Wednesday, June 5, 2013

Secret Files Released - Edward VIII Bugged by His Own Government

Intelligence files kept secret for almost 80 years today reveal that phone calls from Buckingham Palace and the monarch’s Windsor residence, Fort Belvedere, were monitored while he decided whether to give up the throne for Wallis Simpson.

The revelation suggested an extraordinary breakdown of trust between Edward and his Government amid the constitutional crisis in December 1936.

The Cabinet papers also show the huge lengths the then Home Secretary Sir John Simon went to try and keep a lid on the looming controversy after a journalist leaked the story. (more)

A 'Trust But Verify' SpyWare App

"Within 3 months more than 80k people used Spy Your Love mobile application to spy their partner’s mobile phone (7000 couples are still daily using application). 

Spy your Love is mobile application that comes with controversial solution of partner's cheating and trust issues. Solution is based on mutual and voluntary monitoring/sharing of phone calls, SMS and Facebook messages. Mutual means that both partners are spying each other. Partners are losing 15% of their privacy but getting 90% assurance that their partner is faithful." (more)

Grain-of-Salt Alert: This excerpted from a Slovakian press release, hence the odd syntax. It is, however, an interesting spyware app concept.

Moto X - The Creepy Boyfriend You Never Knew You Wanted

Imagine a spy with access to a second-by-second record of your location and all of your electronic communications—and which is also the world’s most sophisticated superbrain, capable of mining all that information, big data-style, for unexpected connections... 

...the Moto X... essentially, it’s the world’s most sophisticated cluster of sensors you can wear on your person, and it’s going to know every single thing you do, whether it’s driving, sleeping or taking a walk around the block. Google is betting that you will love your pocket Stasi so much you’ll never want to be without it—and Google is right...

For example, the phone knows how fast you’re traveling, so it might not let you text while driving. And it has enough contextual information to know not only whether or not you just took it out of your pocket, but also why you just took it out of your pocket, so it can immediately fire up the camera app when you want to take a picture...

It’s the fact that Google’s forthcoming phone will start to know that “why”—the causal connections that stitch together our actions and desires—that is nothing short of astonishing...
Normal smartphones are limited in their ability to spy on you because their makers never anticipated that this is a thing you’d want to do. (more)

Tuesday, June 4, 2013

The VD of Apple iOS Devices - Unsafe Charging

Using the bogus charger, a team from Georgia Institute of Technology managed to infect a phone with a virus in less than a minute.  

Any device using Apple's iOS operating system would be as vulnerable to infection, claim the trio. More details of their work will be given at the upcoming Black Hat USA hacker conference. (more)

But this will not surprise our regular Security Scrapbook readers... "Joseph Mlodzianowski and Robert Rowley, built a juice jacking kiosk at Defcon 2011 to educate the masses about the risks associated with blindly plugging in mobile devices." (more)

Sunday, June 2, 2013

Attention High School Seniors: Get a Spy Job... Sha na na na, sha na na na na,

When the NSA’s brand-new $1.2 billion data center goes live in Bluffdale, Utah this fall, the nation’s spy agency is going to need a special kind of person to keep the lights on, the networks humming, and the servers from melting down.

So two years ago, the agency got in touch with Richard Brown, the dean of the College of Engineering at the University of Utah, and asked him to craft a special program that could teach computer science students all of the networking, electrical engineering, and server cooling skills that they’d need to run one of the world’s largest data centers...
 
His school’s Data Center Engineering program will go live this fall, with bachelors and masters-level certifications. With its cool climate and inexpensive energy, Utah is already home to data center facilities for many tech companies including Twitter, eBay, Workday and Oracle. (more) (sing-a-long)

Spy Summer in the City of Brotherly Love... Franklin would have loved it!

PA - "Spy: The Secret World of Espionage," at the Franklin Institute through Oct. 6, takes a declassified look into the reality of this intoxicating world, with a display of more than 200 artifacts used by real spies that underscore the real dangers they faced.

Drawn from the immense private collection of intelligence historian H. Keith Melton and the collections of the CIA, the FBI and the National Reconnaissance Office is everything from a KGB poison dart-firing umbrella to the fake movie script that enabled the rescue of the diplomats from Iran.


 
The show is a touring exhibit that opened at Times Square New York last year and now travels to 10 science museums around the United States for the next five years.

While younger visitors might pass on the show's informative wall text, they can't help but love the spy cameras, tear-gas pens, shoes with hidden compartments, a coin with a poison needle hidden inside and even a hollow molar the East German secret police created to conceal a microdot in a spy's mouth.

This is definitely a kid-friendly show, with interactive displays aplenty. (more)

"Why I secretly recorded Mitch McConnell"

Curtis Morrison speaks out...

