Saturday, August 11, 2012

"World domination. The same old dream. Our asylums are full of people who think they're Napoleon. Or God." - James Bond

NV - A Las Vegas tour company has launched a three-day, two-person Las Vegas bonding experience — as in James Bond.

The “Secret Agent 702” tour gives couples a chance to live the adventures of a spy, from soaring in helicopters to driving fast cars to zipping down wire cables.

The cost of being a secret agent: $6,800 for two people.

The package was developed by the Papillon Group, a Southern Nevada air tour operator that offers flights over the Strip, Hoover Dam and southwestern national parks. The tour company is partnering with Andre’s Restaurant and Lounge at the Monte Carlo, the Bank Nightclub at Bellagio, Dream Racing at the Las Vegas Motor Speedway, Flightlinez at Bootleg Canyon, the Light Group and Hotel32.

Secret Agent 702 “transforms mild-mannered Las Vegas visitors into sexy spies looking for the thrill of a lifetime,” company officials said in a release. (more)

Friday, August 10, 2012

The New York City Police Department now has "The most advanced and technological counter-terrorism bureau that anyone has ever seen."

NY - A new crime-tracking system designed jointly by the New York Police Department and Microsoft Corp. will pool existing data from cameras, 911 calls and other technologies to provide crime fighters with a comprehensive view of threats and criminal activity, as well as provide the city with a new revenue source.

The Domain Awareness System will be able to map suspects' movements and provide NYPD investigators and analysts with real-time crime alerts.

...the system will allow NYPD personnel to track a suspect's car, and find out where it's been located in the past days or weeks synthesizing archived video footage and license plate reader data. Other potential uses include mapping criminal history geospatially and chronologically to reveal patterns, and the ability to instantly see suspect arrest records, 911 calls associated with the suspect and related crimes occurring in the area. (more) (60 Minutes video) 
This afternoon the NYPD debuted their "all-seeing" Domain Awareness System, which syncs the city's 3,000 closed circuit camera feeds in Lower Manhattan, Midtown, and near bridges and tunnels with arrest records, 911 calls, license plate recognition technology, and even radiation detectors. Mayor Bloomberg dismissed concerns that this represented the most glaring example of Big Brother-style policing. "What you're seeing is what the private sector has used for a long time," Bloomberg said. "If you walk around with a cell phone, the cell phone company knows where you are…We're not your mom and pop's police department anymore."

NYPD Commissioner Ray Kelly stated that the system, which is currently operational out of the department's Lower Manhattan Security Commission HQ, was developed with a "state of the art privacy policy" and "working with the privacy community," but did not offer specifics. DAS does not have facial recognition technology at this time, but "it's something that's very close to being developed," the mayor said.  

The system was developed with Microsoft and paid for by the city for $30 to $40 million, and has already been in use for six months. The feeds compiled by the system are kept for thirty days, then erased.

The City will receive 30% on the profits Microsoft will make selling it to other cities, although Mayor Bloomberg declined to say if that money would go back into the NYPD. "Maybe we'll even make a few bucks." (more)

Lo-Jack Your Car, Kids, Pets... Anything!

from the manufacturer... 
"Simply give the PocketFinder GPS tracker to a person or attach it to your pet or vehicle and locate the devices from our website or on your smartphone with our iOS® and Android® apps.

PocketFinder features work even while you’re not thinking about them. Best of all, they’re simple to use! Geo-fence zones, speed limits, alerts, history and power features will maximize how much value you get from using the devices." (more)

Wednesday, August 8, 2012

FutureWatch: Telephones That Spot Scams

Nagoya University and Fujitsu first announced a research partnership in November 2009 aimed at developing automated technology to identify situations where one party might overtrust the other. 

In March of this year, the team announced the successful development of the world's first system capable of analyzing phone conversations and automatically highlighting suspect situations. The system looks for changes in a caller's voice pitch and level, together with keywords often used and repeated in phone scams.

Subsequent verification simulation testing undertaken in collaboration with the National Police Agency of Japan and the Bank of Nagoya found the technology to be over 90 percent accurate in detecting situations of overtrust. Now the research team is about to enter field trials of the system. (more
  

Eavesdropping History - Nixon Resigns

On Aug. 8, 1974, President Richard Nixon announced he would resign following damaging revelations in the Watergate scandal.

Tuesday, August 7, 2012

How to Prevent Corporate Espionage... in a nutshell

Corporate espionage is nothing new... 

The global economy has widened the playing field and raised the stakes for corporate competition and espionage, both defensive and offensive. American companies, big and small, lose billions of dollars a year through corporate espionage... Those who don’t actively pay attention to it and protect their businesses become easy targets for their competitors near and far. (more)

Instant Action Plan
1. Identify Your Information - paper, visual, oral and electronic
2. Guard Your Information - a comprehensive risk management plan
3. Test Your Information - test with simulated attacks on all four dimensions of information
4. Invest in Surveillance - CCTV, access control, and of course, electronic surveillance detection

A good information security consultant will help you with all of this.

Attention all Capitol Hill legislative researchers working on improving economic espionage laws...

The U.S. House of Representatives is considering new legislation concerning economic espionage. (more)

Attention all Capitol Hill legislative researchers...
Here is some background information and a fresh idea worthy of your consideration.

Any questions? Let's talk. ~Kevin

Saturday, August 4, 2012

Illinois Eavesdropping Law Judged Unconstitutional

An Illinois judge ruled last week that the state’s eavesdropping law – one of the broadest restrictions on audio recording in the nation – is unconstitutional.

