Wednesday, September 7, 2011

Wireless Microphone Eavesdropping at Business Hotel Conference Centers


Wireless presenter's microphones are commonly used in corporate boardrooms, auditoriums, and hotel conference centers. I have even found them being used as desk microphones in "secure" government conference rooms when running wires was not desired. 

Big mistake. The vast majority of wireless microphones use analog frequency modulation (FM) as their method of transmission. Eavesdropping on these transmissions is easy.

I created this video to quickly explain the problem.

There are secondary problems as well...
• Microphones left accidentally left 'on' from previous meetings.
• Just having these microphones around makes them available for eavesdroppers to use as bugs. Even if discovered there is plausible deniability. Who is to say it was not left 'on' accidentally?

Solution.
• The first step is to remove all analog FM wireless microphones from areas where sensitive discussions will be held; make them totally unavailable (sell or trash them).
Develop a business counterespionage strategy with a security consultant who specializes in electronic eavesdropping detection and business counterespionage consulting. They will be able to provide alternate solutions to using analog FM wireless microphones, and similar security vulnerabilities.
• Incorporate periodic inspections for illegal electronic eavesdropping devices into your security program. These inspections are also know as Technical Surveillance Countermeasures, or TSCM.
(more)

Internal Office Snoops and Spies - 50% of the problem

Marie McIntyre, Ph.D., is an office coach. She has more than 20 years experience as a manager, business owner and the HR director at a Fortune 500 company. Here is an office eavesdropping question she recently fielded...

Question: A co-worker told me that he brings a voice recorder to work to catch people talking behind his back. He will tape it underneath a desk or hide it behind a picture. We used to be friends, but I now seem to be on the list of people that he hates. I’ve started searching my work area every morning to be sure his recorder isn’t there. Although this guy’s weird behavior makes me sick, I’m not sure what to do about it. Should I bring this to the attention of human resources? —Nervous in Indiana

Answer: Yes, you should immediately have a confidential talk with your HR manager. Your colleague’s devious behavior is both appalling and a little frightening.

His suspiciousness, combined with a growing “enemies list,” may indicate paranoid tendencies. If he feels betrayed, he could decide to seek revenge. So when you report his clandestine activities, ask the HR manager not to reveal your name.

If you fear that HR may fail to protect your identity, describe the situation in an anonymous note. Although unsigned complaints are often disregarded, management is unlikely to ignore this one. 

I can add to her answer...  
About 50% of electronic eavesdropping in the business environment is caused by employees. The reasons range from office romance, job insecurity, promotion competition, and on up to conducting espionage for outsiders – either for money, ideology or under pressure from blackmail.

We hope the HR director in this particular case will realize that hiding a recorder for eavesdropping purposes is a criminal offense and takes the proper steps to protect the employee and the employer. A good first step would be contacting a security consultant who specializes in illegal electronic surveillance matters.

Tip: All types of security consultants are listed in the IAPSC.org Security Consultant Directory.

Tuesday, September 6, 2011

Tips for Securing VoIP Phones in the Cloud

Click to enlarge.
South Africa - ...accepting an unprotected Internet Protocol (IP) connection from your VOIP partner is not the safest tactic. “Besides inviting eavesdropping on your most sensitive business dealings”, says Rob Lith, Director of Connection Telecom, “It also puts you at risk of sponsoring thousands of rands ($) in phone calls made on your account.”

What can be done?
So what can be done to keep your PBX safe from spilling your trade secrets and bleeding out your cash resources? The good news is that both VOIP providers and customers can pitch in. Here are some ways to safeguard your telephony:

Customer-side
· Password generators – Cloud PBX customers should use only securely-generated random passwords. Passwords chosen by humans are often the weakest link in a company’s security posture, so invest in tools that manage and retrieve passwords easily and securely. 1password from AgileBits is a good example.
· Strong access policies – It can be as basic as allowing only known IP address ranges access to the voice platform. But this approach, while highly secure, sacrifices flexibility – for instance the ability to access the voice server while roaming overseas.
· Cloud customers can also load tools that monitor VOIP accounts for repeated failed password attempts, and block the IP address from which the attempts are coming pending administrator investigation. Fail2ban is one such tool.

Provider-side
· Tools like Zabbix monitor unusual call patterns, destinations, numbers of live calls and account balances, and trigger alarms when certain values are exceeded (too many calls, a sharp drop in account balance, unusual international prefixes being dialed etc). Anything out of place is picked up long before too much harm can come to the user enterprise.
· VPN tunneling used in an enterprise VOIP service shields calls from eavesdropping and line-jacking, making it as secure as line encryption. An MPLS network and VPN technology like ViBE are among the applications that enable secure VPN tunnelling.
· Private cloud solutions are shielded from the public Internet by virtue of the customer’s ownership of the hosted domain.

