Thursday, October 20, 2011

A Survey of Mobile Malware in the Wild

via Michael Kassner, techrepublic.com
A group of Berkeley researchers take a long, hard look at mobile malware. What they found should interest you...

William Francis — fellow TechRepublic writer/Android investigative partner — and I research Android permissions and Android malware. Every step of the way, we have the support and guidance of experts — one being Adrienne Porter Felt.

I just learned that Adrienne and fellow U.C. Berkeley researchers Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner coauthored “A Survey of Mobile Malware in the Wild“. Their point: Mobile malware is a clear and present danger.

I normally avoid the dramatic, but a lot of good people are trying to raise awareness about the increased presence of mobile malware, and I want to help. (more)

Wednesday, October 19, 2011

MIT researchers have developed a new radar technology that gives real-time video of what’s going on behind solid walls from up to 60 feet away.

While existing through-wall systems have delivered images at a snail's pace, the new device offers video at 10.8 frames per second. (more)

Just don't put your phone on your girlfriend's nightstand...

People sit down, turn on their computers, set their mobile phones on their desks and begin to work. What if a hacker could use that phone to track what the person was typing on the keyboard just inches away?

A research team at Georgia Tech has discovered how to do exactly that, using a smartphone accelerometer ­the internal device that detects when and how the phone is tilted ­to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy. The procedure is not easy, they say, but is definitely possible with the latest generations of smartphones. 

“We first tried our experiments with an iPhone 3GS, and the results were difficult to read,” said Patrick Traynor, assistant professor in Georgia Tech’s School of Computer Science. “But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.” (more)

Sunday, October 16, 2011

Security Director Tip: Show & Tell with a Smile

Make this button part of your executive information security briefings.
Click to enlarge.
When you get to the part of your spiel about how business espionage surveillance gear is so effective, covert and easily available, take the button off, plug the SD card into your laptop and show them the movies of themselves. They will get the idea. And, you will get funding for eavesdropping detection sweeps (TSCM) of their offices, conference rooms and boardroom more easily. (Of course, abide by your state law if you record video and audio.)

Features

  • Ease of use
  • Clip on style pin
  • Looks just like the iconic smile face pin
  • Record modes include: audio and video, still images, and audio only



Technical Specs

  • Resolution: 720 x 480 @ 29FPS
  • Still image resolution: 2048 x 1536
  • Storage: Micro SD Cards up to 16GB  (eBay)

Security Tip: Verizon will soon begin spying on your web habits, here's how to opt out...

If you're a Verizon wireless customer, your online identity is about to take another privacy hit.  
The company just revealed that its new service agreement will include language that allows the monitoring of your web habits, including websites you visit and even the location data of when and where you use your wireless browser...

Simply head to Verizon's privacy center, sign into your account using your phone number and password, and review the new policy. On this page there are two places where you can specify that your information not be used for marketing or any other purposes. Simply check these boxes and save your changes. This simple step will prevent your wireless carrier from tracking your location and web habits, and while it might not help advertisers present the best deals on items or services that interest you, your online identity will remain as secure as possible. (more)

Hollywood hacker apologises for spying on stars


FL - A computer hacker accused of infiltrating the email accounts of Hollywood stars including Scarlett Johansson has apologized, and says he plans to plead guilty to all charges.

Christopher Chaney, 35, faces up to 121 years in jail after being arrested in Florida on Wednesday. He faces 26 indictments, including accessing and damaging computers, wire tapping and identity theft.

Chaney's arrest, following an 11-month probe into the hacking of more than 50 victims, including actress Mila Kunis and singer Christina Aguilera. (more)

Saturday, October 15, 2011

"Hakim, if caught, you ditch the bug, eat the notes. Got it?"

The Lebanese Army Intelligence arrested a man after doctors at a Beirut hospital found a spying device planted in his belly, As Safir daily reported on Wednesday.

As Safir said that H.M. was admitted to hospital after falling ill. When the doctors ran a check-up on him, they found the electric device.

