Carter Roberts, president of the The World Wildlife Fund, says on his organization’s site, “We face an unprecedented poaching crisis. The killings are way up. We need solutions that are as sophisticated as the threats we face.”
This week, the World Wildlife Fund (WWF) announced its receipt of a $5 million grant, courtesy of Google’s Global Impact Awards to test advanced technology in the fight against animal crime.
If it works, the new system will include sensors placed in wildlife environments and on the animals themselves, which would be monitored by a network of surveillance drones overhead. When poachers are detected, the drones will signal mobile ranger patrols on the ground to move in, hopefully stopping the poachers’ attack. (more)
Monday, December 17, 2012
UPDATE: $50 Hacking Device Opens Millions of Hotel Room Locks
The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.
The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies.
An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks changed.
The lock scandal began as a hacker exercise. During a technology conference, an attendee revealed that he'd found a security flaw -- a way to electronically unlock a common, electronic hotel-door lock using inconspicuous tools. Other hackers checked out his claim and verified it. Their methods eventually showed up in a series of YouTube videos. (more) (and here!)
The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies.
An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks changed.
The lock scandal began as a hacker exercise. During a technology conference, an attendee revealed that he'd found a security flaw -- a way to electronically unlock a common, electronic hotel-door lock using inconspicuous tools. Other hackers checked out his claim and verified it. Their methods eventually showed up in a series of YouTube videos. (more) (and here!)
NCTC Scope "Breathtaking" - "Pre-Cogs" - fiction to fact in 10 years
via The Wall Street Journal...
Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime...
The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.
Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited. Data about Americans "reasonably believed to constitute terrorism information" may be permanently retained...
The changes also allow databases of U.S. civilian information to be given to foreign governments for analysis of their own. In effect, U.S. and foreign governments would be using the information to look for clues that people might commit future crimes.
"It's breathtaking" in its scope, said a former senior administration official familiar with the White House debate. (more)
Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime...
The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.
Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited. Data about Americans "reasonably believed to constitute terrorism information" may be permanently retained...
The changes also allow databases of U.S. civilian information to be given to foreign governments for analysis of their own. In effect, U.S. and foreign governments would be using the information to look for clues that people might commit future crimes.
"It's breathtaking" in its scope, said a former senior administration official familiar with the White House debate. (more)
2012 - Targeting U.S. Technologies Report Out
Targeting U.S. Technologies: A Trend Analysis of Reporting from Defense Industry", presents DSS' analysis of industry reports submitted in 2011.
Although the report is geared for Facility Security Officers at Cleared Defense Contractors (CDC), it is a valuable reference for law enforcement, public and private sector executives and security officials responsible for protecting intellectual property, trade secrets and sensitive corporate information as the trends in collection directed against CDCs are important in understanding foreign collection directed against economic and corporate data in all business and government sectors.
The 2012 DSS Full Report, containing information on 2011 incidents can be downloaded here.
Security Flaw – Samsung Handsets & Tablets
A suspected fault in Samsung's implementation of the Android kernel could result in malicious apps gaining control over user devices...
"You should be very afraid of this exploit -- any app can use it to gain root without asking and without any permissions on a vulnerable device," the forum use wrote. "Let's hope for some fixes ASAP."...affected devices include the Samsung Galaxy S2, Samsung Galaxy Note 2, Samsung Galaxy Note 10.1 and Samsung Galaxy Tab Plus.
The community says that it has informed Samsung of the flaw, and so we can hope a fix will soon be issued if the claims ring true. With so many apps floating around the Internet, the Android operating system has become an increasing target for hackers, who can slip malicious code into seemingly innocent applications which end up stealing data or taking control of your device.
As malicious apps begin to send unauthorized premium-rate SMS messages and steal user bank data, keeping our devices secure is now just as important as being careful when we surf the web on our desktops. (more)
Thursday, December 13, 2012
TSCM Bug Sweeps: When, and When Not To - Part II
The following provides advice specifically meant for:
Private Investigators, Security Directors,
Security Consultants
and TSCM professionals.
What you can do to keep your current business clients espionage-free
Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.In TSCM Bug Sweeps: Part I we discussed how to handled requests from new clients for TSCM bug sweeps. In Part II we look at helping your current business clients. After you alert them to your business espionage solutions you will be viewed as a more valuable resource. Your revenue will also increase.
A typical case involving current business clients...
The Ostrich Effect:
Ignore the risk and maybe it will go away.
Step 1. Partner with a competent TSCM specialist.
