Friday, September 16, 2011

Annual Espionage Research Institute Meeting in DC

The world's top technical surveillance countermeasures specialists are meeting today through Sunday. If you're planning on planting a bug, now would be a good time. The cats are away.

Here is what they will be learning today...
• Blocking Competitive and State Sponsored Threats
• The Future of TSCM
• GSM Cell Phone Bug Detection using AirPatrol
• GSM and Hybrid Devices
• TSCM Product Demos
• Kestrel TSCM Software
• TSCM Inside Out

Oh, and that bug you planted. These cats will be back.


Thursday, September 15, 2011

Where Can You Buy A Bug in Washington, DC?

...at the International Spy Museum, of course...
Audio Bug
Price: $25.00
Code: 17039
Product Facts: The walls have ears…and now, thanks to Audio Bug, so can tables, windows, bookshelves, and lockers! Use the attached suction cup to stick this clever bug where it won’t be seen. With the voice-activation feature, it will start recording when your adversaries start talking or if they make noise when snooping in your headquarters. A hidden speaker records the audio — play it back at the touch of a button. Save your files and upload the evidence to your computer with the secret USB connector. Then start bugging again!

Technical Data: Ages 8 and up. Plastic and metal. Black/silver/orange. 3-1/2” x 1” x 1”. Requires 1 AAA battery, not included. (more)

Next question...
How can you find a bug in Washington, DC? (more)

Wednesday, September 14, 2011

Tip: Remove the Secret Stuff From Your Smartphone Today

Back in March, Scarlett Johansson's name popped up on a list of celebrities who found themselves the target of hackers that broke into their cell phones and leaked some nude photos and video.

With sultry X-rated pics of the sex symbol surfacing today on various gossip sites, ScarJo's fighting back by reaching out to the feds to find the perpetrators. (more)

Tuesday, September 13, 2011

Jackie, oh!

According to interviews, Jackie Kennedy gives "tart commentary on former presidents, heads of state, her husband's aides, powerful women, women reporters, even her mother-in-law." 

(She also said.) Martin Luther King Jr is "a phony" whom electronic eavesdropping has found arranging encounters with women. (more)
She also admits to eavesdropping on her husband and his advisers one morning when the emergency committee in charge of the crisis gathered in the Oval Room, unbeknownst to the press.

"So then, I went in the Treaty Room where I well, just to fiddle through some mail or something, but I could hear them talking through the door. And I went up and listened and eavesdropped," she confided. (more)

The News of the World Phone Hacking Scandal Continues

UK - As the UK parliament's inquiry into News of the World phone-hacking scandal continues, there's a lot of back-and-forth going on with regards to who knew what was happening - and when.

Immediately after the major players testified in July, it appeared that a bit of a calm before the storm was on the horizon. Things went silent for a bit. But that's changed now as new allegations, arrests and concerns have brought about new questions and evidence in the case.

To start with, a former lawyer for News of the World testified that News Corp. executive James Murdoch must have known that illegal phone hacking at the News of the World newspaper was not confined to the single journalist who was imprisoned for it. Tom Crone, who was legal manager of the paper, said Murdoch would only have given Crone authority to settle a lawsuit against News of the World if he had understood that there had been more illegal eavesdropping. (more)

Friday, September 9, 2011

They are very busy. That's why they're called busybodies.

UK - Millions of adults are self confessed computer hackers with more than one in 10 (13%) admitting they have accessed someone else's online account details without their permission.

According to research by life assistance company CPPGroup Plc (CPP), the most common 'casual' hacking takes place on Facebook and other social network sites. And while this will often be viewed as harmless spying, many admitted to accessing personal and work emails, money transaction portals such as PayPal and online banking sites.

Many people (32%) casually dismissed their hacking as something they did 'just for fun' while others admitted they did it to check up on their other half (29%) or a work colleague (8%). But it wasn't all passive spying - two per cent had very different motives admitting they did it for financial gain. (more)

Missing Email? Maybe it was Doppelganged!

Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months.

The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.

Sample of Info Netted - Click to Enlarge
Twenty gigs of data is a lot of data in six months of really doing nothing,” said researcher Peter Kim from the Godai Group. “And nobody knows this is happening.

Doppelganger domains are ones that are spelled almost identically to legitimate domains, but differ slightly, such as a missing period separating a subdomain name from a primary domain name – as in the case of seibm.com as opposed to the real se.ibm.com domain that IBM uses for its division in Sweden. (more)

If you use mobile devices, malware will come

IT people who try to secure mobile devices in a big company face three big conceptual problems.

First, many, if not most, of the smartphones and tablets are from Apple. Both veteran and rookie users tend to believe Apple devices aren't vulnerable to malware and hacks, so users don't need to take any precautions.

Second, even non-Mac users tend to think security is already built in to their smartphones or tablets, so they also resist efforts to install antivirus, firewall, or other additional security on what are often their own systems.

