Friday, December 9, 2011

Business Telephone Systems Still Vulnerable to Toll Fraud

A Compilation of Phreaking Evidence from 2004-2011 - 25 pages .pdf (download)

Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. They are often mistakenly lumped in with criminal phone hackers. It is also a mistake to think that this was only a 1970's - 1980's phenomena. 
Just in case you thought your business phone system was safe, read on...

• PABX/PBX hacking (phreaking) is common. It's organized crime and big business.

• Telephone systems everywhere are targets and telecommunications bandits know how to gain access to your phone system by reconfiguring it to route their own calls through it.

• Phreakers can hack phone systems, voicemail boxes and PINs in a few seconds to gain illegal access to your extensions.

• Most toll fraud is generated after hours and on holidays when it's least likely to be detected.

• Phreakers can gain the most by routing expensive international calls through private phone systems.

• Terrorist organisations use telecommunications fraud to generate funds by illegally gaining access to private phone systems and then re-selling the service.

• Many businesses leave their phone systems completely unprotected.

You will end up paying the bill after they've hijacked your phone system and extensions to make illegal calls anywhere they choose - often at a huge cost... (more)

Ask your counterespionage consultant to look into this for you. Specifying the correct controls, procedures and security hardware to protect your communications is their specialty. 

Don't have a counterespionage consultant?!?!  Contact me for a referral.

Thursday, December 8, 2011

"I'm Dreaming of a Spy Christmas"

Toy helicopter with a built-in 1.3Mp camera for sneaky aerial snapping.

Specifications:
• Take up to 3 minutes of video (at resolution 640 X 480) or take hundreds of photos (at resolution 1280 X 960).
• 3-Channel control allows flying up and down, forward & backward, left and right
• Stabilized by sophisticated built in gyroscope for the clearest pictures
• Use the remote transmitter button to take the pictures and video
• Plug in computer to download the video and photos
• User friendly Graphic Unit Interface on PC to adjust the photo or video setting.
• Real time capturing to see the effect on screen.
White color LED to indicate photo capturing or video recording.
• Download videos and photos through USB
Charging through transmitter or USB (more)

--------
Fei Lun Full Function Radio Control Spy Video Car

• Audio & Video (with Night Vision Transmitter)
(more)

-------

Using Spy Gadgets: The Definitive Guide to Finding Out Anything About Anyone Using Spy Tools, Spy Gear, Spy Equipment, Spy Cameras, Spy Toys, or a Spy Bug From a Spy Shop
By Dick Peplowski

Are you constantly wondering about certain people and wondering about their real past or present lives? You’ve surely thought, “That guy just seems to have something “off”” as we all have and want to know the truth. So how do you find the truth? Sadly, to find out the real dirt on someone, you’ve had to pay a fortune for a private investigator to get it for you. The good news is that is no longer the case! You can literally become your own Sherlock Holmes and find out all the dirt on people that you want. The best part is that you are going to be learning how to do this through the use of awesome spy tools that you can easily obtain. These will give you the power of Inspector Gadget when it comes to finding out the real dirt on someone. You learn about all the spy tools you could ever want to use plus many more in Dick Peplowski's "Using Spy Gadgets: The Definitive Guide to Finding Out Anything About Anyone Using Spy Tools, Spy Gear, Spy Equipment, Spy Cameras, Spy Toys, or a Spy Bug From a Spy Shop." This is all broken down in an easy to understand and easy to apply system for personal surveillance success. (more)

Wednesday, December 7, 2011

Town Clerk Allegedly Testifies to Electronic Eavesdropping

MI - Augusta Township Clerk Kathy Giszczak allegedly testified in a deposition that she electronically eavesdropped on a conversation between the township's deputy treasurer and supervisor.

That allegation surfaced as part of an Open Meetings Act lawsuit pitting one half of the board against the other half.


Electronic eavesdropping is a felony punishable by up to five years in prison, though no criminal charges have been brought against Giszczak. A hearing on the OMA lawsuit is scheduled for Dec. 13. (more)

Albanian Ex-Spy Chief Disappears

UK - Scotland Yard today issued a nationwide appeal to track down a former Albanian spy chief who is on the run after failing to attend an extradition hearing.

Ilir Kumbaro, 58, was due to appear at Westminster magistrates' court, where he faced being sent back to Albania on charges of kidnapping and torturing three men.

When he failed to show up last Thursday, police checked his home in Forest Hill, other addresses and hospitals. All ports and airports were alerted but there has been no sign of him.

Detectives, who say he may be using his skills as an ex-head of the Albanian secret police to evade capture, suspect he could still be in London, living under a false identity. One of Eastern Europe's most wanted men, he lived on benefits with his wife and one of his two sons on a Fulham council estate for 12 years before he was discovered...

