Monday, October 3, 2011

Security Alert: HTC - Heartbreaking Technical Compromise

In news that will no doubt be of great concern to owners of HTC smartphones, a security team is claiming to have uncovered a "massive security vulnerability" in HTC Android devices that allows any application with Internet access to gain access to private data, including user accounts, email addresses, GPS location, text message data and phone numbers. 

The vulnerability is said to affect HTC smartphones running the latest version of HTC's software, including the EVO 3D, EVO 4G, Thunderbolt, and others. (more)

Sunday, October 2, 2011

Cyber Spying on Estranged Wife

PA - Jay Anthony Ciccarone, 39, was charged Monday night with unlawful use of a computer and related offenses for allegedly installing "Web Watcher," a spyware package, on the victim's computer, said Tredyffrin Township police.

Police said the investigation began a year ago when the woman, who was in the midst of divorce proceedings with Ciccarone, contacted police because he appeared to be monitoring her daily activities.

A forensic examination of the computer revealed the presence of the spying program, which "works by recording all manner of activity on the computer, including keystroke logging, capturing email and internet activity," the criminal complaint said. (more)

This Week in World Spy News

Egypt - A Jordanian telecommunications engineer, who is on trial in Egypt on charges of spying for Israel, pleaded not guilty on Sunday. (more)

Pakistan - A blindfolded man stands on explosives, trembling as he confesses to spying for the CIA in Pakistan. Armed men in black balaclavas slowly back away. Then he is blown up. One of his executioners -- members of an elite militant hit squad -- zooms a camera in on his severed head and body parts for a video later distributed in street markets as a warning. (more)

Taiwan - Allegations of spying against National Police University associate professor Wu Chang-yu are only the tip of the iceberg, members of the Falun Gong movement said on Saturday. Wu, who teaches Chinese political history, was arraigned for questioning on Thursday on charges of allegedly spying for China and passing information to Chinese officials about Chinese dissidents, pro-Tibetan activists and the Falun Gong movement in Taiwan. (more)

UK - New Home Office rules asking academic staff at British universities to keep a tab on students from India and other non-EU countries have sparked off concern that lecturers have been turned into "spies and spooks". (more)

USA - A Greenville, NY man faces two to six years in state prison when sentenced in Orange County Court next month for videotaping neighbors without their knowledge. Angelo DeMaria, 24, pled guilty Friday to 24 counts of felony second-degree unlawful surveillance. He was arrested last April after a neighbor spotted him on the roof of her garage. She called state police, who caught him with a video camera. (more)

USA - U.S. prosecutors are charging a former guard at a U.S. consulate in China with attempting to communicate national defense information to Chinese officials. Bryan Underwood has been indicted for trying to pass on photographs and other sensitive information to representatives of the Chinese government between March and August of this year. The Associated Press reports Justice Department officials say during that period Underwood was a contract guard at a consulate under construction in Guangzhou in southern China. (more)

Hezbollah has detained four of its own members on charges of spying for Israel while a fifth has fled, the London-based daily Asharq Alawsat reported last weekend. (more)

Lebanon has arrested three people suspected of spying for Israel and trespassing, the London-based al-Hayat newspaper reported Tuesday. (more)

Saturday, October 1, 2011

Police Lose GPS in Ohio

Although the US Supreme Court is expected to settle the issue of GPS tracking of motorists soon, a three-judge panel of the Ohio Court of Appeals, Fifth District ruled 2-1 earlier this month against the warrantless use of the technology. 

The majority's decision was likely designed to influence the deliberations of the higher courts. On November 8, the US Supreme Court will hear oral arguments in the GPS case US v. Jones. The Ohio Supreme Court is also considering Ohio v. Johnson in which the Twelfth District appellate court upheld warrantless spying.

The present case began on January 14, 2010, when Franklin County Sheriff's Department Corporal Richard Minerd's investigation of a burglary brought him to a white Honda Civic in an apartment complex. Minerd slapped a battery-powered GPS tracking unit under the bumper that allowed real-time tracking of the vehicle's location, speed and direction of travel. Minerd did not seek a search warrant before acting.

Nine days later, the Civic appeared at the location of a robbery, and Minerd was able to follow the car back to the home of David L. White, who was caught with the stolen property. The Fifth District considered the question of whether it is ever acceptable for government agents to attach such devices to privately owned vehicles without a warrant. (more)


Note: This case affects law enforcement use, not use by private citizens.

Friday, September 30, 2011

When Brain Sucking Smartphone Spiders Meet Badges

You may have heard about the Cellebrite cell phone extraction device (UFED) in the news lately. It gives law enforcement officials the ability to access all the information on your cell phone within a few short minutes.

