Sunday, October 21, 2012

Common Problem - Technology Outpaces Spies

Australia's domestic spy agency has revealed there have been intelligence failures in recent years because of changing technology. 

Speaking exclusively to Radio National's Background Briefing program, Australian Security Intelligence Organisation (ASIO) director-general David Irvine says new ways of communicating electronically are white-anting* his agency's surveillance powers.

"We have had not near misses, we have had misses," he said.

"In recent years there have been instances where devices have been used or devices have been used that we didn't know about, and we have missed information. (more) (Audio: Law expert George Williams talks to PM (PM) )


* - An Australian term for the process of internal erosion of a foundation.

Saturday, October 20, 2012

Today in Eavesdropping History

On Oct. 20, 1973, in the so-called Saturday Night Massacre, President Nixon abolished the office of special Watergate prosecutor Archibald Cox, accepted the resignation of Attorney General Elliot L. Richardson and fired Deputy Attorney General William B. Ruckelshaus. (more)

Wednesday, October 17, 2012

Chinese Communications Equipment Maker ZTE Cuts Connection with Surveillance Equipment Maker ZTEsec

Chinese telecoms kit maker ZTE has sold its majority stake in ZTE Special Equipment (ZTEsec) – a company that sells surveillance systems.

The under-fire Shenzhen-based firm said in a little-publicized filing with the Hong Kong Stock Exchange at the end of September that it would “dispose of its 68 per cent equity interests” in ZTEsec. (more)

Apparently not in time to impress Congress. (pdf of report)

Tuesday, October 16, 2012

Silent Circle Has Launched - An Affordable Secure Communications Package

Their opening salvo...
"We want to fight for your right to privacy. We are pushing back against the tide of surveillance. We don’t like oppressive regimes, indiscriminate wiretapping, big brother, data criminals, intellectual property theft, identity thieves or governments that persecute their citizens for saying or writing their opinions." Silent Circle


Services:
Silent Phone
Silent Text (with a self-destructing feature)
Silent Eyes (video call encryption)
Silent Mail (coming soon)
All sold together as Silent Suite for $20.00 per month.


Coming Soon...

"Worldwide Secure Communications with the Secure Business Package brings together the entire Silent Circle suite of products. Not only is this an Encrypted Secure Calling Plan – it's also extremely cost effective compared to today's un-secure VoIP calling plans. The average large domestic carrier basic cell phone plan is about $40 a month with low minutes, low data and un-secure calls. With our Secure Business Package you can have peace of mind that you are communicating securely without worrying about your minutes. In today's market, unlimited calling and data plans with the major cell carriers cost over $120 a month – with our Secure Business Package at $49 per month, on top of a basic carrier plan of around $40 per month, is still much cheaper than today's unlimited carrier plans – and it's SECURE."

ENTERPRISE SOLUTIONS
"In today’s highly-connected International business realm, even small to moderate sized businesses have international employees, offices and partners. Silent Circle was developed and designed to help stop the theft of personal and corporate Intellectual Property, to defeat a critical piece of the Bring Your Own Device (BYOD) issue and to provide a true commercial Software-as-a-Service model for secure communications."

FutureWatch: Like the telephone itself, having one is useless, having two useful. Having millions of subscribers makes it an imperative.


If and when this product scales up, will there be any reason to communicate insecurely? Will the word wiretap join the lexicon graveyard along with galoshes, spitoon and fedora? The answer may depend upon two live-wire words... government regulation

For now, anyway, this is great progress. ~Kevin

Monday, October 15, 2012

Future Room Lighting to Double as Light "Wi-Fi"... or eavesdropping device.

VLC transmits data wirelessly using visible light as its medium instead of radio waves... Harold Haas, professor of Mobile Communications at the University of Edinburgh, successfully demonstrated the VLC technology at a TED conference. He streamed a HD video to a screen using a LED light bulb as transmitter.

Haas co-founded PureVLC, a corporate spin-off of the university’s research project, to turn the technology into commercially viable devices. The company is now beta-testing its first product: the Smart Lighting Development Kit (SLDK)...
 
Because the light changes superfast it is invisible to the human eye and can still function as normal lighting.

A standard Ethernet port connects the ceiling unit to a data network. The unit encodes the data onto the current feeding the LEDs. The desktop unit receives the data, decodes it and transfers it to a laptop or desktop computer. It can also send data to the ceiling unit. (more)

Privacy Tip: Turn OFF Advertiser Tracking in iPhone iOS6

In iOS6, tracking for advertisers has been turned ON by default.

