Security company Trend Micro has prophesied that the number of malicious and insecure Android apps will triple from 350,000 by the end of this year to more than a million.
Also among the company's predictions in its "Security Threats to Business, the Digital Lifestyle, and the Cloud" report: Cyber criminals will heavily abuse legitimate cloud services; hacktivist attacks will become more destructive; and the increase in computing platforms and devices will lead to threats cropping up in unexpected places. (more)
Friday, December 21, 2012
FutureWatch: New TSCM Tool on the Far Horizon
A secret agent is racing against time. He knows a bomb is nearby. He rounds a corner, spots a pile of suspicious boxes in the alleyway, and pulls out his cell phone. As he scans it over the packages, their contents appear onscreen. In the nick of time, his handy smartphone application reveals an explosive device, and the agent saves the day.
Sound far-fetched? In fact it is a real possibility, thanks to tiny inexpensive silicon microchips developed by a pair of electrical engineers at the California Institute of Technology (Caltech).
The chips generate and radiate high-frequency electromagnetic waves, called terahertz (THz) waves, that fall into a largely untapped region of the electromagnetic spectrum—between microwaves and far-infrared radiation—and that can penetrate a host of materials without the ionizing damage of X-rays.
When incorporated into handheld devices, the new microchips could enable a broad range of applications in fields ranging from homeland security (and TSCM) to wireless communications (new types of bugs) to health care, and even touchless gaming. In the future, the technology may lead to noninvasive cancer diagnosis, among other applications. (more)
Already in use, but not yet cheap and portable. |
The chips generate and radiate high-frequency electromagnetic waves, called terahertz (THz) waves, that fall into a largely untapped region of the electromagnetic spectrum—between microwaves and far-infrared radiation—and that can penetrate a host of materials without the ionizing damage of X-rays.
When incorporated into handheld devices, the new microchips could enable a broad range of applications in fields ranging from homeland security (and TSCM) to wireless communications (new types of bugs) to health care, and even touchless gaming. In the future, the technology may lead to noninvasive cancer diagnosis, among other applications. (more)
Wednesday, December 19, 2012
The Bugging Report Too Dangerous to be Released
Australia - The secret police report into the widespread phone-tapping and bugging of over 110 serving and former officers was too "dangerous" to be released, the Inspector of the Police Integrity Commission, David Levine, said yesterday.
The reputations of the NSW Police Force and individual officers could be trashed if the report and recommendations by strike force Emblems were made public, the former Supreme Court judge said. (more)
The reputations of the NSW Police Force and individual officers could be trashed if the report and recommendations by strike force Emblems were made public, the former Supreme Court judge said. (more)
Tuesday, December 18, 2012
" I heard that law enforcement has some sort of scanner that...
...tells them if a car has a large amount of money and then proceed to pull the car over where they eventually confiscate the cash. Is there really a "money scanner" like that?"
I get a lot of strange questions.
This one was particularly intriguing.
Answer
For now, this appears to be an urban legend.
However, developing a technique to do this is on their radar screen...
"As U.S. financial institutions continue to improve legislation that reduces money laundering, criminals with large quantities of cash have shifted their focus to bulk currency smuggling, making deposits in foreign banks. Current DHS and law enforcement technologies catch only a fraction of the currency passing through the ports and borders. To date, a dedicated currency detector has never been developed. Lattice Government Services (LGS) will work with the University of Washington to define requirements and a Concept of Operations, research gaseous chemical detection, and physical spectral/magnetic detection technologies, and down select ideal systems..." (more)
From the fine state that brought you the light bulb, tetracycline, the visible-light lasers, bubble wrap, oral ACE inhibitors and the TV dinner...
"Paul Burgess, the chief executive of New Jersey-based Lattice Inc, the parent of Lattice Government Services, described challenges: “it isn’t just currency moving through an airport, a body scanner will pick that up. The bigger problem is at border crossings. You can put money in a side door and it’s going to be very difficult to detect."
As of May, 2011 we know that...
