Saturday, March 3, 2012

Spy School - Monitor a Twitter Account Without Following It

Investigator's Tip: "Monitoring an opponent’s Twitter account is an important part of opposition research. If you would like to keep up with someone’s Tweets, but not actually publicly follow the author, try using Twitter to RSS. This service allows you to enter the name of a public Twitter account and create an RSS feed for popular RSS readers like Google Reader, Yahoo, Bloglines, and Newsgator." — Larry Zilliox, Investigative Research Specialists, LLC

Privacy Tip:  
Don't be a twit. Make your sweet tweets private.
Read up on how to protect your tweets here
and don't approve any "twitter to RSS" requests.

NSA-Level Cell Phone Security (No, you can't have one.)

The US National Security Agency has modified Google’s Android operating system to create smart phones that use powerful encryption to protect every call. The “Fishbowl” devices were announced today at the RSA security conference in San Francisco by Margaret Salter, the agency’s Technical Director, who said she hoped to encourage companies to adopt some of ideas used in the system.

Such was the interest in the NSA’s presentation that this reporter – and most others – weren't able to gain access to the room where the demo was held. Australian IT publication SC Magazine did, though, reporting that Salter said 100 Fishbowl phones are being used to test the new technology. The Fishbowl phones allow fully encrypted calls that can be used to discuss the most classified information. Commercially available phones would require NSA employees to “speak in code”, SC say.
 
The NSA has made rough specifications of the system available online. They show that Fishbowl phones make calls using a Skype-style VOIP app that routes connections through NSA servers. (more)

Just in time to celebrate "International Speak Like A Spy Day"


We use words to tell each other what we mean. Words illuminate reality. But sometimes, and it seems increasingly so in these troubled times, words can be used to conceal truth.

This is why “The Dictionary of Espionage” is so timely and will appeal to the average citizen who is made vaguely uneasy when he is told that his government is engaged in “surgical strikes” against our enemies, which on occasion, unfortunately, result in “collateral damage” - that is, the U.S. government set out to kill someone but ended up killing someone else.

In this accessibly written book, Washington author Joseph C. Goulden illuminates and defines much of the standard jargon of the intelligence community with refreshing asides about many of spying’s urban legends - many of which may or may not be true

Informed by remarkable access to the intelligence community, the book, first issued in 1986, has been significantly updated and contains a foreword by Peter Earnest, the founding executive director of the International Spy Museum in Washington and a former CIA operations officer. (more)

Friday, March 2, 2012

Smartphone Spyware Reaches the Drive-By Infection Stage

(summary) A team of researchers infected a Google Android smartphone, live, in front of a packed audience of computer security buffs to prove how mobile malware is now on the cusp of the big time... "drive-by" attack...the attack did not require a phone be jailbroken and would work on any of the devices using Webkit*...such an attack would be possible on the iPhone because of the root access obtained via the browser vulnerability...the point we are making: drive-by attacks will hit the phone just like the PCs. 

The technique: The attack followed several steps: the first was a text message delivered to the smartphone appearing to come from the mobile carrier requesting a system update via a link. Once clicked, the drive-by link delivered the first part of the malware to the phone to elevate access (root) privilege, then cause it to crash. It then automatically rebooted, executing the second part of the malware and hijacking the phone's communications. (more)

* Webkit - "Webkit is a tool used by Apple, Google and RIM to render HTML websites in Safari, Chrome and Android, and the latest versions of the BlackBerry."

Now that you know how this works, I'm sure you won't click on any text links unless you are 100% certain are safe. ~Kevin

Young Lawyers Win Suit Against Secret Wiretapping Powers

Georgia’s Constitutional Court has decided that parliament did not have the right to give prosecutors powers to conduct secret wiretappings.

Tamar Khidasheli and Georgian Young Lawyers Association filed a lawsuit at the Constitutional Court regarding the law of Georgia on Operational Investigative Activities, which gave the police extended powers during investigation. (more)

Colombia-Gate Continues

Colombia - Bernardo Moreno, former President Alvaro Uribe's then-chief of staff ordered the illegal wiretapping of judges, senators, and journalists, the former intelligence chief of Colombia's now-defunct intelligence agency DAS told the court Wednesday.

Former DAS executive Fernando Tabares reiterated the accusations in the trial against Mario Arangunen, the former director of Colombia's financial intelligence agency UIAF who is on trial for his alleged involvement in the wiretap scandal. (more)

Fernando Tabares news archive / Wiretap scandal news archive

Judge Declares Illinois Eavesdropping Law Unconstitutional

IL - A Cook County Judge declared the state’s eavesdropping law unconstitutional Friday.

Judge Stanley J. Sacks read his ruling in the case of Christopher Drew, a Chicago artist who was charged with felony eavesdropping after he recorded his Dec. 2, 2009, arrest on State Street by Chicago Police.

“The Illinois Eavesdropping Statute potentially punishes as a felony a wide array of wholly innocent conduct,” he read. “A parent making an audio recording of their child’s soccer game, but in doing so happens to record nearby conversations, would be in violation of the Eavesdropping Statute.” (more)

$140 Million Surveillance Balloon Popped

After spending more than $140 million, the Air Force is poised to pull the plug on its ambitious project to send a king-sized, all-seeing spy blimp to Afghanistan. Which is a bit of a strange move: Not only is the scheduled first flight of the 370-foot-long “Blue Devil Block 2” airship less than six weeks away...

