Christmas, and another phone company Pontius Pilate's spyware

Vietnam - Mobile phone subscribers have become worried stiff when hearing that their phone conversations would be tapped at any time, as the software pieces and devices allowing to bug phone calls have been selling everywhere.

There are a lot of bug device suppliers. Especially, the ad pieces on supplying tapping software pieces and devices can be found on websites as well. The advertisers affirm that all the latest generation software pieces like Spyphone, Copyphone, PokerSpyphone, Spy Mobile, Mobile Phone Spy would be delivered right after buyers make payment.

Clients have been told that it’ll take them some minutes only to install the software or bug devices into the targeted phones to record all the conversations and messages. Especially, the devices are dirt cheap, just about one million dong, which makes nothing to the people who can afford the smart phones running on iOS or Android.

In reply, network operators have affirmed that they have no involvement in the wiretapping operation and that in principle, all the personal information of subscribers has been kept confidential. (more)

But, we don't hear them complaining about the extra revenue they earn from spyware data transfers. ~Kevin

KGB: We Bugged Royals (We're shocked.)

Soviet secret agents bugged Princess Margaret’s telephone and ­listened in on the conversations of other senior royals. 

Listening devices were planted in the Princess’s bedroom during an official trip to Copenhagen in 1964. Until last week the Russians had always denied the ­covert operation... Colonel Vadim Goncharov, the KGB chief in charge of snooping operations on key western targets, installed listening devices in Princess Margaret’s lighter, cigarette case, ashtrays and telephones, eavesdropping on conversations that were “most interesting, even scandalous”... A book by the newspaper’s intelligence analyst, Gennady Sokolov, to be published next year, will provide new details about the operation against the Queen’s sister... Entitled The Kremlin v The Windsors – Palace Spies Of The Secret War, it will also reveal other attempts by Russian intelligence to spy on the Royal Family. (more)

Three Years of Privacy Stories - Wall Street Journal

Watched: A Wall Street Journal Privacy Report
As surveillance technologies decline in cost and grow in sophistication, tracking of many aspects of our daily activities, even the seemingly mundane, has become the default rather than the exception. The Wall Street Journal's Watched project—the latest in a years-long series on privacy—explores the impact of ubiquitous surveillance on citizens and society. (more)
The End of Privacy
The age of computing has created a new economy, in which data on people's habits, activities and interests is collected, sold and traded, often without their knowledge. The Wall Street Journal's What They Know series documents new, cutting edge uses of tracking technology and what the rise of ubiquitous surveillance means for consumers and society. (more)

The What They Know Series (more)

Android Virus Uses Your Phone to Spread Spam

Android smartphone users alert...
Spammed text messages have begun circulating that can infect your handset, causing it to continually send virulent text messages to thousands of live phone numbers each day.

That discovery comes as hackers continue to probe the Android platform, in particular, for security holes with no slowdown expected in 2013...

Messaging security firm Cloudmark Research recently discovered a virulent spam campaign that is sending text messages to Android users offering free versions of Need for Speed Most Wanted, Angry Birds Star Wars, Grand Theft Auto and other popular games.

By installing the free app, the user actually downloads a hidden program connecting their handset to a command and control server in Hong Kong, says Cloudmark researcher Andrew Conway. The Hong Kong server next sends the handset a list of 50 phone numbers, copies of viral messages and instructions to begin sending the messages to each of the numbers. (more)

Result...
If victims don't have an unlimited texting plan, the next phone bill could be a whopper because each infected phone can blast thousands of viral text messages a day.

SpyCam Story #664 - This Month In SpyCam News

SpyCam stories have become commonplace and the techniques used, repetitive. We continue to keep lose track of the subject for statistical purposes, but won't bore you with too many details. Links supplied. 

"What's up Doc?"

VA - Foot doctor hides restroom spycam in box of latex gloves. Employee fingers it.
LA - Gynecologist documents work too well. 186 counts of video voyeurism.
NY - Urologist arrested for upskirting. 
CA - Plastic surgeon for celebrities with spycam in dressing room.

The Usual Suspects...
ID - Nature lover films women using campground shower. Admits to dozens of films.
ID - Cell phone + tissue box + employee restroom...
ID - Man has pleads guilty to video voyeurism.
CT - Cell phone + tissue box + bathroom... 
CT - Subway sandwich employee stuffs spycam into insulation under the bathroom sink.

KY - Man charged with placing spy cam in Wal-Mart men's room. Hold the KY jokes. 

CO - Man hiding in Yoga festival porta-potty tank pleads not guilty. Try insanity next time.

AR - Hidden camera in girl's bedroom. A dolt claims, "to see if she was having sex."
AR - Tanning bed spycam'er pleads guilty. 
FL - Man gets 10 years for spycam in bedrooms and evidence tampering.
LA - Ex-security guard - 42 counts of voyeurism. Hid spycams in restrooms at his building.
MI - Man jailed for taping sexual encounter between himself and three women.

UK - Landlord with clothes hook spycam hung by his own petard.
UK - Married vicar suspended after arrest on suspicion of voyeurism.