"DHS will soon begin reviewing the companies’ reports to decide whether there are any ideas worth pursuing, Verrico said. If the agency decides to move forward, one or more prototypes will be built and field-tested. “We will evaluate them over the next 30 to 60 days before we make any further decisions on ‘phase two,’” he said.” (more)
Stay tuned.
Personally, I think money detection will eventually be accomplished by embedding micro-RFID chips into the paper. Of course, the countermeasure would then be to carry money in a shielded container or wallet.
Perhaps "smell" is the answer. Dogs are slow and scarce. But, these problems are being worked out...
"Tai Hyun Park and Seunghun Hong, of Seoul National University, with their colleagues, recreated a simplified version of the detecting cells in a dog’s nose using tiny bubbles made from cell membrane."
They are working on artificial noses in Japan and Germany, too. You can buy an electronic nose today from Alpha MOS, but it is not portable enough for sniffing out money. The Cyranose 320 is portable but doesn't know what money smells like. We'll check back with you folks later.
Got any ideas for money detection?
Send them (along with a case of M&M's) to:
"Show me the money!"
PO Box 668
Oldwick, NJ 08858
I get a lot of strange questions.
This one was particularly intriguing.
Answer
For now, this appears to be an urban legend.
However, developing a technique to do this is on their radar screen...
"As U.S. financial institutions continue to improve legislation that reduces money laundering, criminals with large quantities of cash have shifted their focus to bulk currency smuggling, making deposits in foreign banks. Current DHS and law enforcement technologies catch only a fraction of the currency passing through the ports and borders. To date, a dedicated currency detector has never been developed. Lattice Government Services (LGS) will work with the University of Washington to define requirements and a Concept of Operations, research gaseous chemical detection, and physical spectral/magnetic detection technologies, and down select ideal systems..." (more)
From the fine state that brought you the light bulb, tetracycline, the visible-light lasers, bubble wrap, oral ACE inhibitors and the TV dinner...
"Paul Burgess, the chief executive of New Jersey-based Lattice Inc, the parent of Lattice Government Services, described challenges: “it isn’t just currency moving through an airport, a body scanner will pick that up. The bigger problem is at border crossings. You can put money in a side door and it’s going to be very difficult to detect."
As of May, 2011 we know that...
"DHS will soon begin reviewing the companies’ reports to decide whether there are any ideas worth pursuing, Verrico said. If the agency decides to move forward, one or more prototypes will be built and field-tested. “We will evaluate them over the next 30 to 60 days before we make any further decisions on ‘phase two,’” he said.” (more)
Stay tuned.
Personally, I think money detection will eventually be accomplished by embedding micro-RFID chips into the paper. Of course, the countermeasure would then be to carry money in a shielded container or wallet.
Perhaps "smell" is the answer. Dogs are slow and scarce. But, these problems are being worked out...
"Tai Hyun Park and Seunghun Hong, of Seoul National University, with their colleagues, recreated a simplified version of the detecting cells in a dog’s nose using tiny bubbles made from cell membrane."
They are working on artificial noses in Japan and Germany, too. You can buy an electronic nose today from Alpha MOS, but it is not portable enough for sniffing out money. The Cyranose 320 is portable but doesn't know what money smells like. We'll check back with you folks later.
Got any ideas for money detection?
Send them (along with a case of M&M's) to:
"Show me the money!"
PO Box 668
Oldwick, NJ 08858
Dockworkers Union Alleges Eavesdropping - West Coast Port Strike
APM Terminals has been accused by a California dockworkers union of eavesdropping on workers to gain an edge in contract negotiations.
The complaint, filed with the National Labor Relations Board by International Longshore and Warehouse Union Local 63, said APM "conducted secret surveillance, eavesdropping and snooping and listening in on confidential communications between and among union representatives, shop stewards and members concerning ongoing contract negotiations, bargaining strategies and labor-management issues."
The complaint was filed Nov. 14, about two weeks before the union's clerical workers went on an eight-day strike that shut down most of the cargo terminals at the ports of Los Angeles and Long Beach, the busiest seaport complex in the country. In the document, the union local alleges that the surveillance dates back at least six months. (more)
The complaint, filed with the National Labor Relations Board by International Longshore and Warehouse Union Local 63, said APM "conducted secret surveillance, eavesdropping and snooping and listening in on confidential communications between and among union representatives, shop stewards and members concerning ongoing contract negotiations, bargaining strategies and labor-management issues."
