Deer Trail, a small Colorado town, is considering a measure that would allow its residents to hunt for federal drones and shoot them down.
“Is it illegal? Of course it is. But it’s also illegal to spy on American citizens,” resident Phillip Steel told CNN in a phone interview. “If they fly in town, we will shoot them down.”
Steel said he wrote the ordinance after he learned the Federal Aviation Administration “loosened regulations that would allow the flight of drones in domestic airspace.” (more)
Saturday, July 20, 2013
Bug Found in Office of Berlusconi's Judge
An electronic bug was found in the offices of the Italian judges due to hear a final appeal this month by former premier Silvio Berlusconi against a tax fraud conviction, news reports said Friday.
An employee of the Court of Cassation discovered a device used to record or intercept conversations and alerted police Thursday afternoon, the Rome-based Il Tempo newspaper said.
The bug, which was removed by police, did not have any batteries, the daily said. (more)
An employee of the Court of Cassation discovered a device used to record or intercept conversations and alerted police Thursday afternoon, the Rome-based Il Tempo newspaper said.
The bug, which was removed by police, did not have any batteries, the daily said. (more)
Friday, July 19, 2013
If You Can Pee, You Can Make a Phone Call
If asked what would be a great power source for mobile phones, it’s a fair bet that most people wouldn't make urine their first choice. But that's exactly what a group of scientists at Bristol Robotics Laboratory in the UK have done. As part of a project to find new ways to provide electricity for small devices in emergency situations and developing countries they have created a new fuel cell system powered by pee.
The key to this rather unorthodox way of powering a phone is a microbial fuel cell (MFC) that converts organic matter directly into electricity. Inside the MFC, there are a mixture of ordinary anaerobic microorganisms that release electrons as they feed – in this case, on the urine. (more)
Thus giving a whole new meaning to streaming media. (rimshot!) Gee whiz.
The key to this rather unorthodox way of powering a phone is a microbial fuel cell (MFC) that converts organic matter directly into electricity. Inside the MFC, there are a mixture of ordinary anaerobic microorganisms that release electrons as they feed – in this case, on the urine. (more)
Thus giving a whole new meaning to streaming media. (rimshot!) Gee whiz.
Mobile Security Apps Perform Dismally Against Spyware
via Josh Kirschner at Techlicious...
Mobile spyware can have a devastating effect on your life; the
constant fear that a spouse, significant other or even employer is
following your every move, knows everything about your life and has
completely removed any vestige of privacy...
And spyware is not as rare as you may think. According to mobile security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual. Sophos reports a similar .2% infection rate from spyware. If those numbers hold true for Android users in general, that would mean tens of thousands could be infected.
I set out to test the leading Android anti-malware vendors to see how they fared at protecting us against the threat of spyware...
The results, generally speaking, were dismal. Of twelve products I tested, none was able to detect more than two-thirds of the samples. Many missed half or more of the spyware apps. And, surprisingly, the potential spyware apps least likely to be detected were those widely available in Google Play. (more)
Josh did an excellent job researching this topic and we thank him for publicly exposing the flaws.
Now, what can be done about really detecting spyware?
Murray Associates was approached by two clients several years ago who had come to the same conclusion as Josh via their own research. They asked us to develop a solution – based on the following conditions:
1. The solution must make quick and reasonable spyware evaluations.
2. No special forensic tools should be required.
3. No special skills should be necessary.
4. No assistance should be necessary once the initial training is over. The phone owner must be able to conduct the test him- or herself—anytime, anyplace.
5. Advancements in spyware software and cell phone hardware should not render the test ineffective.
The results of this project are published in the book, "Is My Cell Phone Bugged?", and are used in SpyWarn 2.0, a unique Android spyware detection app.
And spyware is not as rare as you may think. According to mobile security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual. Sophos reports a similar .2% infection rate from spyware. If those numbers hold true for Android users in general, that would mean tens of thousands could be infected.
I set out to test the leading Android anti-malware vendors to see how they fared at protecting us against the threat of spyware...
The results, generally speaking, were dismal. Of twelve products I tested, none was able to detect more than two-thirds of the samples. Many missed half or more of the spyware apps. And, surprisingly, the potential spyware apps least likely to be detected were those widely available in Google Play. (more)
Josh did an excellent job researching this topic and we thank him for publicly exposing the flaws.
Now, what can be done about really detecting spyware?
Murray Associates was approached by two clients several years ago who had come to the same conclusion as Josh via their own research. They asked us to develop a solution – based on the following conditions:
1. The solution must make quick and reasonable spyware evaluations.
2. No special forensic tools should be required.
3. No special skills should be necessary.
4. No assistance should be necessary once the initial training is over. The phone owner must be able to conduct the test him- or herself—anytime, anyplace.