Conclusion
VOIP hacking, while not an everyday occurrence, is very possible. However, with the right tools and a few basic security habits, this form of communication can be highly secure. (more)

Monday, September 5, 2011

Spycam Story #622 - Solved Faster Than A Clapboard Slap

Australia - Queensland Police are investigating how security footage of public sex and bar fights at a Cairns casino made it onto YouTube.

The CCTV footage of patrons was the subject of an investigation last year but were removed from the Reef Hotel Casino and posted on the internet.

Detective Senior Sergeant Ed Kinbacher says the footage appears to have been stolen by a former staff member. (more)

Are Your Passwords Sardonic Humor Fodder? II

After reading the original post about easy to guess passwords, another BB Irregular checked in with this excellent password tip.  

Brilliant, David. 
Thank you!
Via Randall Munroe at xkcd.com. Click to enlarge.

Walter Mitty Goes Shopping... for Spy Gadgets

Australia -  Anyone who has ever fancied themselves as a secret agent, Maxwell Smart style, now has the chance to purchase some nifty spying gadgets locally. The Frankston franchise of OzSpy opened recently and stocks everything from bug detection devices to hidden cameras.

"We get a lot of people who come in because they think their spouse is cheating," he said. "We also have businesses wanting to check up on employees. Some people want to leave listening devices around as evidence if there is something they are concerned about. This is probably the only store of its type in the area." Mr Dodd said there were a few customers who thought of themselves as investigators. The shop definitely has a bit of a secret agent appeal to it."  But he said some people just buy the equipment for fun. (more)

Other fun things you can do, but probably not in Australia...

Saturday, September 3, 2011

Hounded by Eavesdropping, Berlusconi Snaps (Can you blame him?)

Italy - Embattled Italian Prime Minister Silvio Berlusconi, under withering scrutiny for his high-profile sex life, was caught on a police wire saying he wanted to flee his "s---y" country.

Berlusconi's shocking remarks were recorded in July as part of an investigation into claims he is being blackmailed about his sex life, according to The Guardian. 

"They can say about me that I s--w. It's the only thing they can say about me. Is that clear?" the frustrated Prime Minister said to one of the men allegedly extorting him. "They can put listening devices where they like. I don't give a f--k."

"In a few months, I'm getting out to mind my own f---ing business, from somewhere else," he continued, "and so I'm leaving this s---y country of which I'm sickened." (more)

Not knowing if you have privacy is universally stressful and personally debilitating. It is especially bad in business and government where there is the added stress of not being able to conduct business in confidence. These are some of the reasons why periodic inspections to detect electronic surveillance are a basic element of most organization's security program.

Greece Won't Let Wiretapping Slip

A Greek prosecutor Friday reopened a probe into wire-tapping of government mobile phones at the time of the Athens 2004 Games, indicating that US embassy staff were involved, a judicial official said.

Without naming specific suspects, Athens prosecutor Dimitris Dassoulas filed an action for "a major case of attempted espionage" after a preliminary investigation identified three suspects working at the US embassy at the time.

The investigation found that calls had been placed to embassy telephones from a mobile phone used in the wire-tapping network, the source said. (more)

Spycam App... "What could possibly go wrong?"

"With iZON, you can stream live video and audio to your iPod, iPhone or iPad, activate motion or noise detection and receive alerts by push notification.



Keep a loving eye on your your baby, your puppy, your other baby and her lover. Screech!!! What other baby. What lover?!?!

"Enjoy peace of mind on the go with the iZON Remote Room Monitor. This innovative and elegant video camera enables you to view and listen to activity in your home or office from anywhere in the world on your iPod touch, iPhone or iPad."

The Pitch.
FutureWatch.
Remember the old "listen through concrete" ads for bugging devices... "useful for detecting baby sleeping and locating mice in walls?" Welcome to the 21st Century where electronic eavesdropping laws continue to be circumvented by that galactic loophole - "primarily useful for". In this case, it appears that this will be "primarily useful for" spying on those without rights, babies and puppies. Heck, what are the chances that someone will hide one of these things for voyeuristic reasons? 

And, if an app store approves it for sale, it must be legal, right? 
Keep your eye on our SpyCam Story posts to see what happens.

From the Party that Brought You, "The Buck Stops Here."


NY - Democratic congressional candidate David Weprin isn't denying accusations that his campaign volunteers tried to spy on his rival's headquarters to send back intel.

In an interview with NBC New York, Weprin tried to change the subject, saying the story is a "distraction" and that he can't be responsible for all the actions of his campaign workers.

"I don't know," Weprin said. "I'm the candidate. I can't control who goes to everything." (more)

Thursday, September 1, 2011

Some of the meanest, ulgiest, HD CCTV video you'll ever see.