Canada - Swimming instructor puts spycam in staff-only locker room. 
Canada - Clothing store dressing room cam-man turns himself in. 
Canada - Another clothing store cam-man.
Austria - Artist installs one-way mirror in cafe. Peeks from mens restroom into ladies room. 

School Daze...
KY - A real McCoy caught upskirting at college.
NJ - Chief custodian at Catholic high school + 8 cameras - Arrested.
CT - Cell phone + college co-ed showers... What could possibly go wrong? 
IN - Janitor + spycam + locker room.
IN - Middle School science teacher + spycam + women's faculty restroom at the school. 
OH - Middle School teacher + spycam + 2 female teachers in teachers-only bathroom.
OH - High school coach + camera in Boy's Locker Room, pleads not guilty. 
CT - School psychologist + camera + house guest.

Darwin Awards...
AR - Wife finds video of underage girl on his/her computer. He filmed himself setting it up.
Canada - Likes to watch women sleep. Voyeurism no, B&E yes. Cell phone left behind.

UK - Male nurse arrested for spycaming at Stonyhurst College found hanged at home.

Florida Man Convicted in Wiretapping Scheme Targeting Celebrities

A Florida man who hacked into the personal e-mail accounts of more than 50 people associated with the entertainment industry—including actors Scarlett Johansson, Mila Kunis, and Renee Olstead—was sentenced this afternoon to 120 months in federal prison.

Christopher Chaney, 36, of Jacksonville, Florida, was sentenced by U.S. District Court Judge S. James Otero, who also ordered the defendant to pay $66,179 in restitution. At today’s hearing, Judge Otero said Chaney’s conduct demonstrated a “callous disregard to the victims”—particularly, two non-celebrity victims, each of whom was stalked by Chaney for more than 10 years. Judge Otero noted that with the increase in cybercrime, it is important to realize that extreme emotional distress can be as devastating as a physical injury.

Chaney has been in custody since March, when he pleaded guilty to nine felony counts, including wiretapping and unauthorized access to protected computers. (more)

Android Malware Among Top Threats for 2013

Security company Trend Micro has prophesied that the number of malicious and insecure Android apps will triple from 350,000 by the end of this year to more than a million.

Also among the company's predictions in its "Security Threats to Business, the Digital Lifestyle, and the Cloud" report: Cyber criminals will heavily abuse legitimate cloud services; hacktivist attacks will become more destructive; and the increase in computing platforms and devices will lead to threats cropping up in unexpected places. (more)

FutureWatch: New TSCM Tool on the Far Horizon

A secret agent is racing against time. He knows a bomb is nearby. He rounds a corner, spots a pile of suspicious boxes in the alleyway, and pulls out his cell phone. As he scans it over the packages, their contents appear onscreen. In the nick of time, his handy smartphone application reveals an explosive device, and the agent saves the day.

Already in use, but not yet cheap and portable.

Sound far-fetched? In fact it is a real possibility, thanks to tiny inexpensive silicon microchips developed by a pair of electrical engineers at the California Institute of Technology (Caltech). 

The chips generate and radiate high-frequency electromagnetic waves, called terahertz (THz) waves, that fall into a largely untapped region of the electromagnetic spectrum—between microwaves and far-infrared radiation—and that can penetrate a host of materials without the ionizing damage of X-rays.

When incorporated into handheld devices, the new microchips could enable a broad range of applications in fields ranging from homeland security (and TSCM) to wireless communications (new types of bugs) to health care, and even touchless gaming. In the future, the technology may lead to noninvasive cancer diagnosis, among other applications. (more)

The Bugging Report Too Dangerous to be Released

Australia - The secret police report into the widespread phone-tapping and bugging of over 110 serving and former officers was too "dangerous" to be released, the Inspector of the Police Integrity Commission, David Levine, said yesterday.

The reputations of the NSW Police Force and individual officers could be trashed if the report and recommendations by strike force Emblems were made public, the former Supreme Court judge said. (more)

" I heard that law enforcement has some sort of scanner that...

...tells them if a car has a large amount of money and then proceed to pull the car over where they eventually confiscate the cash. Is there really a "money scanner" like that?"

I get a lot of strange questions. 

This one was particularly intriguing.

Answer
For now, this appears to be an urban legend.
However, developing a technique to do this is on their radar screen...
"As U.S. financial institutions continue to improve legislation that reduces money laundering, criminals with large quantities of cash have shifted their focus to bulk currency smuggling, making deposits in foreign banks. Current DHS and law enforcement technologies catch only a fraction of the currency passing through the ports and borders. To date, a dedicated currency detector has never been developed. Lattice Government Services (LGS) will work with the University of Washington to define requirements and a Concept of Operations, research gaseous chemical detection, and physical spectral/magnetic detection technologies, and down select ideal systems..." (more)

From the fine state that brought you the light bulb, tetracycline, the visible-light lasers, bubble wrap, oral ACE inhibitors and the TV dinner...

