Tuesday, December 6, 2011

Security Director Alert: USB Trouble Sticks

• Memory sticks given as gifts or promotional items may contain spy software (possibly unbeknownst to the giver).

• “Found on the ground” USB sticks are risky. They may have been planted for you to find. Never plug one into a computer to see what is on it. It may contain a destructive virus or keystroke logger.

• Unsecured memory sticks are easily stolen or copied. They may still contain valuable information, even if “erased”. Always secure these data storage devices. In a business setting, the data on the device should be password protected and encrypted. The most extreme example of this seen to date is the Cryptek...

An encrypted USB memory stick with Da Vinci Code chastity belt!


This is what you want your executives to carry! (coming soon) 

You can also make your own “cryptstick” using Murray Associates instructions.

USB Memory Stick Security Checklist
• Create a “no USB sticks unless pre-approved” rule.
• Warn employees that a gift USB stick could be a Trojan Horse gift. 
• Warn employees that one easy espionage tactic involves leaving a few USB sticks scattered in the company parking lot. The opposition knows that someone will pick one up and plug it in. The infection begins the second they plug it in.
• Don’t let visitors stick you either. Extend the “no USB sticks unless pre-approved” rule to them as well. Their sticks may be infected.

Harassment Stick
The new Devil Drive elevates the office prank to a new level of sophistication. It looks like a regular USB thumb drive, but it’s actually a device of electronic harassment. The Devil Drive has three functions:
• It causes annoying random curser movements on the screen.
• It types out random phrases and garbage text.
• It toggles the Caps Lock.
Just be aware of it should you hear complaints along these lines.

Chameleon Sticks
Some USB memory sticks have alter egos. They may look like simple memory sticks, but they are actually voice recorders or video cameras. Keep an eye out for these devices at business meetings.

Extra Credit
Lock out USB ports
More USB security tips

The USB stick problem is only one business espionage vulnerability. There are hundreds more. When you are ready to fight back, contact counterespionage.com

Friday, December 2, 2011

Man Allegedly Tracked Woman with Smart Phone Spyware

NY - Town of Crawford police have charged a Middletown man with multiple felonies after they said he installed spyware on a Pine Bush woman's smart phone, accessed all her data and tracked her movements.
 
Michael Biasi, 44, turned himself in to police Wednesday afternoon and was charged with eavesdropping, computer trespass, unlawful duplication of computer material and criminal possession of computer-related materials – all felonies, according to Crawford police Lt. Dominick Blasko.
 
Blasko said Crawford police, with the help of the New York State Police Computer Crimes Unit, began looking into the tracking a month or two ago after a woman who previously had known Biasi came to police suspecting the eavesdropping was taking place. Blasko said police believe Biasi had been tracking the woman for “an extended period of time.” (more)

Thursday, December 1, 2011

Phone Bugging and Surveillance by Governments Exposed

Whistleblowing Web site Wikileaks released 287 files it claims detail phone bugging and surveillance of whole populations by governments in what has been described as an "uncontrolled cancerous growth".

Wikileaks founder Julian Assange didn't mince words claiming users of the iPhone, BlackBerry or Gmail are "screwed" and intelligence contractors sell citizens' personal information. He spoke at a London press conference.

"It may sound like something out of Hollywood, but as of today, mass interception systems, built by Western intelligence contractors, including for 'political opponents' are a reality," Wikileaks says on its website. (more)

Eavesdropping on voicemails: "perfectly acceptable tool"

UK - A former News of the World journalist made a rare, robust defense of phone hacking, telling Britain's media ethics inquiry that eavesdropping on voicemails was a "perfectly acceptable tool" to help journalists uncover stories.

Paul McMullan said Tuesday that hacking was common at the now-defunct tabloid, describing how journalists traded the phone details of celebrities. (more) (video)

P.S. McMullan now runs a pub in the English port of Dover.

A Computer Screen Only a Spy Can See - Make One!

