One morning in early March 1971, Army counterintelligence agent Dave Mann was going through the overnight files when his eyes landed on something unexpected: a report that a routine, nighttime sweep for bugs along the Pentagon’s power-packed E-Ring had found unexplained – and unencrypted — signals emanating from offices in the Joint Chiefs of Staff.
Someone, it seemed, was eavesdropping on the top brass.
Mann was no stranger to bugs. It was a busy time for eavesdroppers and bug-finders, starting with the constant Spy vs. Spy games with Russian spies. But the Nixon years, he and everyone else would soon discover, had extended such clandestine ops into new territory: bugging not just the Democrats, but people within its own ranks. Eventually, most of the Watergate-era eavesdropping schemes were revealed to the public, including the bombshell that Nixon was bugging himself. But the bugs Dave Mann discovered in the E-Ring in March 1971 — and another batch like it — have remained buried all these years. Until now. (more)
Monday, August 15, 2011
Security Director Alert - Another Name for your Rolodex... Data Killers
Why would anyone want to shred a smartphone...twice?
Well, if they wanted to be sure that all of their private information wouldn't fall into the wrong hands; they might shred it or burn it or both! Who would blame them when Wikileaks and identity theft stories dominate the news headlines? From corporate espionage to bored hackers, it seems someone is always after someone else's data! How does one keep private, corporate or government information from becoming public knowledge?
Recently a large federal agency that had upgraded their enterprise-wide smartphones wanted to have the old phones destroyed. The security officer responsible for the destruction of these smartphones took the smartphones to an un-knowledgeable electronics recycling company who shredded the phones. Unfortunately that company didn't have the specialized equipment to shred them small enough and the officer found several intact SIM cards in a pile of shredded residue. Luckily he found the un-shredded cards before the Inspector General found them! (more)
Well, if they wanted to be sure that all of their private information wouldn't fall into the wrong hands; they might shred it or burn it or both! Who would blame them when Wikileaks and identity theft stories dominate the news headlines? From corporate espionage to bored hackers, it seems someone is always after someone else's data! How does one keep private, corporate or government information from becoming public knowledge?
Recently a large federal agency that had upgraded their enterprise-wide smartphones wanted to have the old phones destroyed. The security officer responsible for the destruction of these smartphones took the smartphones to an un-knowledgeable electronics recycling company who shredded the phones. Unfortunately that company didn't have the specialized equipment to shred them small enough and the officer found several intact SIM cards in a pile of shredded residue. Luckily he found the un-shredded cards before the Inspector General found them! (more)
As you can see, not all shredding companies are created equal. Data Killers is the destruction arm of Turtle Wings, Inc., an ISO certified, woman-owned, HUBZoned company holding multiple GSA contracts. These folks claim they can get it done right the first time:
Elizabeth Wilmot, President
Labels:
business,
government,
leaks,
product,
shredder,
trade secret
Cell Phone Eavesdropping Alert - Android Trojan Snoop
A nasty Android Trojan capable of stealing text messages and eavesdropping on conversations has, like all movie monsters worth their weight, morphed into an even more dangerous opponent. The security firm CA Technologies detected a piece of Android malware that hid in corrupt apps and recorded and stored users' conversations on the targeted devices, which could then be uploaded to remote servers.
"Before answering the call, it puts the phone on silent mode to prevent the affected user from hearing it. It also hides the dial pad and sets the current screen to display the home page. During testing, after the malware answered the phone, the screen went blank," Trend Micro wrote on its blog.
TIP: The auto-answering feature only targets Android's running version 2.2, not the new version 2.3; to update your operating system, go to the "Settings" tab under "Menu." (more)
"Before answering the call, it puts the phone on silent mode to prevent the affected user from hearing it. It also hides the dial pad and sets the current screen to display the home page. During testing, after the malware answered the phone, the screen went blank," Trend Micro wrote on its blog.
TIP: The auto-answering feature only targets Android's running version 2.2, not the new version 2.3; to update your operating system, go to the "Settings" tab under "Menu." (more)
Labels:
advice,
cell phone,
eavesdropping,
Hack,
spybot,
spyware,
Tips
Sunday, August 14, 2011
Tap Tap Revolution - The Smartphone Spyware Version
The slight movements of your smartphone every time you tap on the touchscreen could be giving away what you are typing.