The new "features" are called:
  • identifierForAdvertising (IDFA) which is a cross-app/publisher identifier
  • identifierForVendor (IDFV) which is a publisher-specific identifier
You can read more about it here, but this is what you want to know if you don't want to be tracked...

In Settings, navigate to General / About / Advertising, then... flip the switch to ON. 

This is not listed under Privacy. It is tucked away in an unlikely corner. It is ON by default. And, to turn it OFF, you have to turn it ON. Weird, huh? Smell a rat? ~Kevin

Experimental App Sends 3D Photos of Your Office to Spies, Your Home to Burglars*

via MIT Technology Review...
...smartphones are increasingly targeted by malware designed to exploit this newfound power. Examples include software that listens for spoken credit card numbers (
Soundminer malware) or uses the on-board accelerometers to monitor credit card details entered as keystrokes (steal keystrokes).

Today Robert Templeman at the Naval Surface Warfare Center in Crane, Indiana, and a few pals at Indiana University reveal an entirely new class of 'visual malware' capable of recording and reconstructing a user's environment in 3D. This then allows the theft of virtual objects such as financial information, data on computer screens and identity-related information. (It even turns of the shutter noise when taking photos.)

Templeman and co call their visual malware PlaceRaider and have created it as an app capable of running in the background of any smartphone using the Android 2.3 operating system. (more)


* Just two scary imagined use for this app.
Want to know more?
We've got their paper right here

Friday, October 12, 2012

Losing Face if Book is Thrown at Them

...via seekingalpha.com...
The case was highlighted in an article by Bloomberg titled "Facebook Seeks Dismissal of $15 Billion Privacy Suit". Here is an excerpt of the action:

NATURE OF THE ACTION
1.This class action lawsuit, seeking in excess of $15 billion in damages and injunctive relief brought by, and on behalf of, similarly situated individuals domiciled in the United States who had active Facebook, Inc. accounts from May 27, 2010 through September 26, 2011...


We added the bold type above to highlight who can be part of the "class". We recommend a thorough read of the case to all interested parties to see who may qualify to participate as part of the "class". In our opinion, the legal question posed by this case is potentially more harmful than the other shareholder suits outlined by the Wall Street Journal's article: "Facebook's Next Fight: Suits, and More Suits".

The privacy "wiretapping" lawsuit accuses Facebook of secretly tracking users' Internet activity after they log out of their Facebook accounts. This is done using "cookies" which are activated when a user logs into a Facebook account. These cookies can also be used by hackers in intercepting a user's data which is yet another privacy concern. Facebook has filed a motion to dimiss the suit for lack of establishing a Facebook user's harm. We believe that the value of one's privacy is "priceless". The suit accuses Facebook of violating federal wiretap laws with statutory damages per user of $100 per day per violation, up to $10,000 per user. With over a billion users, let's assume that the court decides that $10,000 is too much to award to each user and asserts the $100 floor per user, this would equate to $100 billion in damages and would wipe out more than all the equity in FB.

While this may seem highly speculative at first blush, according to the Wiretap Act, it's a crime for anyone that is not a party to a communication to be eavesdropping. If a crime in this case is established, Facebook could be ordered to shut down much like Kim Dotcom's Megaupload shutdown which was based on violation of US Copyright laws. In addition, the "wiretapping" lawsuit also charges that Facebook is violating the Stored Communications Act and the Computer Fraud and Abuse Act. Any way you look at this battle, it seems like a high stakes issue for Facebook which is not seriously being weighed by investors.... yet. (more)

Thursday, October 11, 2012

He Can Open Your Hotel Room Lock with a Magic Marking Pen

...of course, its no ordinary marker...
Matthew Jakubowski, a security researcher, posted a video on YouTube which shows how anyone can build a pocket-sized device to open the lock on an estimated 4 million hotel rooms.

The magic marking pen exploits an Onity lock
vulnerability, used on millions of hotel room doors. (more)

 
As you can see, card-key door locks can be hacked. But did you know, one can open the internal door privacy latch using nothing more than the plastic 'do not disturb' sign hanging on the outside door handle?!?! (Yes, they can come in while you are in the shower.) 

Hotel safes are equally insecure, a paper clip can open some of them, others have commonly known default passcodes. Most also have an Ethernet port which can be hacked, and/or a hidden keyway, which can be picked. All these security loopholes are in addition to the legitimate hotel staff's master keys for opening both doors and safes. 

In short, your hotel room is easy pickings when it comes to a concerted espionage attack. 

One of our many travel recommendations for our clients is:
• Don't trust hotel security. 
• Keep your confidential information with you at all times. 