The complaint was filed Nov. 14, about two weeks before the union's clerical workers went on an eight-day strike that shut down most of the cargo terminals at the ports of Los Angeles and Long Beach, the busiest seaport complex in the country. In the document, the union local alleges that the surveillance dates back at least six months. (more)
Top 5 Wireless Tips for IT Pros
via Altius IT Information Security...
2. Firewalls. Segment the wireless network from your in-house wired network. Use firewalls to restrict traffic to and from the internal network. Configure user devices so firewalls are turned on and actively protect applications and data.
3. Manual connection. Configure portable devices such as laptops and handhelds so that they do not automatically connect to wireless networks. A manual process helps ensure that the device connects to the appropriate wireless network.
4. Patch management. Ensure device operating system, application, and security protection software is patched and up-to-date. Ensure browsers and updates to third party software packages are applied in a timely manner. Critical updates should be tested and applied as soon as possible.
5. Incident management. Prepare a formal Incident Response Plan and educate users to inform the appropriate personnel if they believe they logged into the wrong network, sensitive information such as their ID/password was compromised, their device was lost or stolen, etc. (more)
Listed below are the top 5 tips IT professionals should take to enhance wireless network security.
1. Encryption. There are many different types of encryption methods used to secure wireless networks. Wired Equivalent Privacy (WEP) is the oldest and least preferred. Wi-Fi Protected Access (WPA) is newer and offers better protection. WPA2 is the newest and should be used if possible. Configure Virtual Private Network (VPN) access for users connecting to corporate systems.2. Firewalls. Segment the wireless network from your in-house wired network. Use firewalls to restrict traffic to and from the internal network. Configure user devices so firewalls are turned on and actively protect applications and data.
3. Manual connection. Configure portable devices such as laptops and handhelds so that they do not automatically connect to wireless networks. A manual process helps ensure that the device connects to the appropriate wireless network.
4. Patch management. Ensure device operating system, application, and security protection software is patched and up-to-date. Ensure browsers and updates to third party software packages are applied in a timely manner. Critical updates should be tested and applied as soon as possible.
5. Incident management. Prepare a formal Incident Response Plan and educate users to inform the appropriate personnel if they believe they logged into the wrong network, sensitive information such as their ID/password was compromised, their device was lost or stolen, etc. (more)
UPDATE: From our "Persistence is Futile" file...
A Canadian history buff seems to have cracked a coded World War II message that was found strapped to the leg of a dead carrier pigeon.
Last month, Englishman David Martin found the bird's bones in his chimney when he was renovating his fireplace in the town of Surrey.
Inside a red capsule strapped to the leg of the bird was a message from Sergeant William Stott, who had been deployed behind German lines to observe the enemy's activities.
When the message was taken to Britain's top code-breakers at the Government Communications Headquarters (GCHQ), they declared the code uncrackable. (more) (audio report) (our original report)
Click to enlarge. |
Inside a red capsule strapped to the leg of the bird was a message from Sergeant William Stott, who had been deployed behind German lines to observe the enemy's activities.
When the message was taken to Britain's top code-breakers at the Government Communications Headquarters (GCHQ), they declared the code uncrackable. (more) (audio report) (our original report)
Labels:
aerial,
amateur,
encryption,
government,
Hack,
nature,
spybot
Monday, December 17, 2012
Google Funds Spy Technology - Surveillance to the Rescue!
Carter Roberts, president of the The World Wildlife Fund, says on his organization’s site, “We face an unprecedented poaching crisis. The killings are way up. We need solutions that are as sophisticated as the threats we face.”
This week, the World Wildlife Fund (WWF) announced its receipt of a $5 million grant, courtesy of Google’s Global Impact Awards to test advanced technology in the fight against animal crime.
If it works, the new system will include sensors placed in wildlife environments and on the animals themselves, which would be monitored by a network of surveillance drones overhead. When poachers are detected, the drones will signal mobile ranger patrols on the ground to move in, hopefully stopping the poachers’ attack. (more)
This week, the World Wildlife Fund (WWF) announced its receipt of a $5 million grant, courtesy of Google’s Global Impact Awards to test advanced technology in the fight against animal crime.
