Saturday, March 3, 2012

Just in time to celebrate "International Speak Like A Spy Day"


We use words to tell each other what we mean. Words illuminate reality. But sometimes, and it seems increasingly so in these troubled times, words can be used to conceal truth.

This is why “The Dictionary of Espionage” is so timely and will appeal to the average citizen who is made vaguely uneasy when he is told that his government is engaged in “surgical strikes” against our enemies, which on occasion, unfortunately, result in “collateral damage” - that is, the U.S. government set out to kill someone but ended up killing someone else.

In this accessibly written book, Washington author Joseph C. Goulden illuminates and defines much of the standard jargon of the intelligence community with refreshing asides about many of spying’s urban legends - many of which may or may not be true

Informed by remarkable access to the intelligence community, the book, first issued in 1986, has been significantly updated and contains a foreword by Peter Earnest, the founding executive director of the International Spy Museum in Washington and a former CIA operations officer. (more)

Friday, March 2, 2012

Smartphone Spyware Reaches the Drive-By Infection Stage

(summary) A team of researchers infected a Google Android smartphone, live, in front of a packed audience of computer security buffs to prove how mobile malware is now on the cusp of the big time... "drive-by" attack...the attack did not require a phone be jailbroken and would work on any of the devices using Webkit*...such an attack would be possible on the iPhone because of the root access obtained via the browser vulnerability...the point we are making: drive-by attacks will hit the phone just like the PCs. 

The technique: The attack followed several steps: the first was a text message delivered to the smartphone appearing to come from the mobile carrier requesting a system update via a link. Once clicked, the drive-by link delivered the first part of the malware to the phone to elevate access (root) privilege, then cause it to crash. It then automatically rebooted, executing the second part of the malware and hijacking the phone's communications. (more)

* Webkit - "Webkit is a tool used by Apple, Google and RIM to render HTML websites in Safari, Chrome and Android, and the latest versions of the BlackBerry."

Now that you know how this works, I'm sure you won't click on any text links unless you are 100% certain are safe. ~Kevin

Young Lawyers Win Suit Against Secret Wiretapping Powers

Georgia’s Constitutional Court has decided that parliament did not have the right to give prosecutors powers to conduct secret wiretappings.

Tamar Khidasheli and Georgian Young Lawyers Association filed a lawsuit at the Constitutional Court regarding the law of Georgia on Operational Investigative Activities, which gave the police extended powers during investigation. (more)

Colombia-Gate Continues

Colombia - Bernardo Moreno, former President Alvaro Uribe's then-chief of staff ordered the illegal wiretapping of judges, senators, and journalists, the former intelligence chief of Colombia's now-defunct intelligence agency DAS told the court Wednesday.

Former DAS executive Fernando Tabares reiterated the accusations in the trial against Mario Arangunen, the former director of Colombia's financial intelligence agency UIAF who is on trial for his alleged involvement in the wiretap scandal. (more)

Fernando Tabares news archive / Wiretap scandal news archive

Judge Declares Illinois Eavesdropping Law Unconstitutional

IL - A Cook County Judge declared the state’s eavesdropping law unconstitutional Friday.

Judge Stanley J. Sacks read his ruling in the case of Christopher Drew, a Chicago artist who was charged with felony eavesdropping after he recorded his Dec. 2, 2009, arrest on State Street by Chicago Police.

“The Illinois Eavesdropping Statute potentially punishes as a felony a wide array of wholly innocent conduct,” he read. “A parent making an audio recording of their child’s soccer game, but in doing so happens to record nearby conversations, would be in violation of the Eavesdropping Statute.” (more)

$140 Million Surveillance Balloon Popped

After spending more than $140 million, the Air Force is poised to pull the plug on its ambitious project to send a king-sized, all-seeing spy blimp to Afghanistan. Which is a bit of a strange move: Not only is the scheduled first flight of the 370-foot-long “Blue Devil Block 2” airship less than six weeks away...

Not long ago, Blue Devil and its kind were being pushed as the future of aerial surveillance. Instead of a drone’s single sensor, Blue Devil would employ an array of cameras and eavesdropping gear to keep tabs on entire villages for days at a time. And with so much space aboard the airship, racks and racks of processors could process the data generated by those sensors in the sky, easing the burden on intelligence analysts currently overloaded by drones’ video feeds. Now, that lighter-than-air future could be in jeopardy, thanks to a series of schedule delays, technical complications and, above all, inflated costs. (more)

New Delhi Gummy Bugs

India - BJP on Friday dubbed the reports of alleged bugging of Defence Minister AK Antony's office as a "serious" matter which should be thoroughly probed and wondered what the reasons were for spying on the cabinet minister.

"The Defence Minister who is responsible for defending our borders, his own office borders are not secure. The reports of the bugging of his office is a matter of serious concern," BJP spokesperson Prakash Javadekar said.

The BJP pointed out that this is not the first case of bugging of the office of a Cabinet minister as there were earlier reports that Finance Minister Pranab Mukherjee's office was also bugged.

"Then, it was maintained that chewing gums were stuck at 12 places in the Finance Minister's office. We hope this time too, the same excuse is not made. This matter cannot be taken lightly and the truth should be told to the country," Javadekar said. (more

Sing along...

Thursday, March 1, 2012

Menwith Hill Eavesdropping Base Undergoes Massive Expansion

UK - America's largest eavesdropping centre in Britain, Menwith Hill in North Yorkshire, is being expanded in a multimillion-pound programme as it becomes increasingly vital to US intelligence and military operations, according to a study of the controversial base released on Thursday. 