The decision granted a request for dismissal made by Annabel K. Melongo, a 39-year old woman who faced criminal charges under the Illinois Eavesdropping Act. The controversial law criminalizes the audio recording of any communication without the consent of all parties involved, regardless of whether the conversation was intended to be private. Melongo, who is representing herself in court, recorded three phone calls with a clerk at the Cook County Court Reporter’s office in Illinois without consent and posted them on her watchdog website in 2010, incurring six charges of eavesdropping.

The eavesdropping law in Illinois “appears to be vague, restrictive and makes innocent conduct subject to prosecution,” wrote Circuit Court Judge Steven J. Goebel of Chicago in his ruling that was filed on July 26. “[T]he fault of the Statute is that it does not require an accompanying culpable mental state or criminal purpose for a person to be convicted of a felony.” (more)

Friday, August 3, 2012

DIY - Android Cell Phone Spyware Kit Coming Soon

Android continues to prove irresistible to the hacker community, which seems intent on finding ever newer, more innovative ways to exploit security holes in the open source mobile platform.

Now a new threat to Android may be on the horizon: A pair of security researchers are planning to make public next month a modular, open source framework called AFE (Android Framework for Exploitation) that bad guys can use to build and tailor Android malware to suit their tastes...

With AFE, according to the duo's description, a hacker can quickly cobble together malware capable of at least 20 different feats, including retrieving a user's call logs, contact information, and the content of his or her mailbox; swiping SD card contents; sending text messages; viewing browsing habits; recording phone conversations; capturing images with the affected device's camera; running root exploits; accessing the device's GPS location; and remotely dialing any number from the hijacked device.

In addition, the duo have created templates to mask the malware as legitimate apps such as File Explorer, Tic Tac Toe, and a jokes app. Users of the framework can add their own.

"For a basic effort at writing malware, that's not even really trying hard, you can make $10,000 a month," Gupta told SC Magazine. (more)  

...and for the price of a book it can all be thwarted.

Snitch on a Spy Site and Get Booked

If you have insights about spy sites around the country, H. Keith Melton and Robert Wallace want to talk to you.

They are just about to publish their new book, Spy Sites of New York City, and are planning future editions.

Here's the pitch...

U.S. Spies Probably Won’t Blow Up Our Airplanes, TSA Concludes

For years, America’s spies had to take off their shoes before they got on planes, just like the rest of us. 

No more. 

The Transportation Security Administration has quietly enrolled government employees at three of the nation’s intelligence agencies in a program that allows them to pass through airport security with less hassle. (more)

CIA Launches New Museum Gallery

The Central Intelligence Agency launched an enhanced and redesigned online gallery to highlight the Agency’s museum and its holdings.

The enhanced museum virtual gallery provides new content and a fresh look at exhibits few members of the public get the chance to see because they are located at our headquarters compound.

 

The online exhibit shares how some technologies developed for CIA ultimately benefited the public. For example, battery-technology advances led to new and efficient means to power medical devices and consumer goods—like pacemakers and digital cameras—and technology developed to help analyze satellite imagery now aids radiologists in comparing digital x-ray images for the detection of breast cancer. (more)

Mobile users can see the new museum pages here.

Few CPR Their Firmware Against Printer Hack Attacks

Despite staged malware attack seven months ago, one in four HP laser jet printers still have default password settings.

Using freely available information and a budget of $2,000 (£1,280), professor Salvatore Stolfo and researcher Ang Cui from Columbia University's appropriately named Intrusion Detection System Laboratory used the printer's remote firmware update to install potentially crippling malware that could even be targeted to destroy the device itself. 

While HP did challenge what turned out to be aspects of the way the demonstration was reported, the company took the conclusions seriously, acting quickly and with "diligence" to issue more than 56 firmware updates.

However, seven months later... only 1–2% (of printers connected to the Internet) have been updated. Of those, one in four is still using default password settings for printer updates.

...other brands may be just as vulnerable...

The key flaw comes because printers now have capabilities that let them receive documents from the cloud – in effect, emails. 

...perhaps the "the safest bet is just not to be connected to the internet in the first place." (more)

The Strange Case of the Bugging Billboard

Australia - Police are investigating rumours that the offices of the Greater Shepparton City Council, in northern Victoria, have been bugged.

Police say they have six recordings in their possession and the council is urging anyone with information to come forward.

An electronic billboard facing Shepparton's busiest intersection is saying information about councillors is about to be publicly leaked. (more)

Can't wait to see how this turns out.

Thursday, August 2, 2012

The USB Stick-it-to-ya - Bad Practical Joke or Brilliant Security?

Imagine this...
You come into the possession of a USB memory stick. You think it has valuable information on it. Not your information, but valuable nonetheless.

You're smart enough to know it might contain spyware so you plug it into an isolated computer where spyware can do no harm. Then... Fab-a-dab-a-ZAP! Fizzle. Smoke. WTF?!?!

Your USB port is fried.

You inspect the stick more closely and pop open the cover. Someone has soldered all four of the output pins together! Grrr, a 100% short circuit. 

Bad practical joke or brilliant security? You decide.

Did the owner safeguard the information (the solder can be removed quite easily) in case of accidental loss, or did the owner just set you up for a nasty surprise?

Removing the solder and analyzing the information on the stick might yield the answer.

Why do I mention this? 
1. It is another reason to avoid USB sticks from untrusted or unknown sources.
2. It's a true story.

~Kevin