Eavesdropping on a computer user's keyboard input is called keylogging...
Keylogging is much harder to pull off on smartphones because most mobile operating systems allow only whatever app is on screen to access what you are typing, says security researcher Hao Chen of the University of California, Davis.
However, Chen and his colleague Liang Cai have got around that hurdle and created a keylogger that runs on Android smartphones. It uses the phone's motion sensors to detect vibrations from tapping the screen. Since mobile operating systems do not treat the motion-sensor output as private or in need of protection, it presents a target for hackers wanting to create an innocent-looking app that secretly monitors phone users. (more)
Eavesdropping on a computer user's keyboard input is called keylogging...
Keylogging is much harder to pull off on smartphones because most mobile operating systems allow only whatever app is on screen to access what you are typing, says security researcher Hao Chen of the University of California, Davis.
However, Chen and his colleague Liang Cai have got around that hurdle and created a keylogger that runs on Android smartphones. It uses the phone's motion sensors to detect vibrations from tapping the screen. Since mobile operating systems do not treat the motion-sensor output as private or in need of protection, it presents a target for hackers wanting to create an innocent-looking app that secretly monitors phone users. (more)
Can Ya Catch My Cheating Spouse? In Kenya Ya Can - Bugging cell phones is apparently legal there!?!?
Kenya - Are you suspicious your lover, spouse, children, employees or business partner could be hiding something? Relax. A solution is finally here.
All you need is a high-end wap-enabled mobile phone, which you will present as a gift to your partner, whom you want to investigate.
All you need is a high-end wap-enabled mobile phone, which you will present as a gift to your partner, whom you want to investigate.
Charles Chepkonga, the director of IT company, Smuffet Outsourcing, says with Sh15,000, he could install a software that could help you get a copy of all SMS, call log, location of the phone and all the names saved in the phonebook.
"The phone does not need to be expensive. We have done with phones worth as low as Sh8,000," he says.
Dubbed Mobispy, the software will send information to a preset email address managed by the buyer.
"Let’s say your husband tells you he is working late within the central business district but you doubt. All you will need to do is log in to the email and trace the location of the phone. Unless he left it in the office, you can know his location because it gives a radius of 10m," said Chepkonga. The IT expert says the technology can also be used to keep track on the location of students who lie they are in libraries or by managers who suspects their employees could be sabotaging the company by giving out classified information.
"The most popular reasons for using this application are finding out if your partner is cheating on you, keeping an eye on your children or teens, protecting your old parents, and using it to ensure your employees are doing what they are expected," said Chepkonga.
He says he started offering the service two months ago and has so far done more than 20 mobile phones bought by suspecting partners.
"We have also had innumerable enquiries from many people but who would want to remain anonymous," he said.
He said the idea came up as a result of the many attempts by Kenyans to bust their cheating partners. (more)
"The phone does not need to be expensive. We have done with phones worth as low as Sh8,000," he says.
Dubbed Mobispy, the software will send information to a preset email address managed by the buyer.
"Let’s say your husband tells you he is working late within the central business district but you doubt. All you will need to do is log in to the email and trace the location of the phone. Unless he left it in the office, you can know his location because it gives a radius of 10m," said Chepkonga. The IT expert says the technology can also be used to keep track on the location of students who lie they are in libraries or by managers who suspects their employees could be sabotaging the company by giving out classified information.
"The most popular reasons for using this application are finding out if your partner is cheating on you, keeping an eye on your children or teens, protecting your old parents, and using it to ensure your employees are doing what they are expected," said Chepkonga.
He says he started offering the service two months ago and has so far done more than 20 mobile phones bought by suspecting partners.
"We have also had innumerable enquiries from many people but who would want to remain anonymous," he said.
He said the idea came up as a result of the many attempts by Kenyans to bust their cheating partners. (more)
You'll Look So Dorky Nobody Will Think You Are a Spy
Real spy gear disguised as a kid's toy - with NIGHT VISION!
The SpyNet Night Vision Mission Video Watch's secret... It looks like a children's toy, but is a whole lot more. Let's run through the features... sound recorder, video recorder, still picture cam (with time lapse) - check, check, and check. Downloadable spy missions, games, and apps. Check. And, it tells time, too!