Want to know more? 
Become park of our client family.
~Kevin

Tuesday, October 9, 2012

Growing Prevalence of Industrial Espionage Threaten Automakers

According to Automotive News, industrial espionage in the United States has been steadily rising in multiple sectors. In fact, the U.S. Immigration and Customs Enforcement Homeland Security Investigations (ICE HSI) have opened 1,212 intellectual property rights cases for the 2011 fiscal year. Compared to 2009, cases have increased by nearly 66 percent. 

Given the high-octane environment that is the auto industry, cloak and dagger activities are especially prevalent. In particular, auto giants including GM, Ford and Toyota have endured stolen intellectual property more than most...

Addressing a need to prevent acts of espionage to continue, the Office of the National Counterintelligence Executive declared that countermeasures must be put in place due to the exponentially growing proliferation of smartphones and various mobile devices. (more)

Saturday, October 6, 2012

All Quiet in the Chinese Front: We Await the Jury

• The House Intelligence Committee will release a report Monday, following its probe into espionage charges against the two telecommunications-gear makers. 

• Also, "60 Minutes" will air its investigation into the company on Sunday.

The House Intelligence Committee investigating national security threats posed by two Chinese telecommunications-gear makers is set to release a report Monday that seems likely to ratchet up pressure.


The committee held a three-hour hearing last month, during which lawmakers repeatedly criticized Huawei and ZTE for being vague in answering questions about whether their networking equipment could be used to snoop on American companies and individuals. At the end of the hearing, committee Chairman Mike Rogers (R-Mich.) expressed some consternation that the companies hadn't been more forthcoming in addressing his concerns. (more)


Sneak Peak... (excellent clip from Chairman Mike Rogers (R-Mich.)

All Quiet in the Russian Front: Stop Light Company Stopped

TX - If their website is any indication, Arc Electronics was apparently into a lot of things besides spying.

Sure, espionage is exciting and interesting and all, but bills have got to be paid. Those traffic lights aren't going to construct themselves -- though Arc sure as hell weren't selling anything to the city...

Federal court hearings regarding Arc's alleged spying begin today before U.S. District Judge George Hanks.

The charges involve illegally sending microelectronics to the Russian government, Russian military, and intelligence agencies. But while all that was allegedly going down, Alexander Fishenko, the company's owner, had a rather elaborate faux operation humming at a nondescript strip mall in southwest Houston.

Alex James, a receptionist at neighboring Modern Performance, said he never saw anyone coming in and out of their mutual alley and had no idea what was happening inside Arc Electronic. (more)

Facebook Logic - What harm can a little spying do?

A federal court in May 2012 hit Facebook with a $15 billion lawsuit after it was found that the social network was tracking customers after they logged out of its system. The court filing claims that Facebook is violating federal wiretap laws.

The Menlo Park company is now asking that the case be dismissed because the defendants behind the case have failed to specify how they were harmed by the error in Facebook’s judgement. (more)

Spy Gear & Divorce

Techniques once accessible only to governments or corporations are now trickling down to daily use. It's part of a broader transformation of modern privacy in which even the most personal spheres of people's lives—home, friendships, intimacy—can be exposed for examination without knowledge or consent. Lawyers say the technology is turning divorces into an arms race... 

World's smallest voice recorder. Holds 300 hrs. of voice. How it's made.
Amateur spies have widening options. LandAirSea sells a GPS Tracking Key—a matchbox-size, magnetized gizmo that can stick to cars—for $179 online... Software can be purchased for many smartphones that can track their location. Computer software that copies instant messages and emails can cost less than $100 and be installed without any special know-how. An array of tiny recorders makes eavesdropping easy.

Regulators have a tough time policing the sale of these kinds of devices, since they have legitimate uses by employers or parents... (more)

Workplace SpyCams: The Accounting Firm

WI - The reported vice president of a Wisconsin accounting firm was charged with four felonies for allegedly using a camera pen to spy on women in the office restroom. 

Click to enlarge.
Last month, a woman working in an office building in the Milwaukee suburb of Glendale went to the bathroom and noticed a pen slide under the door, according to the criminal complaint and reported by the Menomonee Falls Patch. Suspecting that the pen was a camera, the woman looked online and spotted a camera pen for sale that looked similar. She then contacted the Glendale police.

A week later, another woman allegedly saw the same pen slide under the bathroom door. She likewise reported the incident to police, and the officers checked hidden cameras that they had set up outside the bathroom. According to the complaint, the cameras showed James Pirc, 46, sliding something under the door. (more)


Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."