Police say Kumbaro, who is about 5ft 7in, bald and stout, is likely to be with his wife. He speaks English with an Eastern European accent. Anyone who has seen him is asked to call Crimestoppers on 0800 555 111. (more)

Yet Another 'News of the World' Phone Hacking Arrest

UK - British police said Wednesday they have arrested another suspect in their investigation of phone hacking by the News of the World tabloid.

London's Metropolitan police said they arrested a 41-year-old man on suspicion of conspiring to intercept voice-mail messages and pervert the course of justice. The man's name wasn't released. Police said he was being held at a police station in south London. (more)

Twitter - The Stool Pigeon

If you were thinking that tweet you just sent would soon disappear into the ether, you couldn't be more wrong. 

It will soon be stored alongside Thomas Jefferson's draft of the American Declaration of Independence and a Gutenberg Bible.

That's because every public tweet sent since Twitter was launched five-and-a-half years ago is to be be archived by America's national library.


The Library of Congress announced the deal with Twitter last year, but yesterday its digital initiatives manager shone more light on the project. (more)

I understand the anthropological argument. Perhaps, several centuries from now someone will find value in researching old tweets. I suspect they will view tweets as we view graffiti on the walls of Pompeii. But, given the current economic conditions should we really be spending our tax dollars on archiving moronic celebrity tweets? /Rant

Dorkly Bits: Spy Hunter Pranksters

Never trust the guy in the van. (stupid spy video game parody)

Tuesday, December 6, 2011

"All Your Shreds Are Belong to U.S." Wins Reconstruct Shreds Contest

via gizmag.com...
At the end of October, DARPA (the Defense Advanced Research Projects Agency) launched its Shredder Challenge contest. The objective: create a system for reconstructing shredded papers, then demonstrate it by piecing together five documents, the shredded remains of which were posted on the contest's website. Although the contest had a December 4th deadline, the "All Your Shreds Are Belong to U.S." team correctly reassembled all five documents with two days to spare.


The San Francisco-based team, which beat out approximately 9,000 competitors, used "custom-coded, computer-vision algorithms to suggest fragment pairings to human assemblers for verification." Members of the team spent approximately 600 man-hours developing algorithms and otherwise working on the challenge, completing everything within 33 days. Because it was able to reconstruct all five documents posted in the contest, the team was able to claim the complete prize of US$50,000.

DARPA hosted the contest both to develop methods of reading shredded documents left behind by enemies in war zones, and to identify ways in which U.S. shredded documents could be read by other parties, so that countermeasures could be developed.

Missed the contest?

Security Director Alert: USB Trouble Sticks

• Memory sticks given as gifts or promotional items may contain spy software (possibly unbeknownst to the giver).

• “Found on the ground” USB sticks are risky. They may have been planted for you to find. Never plug one into a computer to see what is on it. It may contain a destructive virus or keystroke logger.

• Unsecured memory sticks are easily stolen or copied. They may still contain valuable information, even if “erased”. Always secure these data storage devices. In a business setting, the data on the device should be password protected and encrypted. The most extreme example of this seen to date is the Cryptek...

An encrypted USB memory stick with Da Vinci Code chastity belt!


This is what you want your executives to carry! (coming soon) 

You can also make your own “cryptstick” using Murray Associates instructions.

USB Memory Stick Security Checklist
• Create a “no USB sticks unless pre-approved” rule.
• Warn employees that a gift USB stick could be a Trojan Horse gift. 
• Warn employees that one easy espionage tactic involves leaving a few USB sticks scattered in the company parking lot. The opposition knows that someone will pick one up and plug it in. The infection begins the second they plug it in.
• Don’t let visitors stick you either. Extend the “no USB sticks unless pre-approved” rule to them as well. Their sticks may be infected.

Harassment Stick
The new Devil Drive elevates the office prank to a new level of sophistication. It looks like a regular USB thumb drive, but it’s actually a device of electronic harassment. The Devil Drive has three functions:
• It causes annoying random curser movements on the screen.
• It types out random phrases and garbage text.
• It toggles the Caps Lock.
Just be aware of it should you hear complaints along these lines.

Chameleon Sticks
Some USB memory sticks have alter egos. They may look like simple memory sticks, but they are actually voice recorders or video cameras. Keep an eye out for these devices at business meetings.