5. Advancements in spyware software and cell phone hardware should not render the test ineffective.
The results of this project are published in the book, "Is My Cell Phone Bugged?", and are used in SpyWarn 2.0, a unique Android spyware detection app.
Labels:
advice,
Android,
App,
cell phone,
detection,
eavesdropping,
malware,
spyware,
statistics,
survey,
wiretapping
Android Malware that Gives Hackers Remote Control is Rising (Technical but important news.)
via... Sean Gallagher - Ars Technica
Remote access tools have long been a major part of targeted hacker attacks on individuals and corporate networks. RATs* have been used for everything from hacking the e-mail boxes of New York Times reporters to capturing video and audio of victims over their webcams. Recently, wireless broadband and the power of smartphones and tablets have extended hackers’ reach beyond the desktop. In a blog post yesterday, Symantec Senior Software Engineer Andrea Lelli described the rise of an underground market for malware tools based on Androrat, a remote administration tool that can give an attacker complete control over devices running the Android OS.
Androrat was published on GitHub in November 2012 as an open source tool for remote administration of Android devices. Packaged as a standard Android application (in an APK file), Androrat can be installed as a service on the device that launches at start-up or as a standard “activity” application. Once it’s installed, the user doesn’t need to interact with the application at all—it can be activated remotely by an SMS message or a call from a specific phone number.
The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.
Hackers have taken Androrat’s code and run with it. Recently, underground marketplaces for malware have begun to offer Androrat “binder” tools, which can attach the RAT to the APK files of other legitimate applications. When a user downloads what appears to be a harmless app that has been bound to Androrat, the RAT gets installed along with the app without requiring additional user input, sneaking past Android’s security model. Symantec reports that analysts have found 23 instances of legitimate apps that have been turned into carriers for Androrat. The code has also been incorporated into other “commercial” malware, such as Adwind—a Java-based RAT that can be used against multiple operating systems.
Lelli said that Symantec has detected “several hundred” cases of Androrat-based malware infections on Android devices, mostly in the US and Turkey. But now that binders are available to anyone willing to pay for them, the potential for infection to spread is growing rapidly. (more)
*Spybusters Countermeasure: Android app SpyWarn detects RAT spyware activity. (http://tinyurl.com/SpyWarnApp)
Remote access tools have long been a major part of targeted hacker attacks on individuals and corporate networks. RATs* have been used for everything from hacking the e-mail boxes of New York Times reporters to capturing video and audio of victims over their webcams. Recently, wireless broadband and the power of smartphones and tablets have extended hackers’ reach beyond the desktop. In a blog post yesterday, Symantec Senior Software Engineer Andrea Lelli described the rise of an underground market for malware tools based on Androrat, a remote administration tool that can give an attacker complete control over devices running the Android OS.
Androrat was published on GitHub in November 2012 as an open source tool for remote administration of Android devices. Packaged as a standard Android application (in an APK file), Androrat can be installed as a service on the device that launches at start-up or as a standard “activity” application. Once it’s installed, the user doesn’t need to interact with the application at all—it can be activated remotely by an SMS message or a call from a specific phone number.
The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.
Hackers have taken Androrat’s code and run with it. Recently, underground marketplaces for malware have begun to offer Androrat “binder” tools, which can attach the RAT to the APK files of other legitimate applications. When a user downloads what appears to be a harmless app that has been bound to Androrat, the RAT gets installed along with the app without requiring additional user input, sneaking past Android’s security model. Symantec reports that analysts have found 23 instances of legitimate apps that have been turned into carriers for Androrat. The code has also been incorporated into other “commercial” malware, such as Adwind—a Java-based RAT that can be used against multiple operating systems.
Lelli said that Symantec has detected “several hundred” cases of Androrat-based malware infections on Android devices, mostly in the US and Turkey. But now that binders are available to anyone willing to pay for them, the potential for infection to spread is growing rapidly. (more)
*Spybusters Countermeasure: Android app SpyWarn detects RAT spyware activity. (http://tinyurl.com/SpyWarnApp)
Labels:
advice,
App,
cautionary tale,
cell phone,
detection,
Hack,
spyware,
SpyWarn
New Jersey Supreme Court Restricts Police Searches of Phone Data
Staking out new ground in the noisy debate about technology and privacy in law enforcement, the New Jersey Supreme Court on Thursday ordered that the police will now have to get a search warrant before obtaining tracking information from cellphone providers.