"Earlier this year, I secretly made an audio recording of Sen. Mitch McConnell, the most powerful Republican on the planet, at his campaign headquarters in Kentucky. The released portion of the recording clocks in at less than 12 minutes, but those few minutes changed my life.

I leaked the recording to Mother Jones, which published it with a transcript and analysis in April, and over the days that followed, blogs and cable news shows lit up with the revelations from that one meeting. At the time, McConnell was prepping for a race against the actress Ashley Judd — it was “the Whac-a-Mole stage of the campaign,” McConnell said smugly — and the recording captures his team in some Grade-A jackassery, including plans to use Judd’s history of depression against her.

But also up for debate was the the ethics of the audio recording itself. Here’s the latest... [long explanation]

[in a nutshell] Unlike Mitch McConnell, I will not paint myself as a victim... I’m a liberal activist in Kentucky. I’m also a citizen journalist... If given another chance to record him, I’d do it again." (more)


Background:
Campaign Headquarters Bugged - FBI Investigating 
McConnell's Suspected Bugger Has Hand Out
Sen. Mitch McConnell's "Bug" - Recorded Acoustical Leakage

Analysis
Eavesdropping occurs all the time. Only failed attempts become public knowledge. This is one of thoses tip of the iceberg stories. 

Like most of these stories, both sides failed. Morrison for getting caught. McConnell for not taking the proper security measures to assure privacy.

We see the same scenario in the private sector. Smart businesses employ information security measures. Others get their pockets picked, and occassionally, find embarrassing stories about them in the news. ~Kevin

Saturday, June 1, 2013

The Old Conference Call Trick Still Works

MA - Two Plymouth men who allegedly planned to line up professional sports tryouts are facing federal wiretapping charges for taping a phone conversation between two NFL general managers and sold the recording to a sports website.  

Joshua Barber, 20, and Nicholas Kaiser, 20, face up to five years in prison and a $500,000 fine if convicted of secretly recording a conference call they allegedly organized between Buffalo Bills General Manger Buddy Nix and Tampa Bay Buccaneers General Manager Mark Dominik, according to federal procecutors.

The Boston Globe reports that Barber first called Nix posing as Dominik and then called Dominik and used the conference call function to link the calls for the conversation, recorded by Kaiser.

In a roughly six-minute call posted on Deadspin in March, Nix and Dominik discuss potential trades and complain about their lack of a franchise quarterback, according to the Boston Herald. (more)

Eavesdropping on Fire Department No Solution to Burning Ears

NH - A former lieutenant in the Deering Fire Department
who was at the center of a recent hiring controversy has been indicted on a felony charge of wiretapping staff conversations last year, including at least one senior-level meeting.

Stephen Brooks, 39, allegedly placed a recording device inside the Deering Fire Station on or around May 29, 2012, and “recorded a period of time including, but not limited to, a meeting between senior staff of the Fire Department,” according to a direct indictment, issued May 15 by a Hillsborough County grand jury.

Because it is a direct indictment, the case will bypass preliminary hearings and head straight to trial. Brooks has not been arrested, according to Assistant Hillsborough County Attorney Michael Valentine, who is handling the case. Valentine said direct indictments are typical when there has been a previous police investigation.

An arraignment has been scheduled for June 21.

Deering Town Administrator Craig Ohlson said the charge follows a “lengthy” investigation by the state police. He said Brooks, who faces as many as 31∕2 to 7 years in prison and a $4,000 fine if convicted, was fired from the department April 17. It’s unclear whether the termination was directly related to the wiretapping investigation. (more)

Friday, May 31, 2013

On Paranoia...

“You’re just being paranoid.”

It’s a phrase that intimidates, shames, and scares. Too often, it sentences real victims of electronic surveillance to silent suffering. 


It’s also a phrase that can reveal unflattering things about the speaker, who may simply be ignorant, shallow, or mean, and who sometimes shows a strong tendency to avoid reality. The fact is, other people cannot make your problems go away by telling you that they do not exist—and neither can you.
Life has taught all of us some valuable lessons: An ounce of prevention really is worth a pound of cure. Trust your instincts. And that noise you heard coming from your car’s engine yesterday will not go away tomorrow; it will get worse. Ignoring these lessons has a name: The Ostrich Effect.

Granted, some people really do have paranoia problems. But these people usually do not confess to having a specific fear about specific events. They express their concerns in more general terms, such as “They know everything about me” or “It’s been going on for years.” Regardless, these people need kindness and medical help, not name calling.


If thoughts of eavesdropping or business espionage are new to you, and you have a suspect or a motive in mind, pay attention. Your intuition is telling you that something is wrong. Too many “coincidences” have tipped your inner warning scale. Your subconscious alert is sounding a real alarm, just as surely as the smell of smoke reminds you of the food left burning on the stove.