When it became known that Michigan State Police had been using the tool to access cell phones during traffic stops, it raised concern with the ACLU... You'd be surprised to see just how much data today's smartphones can store -- and police can access...

What's up for grabs?

"...all of our contacts, call logs, voicemails, text messages (deleted ones too), all our notes, recent map searches, Facebook contacts, all locations (WiFi and Cellular), and current and deleted photos." (more)

Tip: You can give up your phone voluntarily, or hold out for a search warrant.

Insanely Great Battery Volt Jolt

Researchers from the National University of Singapore's Nanoscience and Nanotechnology Initiative (NUSNNI) have created what they claim is the world's first energy-storage membrane. Not only is the material soft and foldable, but it doesn't incorporate liquid electrolytes that can spill out if it's damaged, it's more cost-effective than capacitors or traditional batteries, and it's reportedly capable of storing more energy.

The membrane is made from a polystyrene-based polymer, which is sandwiched between two metal plates. When charged by those plates, it can store the energy at a rate of 0.2 farads per square centimeter - standard capacitors, by contrast, can typically only manage an upper limit of 1 microfarad per square centimeter.

Due in part to the membrane's low fabrication costs, the cost of storing energy in it reportedly works out to 72 cents US per farad. According to the researchers, the cost for standard liquid electrolyte-based batteries is more like US$7 per farad. This in turn translates to an energy cost of 2.5 watt-hours per US dollar for lithium-ion batteries, whereas the membrane comes in at 10-20 watt-hours per dollar. (more) (sing-a-long)

FutureWatch: If this is true, our world is going to take an interesting twist.

Thursday, September 29, 2011

6 Real World Spy Gadgets Straight Out of the Movies

#1. Hidden Guns
It's the most obvious spy gadget of them all: A gun that doesn't look like a gun. But while you've probably seen the odd shotgun cane or rifle umbrella (hopefully before it was too late), the sheer depth and breadth of tiny guns hidden in mundane objects might surprise you...

#2. U.S. Embassy Seal
Presented to the U.S. Ambassador by Soviet schoolchildren, this Great Seal of the United States hung proudly in the man's office in Spaso House from 1946 to 1952. Well, after a good bug scan, of course, which turned up nothing. The ambassador wasn't a fool: He knew the Soviets were desperately trying to bug everything they could get their hands on...

#3. Compass Buttons
If one of your soldiers is captured and placed in a POW camp, you want to make sure he's as well-prepared for escape as possible. After all, breaking out of prison is just the first step...

#4. Martini Olive
Budding mad scientist Hal Lipset specialized in inserting audio devices into seriously inappropriate places...

#5. Poop
In the Vietnam War, it was common for U.S. soldiers to litter the Vietnamese countryside with mounds of fake tiger shit. Why? To demoralize the enemy? To attract other tigers to their position? Just because it was funny? Nope: Because they had...

#6. Umbrella Dart Gun
Georgi Markov was a pair of freedom-loving bohemian testicles resting gently on the forehead of communist Bulgaria. His writing was winning all sorts of awards and stirring anti-communist movements all across Europe. Clearly, they had to get those balls off their face, and stat. So... 

You would have to be mad not to love how of cracked.com wrote this up! Thanks for including us, Eric! (more)

Beware the Cell Sucking Spiders

...a gray hat app developer has released into the wild five tools purportedly for "study purposes" that can clean out all the data on an Android smartphone in less than a minute.

Based on information from virus researchers at BitDefender, here's how the tools work.

When any of the apps is loaded on a victim's phone, they can be activated remotely by a cyber thief. Once activated, it sends a five digit pass code to the phone's intruder and secretly uploads the device's contacts, messages, recent calls, and browser history into the developer's space in the Android Cloud. After copying the data from the phone, the apps uninstall themselves so a target won't know they were even on their mobile...

This latest attack on Android phones is just one of many this year. In fact, the phones are seen as a ripe target for mobile miscreants. According to a report released by a cybersecurity software maker in August, attacks on Android by malware writers jumped 76 percent over the previous three months, making it the most assaulted mobile operating system on the planet.

Some of that malware has been devilishly clever. For example, a bad app called Soundminer listens to conversations on an Android phone and is able to recognize when a credit card is spoken. After identifying such a number, it snips it from the conversation it has been recording and sends it to a Web baddie. (more) (further advice)

Trumped by KickButtTakeNames.com...

A web proxy service has come under fire after a federal indictment revealed that the company cooperated with U.S. authorities in their investigation into the hacking of SonyPictures.com.

HideMyAss.com, a VPN service that encrypts one's traffic to enable users to surf the web anonymously, was ordered by a U.K. judge, at the request of FBI agents, to release log information about an Arizona man (Cody Kretsinger) who was arrested Thursday for his role in the Sony intrusion...