The base, which plays a key role in the global network of the National Security Agency (NSA), GCHQ's American partner, now includes 33 radomes – commonly called "golf balls" after the white sheeting protecting the satellite receiving and transmission stations – and is undergoing a big construction programme.

The study describes the programme, called Project Phoenix, as "one of the largest and most sophisticated high technology programmes carried out anywhere in the UK over the last 10 years". Work on it has been reserved for US-based arms corporations including Lockheed Martin and Northrop Grumman, and their personnel with high-level security clearance, it notes. (more)

"Houston, we have a problem."

The "algorithms used to command and control the International Space Station" were lost when an unencrypted NASA laptop computer was stolen in March 2011. 

That tidbit came in testimony Wednesday delivered by NASA Inspector General Paul K. Martin as he reported on the space agency's IT security track record. The loss of the ISS command code was symbolic of one glaring deficiency: a lack of data encryption on mobile devices. (more)

IKEA Spy Inquiry

A French union on Thursday lodged a formal legal complaint against Swedish furniture giant IKEA accusing it of illegally spying on staff and customers, legal sources said. (more)

In the latest twist in a damaging ‘spying’ scandal, Swedish furniture giant IKEA was on Thursday accused of “harassing” its employees after media reports emerged Wednesday that the company had illegally obtained police files on French workers, clients and union leaders.
The latest allegations centre on a former employee who told Europe 1 radio that she had been asked to profile her colleagues and to keep the information on a USB key and to avoid leaving it on company computers “for security reasons”. (more)

Privacy Check: Google's Privacy Policy Changes on March 1

via pcworld.com...
If you use Gmail, Google Docs, or any other popular G-service, you’re about to surrender a lot more personal information to the Googleplex...unless you take these steps to prevent it. 
1. Check the Dashboard
Your first destination is Google Dashboard. It provides an overview of the information Google has stored on your account across many of its most popular services. To get started, go to google.com/dashboard and log in with your Google account (typically an email address). There, you can see much of the data that Google has on you--from your Google+ account to your Gmail account.

Take a few minutes to click through the various services and to review the information Google is storing. Then clear out any data you no longer want associated with your account.

2. Clear Your Google Web History

3. Tweak Your Ads Preferences

4. Liberate Your Data
If you want to remove some (but not all) of your personal data from multiple Google services, head over to Google Takeout, which lets you download a copy of your data from Google Buzz, Circles, Docs, Picasa Web Albums, Gmail contacts, and other tools and services. Get started by logging in to the Google Takeout page.

5. The Nuclear Option: Delete Your Google Account
(more)


Wednesday, February 29, 2012

Security Chief Sentenced in Explosion Probe

WV - A federal judge sentenced a former Massey Energy Co. security chief to three years in prison for obstructing a criminal probe into the 2010 explosion that killed 29 miners in the worst U.S. coal-mining disaster in four decades.

A jury in October convicted Hughie Elbert Stover of lying to federal investigators about a company policy of providing advance notice of federal inspections and of obstructing a federal criminal investigation into the blast by ordering the destruction of more than 50,000 documents. Mr. Stover, 60 year old, was the top security official at Massey's Upper Big Branch mine in Montcoal, W.Va., at the time of the explosion. (more)

FutureWatch - Light Field Cameras

The first consumer light field camera has just been released. You'll never take another out-of-focus picture again.

"The very first light fields were captured at Stanford University over 15 years ago. The most advanced light field research required a roomful of cameras tethered to a supercomputer. Today, Lytro completes the job of taking light fields out of the research lab and making them available for everyone, in the form of the world’s first Lytro Light Field Camera" 

FutureWatch: Imagine this technology incorporated into CCTV surveillance cameras. No more waiting for the lens to focus. No more out of focus license plates, no more windy day auto-focus cognitive dissonance, no more fuzzy pictures of perps. Instant point, shoot and gottcha pix.
Click to enlarge.

Special Agent T-Shirt Contest #3

Contest Closed - We have a winner.

Who is this famous wiretapper? (Enter here.)
(Hint: the answer can be found at spybusters.com)

Click to enlarge.
The prize - our Limited Edition Special Agent Black T-Shirt. (Size: X-Large)


Answer: Gerard "Cheesebox" Callahan

("How limited," I hear you say.)  
Well, there are only three in the whole world! (one medium, one large, one x-large) And, they will be awarded in that order. So if you're a big Special Agent, this is YOUR contest.

We designed this custom t-shirt ourselves! It's easy, go to ooShirts.com. They have a DIY on-line design lab! All types of t's, all colors, all prices. These are the Champion brand with the logo on the left sleeve.

Shady Rat - Cell Phone Malware

A former McAfee researcher has used a previously unknown hole in smartphone browsers to plant China-based malware that can record calls, pinpoint locations and access user texts and emails. 

Just as U.S. companies are coming to grips with threats to their computer networks emanating from cyber spies based in China, a noted expert is highlighting what he says is an even more pernicious vulnerability in smartphones.

Dmitri Alperovitch, the formerMcAfee Inc. cyber security researcher best known for identifying a widespread China-based cyber espionage operation dubbed Shady Rat, has used a previously unknown hole in smartphone browsers to plant China-based malware that can commandeer the device, record its calls, pinpoint its location and access user texts and emails. He conducted the experiment on a phone running Google Inc.'s Android operating system, although he says Apple Inc.'s iPhones are equally vulnerable. (more)