Thursday, May 24, 2012

FutureWatch: Canada's CALEA

Canada - As authorities in the United States and United Kingdom push for greater Internet surveillance powers, the Canadian government is locked in its own controversial struggle to wiretap the Web.

Canada’s C-30 surveillance bill is much like the FBI’s recently revealed effort to force Internet communications providers such as Skype and Facebook to provide “back doors” for eavesdropping. In some cases, the Canadian legislation would allow police to obtain user data without a warrant. C-30 had appeared dead following a Supreme Court ruling in April that deemed warrantless wiretaps unconstitutional, plus a storm of opposition from privacy groups. But the government said last week it is still moving forward with the plan.

Now, new documents obtained under Access to Information laws have revealed Canada’s largest telecoms providers held secret meetings with government officials about the wiretapping proposals. The documents show that after forming a behind-closed-doors working group, the companies and government officials discussed the technical reality of introducing new mass eavesdropping capabilities in fascinating detail. (more)

Bugs found at Russian cultural center in Estonia

Estonia - A wiretapping device has been found in a cultural center for Russian-speaking Estonian citizens in Tallinn. The NGO is run by the mother of the city’s vice mayor, who is suspected of lobbying for Russian interests in the Baltic country.

The wiretap, discovered Tuesday, is the second such device found in the Lira cultural and sports center, after a thorough inspection carried out by center’s security.

The first eavesdropping device, which was clumsily wired into the facility’s alarm system, was found on May 15. Inspectors believe the bugs were installed between September and December 2011. The police opened an investigation but so far no official statements have been made on the issue. (more)

Wednesday, May 23, 2012

No Sir'ee. No Siri here. Seri-ously!

If you work for IBM, you can bring your iPhone to work, but forget about using the phone’s voice-activated digital assistant. Siri isn’t welcome on Big Blue’s networks.

The reason? Siri ships everything you say to her to a big data center in Maiden, North Carolina. And the story of what really happens to all of your Siri-launched searches, e-mail messages and inappropriate jokes is a bit of a black box.

IBM CIO Jeanette Horan told MIT’s Technology Review this week that her company has banned Siri outright because, according to the magazine, “The company worries that the spoken queries might be stored somewhere.”

It turns out that Horan is right to worry. In fact, Apple’s iPhone Software License Agreement spells this out: “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text,” Apple says. Siri collects a bunch of other information — names of people from your address book and other unspecified user data, all to help Siri do a better job. 

How long does Apple store all of this stuff, and who gets a look at it? Well, the company doesn’t actually say. (ask Siri!) (more)

Cell Phone Door Key App?!?!

via Gizmodo.com...
"The UniKey app transmits a Bluetooth signal from the user’s iPhone, Android or BlackBerry smartphone, which is picked up by a paired UniKey deadbolt lock as it is approached by the user. 

All the user has to do when they subsequently reach the door is simply touch the outer surface of the lock, at which point the bolt will electronically withdraw. A touch of the lock can likewise be used to engage it when the user is leaving.

While not having to dig out a key and stick it in the lock may be somewhat convenient, what’s more intriguing is the system’s ability to send, revoke, and limit access to virtual “copies” of the key." (more)

Cell Phone Tracking Trick Explained

Stingrays locate a mobile phone even when it's not being used to make a call.  


The Federal Bureau of Investigation considers the devices to be so critical that it has a policy of deleting the data gathered in their use, mainly to keep suspects in the dark about their capabilities, an FBI official told The Wall Street Journal in response to inquiries. (more)

Out of Bond - Spy Movie Web Site Just Launched

 via spymaniac.com...
"Spymaniac.com, the ultimate online guide to all your favorite spy flicks. 

What’s fact, what’s fiction? History or fantasy? Which are the best spy films and why? The outrageous duds? Did the James Bond movies have any impact on real life? And would Angelina Jolie’s Evelyn Salt have learned all those stunts at the Farm?

Get answers to these and other questions here. Share your faves and reviews on Spymaniac.com, and discover great films you may never have heard about. Spymaniac is your community for exploring and sharing spy films, which are rated from zero daggers (worst) to five daggers (best)." (more)

Turkey Bird Spy Found Dead

Turkey - In the latest bizarre espionage claim leveled at Israeli intelligence services, Turkish authorities claimed that a dead bird found by a Turkish farmer in a field may have been conducting covert surveillance for Israel.

Merops apiaster
Merops apiaster
The dead Merops apiaster bird -- commonly known as the European Bee-Eater -- was discovered by the Turkish farmer wearing a band on its leg with the word "Israel" written on it.

The bird also had "unusually large nostrils," leading to speculation that it was implanted with a surveillance device and sent to Turkey on an aerial espionage mission. (more)

Tuesday, May 22, 2012

"How Much Is Your Privacy Worth?"

"How Much Is Your Privacy Worth?" just opened at The Dutch Museum of Communications located in The Hague, Netherlands.

Illustrator and graphic designer Noma Bar designed this and other posters for the museum, which conducted research into the theme of privacy for its latest exhibition.
 
...the museum conducted an official survey, the results of which are now displayed in the museum and on its website. They also conducted a series of street interviews. Bar used some of the findings to create the posters. 