But now, as Kretsinger awaits prosecution, HideMyAss.com faces criticism from privacy advocates and users who believe the service went back on its promise. (more)

Circuit Court Judge David Frankland - Privacy Hero

2009 - Michael Allison brought a digital recorder to the Crawford County Courthouse in Downstate Robinson (Illinois), where he was contesting a citation, because he had been told there would be no official transcript of the proceedings. He was immediately confronted by Circuit Judge Kimbara Harrell, who accused him of violating her privacy and charged him with eavesdropping, a felony punishable by up to 15 years in prison.

Because Allison had recorded conversations about his legal situation with police and other local officials, he soon faced four more eavesdropping charges, raising his possible sentence to 75 years. The case against Allison vividly shows how the Illinois Eavesdropping Act, the target of a constitutional challenge that was recently heard by a federal appeals court, undermines transparency, civil liberties and legal equality. (more)


2011 - Michael Allison, an Illinois man who faced a potential sentence of 75 years in prison for recording police officers and attempting to tape his own trial, caught a break last week when a state judge declared the charges unconstitutional. "A statute intended to prevent unwarranted intrusions into a citizen’s privacy cannot be used as a shield for public officials who cannot assert a comparable right of privacy in their public duties," wrote Circuit Court Judge David Frankland. "Such action impedes the free flow of information concerning public officials and violates the First Amendment right to gather such information." (more)

How Long are Your Cell Phone Records Kept?

Find out here.

The nation’s major mobile-phone providers are keeping a treasure trove of sensitive data on their customers, according to newly-released Justice Department internal memo that for the first time reveals the data retention policies of America’s largest telecoms.

The biggest difference in retention surrounds so-called cell-site data. That is information detailing a phone’s movement history via its connections to mobile phone towers while its traveling.

Verizon keeps that data on a one-year rolling basis; T-Mobile for “a year or more;” Sprint up to two years, and AT&T indefinitely, from July 2008.
(more)

Wednesday, September 28, 2011

Reading Recommendations from Privacy Journal

Query: I am a subscriber to your journal. Very informative. Could you please suggest a couple good references (journal articles, books, etc.) that discuss privacy and information retrieval?
 
From Privacy Journal's staff...
Publisher Robert Ellis Smith makes these recommendations:
“Principles for Government Data Mining” by The Constitution Project
Need an expert witness on privacy? Smith is your man. Privacy Journal, has a world-wide subscriber audience and is based in Providence RI. Their address is P.O. Box 28577, Providence RI 02908, Phone: 401/-274-7861

Free Likejacking Prevention — Plug-In for Firefox, Google Chrome and Safari

ThreatLabZ, the research arm of Zscaler, released a free tool to combat the biggest threat on Facebook -- Likejacking.

Called Zscaler Likejacking Prevention, it was developed for the sole purpose of helping consumers stop being further victimized.

This popular attack leverages clickjacking to trick users into "Liking" a fake video, survey or web link, propagating the scam further as it spreads virally from one person to their network, and on to their networks’ networks, and so on. (download) (more)

Citizen Shame

S. Korea - With his debts mounting and his wages barely enough to cover the interest, Im Hyun-seok decided he needed a new job. The mild-mannered former English tutor joined South Korea’s growing ranks of camera-toting bounty hunters.

Known here sarcastically as paparazzi, people like Mr. Im stalk their prey and capture them on film. But it is not celebrities, politicians or even hardened criminals they pursue. Rather, they roam cities secretly videotaping fellow citizens breaking the law, deliver the evidence to government officials and collect the rewards.

“Some people hate us,” said Mr. Im. “But we’re only doing what the law encourages.” (more)

P.S. “I’m making three times what I made as an English tutor,” said Mr. Im, 39, who began his new line of work around seven years ago and says he makes about $85,000 a year.

Business Espionage Alert: Embedded Web Servers

Many types of Web-connected photocopiers, scanners, and VoIP servers have no default passwords or other security enabled to stop remote eavesdropping.

Numerous models of printers, photocopiers, and voice over IP (VoIP) systems are Internet-connected. But their embedded Web servers often use well-known default passwords or firmware that has known vulnerabilities, either of which could be used by remote eavesdroppers to intercept internal communications...

Web-accessible photocopiers and the like are essentially repositories of any recent documents or communications of interest, and thus could serve as a competitive intelligence treasure trove

Some devices even offer would-be attackers time-saving shortcuts. Certain models of Sharp photocopiers, for example, can be set to upload all scanned or copied documents to an external site via FTP, or email them to an outside email address. Meanwhile, some HP all-in-one printers have a feature called Webscan, which allows anyone with a browser to scan and download whatever is on the scanner bed. (more)