After inspecting the device, the Army discovered that it is a highly developed spying equipment, the newspaper said. It added that the Army Intelligence is questioning the man in full secrecy. (more)

This Week in World Spy News

Cuba - Rene Gonzalez, freed from a US prison last week after serving 13 years on spy charges, pledged to "keep fighting" for the release of his jailed comrades. (more)

An Iranian Furgetaboutit
Iran - The alleged Iranian plot to assassinate a Saudi ambassador to the United States may have revealed the biggest secret of all -- intelligence agencies mess up and do not always live up to the James Bond ideal. (more)

USA - A detention hearing for a Virginia man accused of spying on protesters in the U.S. for Syria has been postponed until next week. (more)

Germany - Germany's Bundeswehr introduced the latest addition too the fleet of its Luftwaffe air force: the "Euro Hawk," a massive reconnaissance plane that can zero in on targets from altitudes of up to 20 kilometers (12.4 miles). The unmanned drone is the product of a joint venture between the American defense contractor Northrop Grumman and the European aerospace company EADS. (more)

USA - According to a new Harris Interactive survey conducted with over 2,300 people, 50 percent of American adults have no problem whipping out the smartphone to take secret videos of unsuspecting people. While this doesn’t mean that all respondents have come across an opportunity to spy on someone, they did list several scenarios that would cause them to hit the record button. The most popular response at 23 percent was recording people in embarrassing outfits, perhaps to upload a silly compilation on YouTube. Fifteen percent of mean-spirited survey takers would use the video function to record someone tripping and falling. (more)

USA - The NanoEye program is a research and development effort to support future theater operations. The Technical Center is developing NanoEye as a low cost, maneuvering, electro-optical, microsatellite-class imagery satellite that will be tasked directly by the tactical ground component Warfighter, who will then receive the desired images minutes later. The on-board propulsion system can take the satellite to lower altitudes finer ground resolution imagery necessary to support the mission. (more)

USA - A retired Springfield police officer is accused of recording video from hidden cameras in the bathroom and bedroom of a teenage girl. Jack Van Matre, 54, is charged with first-degree invasion of privacy, for which he could get a prison sentence up to four years if he’s convicted.  (more)

Give 'em a liter and take a hose'n...

Germany - A group that calls itself the Chaos Computer Club prompted a public outcry here recently when it discovered that German state investigators were using spying software capable of turning a computer’s webcam and microphone into a sophisticated surveillance device.

The club, a German hacking organization, announced last Saturday it had analyzed the hard drives of people who had been investigated and discovered that they were infected with a Trojan horse program that gave the police the ability to log keystrokes, capture screenshots and activate cameras and microphones. The software exceeded the powers prescribed to the police by Germany’s Federal Constitutional Court. The public condemnation was swift and strong, renewing a national debate into how far the government can intrude into digital privacy. (more)

Tuesday, October 11, 2011

Why Do Business Spies Spy?

In this week's issue of Chemical and Engineering News, Marc Reisch authors a rather interesting look at the multitude of US-based multinational employees who have taken company trade secrets and intellectual property and gone east with them. After talking about Michael David Mitchell, a DuPont employee who gave his company's IP to a South Korean competitor:
Nobody has a clear fix on just how often employees steal vital confidential information from their employers. What is clear is that over the past five years six former chemical company employees have admitted to or been convicted of stealing trade secrets from their employers. In five of the cases, the employee involved was of Asian descent. And in all of the cases, the intended recipient of the proprietary information was an Asian company or university.
The reasons for the IP (Intellectual Property) theft aren’t clear either. “Those who engage in a major scam are likely to have complex motivations,” says Chris MacDonald, author of the Business Ethics Blog and a visiting scholar at the Clarkson Centre for Business Ethics & Board Effectiveness at the University of Toronto. “It’s hard to boil it down to a single factor.”
MacDonald points out that “when people do the wrong thing, it’s generally not because they lack the relevant values.” Instead, wrongdoers find ways to rationalize their behavior. For instance, employees who steal IP may believe they serve a higher purpose in committing the act, such as helping fellow countrymen or bringing the benefits of technology advances to underprivileged people.
Although the motives of those who steal corporate secrets may be complex, monetary gain was involved in most of the chemical industry cases, according to a review of court documents by C&EN. After Mitchell stopped working for DuPont in 2006, he began to work as a paid consultant for Kolon and e-mailed proprietary DuPont documents to Kolon employees. Court documents ascribe the crimes of former Dow Chemical researcher Kexue Huang mostly to greed but also to feelings of patriotism and paternalism. (more)
Why do people betray their country? MICE, of course: Money, Ideology, Compromise, Ego.