"Paul Burgess, the chief executive of New Jersey-based Lattice Inc, the parent of Lattice Government Services, described challenges: “it isn’t just currency moving through an airport, a body scanner will pick that up. The bigger problem is at border crossings. You can put money in a side door and it’s going to be very difficult to detect."

As of May, 2011 we know that...

"DHS will soon begin reviewing the companies’ reports to decide whether there are any ideas worth pursuing, Verrico said. If the agency decides to move forward, one or more prototypes will be built and field-tested. “We will evaluate them over the next 30 to 60 days before we make any further decisions on ‘phase two,’” he said.” (more)


Stay tuned.

Personally, I think money detection will eventually be accomplished by embedding micro-RFID chips into the paper. Of course, the countermeasure would then be to carry money in a shielded container or wallet. 

Perhaps "smell" is the answer. Dogs are slow and scarce. But, these problems are being worked out...
 
"Tai Hyun Park and Seunghun Hong, of Seoul National University, with their colleagues, recreated a simplified version of the detecting cells in a dog’s nose using tiny bubbles made from cell membrane." 

They are working on artificial noses in Japan and Germany, too. You can buy an electronic nose today from Alpha MOS, but it is not portable enough for sniffing out money. The Cyranose 320 is portable but doesn't know what money smells like. We'll check back with you folks later.

Got any ideas for money detection?  
Send them (along with a case of M&M's) to:
"Show me the money!"
PO Box 668
Oldwick, NJ 08858

Dockworkers Union Alleges Eavesdropping - West Coast Port Strike

APM Terminals has been accused by a California dockworkers union of eavesdropping on workers to gain an edge in contract negotiations. 

The complaint, filed with the National Labor Relations Board by International Longshore and Warehouse Union Local 63, said APM "conducted secret surveillance, eavesdropping and snooping and listening in on confidential communications between and among union representatives, shop stewards and members concerning ongoing contract negotiations, bargaining strategies and labor-management issues."

The complaint was filed Nov. 14, about two weeks before the union's clerical workers went on an eight-day strike that shut down most of the cargo terminals at the ports of Los Angeles and Long Beach, the busiest seaport complex in the country. In the document, the union local alleges that the surveillance dates back at least six months. (more)

Top 5 Wireless Tips for IT Pros

via Altius IT Information Security...

Listed below are the top 5 tips IT professionals should take to enhance wireless network security.

1. Encryption. There are many different types of encryption methods used to secure wireless networks. Wired Equivalent Privacy (WEP) is the oldest and least preferred. Wi-Fi Protected Access (WPA) is newer and offers better protection. WPA2 is the newest and should be used if possible. Configure Virtual Private Network (VPN) access for users connecting to corporate systems.

2. Firewalls. Segment the wireless network from your in-house wired network. Use firewalls to restrict traffic to and from the internal network. Configure user devices so firewalls are turned on and actively protect applications and data.

3. Manual connection. Configure portable devices such as laptops and handhelds so that they do not automatically connect to wireless networks. A manual process helps ensure that the device connects to the appropriate wireless network.

4. Patch management. Ensure device operating system, application, and security protection software is patched and up-to-date. Ensure browsers and updates to third party software packages are applied in a timely manner. Critical updates should be tested and applied as soon as possible.

5. Incident management. Prepare a formal Incident Response Plan and educate users to inform the appropriate personnel if they believe they logged into the wrong network, sensitive information such as their ID/password was compromised, their device was lost or stolen, etc. (more)

UPDATE: From our "Persistence is Futile" file...

A Canadian history buff seems to have cracked a coded World War II message that was found strapped to the leg of a dead carrier pigeon.

Click to enlarge.

Last month, Englishman David Martin found the bird's bones in his chimney when he was renovating his fireplace in the town of Surrey.

Inside a red capsule strapped to the leg of the bird was a message from Sergeant William Stott, who had been deployed behind German lines to observe the enemy's activities.

When the message was taken to Britain's top code-breakers at the Government Communications Headquarters (GCHQ), they declared the code uncrackable. (more) (audio report) (our original report)

Google Funds Spy Technology - Surveillance to the Rescue!

Carter Roberts, president of the The World Wildlife Fund, says on his organization’s site, “We face an unprecedented poaching crisis. The killings are way up. We need solutions that are as sophisticated as the threats we face.”

This week, the World Wildlife Fund (WWF) announced its receipt of a $5 million grant, courtesy of Google’s Global Impact Awards to test advanced technology in the fight against animal crime. 

If it works, the new system will include sensors placed in wildlife environments and on the animals themselves, which would be monitored by a network of surveillance drones overhead. When poachers are detected, the drones will signal mobile ranger patrols on the ground to move in, hopefully stopping the poachers’ attack. (more)

UPDATE: $50 Hacking Device Opens Millions of Hotel Room Locks

The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.

The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies.

An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks changed.

The lock scandal began as a hacker exercise. During a technology conference, an attendee revealed that he'd found a security flaw -- a way to electronically unlock a common, electronic hotel-door lock using inconspicuous tools. Other hackers checked out his claim and verified it. Their methods eventually showed up in a series of YouTube videos. (more) (and here!)