Sunday, June 9, 2013

"Whatever happened to OPSEC?"

Last week's news sparked much discussion about privacy. Here is one semi-sarcastic exchange between two well-respected, over-50 security professionals...
 

Q. "Whatever happened to OPSEC?"
 

A. "Indeed. Whatever happened to OPSEC?

I think you and I are seeing the "generation gap" from the other side, now.
Yesterday, I was talking to a sixteen year-old about the past week's news (PRISM and the Supreme Court decision on DNA).
 

The attitude was, "So?"
 

Geeez, the under-30 crowd has no expectation of privacy. It is a foreign concept to them. They grew up going to school with cameras aimed at them all day, and Ra-parents checking their email, and cocooning them in play dates and bike helmets. Sprinkle with general self: indulgence, centered-ness, and entitlement, and this is what evolves—a new world where real privacy is a quaint concept.
 

Their new world is "look at me, look at me", tweet, tweet, tweet. The new privacy hinges on SnapChat zaps, and the ability to 'friend' and 'unfriend'.

The first Eloi of this new wave are starting to take their places in business and government. They are being egged on, and in turn enabling, a few dystopian power-elders. Together they constructed PRISM. The flip side of the coin, however, is that they don't get to do it in private.

 

So, to answer the question, OPSEC and Privacy have joined hands... and are skipping on their merry f-ing way to oblivion.

Saturday, June 8, 2013

The PRISM of Surveillance - 2002-2013

The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security, by achieving Total Information Awareness (TIA). 

Following public criticism that the development and deployment of this technology could potentially lead to a mass surveillance system, the IAO was defunded by Congress in 2003. 
However, several IAO projects continued to be funded, and merely run under different names. (more) (60's update... "We all prism'ers chicky babe, we all locked in.")

Obama: 'Nobody Is Listening to Your Telephone Calls'

President Barack Obama on Friday defended his administration's vast collection of emails and telephone records, saying the programs help prevent terrorist attacks while imposing only "modest encroachments" on people's privacy...

"When it comes to telephone calls, nobody is listening to your telephone calls," the president said. 

 Mr. Obama made clear that his own views of such intelligence-gathering efforts have evolved since he was a candidate for the presidency in 2008. He suggested he is now more comfortable with the "trade-offs" involved in guarding against terrorism. (more)

Thursday, June 6, 2013

FutureWatch: 24/7 Outdoor Surveillance from 17,000 Feet - Recorded & Searchable

A new camera developed by the Pentagon's research arm was highlighted in a recent special on PBS' "Nova" in an episode called "Rise of the Drones." It's a camera system so detailed it can discern specific movements and even what a subject is wearing.

The Defense Advanced Research Projects Agency's (DARPA's) Autonomous Real-Time Ground Ubiquitous Surveillance Imaging System (ARGUS) has 1.8 billion pixels (1.8 gigapixels), making it the world' highest resolution camera. 




The sensors on the camera are so precise, PBS stated it is the equivalent to the capabilities of 100 Predator drones in a medium city.

Spain - Law to Install Spyware Being Drafted

Spain pushing for right to install government spyware on citizens' devices...

Spanish daily El PaĆ­s reported on Tuesday that the bill, drawn up by the ministry of justice, is still in its draft phase. But should it be passed into law, police authorities would have the power to install spyware on computers, laptops, tablets, mobile phones and even USBs and external hard drives in order to harvest personal information about the owner.

The bill states that targets would have to be suspected of terrorism, organized crime, child pornography, online fraud or cyber-bullying offenses carrying a minimum sentence of three years for the use of spyware to be authorized. The spyware would be installed remotely, the report said, and the target machine would have to be physically located in Spain. (more)


FutureWatch: See a trend?

Technorant - Your children are slaves to their smartphones...

A Caution Sign on the Highway of Life
Summary: (from the article) Today's teens and pre-teens are overly reliant on technology, lazy, self-entitled, and are the worst read of any generation. (more)


The author is a bit harsh, but the article may give smart kids a little help in taking back their lives... if they read it.