SpyCam Story #625 - Angry Bird Brains

The California Public Utilities Commission has ordered Muni to install video cameras in the cabs of Muni metro trains to surveil operators and discourage cell phone use while operating trains. We all know that many of the drivers just like to kick it in there, up in the front of the trains, while the trains are on auto-pilot in tunnels and being controlled by computer. But now they must stop playing Angry Birds and remain ever vigilant while on the job, or else face possible disciplinary action. (more)

Business Espionage: Hooters v. Twin Peeks - Battle of the...

(stop snickering)
The AP is reporting the Hooters of America restaurant chain filed a federal lawsuit in Atlanta this week claiming that a former executive swiped mounds of documents to help an upstart competitor that plans to expand the Twin Peaks franchise.

The lawsuit filed in U.S. District Court in Atlanta on Wednesday said former Hooters vice president Joseph Hummel downloaded reams of “sensitive and highly confidential business information” to help La Cima Restaurants, an Atlanta-based firm that plans to help build 35 Twin Peaks stores across the Southeast.

Both chains are known for scantily clad women serving casual food... “The casual dining industry operates on extremely thin profit margins,” it said. “As a result, every operational advantage … is a jealously guarded business secret.”

...Even after his last day, Hummel was still able to download documents from company servers and transmit them through his personal email account because the company forgot to block his access, it said.

All told, the lawsuit said, Hummel took “well over 500 pages of highly sensitive business information and trade secrets” from Hooters. (more)

Is that runny nose a cold, or just a new message coming in?

via our West Coast ghost... 
Espionage just got a little more sophisticated and scientific. Invisible ink? Decoder rings? Lemon juice? Puh-lease -- that's mere child's play compared to what double agents scientists at Tufts University just created.

Now secret messages can be hidden in genetically engineered bacteria, thanks to a new method called steganography by printed arrays of microbes, or SPAM. Developed by chemistry professor David Walt and his cloak-and-dagger team of researchers, this new method uses an assortment of E. coli strains modified with fluorescent proteins that glow in seven colors.

Multiply that number by the two colors each message character is encoded with, and spies like us have more than 49 possible code combinations. That's enough for the alphabet, plus digits 0 to 9, with room left over for a few extra symbols...

It is also possible to develop bacteria that lose their fluorescent properties over time, creating a message that self-destructs in the style of Mission Impossible. (more)

Sunday, October 9, 2011

Business Espionage: Bus Staff Bus'ted

Australia - Two senior staff members admitted downloading sensitive company information from Torrens Transit before taking management roles at new bus operator Transfield, their former employer claims.

The two men were accused of downloading confidential documents including suppliers' names, contact details, rosters and costings, resulting in the men being banned from Torrens Transit sites for life.

There have been claims that the life bans on the men exacerbated the chaos that ensued for passengers after this week's handover of services to Transfield. (more)

SpyCam Story #624 - A Bad Aim

CO - A jury on Thursday convicted a Durango man of felony stalking for secretly videotaping his housesitter and her boyfriend.

Mark “Steve” Brown, 57, showed no emotion as the guilty verdicts were announced. Wearing a suit and tie, he dabbed his eyes with a tissue shortly after the courtroom emptied. He remains free on $5,000 bail.

Brown, also known by his nickname Downtown Steve Brown, was found guilty on two counts of felony stalking, two counts of unlawful sexual conduct and two counts of invasion of privacy...

Brown set up covert cameras to record his housesitter while he worked as a civilian military contractor in South Korea... The cameras, which resembled motion detectors, recorded the housesitter and her boyfriend in various states of undress, including having sexual intercourse... Brown argued the cameras were for security...

Deputy District Attorney Justin Fay said Brown knowingly videotaped his housesitter for personal gratification without her consent. He asked jurors to consider the camera angles, especially the one in the bedroom that was pointed directly at the bed. (more)