The SpyNet Night Vision Mission Video Watch's secret... It looks like a children's toy, but is a whole lot more. Let's run through the features... sound recorder, video recorder, still picture cam (with time lapse) - check, check, and check. Downloadable spy missions, games, and apps. Check. And, it tells time, too!
If you really need to go covert, there is the Snake Cam Add-On. It plugs into the watch and lets you look around corners (or hide it in your sleeve and have it peek out a button whole).
Modes:
Time Mode
Alarm Mode
Timer Mode
Stop Watch Mode
Video Recorder Mode - preview or super-spy mode (watch face just shows time)
Audio Recorder Mode - wave form preview or super-spy mode (watch face just shows time)
Still Picture Recorder Mode - still image (again, with preview or without) or time lapse mode (5 seconds, 10 seconds, 30 seconds, 1 minute, 5 minutes, 10 minutes)
Modes:
Time Mode
Alarm Mode
Timer Mode
Stop Watch Mode
Video Recorder Mode - preview or super-spy mode (watch face just shows time)
Audio Recorder Mode - wave form preview or super-spy mode (watch face just shows time)
Still Picture Recorder Mode - still image (again, with preview or without) or time lapse mode (5 seconds, 10 seconds, 30 seconds, 1 minute, 5 minutes, 10 minutes)
Secrets Mode
Missions Mode - downloadable from SpyNet HQ
Games Mode
Spy Apps Mode
Playback Mode
Capacity: Up to 20 mins of video; over 4 hours of audio; up to 2000 pics!
Snake Cam Add-On: Allows you to record pics/video around corners or hides in a button hole for super covert missions (unable to film using night vision, however). Can also be used as a plug and play USB webcam.
Watch Includes: Watch (duh), USB connector, and instructions.
Dimensions: Watch - 2.5" x 2.25" x 1" (watch body) - 1.4" TFT display.
Snake Cam - bendy part: 20"; overall length: 38"
Missions Mode - downloadable from SpyNet HQ
Games Mode
Spy Apps Mode
Playback Mode
Capacity: Up to 20 mins of video; over 4 hours of audio; up to 2000 pics!
Snake Cam Add-On: Allows you to record pics/video around corners or hides in a button hole for super covert missions (unable to film using night vision, however). Can also be used as a plug and play USB webcam.
Watch Includes: Watch (duh), USB connector, and instructions.
Dimensions: Watch - 2.5" x 2.25" x 1" (watch body) - 1.4" TFT display.
Snake Cam - bendy part: 20"; overall length: 38"
Why do I mention it?
So you'll know what you're up against, or the holidays are coming.
...Keep an eye out for the snake coming over the cubicle wall.
Staying Safe Abroad - The Blog, Edward L. Lee II
In 2008, I gave all my clients a free copy of Edward L. Lee's book: Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World Yes, it was that good!
The feedback I received spanned from: "Thank you so much..." to one security director saying, "I am buying copies for all our key executives who travel."
If you travel, or know someone who does, buy the book and get FREE updates by following Staying Safe Abroad - The Blog.
"What makes Ed Lee the big expert?"
Ed Lee retired from the US State Department in April 2006, after a career as a special agent, Regional Security Officer, director of training, chief investigator of the Cyprus Missing Persons Program, director of security of the U.S. Agency for International Development and as a senior advisor in the Office of Anti-Terrorism Assistance.
Most of his work now is devoted to educating global companies and governmental entities in how to be successful and keep their people safe abroad.
His career also includes 15 years as an international security consultant; for ten years he served as the security advisor to the Inter-American Development Bank. Additionally, Ed served six years in the Marines before joining the US State Department as a special agent.
"Why the plug?"
I hear you say.
Just a film noir PI's cliche, "Dead clients don't pay."
The feedback I received spanned from: "Thank you so much..." to one security director saying, "I am buying copies for all our key executives who travel."
If you travel, or know someone who does, buy the book and get FREE updates by following Staying Safe Abroad - The Blog.
"What makes Ed Lee the big expert?"
Ed Lee retired from the US State Department in April 2006, after a career as a special agent, Regional Security Officer, director of training, chief investigator of the Cyprus Missing Persons Program, director of security of the U.S. Agency for International Development and as a senior advisor in the Office of Anti-Terrorism Assistance.