If it works, the new system will include sensors placed in wildlife environments and on the animals themselves, which would be monitored by a network of surveillance drones overhead. When poachers are detected, the drones will signal mobile ranger patrols on the ground to move in, hopefully stopping the poachers’ attack. (more)
Labels:
aerial,
drone,
FutureWatch,
nature,
spybot,
surveillance,
tracking
UPDATE: $50 Hacking Device Opens Millions of Hotel Room Locks
The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.
The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies.
An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks changed.
The lock scandal began as a hacker exercise. During a technology conference, an attendee revealed that he'd found a security flaw -- a way to electronically unlock a common, electronic hotel-door lock using inconspicuous tools. Other hackers checked out his claim and verified it. Their methods eventually showed up in a series of YouTube videos. (more) (and here!)
The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies.
An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks changed.
The lock scandal began as a hacker exercise. During a technology conference, an attendee revealed that he'd found a security flaw -- a way to electronically unlock a common, electronic hotel-door lock using inconspicuous tools. Other hackers checked out his claim and verified it. Their methods eventually showed up in a series of YouTube videos. (more) (and here!)
NCTC Scope "Breathtaking" - "Pre-Cogs" - fiction to fact in 10 years
via The Wall Street Journal...
Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime...
The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.
Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited. Data about Americans "reasonably believed to constitute terrorism information" may be permanently retained...
The changes also allow databases of U.S. civilian information to be given to foreign governments for analysis of their own. In effect, U.S. and foreign governments would be using the information to look for clues that people might commit future crimes.
"It's breathtaking" in its scope, said a former senior administration official familiar with the White House debate. (more)
Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime...
The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.
Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited. Data about Americans "reasonably believed to constitute terrorism information" may be permanently retained...
The changes also allow databases of U.S. civilian information to be given to foreign governments for analysis of their own. In effect, U.S. and foreign governments would be using the information to look for clues that people might commit future crimes.
"It's breathtaking" in its scope, said a former senior administration official familiar with the White House debate. (more)
2012 - Targeting U.S. Technologies Report Out
Targeting U.S. Technologies: A Trend Analysis of Reporting from Defense Industry", presents DSS' analysis of industry reports submitted in 2011.
Although the report is geared for Facility Security Officers at Cleared Defense Contractors (CDC), it is a valuable reference for law enforcement, public and private sector executives and security officials responsible for protecting intellectual property, trade secrets and sensitive corporate information as the trends in collection directed against CDCs are important in understanding foreign collection directed against economic and corporate data in all business and government sectors.
The 2012 DSS Full Report, containing information on 2011 incidents can be downloaded here.
Security Flaw – Samsung Handsets & Tablets
A suspected fault in Samsung's implementation of the Android kernel could result in malicious apps gaining control over user devices...
"You should be very afraid of this exploit -- any app can use it to gain root without asking and without any permissions on a vulnerable device," the forum use wrote. "Let's hope for some fixes ASAP."...affected devices include the Samsung Galaxy S2, Samsung Galaxy Note 2, Samsung Galaxy Note 10.1 and Samsung Galaxy Tab Plus.
The community says that it has informed Samsung of the flaw, and so we can hope a fix will soon be issued if the claims ring true. With so many apps floating around the Internet, the Android operating system has become an increasing target for hackers, who can slip malicious code into seemingly innocent applications which end up stealing data or taking control of your device.
As malicious apps begin to send unauthorized premium-rate SMS messages and steal user bank data, keeping our devices secure is now just as important as being careful when we surf the web on our desktops. (more)
Thursday, December 13, 2012
TSCM Bug Sweeps: When, and When Not To - Part II
The following provides advice specifically meant for:
Private Investigators, Security Directors,
Security Consultants
and TSCM professionals.
What you can do to keep your current business clients espionage-free
Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.In TSCM Bug Sweeps: Part I we discussed how to handled requests from new clients for TSCM bug sweeps. In Part II we look at helping your current business clients. After you alert them to your business espionage solutions you will be viewed as a more valuable resource. Your revenue will also increase.
