Tuesday, December 11, 2012
Bus-ted... Public Buses Quietly Adding Microphones to Record Passenger Conversations
Transit authorities in cities across the country are quietly installing microphone-enabled surveillance systems on public buses that would give them the ability to record and store private conversations, according to documents obtained by a news outlet.
The systems are being installed in San Francisco, Baltimore, and other cities with funding from the Department of Homeland Security in some cases, according to the Daily, which obtained copies of contracts, procurement requests, specs and other documents.
The use of the equipment raises serious questions about eavesdropping without a warrant, particularly since recordings of passengers could be obtained and used by law enforcement agencies.
It also raises questions about security, since the IP audio-video systems can be accessed remotely via a built-in web server (.pdf), and can be combined with GPS data to track the movement of buses and passengers throughout the city. (more)
Friday, December 7, 2012
"Get me Bond. I'm ticked at the watchmakers."
Authorities in Switzerland are investigating the theft of sensitive information from the country's Federal Intelligence Service (NDB) that was allegedly carried out by a senior IT technician at the agency.
Officials believe that the suspect was upset because his advice on operating the spy agency's data systems was not being taken seriously, and that he decided to retaliate by stealing classified information from the agency's servers. That information included intelligence collected by the British spy agency MI6 about counterterrorism operations.
The suspect is thought to have carried out the theft by abusing his administrator rights and downloading files onto portable hard drives, which he then hid in a backpack in order to sneak them out of the building. (more)
Officials believe that the suspect was upset because his advice on operating the spy agency's data systems was not being taken seriously, and that he decided to retaliate by stealing classified information from the agency's servers. That information included intelligence collected by the British spy agency MI6 about counterterrorism operations.
The suspect is thought to have carried out the theft by abusing his administrator rights and downloading files onto portable hard drives, which he then hid in a backpack in order to sneak them out of the building. (more)
Friday, November 30, 2012
The Smartphone Turns 20
The First Smartphone
IBM debuted a prototype device, code named "Angler," on November, 23, 1992 at the COMDEX computer and technology trade show in Las Vegas, Nevada, United States... BellSouth executives gave the finished product its final name, "Simon Personal Communicator", before its public debut at the Wireless World Conference in November, 1993... In addition to its ability to make and receive cellular phone calls, Simon was also able to send and receive facsimiles, e-mails and cellular pages. Simon included many applications including an address book, calendar, appointment scheduler, calculator, world time clock, electronic note pad, handwritten annotations and standard and predictive stylus input screen keyboards. (1)
The Simon could be upgraded to run third party applications either by inserting a PCMCIA card or by downloading an application to the phone's internal memory. Atlanta, Georgia-based PDA Dimensions developed "DispatchIt", the only aftermarket, third-party application developed for Simon. The DispatchIt application costs were US$2,999 for the host PC software and US$299 for each Simon software client. (2)
Click to enlarge. |
The Simon could be upgraded to run third party applications either by inserting a PCMCIA card or by downloading an application to the phone's internal memory. Atlanta, Georgia-based PDA Dimensions developed "DispatchIt", the only aftermarket, third-party application developed for Simon. The DispatchIt application costs were US$2,999 for the host PC software and US$299 for each Simon software client. (2)
Thursday, November 29, 2012
Security Alert: Patch Your Samsung Printers
Samsung printers contain a hardcoded backdoor account that could allow remote network access exploitation and device control via SNMP. (Yes, your print job may be stolen before the paper hits the tray.) Details of the exploit have been published... Samsung has stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices. (more)
Wednesday, November 28, 2012
Everything You Need to Know About Shredding Sensitive Waste Paper
Scraps of seemingly useless information tossed in the trash may be synergistically related. Analysis can reveal the big picture to outsiders. Reducing the availability of these puzzle parts is an important counterespionage responsibility. Stealing trash is believed to be the number one business espionage trick.
Shredding Checklist
Shredding Checklist
- Encourage the destruction of all waste paper as soon as it becomes waste.
- Make a deskside crosscut shredder your primary weapon.
- Large volume waste will require a larger, bulk crosscut shredder.
- Place a shredder or locked bin next to photocopy machines in sensitive areas.
- Extend shredding efforts to key executives’ home offices as well.
- Never save confidential papers in a box under the desk “to be shredded later.”
- Always use crosscut type (or better) shredders.
- Retire any strip-cut shredders you are using.
- Once shredders or locked bins are in place, remind people to use them.
- Do not entrust bulk wastepaper destruction to paper recyclers unless they can destroy on-site using a truck-mounted shredder (and you can watch). Cart and shred only when sheer bulk dictates this as the logical choice and the material is not highly sensitive. Otherwise, destroy it yourself before recycling.