Not long ago, Blue Devil and its kind were being pushed as the future of aerial surveillance. Instead of a drone’s single sensor, Blue Devil would employ an array of cameras and eavesdropping gear to keep tabs on entire villages for days at a time. And with so much space aboard the airship, racks and racks of processors could process the data generated by those sensors in the sky, easing the burden on intelligence analysts currently overloaded by drones’ video feeds. Now, that lighter-than-air future could be in jeopardy, thanks to a series of schedule delays, technical complications and, above all, inflated costs. (more)

New Delhi Gummy Bugs

India - BJP on Friday dubbed the reports of alleged bugging of Defence Minister AK Antony's office as a "serious" matter which should be thoroughly probed and wondered what the reasons were for spying on the cabinet minister.

"The Defence Minister who is responsible for defending our borders, his own office borders are not secure. The reports of the bugging of his office is a matter of serious concern," BJP spokesperson Prakash Javadekar said.

The BJP pointed out that this is not the first case of bugging of the office of a Cabinet minister as there were earlier reports that Finance Minister Pranab Mukherjee's office was also bugged.

"Then, it was maintained that chewing gums were stuck at 12 places in the Finance Minister's office. We hope this time too, the same excuse is not made. This matter cannot be taken lightly and the truth should be told to the country," Javadekar said. (more

Sing along...

Thursday, March 1, 2012

Menwith Hill Eavesdropping Base Undergoes Massive Expansion

UK - America's largest eavesdropping centre in Britain, Menwith Hill in North Yorkshire, is being expanded in a multimillion-pound programme as it becomes increasingly vital to US intelligence and military operations, according to a study of the controversial base released on Thursday. 

The base, which plays a key role in the global network of the National Security Agency (NSA), GCHQ's American partner, now includes 33 radomes – commonly called "golf balls" after the white sheeting protecting the satellite receiving and transmission stations – and is undergoing a big construction programme.

The study describes the programme, called Project Phoenix, as "one of the largest and most sophisticated high technology programmes carried out anywhere in the UK over the last 10 years". Work on it has been reserved for US-based arms corporations including Lockheed Martin and Northrop Grumman, and their personnel with high-level security clearance, it notes. (more)

"Houston, we have a problem."

The "algorithms used to command and control the International Space Station" were lost when an unencrypted NASA laptop computer was stolen in March 2011. 

That tidbit came in testimony Wednesday delivered by NASA Inspector General Paul K. Martin as he reported on the space agency's IT security track record. The loss of the ISS command code was symbolic of one glaring deficiency: a lack of data encryption on mobile devices. (more)

IKEA Spy Inquiry

A French union on Thursday lodged a formal legal complaint against Swedish furniture giant IKEA accusing it of illegally spying on staff and customers, legal sources said. (more)

In the latest twist in a damaging ‘spying’ scandal, Swedish furniture giant IKEA was on Thursday accused of “harassing” its employees after media reports emerged Wednesday that the company had illegally obtained police files on French workers, clients and union leaders.
The latest allegations centre on a former employee who told Europe 1 radio that she had been asked to profile her colleagues and to keep the information on a USB key and to avoid leaving it on company computers “for security reasons”. (more)

Privacy Check: Google's Privacy Policy Changes on March 1

via pcworld.com...
If you use Gmail, Google Docs, or any other popular G-service, you’re about to surrender a lot more personal information to the Googleplex...unless you take these steps to prevent it. 
1. Check the Dashboard
Your first destination is Google Dashboard. It provides an overview of the information Google has stored on your account across many of its most popular services. To get started, go to google.com/dashboard and log in with your Google account (typically an email address). There, you can see much of the data that Google has on you--from your Google+ account to your Gmail account.

Take a few minutes to click through the various services and to review the information Google is storing. Then clear out any data you no longer want associated with your account.

2. Clear Your Google Web History

3. Tweak Your Ads Preferences

4. Liberate Your Data
If you want to remove some (but not all) of your personal data from multiple Google services, head over to Google Takeout, which lets you download a copy of your data from Google Buzz, Circles, Docs, Picasa Web Albums, Gmail contacts, and other tools and services. Get started by logging in to the Google Takeout page.

5. The Nuclear Option: Delete Your Google Account
(more)


Wednesday, February 29, 2012

Security Chief Sentenced in Explosion Probe

WV - A federal judge sentenced a former Massey Energy Co. security chief to three years in prison for obstructing a criminal probe into the 2010 explosion that killed 29 miners in the worst U.S. coal-mining disaster in four decades.

A jury in October convicted Hughie Elbert Stover of lying to federal investigators about a company policy of providing advance notice of federal inspections and of obstructing a federal criminal investigation into the blast by ordering the destruction of more than 50,000 documents. Mr. Stover, 60 year old, was the top security official at Massey's Upper Big Branch mine in Montcoal, W.Va., at the time of the explosion. (more)

FutureWatch - Light Field Cameras

The first consumer light field camera has just been released. You'll never take another out-of-focus picture again.

"The very first light fields were captured at Stanford University over 15 years ago. The most advanced light field research required a roomful of cameras tethered to a supercomputer. Today, Lytro completes the job of taking light fields out of the research lab and making them available for everyone, in the form of the world’s first Lytro Light Field Camera" 

FutureWatch: Imagine this technology incorporated into CCTV surveillance cameras. No more waiting for the lens to focus. No more out of focus license plates, no more windy day auto-focus cognitive dissonance, no more fuzzy pictures of perps. Instant point, shoot and gottcha pix.
Click to enlarge.