Most of his work now is devoted to educating global companies and governmental entities in how to be successful and keep their people safe abroad.
His career also includes 15 years as an international security consultant; for ten years he served as the security advisor to the Inter-American Development Bank. Additionally, Ed served six years in the Marines before joining the US State Department as a special agent.
"Why the plug?"
I hear you say.
Just a film noir PI's cliche, "Dead clients don't pay."
Labels:
advice,
book,
business,
employee,
FREE,
FutureWatch,
miscellaneous,
Tips
Saturday, August 13, 2011
Privacy Journal - Keep Abreast of Privacy Issues and Laws
The Compilation of State and Federal Privacy Laws is now available in different formats. This book cites and describes more than 600 state and federal laws affecting the confidentiality of personal information and electronic surveillance. The laws are listed by state, grouped in categories like medical, credit, financial, security breaches, tracking technologies, employment, government, school records, Social Security numbers, marketing, telephone privacy and many more. Canadian laws are also included.
The Consumer's Handheld Guide to Privacy Protection, an abridged, consolidated version for use on handheld devices. Lawyers and other professionals are finding this handy for searching privacy laws while out of the office, in conferences, in court, on the street.
P.S. Would you like a free sample copy of Privacy Journal monthly newsletter? Contact: Lee Shoreham, Assistant to the Publisher, PRIVACY JOURNAL, PO Box 28577, Providence, RI 02908 Phone: 401-274-7861 Fax: 401-274-4747 orders@privacyjournal.net
Friday, August 12, 2011
Tips to Protect Your Voice Mail from Hacking
via Forbes...
While there’s been extensive coverage of the News Corp. phone hacking cases during the past few weeks, nobody has really addressed two relevant elements of the story: the legal liability (both criminal and civil) for such conduct and the underlying problem which allowed the media to gain access to confidential information: the insecurity of most voice mail systems...Personal actions
• Do not use default passwords;
• Use more than a four digit PIN, and make them random. Do not use your date of birth, year of birth, or set the digits in ascending or descending order;
• Make sure your carrier requires the use of a PIN every time you access your voice mail;
• Have your carrier require a special password to access information about your account;
• Demand that your carrier immediately notify you of any attempt to improperly access your account via email or SMS;
• Ask your carrier to block multiple invalid PIN attempts on your account, which will then requires a call to customer service to reset it;
• Delete sensitive message once you retrieve them, and do not store them in the system any longer than necessary. Remember, there is no way to determine who has accessed your account or listened to your messages;
• Check the settings on your system to determine if messages are being forwarded to numbers you do not recognize;
• Use the most complicated password that is possible to set up, and change it frequently. (more)
USA Today - "Don't bank on your phone to evade virus"
Trojans can enter a smartphone in many devious ways. All you have to do is click on a link or attachment that contains the virus, and within seconds it can secretly seize control of the phone. That link might be a tinyurl in Twitter. The attachment could be a vCard, the standard format for sending a business card to a phone.
Or you could be accessing a website in a cafe. At Wi-Fi hotspots, fraudsters create bogus gateways, known as "evil twins", to which the latest mobile phones will automatically connect. Once a connection is established, all the information passing through the gateway can be read directly or decrypted, allowing fraudsters to harvest user names, passwords and messages.
Until now, these attacks have been rare. But experts say that's just because smartphones are still taking off. "We're walking into a minefield," said Mr Fidgen, who has been warning about the risks of mobile banking for several months, "but nobody's bloody listening". (more)
Or you could be accessing a website in a cafe. At Wi-Fi hotspots, fraudsters create bogus gateways, known as "evil twins", to which the latest mobile phones will automatically connect. Once a connection is established, all the information passing through the gateway can be read directly or decrypted, allowing fraudsters to harvest user names, passwords and messages.
Until now, these attacks have been rare. But experts say that's just because smartphones are still taking off. "We're walking into a minefield," said Mr Fidgen, who has been warning about the risks of mobile banking for several months, "but nobody's bloody listening". (more)
Thursday, August 11, 2011
The Spy in the Condé Nast Elevator
Following a day of speculation about the identity of the person behind @CondeElevator, the account appears to have gone dark. "Girl or Guy #1 [in elevator alone]: This got really crazy. Love my job. Better stop," the account tweeted on Wednesday...