The big shredder purchasing mistake… Buying just one large central shredder for everyone to use. Reason: Not everyone will use it. Why? Too inconvenient.
People are too busy to be bothered to walk over to a shredder every time they should. A better choice - several convenient deskside crosscut shredders, or locked storage bins. This is one perk which has a very positive payback.
Did You Know?…
People are too busy to be bothered to walk over to a shredder every time they should. A better choice - several convenient deskside crosscut shredders, or locked storage bins. This is one perk which has a very positive payback.
Did You Know?…
There are people who will reassemble shredded strips, and computer programs which can optically piece together shredded strips, too.
Shredder manufacturers and distributors...
http://tinyurl.com/Dahle-Shredders
http://tinyurl.com/Lynde-Ordway
http://tinyurl.com/abcosolutions
http://tinyurl.com/abe-online
http://tinyurl.com/alleghenyshredders
http://tinyurl.com/ameri-shred
http://tinyurl.com/papershredders
http://tinyurl.com/cumminsshredders
http://tinyurl.com/Dahle4Shredders
http://tinyurl.com/eccobusiness
http://tinyurl.com/FellowesShredders
http://tinyurl.com/gbc-shredder
http://tinyurl.com/IdealShredders
http://tinyurl.com/industrialshredders
http://tinyurl.com/intimus
http://tinyurl.com/mbmcorp
http://tinyurl.com/semshred
http://tinyurl.com/somatcompany
http://tinyurl.com/whitakerbrothers
- Replace your stripcut shredders with crosscut (or better) models. Stripcut models do not provide business-level security.
- Deskside crosscut shredders are also available from retails stores such as Staples or Office Depot.
Police Strip Cut Shreds Used as Parade Confetti
Ethan Finkelstein, was at the NYC Thanksgiving Day Parade and noticed something weird about the confetti... "and it says
'SSN' and it's written like a social security number, and we're like,
'That's really bizarre.'
"There are phone numbers, addresses, more social security numbers, license plate numbers and then we find all these incident reports from police."
One confetti strip indicates that it's from an arrest record, and other strips offer more detail. "This is really shocking," Finkelstein said. "It says, 'At 4:30 A.M. a pipe bomb was thrown at a house in the Kings Grant' area."
A closer look shows that the documents are from the Nassau County Police Department. The papers were shredded, but clearly not well enough.
They even contain information about Mitt Romney's motorcade, apparently from the final presidential debate, which took place at Hofstra University in Nassau County last month. (more)
UPDATE: ...Sources close to the investigation into the incident told PIX11 News that an employee of the Nassau County Police Department was watching the parade near 65th Street and Central Park West, along the parade route. He had brought shredded NCPD documents with him for his family and friends to use as confetti... (more) (video)
"There are phone numbers, addresses, more social security numbers, license plate numbers and then we find all these incident reports from police."
One confetti strip indicates that it's from an arrest record, and other strips offer more detail. "This is really shocking," Finkelstein said. "It says, 'At 4:30 A.M. a pipe bomb was thrown at a house in the Kings Grant' area."
A closer look shows that the documents are from the Nassau County Police Department. The papers were shredded, but clearly not well enough.
They even contain information about Mitt Romney's motorcade, apparently from the final presidential debate, which took place at Hofstra University in Nassau County last month. (more)
UPDATE: ...Sources close to the investigation into the incident told PIX11 News that an employee of the Nassau County Police Department was watching the parade near 65th Street and Central Park West, along the parade route. He had brought shredded NCPD documents with him for his family and friends to use as confetti... (more) (video)
Tuesday, November 27, 2012
TSCM Bug Sweeps: When, and When Not To - Part I
The following provides advice specifically meant for:
Private Investigators,
Security Directors,
Security Consultants
and TSCM professionals.
Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.
A typical case involving a private individual...
Someone contacts you to “find a bug”. They are sure their: significant other, landlord, neighbor, or the amorphous “they” knows their every thought and move. What do you do? Is a bug sweep really the best first step?
Probably not. (more)
The article goes on to answer the question using this scenario:
A typical case involving a business client...
Word about something has leaked out. “Check everything!”, barks the boss. What do you do? Is an inspection for bugs and wiretaps the best first step? (more)
Part II will appear later in December. ~Kevin
Private Investigators,
Security Directors,
Security Consultants
and TSCM professionals.
Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.
A typical case involving a private individual...
Someone contacts you to “find a bug”. They are sure their: significant other, landlord, neighbor, or the amorphous “they” knows their every thought and move. What do you do? Is a bug sweep really the best first step?
Probably not. (more)
The article goes on to answer the question using this scenario:
A typical case involving a business client...