Finally you can do something with that old LCD monitor you have in the garage.
You can turn it into a privacy monitor! It looks all white to everybody except you, because you are wearing "magic" glasses! All you really have to have is a pair of old glasses, x-acto knife or a box cutter and some solvent (paint thinner) (more)

Keystroke-sniffing software found embedded in Nokia, Android, and RIM devices

A piece of keystroke-sniffing software called Carrier IQ has been embedded so deeply in millions of Nokia, Android, and RIM devices that it’s tough to spot and nearly impossible to remove, as 25-year old Connecticut systems administrator Trevor Eckhart revealed in a video Tuesday.

That’s not just creepy, says Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School. He thinks it’s also likely grounds for a class action lawsuit based on a federal wiretapping law...

FutureWatch...“In the next days or weeks, someone will sue, and then this company is tangled up in very expensive litigation,” he adds. “It’s almost certain.”

Over the last month, Carrier IQ has attempted to quash Eckhart’s research with a cease-and-desist letter, apologizing only after the Electronic Frontier Foundation came to his defense.  (more) (Note: The accompanying movie is 15+ minutes, but is very revealing.)

Want a Job as a Spy? Start with a Code Cracking Quiz! (UPDATED)

UK - No longer content with simply approaching the brightest from the universities of Oxford and Cambridge, intelligence agency GCHQ has launched a code-cracking competition to attract new talent.

Knowing what this is might help.
The electronic surveillance organisation, the UK Government Communications Headquarters, is asking potential applicants to solve a code posted on a website.

It will direct potential candidates to the competition, hosted on an anonymous website, via sites such as Facebook and Twitter.

If the layers of code it has set are cracked, applicants will be presented with a keyword to enter into a form field. They will then be re-directed to the GCHQ website, where hopefuls will find details of the types of roles which could reflect their skills.

The aim is to attract candidates who might not apply through more conventional channels. (more)

UPDATE:
A simple Google search unlocks the supposedly secret completion page to GCHQ's code-cracking competition.

The signals snooping agency launched a codebreaking competition this week, promoted via social networks, that aimed to find would be code breakers that conventional recruitment efforts might miss. The canyoucrackit.co.uk challenge involved making sense of a 16x10 grid of 8-bit hexadecimal numbers to figure out a password, and then developing a virtual machine to execute code that would lead to the final page.

Puzzle-solvers had 10 days to crack the codes. However instead of solving this puzzle, which was not trivial to conquer, at least if some of the emails we've received are any guide, the completion page could be reached via a simple Google search.

Oops.

"All it takes to find the page is to use the site: command in Google, as the 'Can You Crack It?' webmaster seemingly didn't hide the success page from search engines," Graham Cluley of net security firm Sophos explains. (more)

Monday, November 28, 2011

7 Things You Should Know About Online Passwords

Click to enlarge.
1. You need different passwords for each site.
2. Longer passwords are harder to hack.
3. You shouldn’t use a word from the dictionary.
4. Humans tend to choose passwords with personal meanings.
5. Passwords need to be changed regularly.
6. There are guidelines for creating strong ones.
7. Password managers can help you keep track of them all.

Tips for Visiting a Closed Society with Your Electronics

Ken Lieberthal of the Brookings Institution does a lot of work in China. Visiting about 10 times a year...

Like a lot of us these days, Lieberthal carries electronics with him to do his work. However, he takes a bit more precaution than many business travelers, as he tells weekends on All Things Considered guest host Rachel Martin.

"I first of all get a loaner laptop."
"I first of all get a loaner laptop. And the USB that I bring, I clean digitally before I bring it, so it's totally blank," Lieberthal says.

Lieberthal then disconnects the Wi-Fi and Bluetooth functions, sets email filters and a virtual private network, or VPN. That's all before the trip. While in China, he never lets his Blackberry leave his side, never uses a wireless Internet connection while he has his USB drive plugged in, and he also physically hides his fingers when typing passwords.

When he gets home, everything gets digitally wiped and cleaned.
Why take all this precaution? Espionage...

The cloak-and-dagger world of corporate espionage is alive and well, and China seems to have the advantage. Their cyber-espionage program is becoming more and more effective at swiping information from America's public and private sectors. The U.S. government has even blamed China publicly for hacking American industries. (more) 

Visiting closed societies on business? 
This is good advice.
And, there is more you need to know. Call us.