SD - Every August half a million bikers descend on a small town in South Dakota for the country’s largest motorcycle rally.

The Full Throttle Saloon, at the heart of the week-long rally, caters to roughly 30,000 bikers a day and handles millions of dollars in cash over the course of the rally. This is not your average bar. The Full Throttle has 15 acres of bar space and more than 100 bartenders working at any one time during the rally, according to Chris Donahue, the bar’s spokesman. The bar’s website claims it is “the world’s largest biker bar.”

Part of managing that crowd is video surveillance. Over the past five years, the Full Throttle has spent roughly $40,000 on beefing up its security system, including 20 new HD megapixel cameras from IQinVision. Donahue likes to tout the claim that the Full Throttle has a more robust security system than some Las Vegas casinos. (more)

How AT&T Tapped the Trunk Lines for the NSA

via wikipedia.com...
Click to enlarge.
Room 641A is an intercept facility operated by AT&T for the U.S. National Security Agency, beginning in 2003. Room 641A is located in the SBC Communications building at 611 Folsom Street, San Francisco, three floors of which were occupied by AT&T before SBC purchased AT&T. The room was referred to in internal AT&T documents as the SG3 [Study Group 3] Secure Room. It is fed by fiber optic lines from beam splitters installed in fiber optic trunks carrying Internet backbone traffic and, therefore, presumably has access to all Internet traffic that passes through the building.

The room measures about 24 by 48 feet (7.3 by 15 m) and contains several racks of equipment, including a Narus STA 6400, a device designed to intercept and analyze Internet communications at very high speeds.



The existence of the room was revealed by a former AT&T technician, Mark Klein, and was the subject of a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T. Klein claims he was told that similar black rooms are operated at other facilities around the country. 
Click to enlarge.
Room 641A and the controversies surrounding it were subjects of an episode of Frontline, the current affairs documentary program on PBS. It was originally broadcast on May 15, 2007. It was also featured on PBS's NOW on March 14, 2008.

The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T on January 31, 2006, accusing the telecommunication company of violating the law and the privacy of its customers by collaborating with the National Security Agency (NSA) in a massive, illegal program to wiretap and data-mine Americans' communications. On July 20, 2006, a federal judge denied the government's and AT&T's motions to dismiss the case, chiefly on the ground of the States Secrets Privilege, allowing the lawsuit to go forward. On August 15, 2007, the case was heard by the Ninth Circuit Court of Appeals.

An additional case by the EFF was created on September 18, 2008, titled Jewel v. NSA.

Watergate II in America

AT&T building in downtown San Francisco
 Lawyers for civil liberties groups asked a federal appeals court Wednesday to revive two groups of lawsuits claiming the government has monitored the communications of millions of Americans without warrants since 9/11.

The cases involve the federal government's widely expanded efforts to track down terrorists following the attack a decade ago - efforts that included, at minimum, the interception of international communications that could include members of al-Qaida or other extremist groups.

The San Francisco-based Electronic Frontier Foundation, the American Civil Liberties Union and other critics allege that the surveillance was much broader than that. They cite among other things a declaration from a longtime AT&T worker that the company had allowed the National Security Agency to build a room in one of the company's buildings and route copies of customers' communications there. (more)

History
Secret NSA Room 641A - Note ladder and open ceiling tile. Oops.
1/21/10 - A federal judge has dismissed Jewel v. NSA, a case from the Electronic Frontier Foundation (EFF) on behalf of AT&T customers challenging the National Security Agency's mass surveillance of millions of ordinary Americans' phone calls and emails. (more) 


7/9/09 -  Wiring Up The Big Brother Machine...And Fighting It by Mark Klein and James Bamford

8/15/07 - Spectators lined up outside the 9th Circuit Court of Appeals in San Francisco starting at noon to guarantee a seat at a much-anticipated legal showdown over the government’s secret wiretapping program. 

The hearing involves two cases: one aimed at AT&T for allegedly helping the government with a widespread datamining program allegedly involving domestic and international phone calls and internet use; the other a direct challenge to the government’s admitted warrantless wiretapping of overseas phone calls. (more)

Watergate in Colombia

In Colombia, a major scandal involving the country's intelligence service is unfolding. Colombia's chief prosecutor says the spy service bugged the Supreme Court, intercepted the phones of its justices and followed their every move.

With hours of tape as evidence, prosecutors say the Department of Administrative Services (DAS), which is under the president's control, targeted the court's justices and the investigative magistrates, who function something like prosecutors.


The purpose was to find ties between the criminal underworld and the court in order to discredit the country's highest judicial body.

And now for something completely different...

From the book, The Spy (note the police used a Packard)...