Word about something has leaked out. “Check everything!”, barks the boss. What do you do? Is an inspection for bugs and wiretaps the best first step? (more)
Part II will appear later in December. ~Kevin
Monday, November 26, 2012
Spying Accusations Stoke America's Cup Rivalries
Spying is set to spark new battle lines in the America’s Cup as tempers fray on Auckland’s Hauraki Gulf.
At odds are the €90m Italian team Luna Rossa, backed by the Prada luxury goods house, and the San Francisco-based, Lord knows how many millions Oracle team, holders of the cup and backed by computer software billionaire Larry Ellison.
Spying has been going on forever as rival teams assess the performance of their competitors – if Oracle is indeed spying on Luna Rossa it will also be spying on Team New Zealand (TNZ) and if it is not it would be astonishing. (more)
At odds are the €90m Italian team Luna Rossa, backed by the Prada luxury goods house, and the San Francisco-based, Lord knows how many millions Oracle team, holders of the cup and backed by computer software billionaire Larry Ellison.
Spying has been going on forever as rival teams assess the performance of their competitors – if Oracle is indeed spying on Luna Rossa it will also be spying on Team New Zealand (TNZ) and if it is not it would be astonishing. (more)
Is Your Cell Phone Protected by the 4th Amendment?
Judges and lawmakers across the country are wrangling over whether and when law enforcement authorities can peer into suspects’ cellphones, and the cornucopia of evidence they provide.
A Rhode Island judge threw out cellphone evidence that led to a man being charged with the murder of a 6-year-old boy, saying the police needed a search warrant. A court in Washington compared text messages to voice mail messages that can be overheard by anyone in a room and are therefore not protected by state privacy laws.
In Louisiana, a federal appeals court is weighing whether location records stored in smartphones deserve privacy protection, or whether they are “business records” that belong to the phone companies.
“The courts are all over the place,” said Hanni Fakhoury, a criminal lawyer with the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “They can’t even agree if there’s a reasonable expectation of privacy in text messages that would trigger Fourth Amendment protection.”
The issue will attract attention on Thursday when a Senate committee considers limited changes to the Electronic Communications Privacy Act, a 1986 law that regulates how the government can monitor digital communications. Courts have used it to permit warrantless surveillance of certain kinds of cellphone data. (more)
A Rhode Island judge threw out cellphone evidence that led to a man being charged with the murder of a 6-year-old boy, saying the police needed a search warrant. A court in Washington compared text messages to voice mail messages that can be overheard by anyone in a room and are therefore not protected by state privacy laws.
In Louisiana, a federal appeals court is weighing whether location records stored in smartphones deserve privacy protection, or whether they are “business records” that belong to the phone companies.
“The courts are all over the place,” said Hanni Fakhoury, a criminal lawyer with the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “They can’t even agree if there’s a reasonable expectation of privacy in text messages that would trigger Fourth Amendment protection.”
The issue will attract attention on Thursday when a Senate committee considers limited changes to the Electronic Communications Privacy Act, a 1986 law that regulates how the government can monitor digital communications. Courts have used it to permit warrantless surveillance of certain kinds of cellphone data. (more)
Labels:
cell phone,
data,
FutureWatch,
government,
law,
lawsuit,
police,
privacy
Mannequin Spies - Will Dummy Shoppers Revolt?
An Italian firm selling mannequins that secretly monitor the age, race and gender of customers using facial recognition software has come under fire from privacy groups. The information logged by the dummies is then used to implement more effective marketing strategies by stores in the US and Europe.
And the manufacturer now plans to add audio recording to the dummies' capabilities, listening in on customers' discussions about their clients' products.
The mannequins, known as "EyeSee" are manufactured by Italian company Almax and retail for £3,200 each.
Privacy campaigners agree, describing the technology as "creepy" and "totally disproportionate."
Emma Carr, deputy director of campaign group Big Brother Watch, told the Daily Mail newspaper: "The use of covert surveillance technology by shops, in order to provide a personalised service, seems totally disproportionate.
"The fact that the cameras are hidden suggests that shops are fully aware that many customers would object to this kind of monitoring.
"Keeping cameras hidden in a mannequin is nothing short of creepy." (more)
AsSeen on Predicted on TV in 1960!
(YouTube)
And the manufacturer now plans to add audio recording to the dummies' capabilities, listening in on customers' discussions about their clients' products.
Click to enlarge |
Privacy campaigners agree, describing the technology as "creepy" and "totally disproportionate."
Emma Carr, deputy director of campaign group Big Brother Watch, told the Daily Mail newspaper: "The use of covert surveillance technology by shops, in order to provide a personalised service, seems totally disproportionate.
