Friday, January 13, 2012

From our "You Can't Make This Stuff Up" files...

A Polish military prosecutor has shot himself in the head during a break in a press conference at which he was defending his office against allegations of illegal wiretapping. (more)

SpyCam Story #632 - Darwin Award to Video Voyeur

Australia - A man who secretly filmed his housemate showering is ashamed and embarrassed about what he did, a Northern Territory court has been told.

20 year old Jayden Trevitt, 20, cried in the Darwin Magistrates Court as he was given a two-month jail sentence, which was then suspended.

Trevitt had pleaded guilty to filming his housemate on his phone while she was showering. He secretly filmed her from outside a bathroom window on five separate occasions last year. (more)

SpyCam Story #630 - The Road to Woodinville

WA - The husband of a Juanita High School (girl's) volleyball coach has been charged with voyeurism in a case involving many of the coach's players.

Kirkland resident Steve C. Meeks, 23, is accused of videotaping five victims while in a restroom during a non-high school sanctioned team sleepover on Nov. 5, according to charging documents...

Meek's wife, who was a coach for the Juanita High School volleyball team and a former coach of the Kamiakin Junior High volleyball team, arranged for the Rebel volleyball players to have a sleepover at her father's Woodinville warehouse...

During the evening, a hidden video camera was spotted in the ceiling tile of the woman's bathroom by a 17-year-old high school student as she was using the toilet. (more)

Why mention these incidents?
To give show the depth of the problem. (Remember, these are only the failed attempts.)
To give you clues as to where people hide spycams, so you can protect your own privacy.

P.S. King County detectives later found there were actually more than one camera. "We found two hidden cameras – one hidden above the toilet and the other in the ceiling tiles," said Cindi West, a spokesperson for the King County Sheriff's Office, noting the cameras were not wireless and were part of a retail home security system. "There were wires running through the ceiling and it was connected to a DVR (digital video recorder) in another room … There is quite a bit of investigation involved with this case."

P.P.S. Not fur nottin', but... If the warehouse is owned by Ms. Meek's father, and the cameras were part of a hard-wired, overall security system, lawyers might want to check the old man's pockets for depth, and him for culpability. Just a thought. 

Hey, ever see The Road to Wellville? Some things never change, do they?

SpyCam Story #631 - Pfuhl Hides SpyCam at Work

NM - A businessman from Rio Rancho, in jail, accused of using a hidden camera to watch his workers go the bathroom. Richard Pfuhl owns Fine Line Home Inspection...

Back in November, two women who worked for him say they saw a camera behind a vent and called the cops. They say they also found recording equipment inside Pfuhl's bedroom and DVD's of women using the bathroom. (more)

Pocket 3G Spy Car (Yes, it rhymes with noodle.)

This just in...
Click to enlarge.
 from the seller... "See live video on your Mobile phone from anywhere in the world. No time limit no distance limit No internet or IP address needed. Just simply call your 3G camera and see live video of your home, office, car, or even your Nanny." (more)

Why do I mention it?
So you will know what you're up against.

Thursday, January 12, 2012

Social Engineering Attacks on the Enterprise in 2012

Amit Klein, CTO for security company Trusteer has just published his predictions for cybercrime trends in 2012... The following is one of his observations for the year ahead:

Personal information, disclosed on social networks, will be used in social engineering attacks against the enterprise. Fraudsters, all too aware of the valuable intelligence freely available on social networks, are starting to mine these data sources, capturing the personal details needed to successfully complete social engineering attacks. Trusteer predicts this will manifest itself over the coming year as an enterprise issue.

Example: The "mark" might receive an email from someone who claims to be an old high school classmate. The email has a link to an invitation to a class reunion, except that the link really goes to a website that surreptitiously drops a keystroke logger on the unsuspecting person's computer.

Criminals are finding it easier than ever to create a pretext using the unprecedented amount of personal information that people willingly publish about themselves on Facebook, LinkedIn and scores of other social sites...

In the case of attacks against enterprises, every employee is a viable target, from the people in the mailroom to the ones in the corner offices...

Security Tips...
• Train employees to recognize and avoid phishing and other social engineering attacks. Good educational products are available from PhishMe and Wombat Security Technologies.

• Restrict the use of company email addresses for business use only. Encourage employees to use a personal email account for everything that isn't related to company business.

• Implement strict security rules to filter out spam and phishing messages. Wombat has an anti-phishing tool called PhishPatrol that specifically catches phishing and spear-phishing emails. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

iSnitch, ilLumiaNaughty & RIMshot Cell Out

India - Apple, Nokia and Research In Motion (RIM) gave Indian intelligence agencies secret access to encrypted smartphone communications as the price of doing business in the country, according to what appear to be leaked Indian government documents.

The purported documents, if they are real, indicate that the smartphone giants gave India's Central Bureau of Investigation (CBI) and Indian military intelligence "backdoor" tools that would let the Indian agencies read encrypted emails sent to and from RIM's BlackBerrys, Apple's iPhones and Nokia smartphones...

A "decision was made earlier this year to sign an agreement with mobile manufacturers (MM) in exchange for the Indian market presence," the military intelligence document reads. (more)

More Video Voyeurism Laws Coming

FL - Last summer, Rep. Dana Young heard about the two Bulgarian women who found hidden cameras inside their west Hillsborough apartment.