As mentioned in Part I of this series, partner with a competent specialist. You may already have someone you know and trust. If so, great. If not, conduct a search using terms like “eavesdropping detection”, or simply “TSCM”. Once you have found specialists to vet, ask plenty of questions. If you are not sure of what to ask, search “TSCM compare” for a list of questions. Qualify your specialist with questions, but be sure to note their professionalism too. Their presentation and demeanor will reflect on you.Knowing a good TSCM specialist will make the rest of the steps very easy for you. (more) (Part 1)
Steps 2-4 comprise the rest of this article.
Take-away point: If you don’t help your clients, another person reading this post will.
~Kevin
Feeb to Fed Xmas Files Secret Flash Sale
On Dec. 20, for the first time in its history, the Federal Bureau of Investigation will open its New York store at 26 Federal Plaza to federal employees for a limited time.
Selling a full line of FBI-branded clothing and merchandise—hats, t-shirts, sweatshirts, jackets, patches, pens and coins—the store will only be open a brief four hours, from 11 a.m. to 3 p.m. Some items are priced as low as $2, boasted an email sent earlier this week to federal staffers. The store is run by the FBI Recreation Association, a nonprofit headquartered in Washington D.C. Representatives did not return calls requesting comment about this flash sale opportunity. (more)
Can't go? :(
Shop here! :)
Selling a full line of FBI-branded clothing and merchandise—hats, t-shirts, sweatshirts, jackets, patches, pens and coins—the store will only be open a brief four hours, from 11 a.m. to 3 p.m. Some items are priced as low as $2, boasted an email sent earlier this week to federal staffers. The store is run by the FBI Recreation Association, a nonprofit headquartered in Washington D.C. Representatives did not return calls requesting comment about this flash sale opportunity. (more)
Can't go? :(
Shop here! :)
How to secure your Android phone - 14 Tips
via Gary Sims, Spybusters and SpyWarn...
Tip #1 – Never leave your phone laying around where uninvited guests can access it.
Tip #2 – Use a lock screen.
Tip #3 – Set a PIN to protect purchases on Google Play.
Tip #4 – Install a phone location app / security app with an anti-theft component.
Tip #5 – Don’t install apps from dodgy third party sites.
Tip #6 – Always read the reviews of apps before installing them.
Tip #7 – Check the permissions. Does the "game" really need to send SMS messages?
Tip #8 – Never follow links in unsolicited emails or text messages to install an app.
Tip #9 – Use an anti-virus / anti-malware app.
Tip #10 – Don’t root your phone unless absolutely necessary.
Tip #11 – If your device has valuable data on it, use encryption.
Tip #12 – Use a VPN on unsecured Wi-Fi connection.
Tip #13 – Read "Is My Cell Phone Bugged?"
Tip #14 – Use SpyWarn (freemium) periodically to help determine if your phone has been infected with spyware.
(more)
Tip #1 – Never leave your phone laying around where uninvited guests can access it.
Tip #2 – Use a lock screen.
Tip #3 – Set a PIN to protect purchases on Google Play.
Tip #4 – Install a phone location app / security app with an anti-theft component.
Tip #5 – Don’t install apps from dodgy third party sites.
Tip #6 – Always read the reviews of apps before installing them.
Tip #7 – Check the permissions. Does the "game" really need to send SMS messages?
Tip #8 – Never follow links in unsolicited emails or text messages to install an app.
Tip #9 – Use an anti-virus / anti-malware app.
Tip #10 – Don’t root your phone unless absolutely necessary.
Tip #11 – If your device has valuable data on it, use encryption.
Tip #12 – Use a VPN on unsecured Wi-Fi connection.
Tip #13 – Read "Is My Cell Phone Bugged?"
Tip #14 – Use SpyWarn (freemium) periodically to help determine if your phone has been infected with spyware.
(more)
Tuesday, December 11, 2012
Bus-ted... Public Buses Quietly Adding Microphones to Record Passenger Conversations
Transit authorities in cities across the country are quietly installing microphone-enabled surveillance systems on public buses that would give them the ability to record and store private conversations, according to documents obtained by a news outlet.
The systems are being installed in San Francisco, Baltimore, and other cities with funding from the Department of Homeland Security in some cases, according to the Daily, which obtained copies of contracts, procurement requests, specs and other documents.
The use of the equipment raises serious questions about eavesdropping without a warrant, particularly since recordings of passengers could be obtained and used by law enforcement agencies.
