Wednesday, December 21, 2011

Security Director Tips: On Checking Your Electronic Privacy Rights at the Border

"Our lives are on our laptops – family photos, medical documents, banking information, details about what websites we visit, and so much more. Thanks to protections enshrined in the U.S. Constitution, the government generally can’t snoop through your laptop for no reason. But those privacy protections don’t safeguard travelers at the U.S. border, where the U.S. government can take an electronic device, search through all the files, and keep it for a while for further scrutiny – without any suspicion of wrongdoing whatsoever."

Thus begins the Electronic Frontier Foundation's new paper, Defending Privacy at the Border - A Guide for Travelers Carrying Digital Devices which is full of good tips for protecting your electronic information while traveling. Keep in mind, although the paper focuses on the United States border crossings, you will also be dealing with the country you are visiting. And, some of them are a whole lot more aggressive.

Random Tip #1 - Before your trip, mail your laptop to a trusted person at your final destination. Password protect your drive. Encrypt the data on the drive. Only have essential information on the drive. Wipe the drive before you return home.

Random Tip #2 - "On the most modern laptops, it’s possible to use an SD card like a hard drive; thus, you can choose to use an SD card in place of a conventional hard drive and keep your entire operating system and all your data on on it. (You should still use disk encryption for the data on the SD card.) Since you can keep the SD card in your pocket or wallet when it’s not in use, it’s considerably harder for someone to take it from you without your knowledge or tamper with it (although, since it’s so tiny, it’s much easier to lose)... it’s easier to send them in the mail or even easily erase or destroy a card when you no longer need it... You can even use the same SD card in a digital camera for taking photos, so that a single card serves both as your camera storage medium and your encrypted hard drive."

Safe travels. ~Kevin

Tuesday, December 20, 2011

Cautionary Tale: Sabotage by Wiretap - What if it were your phone call?

Russia - Boris Nemtsov, one of Russia's main opposition leaders has accused Kremlin agents of illegally bugging his phone after a newspaper released embarrassing recordings of his private phone calls.

The material was potentially damaging for Mr Nemtsov, one of the principal organisers of a recent spate of anti-Kremlin protests, as he can be heard insulting his fellow opposition leaders in obscene terms and belittling his own supporters as "internet hamsters" and "scared penguins." 

A deputy prime minister in the 1990s and a founder of the opposition Solidarity movement, Mr Nemtsov claimed the release of the recordings was a cynical Kremlin attempt to sabotage a big opposition protest planned for Christmas Eve by triggering internal squabbling among its organisers.

"Parts of these conversations are really genuine," he wrote in his blog. (more)

Tip: Periodically check for bugs and taps. (more)

Surveillance Quote of the Day - By 2020 You Will Be Archived for 25 Cents

"...by 2015 it will cost only two cents to store all phone calls made by the average mobile phone user. Now picture this, a city with a population of 12 million which has about 500,000 video cameras, one video cam for every 24 people. By 2020, the declining costs for digital storage will make it possible to store all of that video acquired, in high resolution, for about a quarter per person. As for other types of digital communication, don't count on encryption not to be cracked." ~ Darlene Storm (more)

Monday, December 19, 2011

FutureWatch: Big Brother's Ubiquitous Surveillance Circus

As the price of digital storage drops and the technology to tap electronic communication improves, authoritarian governments will soon be able to perform retroactive surveillance on anyone within their borders, according to a Brookings Institute report.

These regimes will store every phone call, instant message, email, social media interaction, text message, movements of people and vehicles and public surveillance video and mine it at their leisure, according to "Recording Everything: Digital Storage as an Enabler of Authoritarian Government," written by John Villaseno, a senior fellow at Brookings and a professor of electrical engineering at UCLA.

That will enable shadowing people's movements and communications that took place before the individuals became suspects, he says. (more)

"We all prisoners, Chicky babe. We's all locked in."

Sunday, December 18, 2011

'Fake Sheik' appears at UK phone hacking inquiry

UK - The star undercover reporter for the now-defunct News of the World tabloid told Britain's media ethics inquiry Monday that he duped celebrities only to expose criminality, immorality or hypocrisy.