The ruling puts the state at the forefront of efforts to define the boundaries around a law enforcement practice that a national survey last year showed was routine, and typically done without court oversight or public awareness. With lower courts divided on the use of cellphone tracking data, legal experts say, the issue is likely to end up before the United States Supreme Court. (more)
The ruling puts the state at the forefront of efforts to define the boundaries around a law enforcement practice that a national survey last year showed was routine, and typically done without court oversight or public awareness. With lower courts divided on the use of cellphone tracking data, legal experts say, the issue is likely to end up before the United States Supreme Court. (more)
Thursday, July 18, 2013
If You Think The NSA Is Bad, Wait To You See South Korea’s Surveillance State
SEOUL, South Korea — Americans are apparently blasé about government eavesdropping.
In the days after former National Security Agency contractor Edward Snowden revealed that Washington spies extensively on its own citizens, polls found that about half of Americans have no problem with such snooping, as long as it protects them from terrorism.
But a scandal unfolding here in South Korea illustrates how such domestic snooping can easily harm a democracy. The imbroglio has sparked student protests and candlelight vigils around Seoul... (more)
In the days after former National Security Agency contractor Edward Snowden revealed that Washington spies extensively on its own citizens, polls found that about half of Americans have no problem with such snooping, as long as it protects them from terrorism.
But a scandal unfolding here in South Korea illustrates how such domestic snooping can easily harm a democracy. The imbroglio has sparked student protests and candlelight vigils around Seoul... (more)
NSA Leak Highlights the Power of Spying - Irish Eyes Aren't Smiling
Ireland - Entrepreneurs are worried. Not because they have something to hide from US authorities, but for fear of breaking contractual liability.
"I'm currently setting up two businesses here," said Jude Braden, who employs 12 people in Dublin-based data-related businesses. "My problem is that under Irish and EU law, I have a duty to protect the data of my clients. I can potentially be sued if my clients' data gets out into the public domain. But the events of recent weeks and months puts me in a position where I may not be able to fulfill the terms of that obligation."
Espionage and industrial skullduggery have long been connected, said Conor Flynn, founder of Isas, a Dublin- IT security firm... "There has always been suspicions among American industrialists when they travel to China that they would be monitored for espionage purposes.
Dublin-based IT security expert Brian Honan agrees. "You don't bug German embassy offices if you're looking for Al-Qai'da," said Honan. "When the US plants bugs in EU embassies it is clearly targeted at trade talks and industrial interests."
Conor and Brian are correct. Industrial skullduggery, and bugging, are key espionage tactics – and, they are not the tools of governments alone. Tried and true spy methods still work in the business world. (more)
"I'm currently setting up two businesses here," said Jude Braden, who employs 12 people in Dublin-based data-related businesses. "My problem is that under Irish and EU law, I have a duty to protect the data of my clients. I can potentially be sued if my clients' data gets out into the public domain. But the events of recent weeks and months puts me in a position where I may not be able to fulfill the terms of that obligation."
Espionage and industrial skullduggery have long been connected, said Conor Flynn, founder of Isas, a Dublin- IT security firm... "There has always been suspicions among American industrialists when they travel to China that they would be monitored for espionage purposes.
Dublin-based IT security expert Brian Honan agrees. "You don't bug German embassy offices if you're looking for Al-Qai'da," said Honan. "When the US plants bugs in EU embassies it is clearly targeted at trade talks and industrial interests."
Conor and Brian are correct. Industrial skullduggery, and bugging, are key espionage tactics – and, they are not the tools of governments alone. Tried and true spy methods still work in the business world. (more)
Tuesday, July 16, 2013
Bremont Codebreaker Crypto Watch Turns Position of Earth into a Usable Measurement
The Bremont Codebreaker is a limited edition chronograph that uses original artifacts from the famous cryptographic facility to commemorate British code breaking efforts during the Second World War.
Bletchley Park was one of the best kept secrets of the Second World War and remained so for decades after until the story was made public in 1974. The ancient estate with its Victorian mansion was the headquarters for the Government Code and Cipher School (GC&CS), where 9,000 scientists, mathematicians and others were tasked with decrypting enemy ciphers from the German Enigma and Lorenz machines. It was where Alan Turing laid the foundations for modern computer science and artificial intelligence and was the birthplace of Colossus, the world’s first programmable electronic computer.