It also raises questions about security, since the IP audio-video systems can be accessed remotely via a built-in web server (.pdf), and can be combined with GPS data to track the movement of buses and passengers throughout the city. (more)
Friday, December 7, 2012
"Get me Bond. I'm ticked at the watchmakers."
Authorities in Switzerland are investigating the theft of sensitive information from the country's Federal Intelligence Service (NDB) that was allegedly carried out by a senior IT technician at the agency.
Officials believe that the suspect was upset because his advice on operating the spy agency's data systems was not being taken seriously, and that he decided to retaliate by stealing classified information from the agency's servers. That information included intelligence collected by the British spy agency MI6 about counterterrorism operations.
The suspect is thought to have carried out the theft by abusing his administrator rights and downloading files onto portable hard drives, which he then hid in a backpack in order to sneak them out of the building. (more)
Officials believe that the suspect was upset because his advice on operating the spy agency's data systems was not being taken seriously, and that he decided to retaliate by stealing classified information from the agency's servers. That information included intelligence collected by the British spy agency MI6 about counterterrorism operations.
The suspect is thought to have carried out the theft by abusing his administrator rights and downloading files onto portable hard drives, which he then hid in a backpack in order to sneak them out of the building. (more)
Friday, November 30, 2012
The Smartphone Turns 20
The First Smartphone
IBM debuted a prototype device, code named "Angler," on November, 23, 1992 at the COMDEX computer and technology trade show in Las Vegas, Nevada, United States... BellSouth executives gave the finished product its final name, "Simon Personal Communicator", before its public debut at the Wireless World Conference in November, 1993... In addition to its ability to make and receive cellular phone calls, Simon was also able to send and receive facsimiles, e-mails and cellular pages. Simon included many applications including an address book, calendar, appointment scheduler, calculator, world time clock, electronic note pad, handwritten annotations and standard and predictive stylus input screen keyboards. (1)
The Simon could be upgraded to run third party applications either by inserting a PCMCIA card or by downloading an application to the phone's internal memory. Atlanta, Georgia-based PDA Dimensions developed "DispatchIt", the only aftermarket, third-party application developed for Simon. The DispatchIt application costs were US$2,999 for the host PC software and US$299 for each Simon software client. (2)
Click to enlarge. |
The Simon could be upgraded to run third party applications either by inserting a PCMCIA card or by downloading an application to the phone's internal memory. Atlanta, Georgia-based PDA Dimensions developed "DispatchIt", the only aftermarket, third-party application developed for Simon. The DispatchIt application costs were US$2,999 for the host PC software and US$299 for each Simon software client. (2)
Thursday, November 29, 2012
Security Alert: Patch Your Samsung Printers
Samsung printers contain a hardcoded backdoor account that could allow remote network access exploitation and device control via SNMP. (Yes, your print job may be stolen before the paper hits the tray.) Details of the exploit have been published... Samsung has stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices. (more)
Wednesday, November 28, 2012
Everything You Need to Know About Shredding Sensitive Waste Paper
Scraps of seemingly useless information tossed in the trash may be synergistically related. Analysis can reveal the big picture to outsiders. Reducing the availability of these puzzle parts is an important counterespionage responsibility. Stealing trash is believed to be the number one business espionage trick.
Shredding Checklist
Shredding Checklist
- Encourage the destruction of all waste paper as soon as it becomes waste.
- Make a deskside crosscut shredder your primary weapon.
- Large volume waste will require a larger, bulk crosscut shredder.
- Place a shredder or locked bin next to photocopy machines in sensitive areas.
- Extend shredding efforts to key executives’ home offices as well.
- Never save confidential papers in a box under the desk “to be shredded later.”
- Always use crosscut type (or better) shredders.
- Retire any strip-cut shredders you are using.
- Once shredders or locked bins are in place, remind people to use them.
- Do not entrust bulk wastepaper destruction to paper recyclers unless they can destroy on-site using a truck-mounted shredder (and you can watch). Cart and shred only when sheer bulk dictates this as the logical choice and the material is not highly sensitive. Otherwise, destroy it yourself before recycling.
The big shredder purchasing mistake… Buying just one large central shredder for everyone to use. Reason: Not everyone will use it. Why? Too inconvenient.
People are too busy to be bothered to walk over to a shredder every time they should. A better choice - several convenient deskside crosscut shredders, or locked storage bins. This is one perk which has a very positive payback.