The original "Fake Sheiks"
Mazher Mahmood, who worked for the Rupert Murdoch-owned newspaper for 20 years, said he had not been aware illegal phone hacking was going on until the newspaper's royal reporter, Clive Goodman, was arrested in 2006. Goodman was later jailed for eavesdropping on the mobile phone voice mails of members of the royal family staff.

Mahmood is a controversial figure, nicknamed the "Fake Sheik" after his signature ruse of pretending to be a rich Gulf businessman to trap celebrities, politicians and suspected criminals. (more)

Why Hack a Hotel's Internet Provider?

Google and Intel were logical targets for China-based hackers, given the solid-gold intellectual property data stored in their computers. An attack by cyberspies on iBahn, a provider of Internet services to hotels, takes some explaining.

iBahn provides broadband business and entertainment access to guests of Marriott International and other hotel chains, including multinational companies that hold meetings on site. Breaking into iBahn's networks, according to a senior U.S. intelligence official familiar with the matter, may have let hackers see millions of confidential emails, even encrypted ones, as executives from Dubai to New York reported back on everything from new-product development to merger negotiations.

More worrisome, hackers might have used iBahn's system as a launchpad into corporate networks that are connected to it, using traveling employees to create a backdoor to company secrets, said Nick Percoco, head of Trustwave's SpiderLabs, a security firm...

The networks of at least 760 companies, research universities, Internet service providers and government agencies were hit over the last decade by the same group of China-based cyberspies. (more)

FBI Announces Theft of Trade Secrets Indictment

Tung Pham, 46, formerly of Conshohocken, Pennsylvania, currently residing in California, was charged today by indictment with theft of trade secrets and wire fraud, announced United States Attorney Zane David Memeger. Pham was charged with stealing trade secrets regarding pastes used in the manufacture of solar cells from his former employer. (more)

Here is how it started, back in 2009...
 
The Photovoltaic Materials Business Unit of Heraeus has selected Tung Pham to fill the position of research scientist for the organization. Reporting to Dr. Weiming Zhang, Heraeus' Global PV research and development manager, Pham will work primarily in the North American research and development lab located in West Conshohocken, Pennsylvania.

Pham has an extensive background in developing metallization pastes and thick film conductors for the microelectronics and photovoltaic industries. He has authored numerous technical presentations on materials and the construction of silicon solar cells. Pham earned his bachelor's degree in Engineering from California Polytechnic University.

According to Dr. Zhang, Pham will be working on advancements to Heraeus' current paste platforms and developing the next-generation of PV materials to meet the growing worldwide demand for solar cells. (more)

"Yes, and they have 2-way radios, too!" Dutch parliament gets clued in.

The Netherlands - Eavesdropping software that can be installed from a distance on the computers of suspects is available to the police, justice minister Ivo Opstelten told parliament on Monday evening. (more)

Fun Fact...
The Netherlands sanctions more phone taps per head of population than any other country in the world.

Thursday, December 15, 2011

Pizza Mobster Wiretaps... Himself

MA - A city man has been charged with illegally taping two phone conversations he had with a man who wanted to arrange the robbery of a company in Lawrence, police said.

Charles "Dino" Manjounes, 48, of 94 Keeley St., was arrested Friday at 3:45 p.m. at his work place, Riverside Pizza, 181 Groveland St., and charged with extortion by threat or injury and two counts of unlawful wiretapping...

Manjounes had put an employee of Colony Foods in contact with a person identified merely as "Death," according to Schena's report. "Death'' told the employee the robbery would cost $20,000. When the employee protested, Death said the cost would be $30,000 — and that he would drag him out of his work place and kill him if he failed to pay, the report said. (more)

Nelson Mandela 'spy' cameras confiscated by police


South African police have confiscated cameras they say were illegally filming Nelson Mandela's house in his home village of Qunu in the Eastern Cape.

Police spokesman Vishnu Naidoo told the BBC that two media groups were being investigated.

