If you own a smartphone you are a viable target,
and you really need to ask yourself, 
"Is my cell phone bugged."

Interesting Smartphone Hack & Spy Links

Thanks to our West Coast secret agent for compiling and sharing these interesting smartphone-related links...

The Vodafone Femtocell Hack

Femtocells are "small cellular base stations, typically designed for use in a home or small business. It connects to the service provider’s network via broadband (such as DSL or cable); current designs typically support 2 to 4 active mobile phones in a residential setting, and 8 to 16 active mobile phones in enterprise settings. A femtocell allows service providers to extend service coverage indoors, especially where access would otherwise be limited or unavailable."

Though esoteric at first glance, most people will get the gist of this cell phone intercept hack.

Summary:
• Can be used worldwide via VPN tunneling.
Allows eavesdropping, calling, text messaging... via someone else's SIM card.
• Inexpensive.

The GSM Association says...
"In addition to attacks against deployed femtocell access points, it is important to remember how the equipment itself could potentially be used for illegal purposes. It is important that femtocell equipment is only supplied to reputable buyers as failure to do so opens up the possibility of femtocell access points being used to support illegal call selling and traffic routing activities, avoidance of lawful interception, use as a false base station to launch man in-the-middle attacks, etc. Of particular concern is the potential for femtocell access points to facilitate the placement of fraudulent calls on 3G networks." (more)

Wednesday, July 13, 2011

Accused SpyCam'er Aquitted - Non-HD SpyCam Saved Her Butt... and His

Australia - An army corporal accused of secretly filming a woman while she showered at an Adelaide Hills barracks has been acquitted in the Adelaide Magistrates Court...

Magistrate Kym Boxall rejected claims by the defence that the card may have been stolen and worn to disguise the identity of the perpetrator.

"I find that rather the actual perpetrator inadvertently filmed himself, including the identification card, and thereby almost gave himself away," he said...

"There is no doubt that a crime of indecently filming a female person was committed at Woodside Army Base using a small filming device that looked like a vehicle remote control unit," he said.

However, he said he was not satisfied beyond reasonable doubt that Freeman was the person who planted the device. Freeman was found not guilty and the charge was dismissed. (more)

Etienne Labuschagne on Business Spying and Eavesdropping

“Many people think that this sort of thing isn’t happening — that corporate espionage is just something you see in movies,” says Etienne Labuschagne. “But that’s just not the case. As more people use these kinds of methods, more of them are getting caught. We live in an era where you can buy bugging gear for a few dollars … and where people will move mountains to get information first.”

Labuschagne says News of the World was simply “one of the unlucky ones that got caught doing it”. He suggests the newspaper got complacent after having gotten away with the practice for so long.

“It used to be easy to say people were just paranoid,” says Labuschagne. “I’m dealing with more and more clients every day who have these problems.”

The only way to ensure one’s phone calls, SMS messages and voice mails are entirely secure is to encrypt conversations, he adds. “The only way to be 100% sure is by using point-to-point encryption, where your unit and mine are both encrypted.”

With corporate espionage on the rise, he says that many companies are opting for counter surveillance strategies to protect their information, particularly because prevention is always easier than prosecution. “I recently dealt with a company that knew it had been bugged by competitors. But the problem is that in order to prosecute, the company would have to produce extensive evidence. Even then, that doesn’t stop it in the interim.”  (more)

Could Your Hard Drives (and other electronics) be Time-Bombed?

A Department of Homeland Security (DHS) official acknowledged the persistent threat of pre-existent malware on imported electronic and computer devices sold within the United States, sparking renewed interest in a problem the federal government has been trying to mitigate for some time.

Calling the threat "one of the most complicated and difficult challenges we have," Greg Schaffer, acting deputy undersecretary for the National Protection and Programs Directorate for the DHS, said that he is "aware that there are instances where that has happened," although he did not go into specifics about those instances. (more)

Tuesday, July 12, 2011

In an effort to better live up to their name, Yahoo! now reads your email before you do.

Houyhnhnms - Yahoo! has recently changed certain settings in its email policy which will allow the company to eavesdrop on customer mail.

With the new service, the search engine uses a spam blocking technology to learn about its users so they can be targeted by display advertisements.

However, this is not where it ends – Yahoo! will also hold the right to scan emails from people using other email accounts if they send emails to Yahoo! users.

In addition to this, users hold the responsibility to warn others about the changes made to their accounts. (more)


Extra Credit: How to Encrypt Your Email