The following is a little cryptic due to Google's translation abilities, but you'll get the idea...

"The Museum for Communication pays special attention to the issue of privacy. Ruigrok research was commissioned by the museum research into the value of privacy among the Dutch public. Following this study, street interviews. The street interviews are presented in the museum, including exhibitions in the WE Blog, the Empire of back and forth Letter Secrets is the theme.
 
Of course, also to the visitor the question "How much is your privacy worth?" Made. In exchange for personal information they receive discounts on admission."

Private Investigator Blogs Worth Checking Out

I came across a blog by Sheer Investigations. It is worth checking out. Don't know how they scooped me with this photo. Well done! Many more interesting posts there, too.
 
Other well respected investigations blogs. (As compiled by PInow.com; and a great blog in and of itself.) and many more. Explore!

Monday, May 21, 2012

Security Tip: On Keeping Your Perscriptions Private

via a Security Scrapbook Blue Blaze Irregular... (Thanks!)

"To get the label off the bottle just fill the empty pill bottle with boiling hot water. The glue will soften and you can then pull it off the bottle easy. You can then apply the label to a piece of scrap paper and shred it. 

What one does with the now empty and very clean pill bottle is up to the person."

Breaking Spy Cam News - Rutgers Student Sentenced

11:27 AM - Dharun Ravi could face 10 years in prison and be deported to his native India when he is sentenced Monday for spying on and intimidating his gay Rutgers University roommate, who then killed himself by jumping off New York's George Washington Bridge.

12:49 PM - Ex-Rutgers student Dharun Ravi gets 30 days in jail for using webcam to spy on roommate who later killed himself. (more)

Android Malware ...using real apps as disguise 'wrappers'

The ominous trend is that quarter-on-quarter malware is not only getting more common but more sophisticated. 

An important technique is the use app ‘wrappers’ to allay the suspicion of users that rogue software might have been installed. These work by bundling legitimate apps with malware in order to gain permissions without the user understanding what it is being granted for. (more) (sing-a-long)

Trend Spotting - Chief Spies Become Political Leaders

Croatia's main opposition party HDZ elected former spy chief Tomislav Karamarko as its leader on Monday... (more)

George H.W. Bush, ex-CIA; former American President
Heydar Aliyev, Former head of Azerbaijan SSR KGB; former Azerbaijani President 
Vladimir Putin, Lieutenant colonel KGB, FSB director; Russian President (again)
Leonid Tibilov, former KGB chief; President, South Ossetia

Industrial Espionage Charges - A Public Relations Nightmare

John Donovan says, "Shell is notorious for its predatory appetite for the intellectual property of other organizations, its business partners, contractors, etc. Industrial espionage is a way of life at Shell. Shell management has apparently even targeted the US defense establishment," and then he goes on to post: Another alleged case of IP theft hits Royal Dutch Shell

Geezzz, true or not, who needs that kind of publicity?!?!

How can you protect your organization against accusations of industrial espionage?

Step 1. Start by writing business ethics into your corporate Credo. This codifies your standards for all the world to see. It is an especially good anchor for employees.
 
Don't have a Credo? 
Don't know where it fits into the picture? 

"The Credo ties the company’s Vision to the company’s Mission and Values Statements. The Vision could be seen as the way the entrepreneur sees his company in the future general business environment. The Mission is what he intends to create to secure his place in the Vision. The Values statement indicates what the parameters of operation look like while attempting to achieve these goals. The Credo tells the reader how the company intends to execute these goals. It could be seen as the way the objectives can be reached to realize the Mission inside of the Vision while adhering to certain Values."

Step 2. Post your Credo where it can be see and read by all employees, often. Johnson & Johnson is one company which does this very well.

Step 3. Aggressively investigate all alleged deviations. Make corrections swiftly if the allegations are true.

Step 4. Institute a regular schedule of intellectual property (IP) security surveys, coupled with Technical Surveillance Countermeasures (TSCM) audits. 

Don't be covert about it. The benefits are many...
• The impression that IP theft is bad, as opposed to being an unspoken business practice, is reinforced. 
• Employees see you caring about their privacy. They appreciate that.
• They see that you value the IP assets which makes your company strong, and assures their continued employment. 
• Caring is contagious. If you care, employees will care, and they will assist and support your security initiatives with more enthusiasm. Apple is an excellent example of Step 4.
• You create a safe environment where ideas and strategies can be discussed and developed without fear or compromise.
• And, maybe most important of all, you will thwart IP theft, thus making your company more profitable. Stockholders love that.

Cell Phone SpyWare App is Vulnerable to... being spied upon!

The irony is too significant to ignore: A smartphone app that enables customers to spy on others' phones may itself be vulnerable to attackers looking to spy on them.

The surveillance app, called "Mobile Spy," is designed to let its customers monitor the information, including text messages, GPS location and call logs, of other phones installed with the app. That private info is then uploaded to the app user's account and can be viewed in any Web browser, either on a computer or phone.

Unfortunately for those doing the watching, Mobile Spy contains several security vulnerabilities that allow an attacker to inject malicious code into the target's phone, via SMS message, and hijack their spy session, according to researchers at Vulnerability Lab, who disclosed the flaws. (more)