The cameras were found in a neighbour's house and had been constantly filming the ex-president's residence, he said. (more)

Security Quote of the Day

"The Android platform is where the malware action is. I believe that smart phones are going to become the primary platform of attack for cybercriminals in the coming years." ~ Bruce Schneier, author of the best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish, Twofish, Threefish, Helix, Phelix, and Skein algorithms.

Industrial Espionage Gang Sends Malicious Emails

A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.

Dubbed the Nitro attacks, the gang's original industrial espionage efforts began sometime in July and lasted until September. The attackers' modus operandi involved sending emails that carried a variant of the Poison Ivy backdoor and were specifically crafted for each targeted company... 

"The same group is still active, still targeting chemical companies, and still using the same social engineering modus operandi," security researchers from Symantec said in a blog post on Monday. (more)

Monday, December 12, 2011

Cell Phone Spyware Scam Accusations

"Ever get the feeling you've been cheated? Now you can find out the truth."

That's a banner on the website for SMS Privato Spy, which advertises smartphone spyware that allows customers to secretly monitor a spouse or co-worker's phone and collect that person's calls, texts and GPS locations.

According to security experts, however, the truth is that customers have been getting nothing for the $50, $75, $100 or $125 they paid for one of Privato Spy's four packages. (more)

Electronic chip in bath soap raises huge stink

India - Expatriate Indian consumers have become suspicious of a brand of bath soap manufactured by a multinational company after consumers back home complained about an electronic chip embedded in the soap.

Reports from India suggest that a bathing soap-related survey being conducted for Britain-based organisations in Beemapalli near Thiruvananthapuram, Kerala, was called off after residents, who had earlier agreed to the survey, panicked...

The survey was being conducted for the stated purpose of finding out the health and hygiene habits of the people living in coastal areas, to which the residents of Beemapalli consented. However, once the realization of an embedded chip in the bathing soap dawned upon the locals, they feared that the soap might 'eavesdrop' on them or even film them in the shower. (more)

The chip was a motion sensor. The survey participants agreed to use the soap for five days and return it, at which point they would be paid money for being part of the survey.

Saturday, December 10, 2011

The Latest Video Enhancement Trick: De-Blurring

About a year ago I looked at work by two video enhancement specialists; Doug Carner, CPP/CHS-III of Forensic Protection and Jim Hoerricks - author of Forensic Photoshop, a comprehensive imaging workflow for forensic professionals

Today, Doug advised me of a trick that every security professional should have up their sleeve, de-blurring. He explained how he de-blurs motion this way...

"Light originates and reflects from objects in very predictable ways. As the camera and object move, they distort the captured image. These distortions can be reversed using a filter that acts like mathematical eye glasses.

For this example, we used the bent light streak seen at the far right of the license plate. The process could have just as easily been applied to the mud flaps or tires."

Wow, major difference!

This got me thinking. How good will this technology become?

Just two months ago, Adobe gave the world a sneak peek.

When you view this video, set it to HD and go full screen. The magic begins about 2 minutes into the clip and continues with several photos being blur corrected.

Unfortunately, this was only a sneak preview. It is not available to the general public in Photoshop yet.

Just to re-cap, here are some of the things Doug can do to enhance your crummy videos...
• High-resolution video and audio extraction or capture
• Adaptive military-grade video jitter stabilization
• Video de-interlace, de-sequence and de-multiplex
• Intelligent temporal noise and artifact suppression
• Fast-Fourier compression and camera age reversal
• Sub-pixel shift fusion over time, space and frequency
• Adjust video brightness, contrast, saturation and size
• Color channel isolation and focus/motion blur correction
• Audio noise suppression and speech amplification
• Video zoom, trim, crop and speed adjustments
• Multiplex to original with event highlight for court exhibit
• Image extraction, cropping, enlarging and printing
  
Want to conduct your own experiments with de-blurring?
Visit the Department of Computer Science and Engineering at The Chinese University of Hong Kong. Play with their GPU Blur Removal Software v2.0 just released last month. (Windows Trial Version)