Extra Credit
Lock out USB ports
More USB security tips

The USB stick problem is only one business espionage vulnerability. There are hundreds more. When you are ready to fight back, contact counterespionage.com

Friday, December 2, 2011

Man Allegedly Tracked Woman with Smart Phone Spyware

NY - Town of Crawford police have charged a Middletown man with multiple felonies after they said he installed spyware on a Pine Bush woman's smart phone, accessed all her data and tracked her movements.
 
Michael Biasi, 44, turned himself in to police Wednesday afternoon and was charged with eavesdropping, computer trespass, unlawful duplication of computer material and criminal possession of computer-related materials – all felonies, according to Crawford police Lt. Dominick Blasko.
 
Blasko said Crawford police, with the help of the New York State Police Computer Crimes Unit, began looking into the tracking a month or two ago after a woman who previously had known Biasi came to police suspecting the eavesdropping was taking place. Blasko said police believe Biasi had been tracking the woman for “an extended period of time.” (more)

Thursday, December 1, 2011

Phone Bugging and Surveillance by Governments Exposed

Whistleblowing Web site Wikileaks released 287 files it claims detail phone bugging and surveillance of whole populations by governments in what has been described as an "uncontrolled cancerous growth".

Wikileaks founder Julian Assange didn't mince words claiming users of the iPhone, BlackBerry or Gmail are "screwed" and intelligence contractors sell citizens' personal information. He spoke at a London press conference.

"It may sound like something out of Hollywood, but as of today, mass interception systems, built by Western intelligence contractors, including for 'political opponents' are a reality," Wikileaks says on its website. (more)

Eavesdropping on voicemails: "perfectly acceptable tool"

UK - A former News of the World journalist made a rare, robust defense of phone hacking, telling Britain's media ethics inquiry that eavesdropping on voicemails was a "perfectly acceptable tool" to help journalists uncover stories.

Paul McMullan said Tuesday that hacking was common at the now-defunct tabloid, describing how journalists traded the phone details of celebrities. (more) (video)

P.S. McMullan now runs a pub in the English port of Dover.

A Computer Screen Only a Spy Can See - Make One!

Finally you can do something with that old LCD monitor you have in the garage.
You can turn it into a privacy monitor! It looks all white to everybody except you, because you are wearing "magic" glasses! All you really have to have is a pair of old glasses, x-acto knife or a box cutter and some solvent (paint thinner) (more)

Keystroke-sniffing software found embedded in Nokia, Android, and RIM devices

A piece of keystroke-sniffing software called Carrier IQ has been embedded so deeply in millions of Nokia, Android, and RIM devices that it’s tough to spot and nearly impossible to remove, as 25-year old Connecticut systems administrator Trevor Eckhart revealed in a video Tuesday.

That’s not just creepy, says Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School. He thinks it’s also likely grounds for a class action lawsuit based on a federal wiretapping law...

FutureWatch...“In the next days or weeks, someone will sue, and then this company is tangled up in very expensive litigation,” he adds. “It’s almost certain.”

Over the last month, Carrier IQ has attempted to quash Eckhart’s research with a cease-and-desist letter, apologizing only after the Electronic Frontier Foundation came to his defense.  (more) (Note: The accompanying movie is 15+ minutes, but is very revealing.)

Want a Job as a Spy? Start with a Code Cracking Quiz! (UPDATED)

UK - No longer content with simply approaching the brightest from the universities of Oxford and Cambridge, intelligence agency GCHQ has launched a code-cracking competition to attract new talent.

Knowing what this is might help.
The electronic surveillance organisation, the UK Government Communications Headquarters, is asking potential applicants to solve a code posted on a website.

It will direct potential candidates to the competition, hosted on an anonymous website, via sites such as Facebook and Twitter.

If the layers of code it has set are cracked, applicants will be presented with a keyword to enter into a form field. They will then be re-directed to the GCHQ website, where hopefuls will find details of the types of roles which could reflect their skills.

The aim is to attract candidates who might not apply through more conventional channels. (more)

UPDATE:
A simple Google search unlocks the supposedly secret completion page to GCHQ's code-cracking competition.

The signals snooping agency launched a codebreaking competition this week, promoted via social networks, that aimed to find would be code breakers that conventional recruitment efforts might miss. The canyoucrackit.co.uk challenge involved making sense of a 16x10 grid of 8-bit hexadecimal numbers to figure out a password, and then developing a virtual machine to execute code that would lead to the final page.

Puzzle-solvers had 10 days to crack the codes. However instead of solving this puzzle, which was not trivial to conquer, at least if some of the emails we've received are any guide, the completion page could be reached via a simple Google search.

Oops.

"All it takes to find the page is to use the site: command in Google, as the 'Can You Crack It?' webmaster seemingly didn't hide the success page from search engines," Graham Cluley of net security firm Sophos explains. (more)