Trust your judgment. Something is wrong. 


Talk to an independent TSCM security consultant. This will be a person who specializes in electronic surveillance detection and business counterespionage. If TSCM is just another menu item and not the specialty of their house, you haven't found the right person. Keep looking. (Try here for business-related issues, or here for strictly personal issues.)

By the way, there is also hope on the horizon for people with real paranoia problems....
"Results of a preliminary trial, announced today at the Wellcome Trust in London, demonstrated how people with schizophrenia could overcome their auditory hallucinations by conversing with an avatar representation of the voice in their head.


At the start of the trial, 16 people with schizophrenia created an on-screen avatar that best matched what they imagined the voice in their head to look like – much like a police photo-fit. They then chose a male or female voice closely resembling the one they hear.

By conversing with a therapist via the avatar, the volunteers reported reduced levels of distress and higher self-esteem. Three people stopped hearing the hallucinatory voice altogether – including one who had lived with it for 16 years." (more)

Wednesday, May 29, 2013

Australia IT Security - More Godfather logic?

Chinese hackers have stolen top-secret blueprints to Australia's new intelligence agency headquarters, a report said Tuesday, but Foreign Minister Bob Carr insisted ties with Beijing would not be hurt.

The Australian Broadcasting Corporation said the documents taken in the cyber hit included cabling layouts for the huge building's security and communications systems, its floor plan, and its server locations. (more)


One can only hope these were the honeypot version of the plans.

How to Stop The China IT Leach Syndrome – Two Ideas

IDEA #1
If the US wishes to stop Chinese economic cyber-espionage, it will need to increase the costs and reduce the benefits to China of such activities. US government actions are important, but the key players in this game sit in the private sector. A true public-private partnership is needed.

The threat of Chinese cyberspying to US businesses is clear. A report released last week by the Commission on the Theft of American Intellectual Property states that: “China is two-thirds of the intellectual property theft problem, and we are at a point where it is robbing us of innovation to bolster their own industry, at a cost of millions of jobs.”
(more)

With President Obama preparing for a first meeting with China’s new president, a commission led by two former senior officials in his administration will recommend a series of steps that could significantly raise the cost to China of the theft of American industrial secrets. If milder measures failed, the commission said, the United States should consider giving companies the right to retaliate against cyberattackers with counterstrikes of their own. (more)

IDEA #2
Espionage Outrage Reaches the Boiling Point ...and a solution. (more)

Please pick either one, or both, Congress—before it is too late. ~Kevin

U.S. IT Security - Schizophrenia, Bipolar Disorder or Godfather logic?

The Chinese government has been conducting a broad, sustained, and disciplined campaign of cyberattacks against U.S. government agencies, critical infrastructure, private companies, and news organizations.

The public version of a study prepared for the Pentagon by the Defense Science Board now says that Chinese government hackers have also been able to penetrate the computer networks of all the major U.S. defense contractors, stealing the designs and specifications of the most advanced weapon system in the U.S. arsenal, and gaining insights into broad technologies on which U.S. military advances are based. (more)

and then we have...
 
White House National Security Adviser Thomas Donilon called Tuesday for strengthening U.S. military ties with China, despite growing tensions between the two over Beijing’s state-sponsored hacking and maritime territorial claims.

Donilon pushed for increased military cooperation in peacekeeping, fighting piracy and disaster relief.

An essential part of building a new model for relations between great powers is ensuring we have a healthy, stable and reliable military-to-military relationship,” Mr. Donilon said in brief comments to reporters, Reuters reported. (more)
 

...keep your friends close, but your enemies closer?

Tuesday, May 28, 2013

The Other Train Spotters and the Drones Who Will Catch Them

Germany - Small drones could soon be spying on vandals under plans announced by Germany's national railway company Deutsche Bahn. The idea is to use airborne infrared cameras to film people spraying graffiti and then use the images as evidence in court.

The drones can fly at altitudes of up to 150 metres and travel at up to 54 kilometres per hour.

Deutsche Bahn said it suffered property damage worth 7.6 million euros ($10 million) from people spray-painting its carriages last year.


The rail operator said it would only use the drones over its own depots, not in public areas, in line with German anti-surveillance laws. (more)

Better idea... Take high resolution photos of the best graffiti, make 1:1 prints and sell them at art galleries around the world—"Authentic Deutsche Bahn Train Art". ~Kevin

Australia - Report on Smartphone Spyware & Hacking

"It's a terrifying prospect, but the era of smart-phones is leaving us more vulnerable to having their phones bugged than ever before..."