Ex-Rugby Player Probed for Hard-Ball Spying

South Africa - A millionaire Pretoria businessman is at the center of a criminal investigation over the alleged illegal interception of his estranged wife's private e-mails, SMSes and BlackBerry messages, or BBMs.

The hacking was first suspected when Dr Graham Hefer - a former Natal rugby player - filed divorce proceedings against his wife Denise. Court documents in that case seemed to show that Hefer had access to more than 50 BBMs, over a dozen SMSes and at least five e-mails between Denise and others this year.

The case has revealed that the BBM facility, one of the preferred "secure" methods of communication can be hacked with relative ease.

Hefer, 48, the managing director of a Nigeria-based British company, is accused of installing spyware software on 49-year-old Denise's BlackBerry. This type of spyware is readily available.

This is said to have allowed real-time monitoring of her communication and her whereabouts, and for eavesdropping on her private conversations. These included discussions with her lawyer. (more)

Cell Phone Spyware's New Market - from cheating spouse to the kids!

The latest smart phone technology allows worried parents to keep tabs on their children and, unlike previous apps, it remains completely hidden. 

The technology, which has been criticized as an invasion of privacy, is just the latest weapon for "helicopter" parents keeping a short leash on their children, to ensure they are not sexting or hanging out with the wrong crowd.

As one program's website warns: "Are your kids involved with texting dangers? What are they secretly texting about? Are they visiting porn sites on the phone? You have the right to know."

The latest programs to hit the market, Spyera Software and Mobile Spy, offer stealth GPS tracking and the abilities to read text messages, read emails and view photos.

Spyera even promises to turn the phone into a "remote bugging device" so parents can listen to conversations wherever the phone is left. (more)

Slovakia: Defence minister fired over wiretapping scandal

Slovakia - Ľubomír Galko, a nominee of the Freedom and Solidarity (SaS) party, has been fired as the country’s defence minister. Slovak Prime Minister Iveta Radičová asked president Ivan Gašparovič to dismiss Galko on the heels of a scandal over the Military Defence Intelligence (VOS), which operates under the Ministry of Defence, and its interception of the telephone calls of journalists. (more)

Very clever, not using the phone cord. That would have been suspicious.

(It appears the reporter got this information from (dumb-de-dumb-dumb) ...the sheriff's deputies.)
FL - A Verizon worker who was able to listen in on his wife's phone calls has been accused of trying to strangle her, Polk County sheriff's deputies said.

Robert L. Rutledge, 51, of Lakeland, works at Verizon as a repair technician, deputies said.

He used his knowledge from his job to listen in on his wife's phone calls Monday, deputies said.

He disconnected the telephone line after hearing a call between his wife and an unknown man, deputies said.

It isn't clear whether Monday was the only time that Rutledge had listened to his wife's calls, deputies said.

Rutledge went home Monday night and removed the phone within his wife's reach. He choked her with a rope until she passed out, deputies said. (more)

Wednesday, November 23, 2011

Spy History: The Spy Queen Was A Nympho!"

(Feb. 1958) She is Martha Eccels Dodd, daughter of the late Ambassador to Germany William E. Dodd, wife of a Chicago millionaire, Alfred Kaufmann Stern, himself an undercover agent of the Soviet Union...

FLIRTS WITH NAZISM 
Nazism meant good-looking, tall, blond men to her and she liked what she saw. She was painting the Nazi capital red, but in a social way. She went out on the town every night, flirting, drinking and dancing, mostly with young men who happened to be Nazis She gained a dual reputation. Insiders described her as a nymphomaniac in her sex life and a Nazi sympathizer in her politics. (more)

...thus verifying what we feared all along about about media espionage.

Illegal eavesdropping was widely practiced by Britain's tabloid journalists, producing stories that were both intrusive and untrue, a lawyer for several phone hacking victims said Wednesday. 

Mark Lewis told a U.K. media ethics inquiry that phone hacking was not limited to Rupert Murdoch's News of the World tabloid, which the media mogul shut down earlier this year as outrage grew over the hacking scandal.

Lewis claimed that listening in on voice mails was so easy that many journalists regarded it as no more serious than "driving at 35 mph in a 30 mph zone." (more)