The part that surprised her most: Video voyeurism is only a misdemeanor.

"You can destroy someone's life, their career, without their even knowing they've been put on video," said Young, a Tampa Republican.

Spurred by that case and others, Young is pushing legislation that would toughen the penalties in video voyeur cases. Currently, a first-time violation is a misdemeanor, punishable by a maximum one-year jail sentence and $1,000 fine. House Bill 215 would make it a third-degree felony, which increases the maximum punishments to a five-year sentence and $5,000 fine. (more)

The Spy Who Helped Us - RIP

 Gevork Vartanian, a Soviet intelligence officer who helped prevent a Nazi assassination plot on the leaders of the U.S., the U.K. and the Soviet Union, died yesterday at the age of 87, Russian state television Vesti 24 reported...

At the age of 19, Vartanian was among the officers responsible for blocking a plot by Adolf Hitler to assassinate Soviet leader Josef Stalin, U.S. President Franklin D. Roosevelt and British Prime Minister Winston Churchill at the Tehran Conference in 1943, Vesti reported on its website. (more)

SpyCam Story #629 - Holy Water Cam, Batman

UK - A church youth leader has admitted spying on a young man while he was in the shower during a visit to a faith camp.

Mark Pennell, 37, admitted filming the man when he attended the East of England Show with other members of the church in August. The court heard how the victim became suspicious of Pennell, a youth leader, after he repeatedly showered next to him... the victim noticed a glow coming from a mobile phone... in a gap between the floor and the cubicle. (more)

Wednesday, January 11, 2012

How to Handle a Web-site Hack Attack Gracefully

As you may have heard, Stratfor (a respected global intelligence web site) was the victim of an embarrassing hack attack last month. They are now getting back on their feet.

An e-mail I received from them this morning began, "We are happy to announce that our website is back online, and temporarily free for everyone. Visit Stratfor.com..." What followed was a sincere full disclosure and apology from their CEO, George Friedman via print and video.

Take some time today to make sure your web site is locked down. But, should you have a problem some day, this is the way to handle it...

Tuesday, January 10, 2012

SpyCam Story #628 - How to Push a Perv's Hot Button

An on-line review via The Nerd Gereration
"This is the coolest spy gadget I have ever used. This tiny keychain fob poses as an automatic door unlock/panic for a car. In actuality it is a tiny albeit powerful camera capable of snapping photographs at 640 x 480 resolution and recording video in AVI format. I figured the photos and video I got with this little device would be blurry and useless in real world spying practices.

I took the camera out on a couple secret missions and compiled a plethora of photographs and video files. When I arrived at my home base I plugged the device into my computer and downloaded the files from the 4 GB micro SD card (a small cable allows xfer without worrying about a card reader).

I was absolutely floored with the quality of images and video this camera took!  

I figured the video would not have any audio, but there it was! Crisp and clear! How is this possible? Technology my friends… and it’s awesome." (more)

Security Director Alert — Use of these inexpensive, yet high-quality devices in restrooms, employees showers and changing areas is now a serious workplace issue. The lawsuits are just beginning to roll out.

You are the deep pockets in this scenario, and just one spycam can spawn dozens of employee lawsuits.

FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Solution — Your organization needs to show pro-active due diligence. Conduct periodic inspections of your facilities. Call us for further advice and pricing.

Spycam Story #627 - SpyCam Incident Settlements Top $600,000.00

PA - A suburban Philadelphia school district has settled another lawsuit over its alleged spying on students through laptop webcams.

A lawyer says Joshua Levin has settled his lawsuit against the Lower Merion School District. Lawyer Norman Perlberger tells The Philadelphia Inquirer (http://bit.ly/uihP4S ) the 2009 Harriton High School graduate will get more than the $10,000 offered to some other students, but says he can’t specify the amount.

The district has paid more than $600,000 to resolve litigation over software that allowed school employees to remotely activate webcams to track missing computers. (more)

SpyCam Story #626 - The Slime of the Ancient Sub-Mariner

A 40-year-old man has pleaded guilty in the Perth Magistrates Court to covertly filming more than 40 women while they were showering in backpacker hostels across Perth.

Allyn Wilson Fitzgerald used his iPhone to record 70 video clips of women in showers over a 12 month period.

The court heard Fitzgerald was a former serviceman with the Australian Navy and was suffering from post-traumatic stress disorder. He had been a submariner for 12 years. (more)

Monday, January 9, 2012

Top German cop uses spyware on daughter, gets hacked in retaliation

A top German security official installed a trojan on his own daughter's computer to monitor her Internet usage. What could possibly go wrong?

Nothing—well, at least until one of the daughter's friends found the installed spyware. The friend then went after the dad's personal computer as a payback and managed to get in, where he found a cache of security-related e-mails from work. The e-mails, in turn, provided the information necessary for hackers to infiltrate Germany's federal police.

Wait, it gets worse...
The hackers got into the servers for the "Patras" program, which logs location data on suspected criminals through cell phone and car GPS systems. Concerned about security breaches, the government eventually had to take the entire set of Patras servers offline. (more)