Wednesday, June 5, 2013

Secret Files Released - Edward VIII Bugged by His Own Government

Intelligence files kept secret for almost 80 years today reveal that phone calls from Buckingham Palace and the monarch’s Windsor residence, Fort Belvedere, were monitored while he decided whether to give up the throne for Wallis Simpson.

The revelation suggested an extraordinary breakdown of trust between Edward and his Government amid the constitutional crisis in December 1936.

The Cabinet papers also show the huge lengths the then Home Secretary Sir John Simon went to try and keep a lid on the looming controversy after a journalist leaked the story. (more)

A 'Trust But Verify' SpyWare App

"Within 3 months more than 80k people used Spy Your Love mobile application to spy their partner’s mobile phone (7000 couples are still daily using application). 

Spy your Love is mobile application that comes with controversial solution of partner's cheating and trust issues. Solution is based on mutual and voluntary monitoring/sharing of phone calls, SMS and Facebook messages. Mutual means that both partners are spying each other. Partners are losing 15% of their privacy but getting 90% assurance that their partner is faithful." (more)

Grain-of-Salt Alert: This excerpted from a Slovakian press release, hence the odd syntax. It is, however, an interesting spyware app concept.

Moto X - The Creepy Boyfriend You Never Knew You Wanted

Imagine a spy with access to a second-by-second record of your location and all of your electronic communications—and which is also the world’s most sophisticated superbrain, capable of mining all that information, big data-style, for unexpected connections... 

...the Moto X... essentially, it’s the world’s most sophisticated cluster of sensors you can wear on your person, and it’s going to know every single thing you do, whether it’s driving, sleeping or taking a walk around the block. Google is betting that you will love your pocket Stasi so much you’ll never want to be without it—and Google is right...

For example, the phone knows how fast you’re traveling, so it might not let you text while driving. And it has enough contextual information to know not only whether or not you just took it out of your pocket, but also why you just took it out of your pocket, so it can immediately fire up the camera app when you want to take a picture...

It’s the fact that Google’s forthcoming phone will start to know that “why”—the causal connections that stitch together our actions and desires—that is nothing short of astonishing...
Normal smartphones are limited in their ability to spy on you because their makers never anticipated that this is a thing you’d want to do. (more)

Tuesday, June 4, 2013

The VD of Apple iOS Devices - Unsafe Charging

Using the bogus charger, a team from Georgia Institute of Technology managed to infect a phone with a virus in less than a minute.  

Any device using Apple's iOS operating system would be as vulnerable to infection, claim the trio. More details of their work will be given at the upcoming Black Hat USA hacker conference. (more)

But this will not surprise our regular Security Scrapbook readers... "Joseph Mlodzianowski and Robert Rowley, built a juice jacking kiosk at Defcon 2011 to educate the masses about the risks associated with blindly plugging in mobile devices." (more)

Sunday, June 2, 2013

Attention High School Seniors: Get a Spy Job... Sha na na na, sha na na na na,

When the NSA’s brand-new $1.2 billion data center goes live in Bluffdale, Utah this fall, the nation’s spy agency is going to need a special kind of person to keep the lights on, the networks humming, and the servers from melting down.

So two years ago, the agency got in touch with Richard Brown, the dean of the College of Engineering at the University of Utah, and asked him to craft a special program that could teach computer science students all of the networking, electrical engineering, and server cooling skills that they’d need to run one of the world’s largest data centers...
 
His school’s Data Center Engineering program will go live this fall, with bachelors and masters-level certifications. With its cool climate and inexpensive energy, Utah is already home to data center facilities for many tech companies including Twitter, eBay, Workday and Oracle. (more) (sing-a-long)

Spy Summer in the City of Brotherly Love... Franklin would have loved it!

PA - "Spy: The Secret World of Espionage," at the Franklin Institute through Oct. 6, takes a declassified look into the reality of this intoxicating world, with a display of more than 200 artifacts used by real spies that underscore the real dangers they faced.

Drawn from the immense private collection of intelligence historian H. Keith Melton and the collections of the CIA, the FBI and the National Reconnaissance Office is everything from a KGB poison dart-firing umbrella to the fake movie script that enabled the rescue of the diplomats from Iran.