Did You Know?…
People are too busy to be bothered to walk over to a shredder every time they should. A better choice - several convenient deskside crosscut shredders, or locked storage bins. This is one perk which has a very positive payback.
Did You Know?…
There are people who will reassemble shredded strips, and computer programs which can optically piece together shredded strips, too.
Shredder manufacturers and distributors...
http://tinyurl.com/Dahle-Shredders
http://tinyurl.com/Lynde-Ordway
http://tinyurl.com/abcosolutions
http://tinyurl.com/abe-online
http://tinyurl.com/alleghenyshredders
http://tinyurl.com/ameri-shred
http://tinyurl.com/papershredders
http://tinyurl.com/cumminsshredders
http://tinyurl.com/Dahle4Shredders
http://tinyurl.com/eccobusiness
http://tinyurl.com/FellowesShredders
http://tinyurl.com/gbc-shredder
http://tinyurl.com/IdealShredders
http://tinyurl.com/industrialshredders
http://tinyurl.com/intimus
http://tinyurl.com/mbmcorp
http://tinyurl.com/semshred
http://tinyurl.com/somatcompany
http://tinyurl.com/whitakerbrothers
- Replace your stripcut shredders with crosscut (or better) models. Stripcut models do not provide business-level security.
- Deskside crosscut shredders are also available from retails stores such as Staples or Office Depot.
Police Strip Cut Shreds Used as Parade Confetti
Ethan Finkelstein, was at the NYC Thanksgiving Day Parade and noticed something weird about the confetti... "and it says
'SSN' and it's written like a social security number, and we're like,
'That's really bizarre.'
"There are phone numbers, addresses, more social security numbers, license plate numbers and then we find all these incident reports from police."
One confetti strip indicates that it's from an arrest record, and other strips offer more detail. "This is really shocking," Finkelstein said. "It says, 'At 4:30 A.M. a pipe bomb was thrown at a house in the Kings Grant' area."
A closer look shows that the documents are from the Nassau County Police Department. The papers were shredded, but clearly not well enough.
They even contain information about Mitt Romney's motorcade, apparently from the final presidential debate, which took place at Hofstra University in Nassau County last month. (more)
UPDATE: ...Sources close to the investigation into the incident told PIX11 News that an employee of the Nassau County Police Department was watching the parade near 65th Street and Central Park West, along the parade route. He had brought shredded NCPD documents with him for his family and friends to use as confetti... (more) (video)
"There are phone numbers, addresses, more social security numbers, license plate numbers and then we find all these incident reports from police."
One confetti strip indicates that it's from an arrest record, and other strips offer more detail. "This is really shocking," Finkelstein said. "It says, 'At 4:30 A.M. a pipe bomb was thrown at a house in the Kings Grant' area."
A closer look shows that the documents are from the Nassau County Police Department. The papers were shredded, but clearly not well enough.
They even contain information about Mitt Romney's motorcade, apparently from the final presidential debate, which took place at Hofstra University in Nassau County last month. (more)
UPDATE: ...Sources close to the investigation into the incident told PIX11 News that an employee of the Nassau County Police Department was watching the parade near 65th Street and Central Park West, along the parade route. He had brought shredded NCPD documents with him for his family and friends to use as confetti... (more) (video)
Tuesday, November 27, 2012
TSCM Bug Sweeps: When, and When Not To - Part I
The following provides advice specifically meant for:
Private Investigators,
Security Directors,
Security Consultants
and TSCM professionals.
Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.
A typical case involving a private individual...
Someone contacts you to “find a bug”. They are sure their: significant other, landlord, neighbor, or the amorphous “they” knows their every thought and move. What do you do? Is a bug sweep really the best first step?
Probably not. (more)
The article goes on to answer the question using this scenario:
A typical case involving a business client...
Word about something has leaked out. “Check everything!”, barks the boss. What do you do? Is an inspection for bugs and wiretaps the best first step? (more)
Part II will appear later in December. ~Kevin
Private Investigators,
Security Directors,
Security Consultants
and TSCM professionals.
Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.
A typical case involving a private individual...
Someone contacts you to “find a bug”. They are sure their: significant other, landlord, neighbor, or the amorphous “they” knows their every thought and move. What do you do? Is a bug sweep really the best first step?
Probably not. (more)
The article goes on to answer the question using this scenario:
A typical case involving a business client...
Word about something has leaked out. “Check everything!”, barks the boss. What do you do? Is an inspection for bugs and wiretaps the best first step? (more)
Part II will appear later in December. ~Kevin
Subscribe to:
Posts (Atom)