"The fact that the cameras are hidden suggests that shops are fully aware that many customers would object to this kind of monitoring.
"Keeping cameras hidden in a mannequin is nothing short of creepy." (more)
As
(YouTube)
Sunday, November 25, 2012
Patent Wars - VoIP Wiretaps
After Microsoft acquired Skype, we looked at a Microsoft patent called "Legal Intercept" meant for monitoring and recording VoIP communications. At that time, there were questions about if Microsoft would ruin Skype by making a backdoor for easy spy and pry government and law enforcement access. But a California-based company called VoIP-Pal already had such a surveillance patent that is meant to "allow government agencies to 'silently record' VoIP communications."
The Microsoft patent was filed in December 2009, but a company called Digifonica (International) Limited had filed a similar wiretapping VoIP patent in 2007. Then, in May 2012, VoIP-Pal attained five VoIP patents from the acquisition of Digifonica Gibraltar. One of the five patents is called "Lawful Intercept" and is meant for "intercepting VoIP and other data communications." (more)
The Microsoft patent was filed in December 2009, but a company called Digifonica (International) Limited had filed a similar wiretapping VoIP patent in 2007. Then, in May 2012, VoIP-Pal attained five VoIP patents from the acquisition of Digifonica Gibraltar. One of the five patents is called "Lawful Intercept" and is meant for "intercepting VoIP and other data communications." (more)
Saturday, November 24, 2012
Spy College... for your 21st Century careers
At the University of Tulsa school, students learn to write computer viruses, hack digital networks and mine data from broken cellphones. Many graduates head to the CIA or NSA.
Stalking is part of the curriculum in the Cyber Corps, an unusual two-year program at the University of Tulsa that teaches students how to spy in cyberspace, the latest frontier in espionage.
Students learn not only how to rifle through trash, sneak a tracking device on cars and plant false information on Facebook. They also are taught to write computer viruses, hack digital networks, crack passwords, plant listening devices and mine data from broken cellphones and flash drives.
It may sound like a Jason Bourne movie, but the little-known program has funneled most of its graduates to the CIA and the Pentagon's National Security Agency, which conducts America's digital spying. Other graduates have taken positions with the FBI, NASA and the Department of Homeland Security. (more)
Stalking is part of the curriculum in the Cyber Corps, an unusual two-year program at the University of Tulsa that teaches students how to spy in cyberspace, the latest frontier in espionage.
Students learn not only how to rifle through trash, sneak a tracking device on cars and plant false information on Facebook. They also are taught to write computer viruses, hack digital networks, crack passwords, plant listening devices and mine data from broken cellphones and flash drives.
It may sound like a Jason Bourne movie, but the little-known program has funneled most of its graduates to the CIA and the Pentagon's National Security Agency, which conducts America's digital spying. Other graduates have taken positions with the FBI, NASA and the Department of Homeland Security. (more)
Labels:
CIA,
computer,
counterespionage,
espionage,
Hack,
IT,
spy school
From our "Persistence is Futile" file...
Top code-breakers at one of Britain's intelligence agencies, the GCHQ, say they have failed to decipher a message found attached to the leg of a dead Second World War pigeon. (more)
Can YOU crack the code?
RE HHAT VM RIYNZ LXJT MJRBTXAN
Give up? Crack it here. Your code number is 1943.
Can YOU crack the code?
RE HHAT VM RIYNZ LXJT MJRBTXAN
Give up? Crack it here. Your code number is 1943.
Student Balks at Stalk (Psst. Just make the tags more stylish.)
A court challenge has delayed plans to expel a Texan student for refusing to wear a radio tag that tracked her movements.
Religious reasons led Andrea Hernandez to stop wearing the tag that revealed where she was on her school campus.
The tags were introduced to track students and help tighten control of school funding.
A Texan court has granted a restraining order filed by a civil rights group pending a hearing on use of the tags.
ID badges containing radio tags started to be introduced at the start of the 2012 school year to schools run by San Antonio's Northside Independent School District (NISD). The tracking tags gave NISD a better idea of the numbers of students attending classes each day - the daily average of which dictates how much cash it gets from state coffers. (more)
In other tracking news...
Style is everything in high school.* |
The tags were introduced to track students and help tighten control of school funding.
A Texan court has granted a restraining order filed by a civil rights group pending a hearing on use of the tags.
ID badges containing radio tags started to be introduced at the start of the 2012 school year to schools run by San Antonio's Northside Independent School District (NISD). The tracking tags gave NISD a better idea of the numbers of students attending classes each day - the daily average of which dictates how much cash it gets from state coffers. (more)
In other tracking news...
Thursday, November 22, 2012
Subscribe to:
Posts (Atom)