The account, which presents all tweets as if they are true, was launched just last Saturday, but it already has amassed more than 50,000 followers. In less than a week, @CondeElevator has become a dishy fly-on-the-wall at a company known for its strict rules, shone a light on the intimidating culture that still exists in the rarified halls of Old Media, and incited a massive witch hunt as outlets race to unveil the author. (more)
Why this is important.
It doesn't matter if the tweets are fact, or self-promoting fiction, it proves Twitter is a powerful technology. Your marketing people may see it as a boon. Your security people may see it as a nightmare. Point is, you need to see it, and keep an eye on it. See who's talking about your company.
Last Laugh - Briton, SpyCam Capital of the World
Can you think of a worse place in the world to riot in the streets?
SHOP A MORON - Name and shame a rioterClick to enlarge. |
These are just some of the 2,000 suspects being hunted today over Britain's riot mayhem. Police issued the CCTV shots and appealed to witnesses to identify anyone they recognise. Sun readers are urged to name and shame any morons they saw looting or committing arson and wrecking property. (more)
FutureWatch: A flood of RFP's for High-Def SpyCams. Darwin Awards.
Quote of the Day: “If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password.”
An uncomfortably large percentage of mobile applications are storing sensitive user account information unencrypted on owners’ smartphones, according to a new survey of 100 consumer smartphone apps.
Some 76 percent of the apps tested stored cleartext usernames on the devices, and 10 percent of the tested applications, including popular apps LinkedIn and Netflix, were found storing passwords on the phone in cleartext.
Conducted by digital security firm ViaForensics, the testing occurred over a period of over eight months and spanned multiple categories, ranging from social networking applications to mobile banking software. The firm tested apps only for iOS and Android, the market’s leading mobile platforms.
“If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password,” said Ted Eull, techology services vice president at ViaForensics, in an interview. (The Bad App List.)
Read up on what to do about it, here.
Click to enlarge. |
Conducted by digital security firm ViaForensics, the testing occurred over a period of over eight months and spanned multiple categories, ranging from social networking applications to mobile banking software. The firm tested apps only for iOS and Android, the market’s leading mobile platforms.
“If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password,” said Ted Eull, techology services vice president at ViaForensics, in an interview. (The Bad App List.)
Read up on what to do about it, here.
Wednesday, August 10, 2011
FBI, Texas Rangers Search City Offices for Bugging Devices
TX - Tenaha Mayor George Bowers has confirmed that Texas Rangers and FBI agents searched city property for bugging devices this week.
Bowers said he was present on Monday as the state and federal agents scoured the workplace for bugging devices. The search was conducted after city work hours, according to Bowers...
Bowers said he was present on Monday as the state and federal agents scoured the workplace for bugging devices. The search was conducted after city work hours, according to Bowers...
There are rumors several bugging devices were found inside the police station. City Marshall Tom Reader acknowledged the searches, but would not confirm or deny that any were found in the police station. (more)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Labels:
eavesdropping,
FBI,
find,
government,
police,
political,
TSCM
Security Flaws in Feds’ Radios Make for Easy Eavesdropping
via The Wall Street Journal...
The portable radios used by many federal law enforcement agents have major security flaws that allowed researchers to intercept hundreds of hours of sensitive traffic sent without encryption over the past two years, according to a new study being released today.
While studying the technology, researchers from the University of Pennsylvania overheard conversations that included descriptions of undercover agents and confidential informants, plans for forthcoming arrests and information on the technology used in surveillance operations...
While studying the technology, researchers from the University of Pennsylvania overheard conversations that included descriptions of undercover agents and confidential informants, plans for forthcoming arrests and information on the technology used in surveillance operations...
Their research also shows that the radios can be effectively jammed using a pink electronic child’s toy and that the standard used by the radios “provides a convenient means for an attacker” to continuously track the location of a radio’s user.
The authors say they are extremely concerned about the security lapses found in the radios, which are used by the FBI and Homeland Security as well as state and local law enforcement. “We strongly urge that a high priority be placed” on a “substantial top-to-bottom redesign” of the system, dubbed P25, they write. (more) (study)
Subscribe to:
Posts (Atom)