Third, the fastest-growing malware segment targets Adobe applications rather than the traditional browser or operating system, doing an end run around the expectations of both users and many IT security people, according to analysts at the security vendors McAfee and Commtouch. (more)

Thursday, September 8, 2011

Sick of Snooki? Tired of Trump? Fab-a-dab-a-Zap Shutdafacesup!

MAKE video producer Matt Richardson from Brooklyn shows you how to use an Arduino microcontroller to mute your television based on keywords found in the broadcast's closed captioning transcription. You can rest easy knowing that you'll never have to hear about Kim Kardashian—or whoever you're sick of—again! 

"A while ago it was Charlie Sheen. And then it was Sarah Palin. And then it was Donald Trump," said Richardson, who is a video producer for Make Magazine. "And after a while I realized there's sort of always someone who I don't really want to hear about."

Like any good hacker, Richardson decided to come up with a fix: He developed a do-it-yourself TV remote control that will automatically mute the television when certain celebrity names are mentioned.

He plans to debut and explain the hack at the upcoming Maker Faire event in New York. The name of his talk is "Enough Already: Silencing Celebs with Arduino." (more) (Wanna go?)

University Senior Management Bugging Confirmed

South Africa - The offices of senior management at Tshwane University of Technology (TUT) had been bugged, acting director-general of the Department of Higher Education and Training Gwebinkundla Qonde confirmed. The bugging was discovered by newly appointed administrator Prof Themba Mosia, Mr Qonde said. (more)

Blackern’ a blacksmith’s apron or Bum Steer?

TX - An emergency city council meeting in Bandera turned into a showdown with the police chief Wednesday night. Council member Maggie Schumacher publicly accused a police lieutenant of bugging the municipal building, an allegation Chief Jim Eigner denies.

"He (Lt. Neil McLean) said, 'we tape everything in this building.' He said this is a public building and we tape everything,'" Schumacher said.

Schumacher was referring to a conversation she had with Lt. McLean earlier today at the police department. A computer tech was there to make a backup of the entire police department computer system and Schumacher says Lt. McLean resisted. She called the Bandera County Sheriff's Office to step in. (more)

You decide.

Libyan spy files detail Gadhafi regime's collapse

As the uprising grew against Moammar Gadhafi, secret reports from his vaunted intelligence service flowed back to Tripoli. Some were mundane — how agents erased anti-regime graffiti. Others were more deadly — a spy volunteered to poison rebel leaders' food and drink.

The reports grew more desperate as the Libyan rebellion veered into civil war: Military leaders in the western mountains were disregarding orders; troops in the city of Misrata ran out of ammunition, turning the situation into "every man for himself."

These reports and hundreds of other intelligence documents seen by The Associated Press in Tripoli trace how the tide shifted in the six-month uprising that ended Gadhafi's 42-year reign. They show how an authoritarian regime using all its means failed to quash an armed rebellion largely fueled by hatred of its tools of control. (more) (sing-a-long CD found in spy HQ)

SpyCam Story #623 - Gumshoe the Cable Guy

Spy Camera Designed to Look Like a Cable TV Box
MI - An Addison Township man said Accident Fund Insurance Company of America had a spy camera placed on his property illegally.

Rob Guzanek said a private investigation firm placed the camera to spy on a his neighbor, Dana Fredericks, who has filed a disability claim at work for a bad back. However, Guzanek said the company illegally installed the battery-operated surveillance camera in a clearing where workers cut into his hedgerow." (more)

The Suite Life of (names withheld due to age and stupidity)

Vanessa Hudgens was left furious when she found out teenage boys had been spying on her sunbathing topless.

The former High School Musical star was laying topless in the garden of her Hollywood home when she heard the dreaded sound of giggly teenage boys.

"Vanessa's yard is very private, except for a small area that apparently affords a bird’s-eye view from the balcony of the house just above her, and that’s where three teen boys were peeking down at her, laughing and whistling," a source said. (more)

Wednesday, September 7, 2011

Wireless Microphone Eavesdropping at Business Hotel Conference Centers


Wireless presenter's microphones are commonly used in corporate boardrooms, auditoriums, and hotel conference centers. I have even found them being used as desk microphones in "secure" government conference rooms when running wires was not desired. 

Big mistake. The vast majority of wireless microphones use analog frequency modulation (FM) as their method of transmission. Eavesdropping on these transmissions is easy.

I created this video to quickly explain the problem.

There are secondary problems as well...
• Microphones left accidentally left 'on' from previous meetings.
• Just having these microphones around makes them available for eavesdroppers to use as bugs. Even if discovered there is plausible deniability. Who is to say it was not left 'on' accidentally?

Solution.
• The first step is to remove all analog FM wireless microphones from areas where sensitive discussions will be held; make them totally unavailable (sell or trash them).
Develop a business counterespionage strategy with a security consultant who specializes in electronic eavesdropping detection and business counterespionage consulting. They will be able to provide alternate solutions to using analog FM wireless microphones, and similar security vulnerabilities.
• Incorporate periodic inspections for illegal electronic eavesdropping devices into your security program. These inspections are also know as Technical Surveillance Countermeasures, or TSCM.
(more)