A typical case involving current business clients...
The Ostrich Effect:
Ignore the risk and maybe it will go away.
Step 1. Partner with a competent TSCM specialist.
As mentioned in Part I of this series, partner with a competent specialist. You may already have someone you know and trust. If so, great. If not, conduct a search using terms like “eavesdropping detection”, or simply “TSCM”. Once you have found specialists to vet, ask plenty of questions. If you are not sure of what to ask, search “TSCM compare” for a list of questions. Qualify your specialist with questions, but be sure to note their professionalism too. Their presentation and demeanor will reflect on you.Knowing a good TSCM specialist will make the rest of the steps very easy for you. (more) (Part 1)
Steps 2-4 comprise the rest of this article.
Take-away point: If you don’t help your clients, another person reading this post will.
~Kevin
Feeb to Fed Xmas Files Secret Flash Sale
On Dec. 20, for the first time in its history, the Federal Bureau of Investigation will open its New York store at 26 Federal Plaza to federal employees for a limited time.
Selling a full line of FBI-branded clothing and merchandise—hats, t-shirts, sweatshirts, jackets, patches, pens and coins—the store will only be open a brief four hours, from 11 a.m. to 3 p.m. Some items are priced as low as $2, boasted an email sent earlier this week to federal staffers. The store is run by the FBI Recreation Association, a nonprofit headquartered in Washington D.C. Representatives did not return calls requesting comment about this flash sale opportunity. (more)
Can't go? :(
Shop here! :)
Selling a full line of FBI-branded clothing and merchandise—hats, t-shirts, sweatshirts, jackets, patches, pens and coins—the store will only be open a brief four hours, from 11 a.m. to 3 p.m. Some items are priced as low as $2, boasted an email sent earlier this week to federal staffers. The store is run by the FBI Recreation Association, a nonprofit headquartered in Washington D.C. Representatives did not return calls requesting comment about this flash sale opportunity. (more)
Can't go? :(
Shop here! :)
How to secure your Android phone - 14 Tips
via Gary Sims, Spybusters and SpyWarn...
Tip #1 – Never leave your phone laying around where uninvited guests can access it.
Tip #2 – Use a lock screen.
Tip #3 – Set a PIN to protect purchases on Google Play.
Tip #4 – Install a phone location app / security app with an anti-theft component.
Tip #5 – Don’t install apps from dodgy third party sites.
Tip #6 – Always read the reviews of apps before installing them.
Tip #7 – Check the permissions. Does the "game" really need to send SMS messages?
Tip #8 – Never follow links in unsolicited emails or text messages to install an app.
Tip #9 – Use an anti-virus / anti-malware app.
Tip #10 – Don’t root your phone unless absolutely necessary.
Tip #11 – If your device has valuable data on it, use encryption.
Tip #12 – Use a VPN on unsecured Wi-Fi connection.
Tip #13 – Read "Is My Cell Phone Bugged?"
Tip #14 – Use SpyWarn (freemium) periodically to help determine if your phone has been infected with spyware.
(more)
Tip #1 – Never leave your phone laying around where uninvited guests can access it.
Tip #2 – Use a lock screen.
Tip #3 – Set a PIN to protect purchases on Google Play.
Tip #4 – Install a phone location app / security app with an anti-theft component.
Tip #5 – Don’t install apps from dodgy third party sites.
Tip #6 – Always read the reviews of apps before installing them.
Tip #7 – Check the permissions. Does the "game" really need to send SMS messages?
Tip #8 – Never follow links in unsolicited emails or text messages to install an app.
Tip #9 – Use an anti-virus / anti-malware app.
Tip #10 – Don’t root your phone unless absolutely necessary.
Tip #11 – If your device has valuable data on it, use encryption.
Tip #12 – Use a VPN on unsecured Wi-Fi connection.
Tip #13 – Read "Is My Cell Phone Bugged?"
Tip #14 – Use SpyWarn (freemium) periodically to help determine if your phone has been infected with spyware.
(more)
Subscribe to:
Posts (Atom)