 
The show is a touring exhibit that opened at Times Square New York last year and now travels to 10 science museums around the United States for the next five years.

While younger visitors might pass on the show's informative wall text, they can't help but love the spy cameras, tear-gas pens, shoes with hidden compartments, a coin with a poison needle hidden inside and even a hollow molar the East German secret police created to conceal a microdot in a spy's mouth.

This is definitely a kid-friendly show, with interactive displays aplenty. (more)

"Why I secretly recorded Mitch McConnell"

Curtis Morrison speaks out...

"Earlier this year, I secretly made an audio recording of Sen. Mitch McConnell, the most powerful Republican on the planet, at his campaign headquarters in Kentucky. The released portion of the recording clocks in at less than 12 minutes, but those few minutes changed my life.

I leaked the recording to Mother Jones, which published it with a transcript and analysis in April, and over the days that followed, blogs and cable news shows lit up with the revelations from that one meeting. At the time, McConnell was prepping for a race against the actress Ashley Judd — it was “the Whac-a-Mole stage of the campaign,” McConnell said smugly — and the recording captures his team in some Grade-A jackassery, including plans to use Judd’s history of depression against her.

But also up for debate was the the ethics of the audio recording itself. Here’s the latest... [long explanation]

[in a nutshell] Unlike Mitch McConnell, I will not paint myself as a victim... I’m a liberal activist in Kentucky. I’m also a citizen journalist... If given another chance to record him, I’d do it again." (more)


Background:
Campaign Headquarters Bugged - FBI Investigating 
McConnell's Suspected Bugger Has Hand Out
Sen. Mitch McConnell's "Bug" - Recorded Acoustical Leakage

Analysis
Eavesdropping occurs all the time. Only failed attempts become public knowledge. This is one of thoses tip of the iceberg stories. 

Like most of these stories, both sides failed. Morrison for getting caught. McConnell for not taking the proper security measures to assure privacy.

We see the same scenario in the private sector. Smart businesses employ information security measures. Others get their pockets picked, and occassionally, find embarrassing stories about them in the news. ~Kevin

Saturday, June 1, 2013

The Old Conference Call Trick Still Works

MA - Two Plymouth men who allegedly planned to line up professional sports tryouts are facing federal wiretapping charges for taping a phone conversation between two NFL general managers and sold the recording to a sports website.  

Joshua Barber, 20, and Nicholas Kaiser, 20, face up to five years in prison and a $500,000 fine if convicted of secretly recording a conference call they allegedly organized between Buffalo Bills General Manger Buddy Nix and Tampa Bay Buccaneers General Manager Mark Dominik, according to federal procecutors.

The Boston Globe reports that Barber first called Nix posing as Dominik and then called Dominik and used the conference call function to link the calls for the conversation, recorded by Kaiser.

In a roughly six-minute call posted on Deadspin in March, Nix and Dominik discuss potential trades and complain about their lack of a franchise quarterback, according to the Boston Herald. (more)

Eavesdropping on Fire Department No Solution to Burning Ears

NH - A former lieutenant in the Deering Fire Department
who was at the center of a recent hiring controversy has been indicted on a felony charge of wiretapping staff conversations last year, including at least one senior-level meeting.

Stephen Brooks, 39, allegedly placed a recording device inside the Deering Fire Station on or around May 29, 2012, and “recorded a period of time including, but not limited to, a meeting between senior staff of the Fire Department,” according to a direct indictment, issued May 15 by a Hillsborough County grand jury.

Because it is a direct indictment, the case will bypass preliminary hearings and head straight to trial. Brooks has not been arrested, according to Assistant Hillsborough County Attorney Michael Valentine, who is handling the case. Valentine said direct indictments are typical when there has been a previous police investigation.

An arraignment has been scheduled for June 21.

Deering Town Administrator Craig Ohlson said the charge follows a “lengthy” investigation by the state police. He said Brooks, who faces as many as 31∕2 to 7 years in prison and a $4,000 fine if convicted, was fired from the department April 17. It’s unclear whether the termination was directly related to the wiretapping investigation. (more)