The efforts of the team at Bletchley Park were perhaps the greatest single strategic advantage of the Allies and may have shortened the war by two years. The Codebreaker is meant to not only act as a commemoration piece, but also a physical container of some of that story. According to Bremont, the Codebreaker was Inspired by a classic 1940’s officers watch and that 240 steel Codebreaker watches will be created along with 50 rose gold watches. Each numbered watch has a flyback Chronograph GMT automatic movement and is made from materials directly related to the code breaking efforts. (more)
Bletchley Park was one of the best kept secrets of the Second World War and remained so for decades after until the story was made public in 1974. The ancient estate with its Victorian mansion was the headquarters for the Government Code and Cipher School (GC&CS), where 9,000 scientists, mathematicians and others were tasked with decrypting enemy ciphers from the German Enigma and Lorenz machines. It was where Alan Turing laid the foundations for modern computer science and artificial intelligence and was the birthplace of Colossus, the world’s first programmable electronic computer.
The efforts of the team at Bletchley Park were perhaps the greatest single strategic advantage of the Allies and may have shortened the war by two years. The Codebreaker is meant to not only act as a commemoration piece, but also a physical container of some of that story. According to Bremont, the Codebreaker was Inspired by a classic 1940’s officers watch and that 240 steel Codebreaker watches will be created along with 50 rose gold watches. Each numbered watch has a flyback Chronograph GMT automatic movement and is made from materials directly related to the code breaking efforts. (more)
Keeping the NSA in Perspective
by George Friedman, Stratfor
In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn't win.
The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan's naval code and thus knew a great deal of the country's battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently. (more)
George Friedman is the Chairman of Stratfor, a company he founded in 1996 that is now a leader in the field of global intelligence.
In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn't win.
The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan's naval code and thus knew a great deal of the country's battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently. (more)
George Friedman is the Chairman of Stratfor, a company he founded in 1996 that is now a leader in the field of global intelligence.
Hackers Turn Verizon Box into Spy Tool
Researchers at iSec hacked into a Verizon network extender, which anyone can buy online, and turned it into a cell phone tower small enough to fit inside a backpack capable of capturing and intercepting all calls, text messages and data sent by mobile devices within range...
"The level of technical skill that you need to break into one of these, people are learning college.
A malicious person could put one of these, with a battery, in a backpack, and go downtown - to a place like Times Square or Wall Street...
Frankly, these devices scare us. It is not the NSA tapping ordinary people. It is about ordinary people attacking ordinary people." (more)
Note: Verizon says they fixed this particular issue.
Warning: Femtocells in general, however, offer a new playground to hackers and criminals alike. Cut back on your confidential transmissions in densely populated areas.
"The level of technical skill that you need to break into one of these, people are learning college.
A malicious person could put one of these, with a battery, in a backpack, and go downtown - to a place like Times Square or Wall Street...
Frankly, these devices scare us. It is not the NSA tapping ordinary people. It is about ordinary people attacking ordinary people." (more)
Note: Verizon says they fixed this particular issue.
Warning: Femtocells in general, however, offer a new playground to hackers and criminals alike. Cut back on your confidential transmissions in densely populated areas.
Saturday, July 13, 2013
Attack of the Cyber Mercenaries
A British intelligence report says that other nations are hiring hackers to launch attacks against their enemies, a trend it described as particularly worrying.
The warning over cyber mercenaries came in an annual report published by Britain's Intelligence and Security Committee, a watchdog body of senior lawmakers that oversees Britain's spy agencies. (more)
Have board, will travel. ~K3y5LingR |
Friday, July 12, 2013
Watergate Redux
The Dallas, Texas offices of law firm Schulman & Mathias were broken into two weeks ago by two burglars caught on surveillance camera. The two stole three computers. Damon Mathias, a partner at the firm, said
Attorneys said the burglars may have been hired to steal documents related to State Department whistleblower Aurelia Fedenisn, who is represented by the firm...
In early June, Fedenisn gave CBS News a draft State Department Inspector General report which offered the details of allegations that alleged sex crimes involving diplomats — including one U.S. ambassador who allegedly visited prostitutes — were ignored by State Department top officials. (more)
Time to sweep the office.
Attorneys said the burglars may have been hired to steal documents related to State Department whistleblower Aurelia Fedenisn, who is represented by the firm...
In early June, Fedenisn gave CBS News a draft State Department Inspector General report which offered the details of allegations that alleged sex crimes involving diplomats — including one U.S. ambassador who allegedly visited prostitutes — were ignored by State Department top officials. (more)
Time to sweep the office.
Monday, July 8, 2013
Free Webinar - Corporate Espionage via Mobile Device
Corporate Espionage via Mobile Device
Wednesday, July 10, 2013
02:00 PM Eastern DT (11:00 AM Pacific)
Duration: 45 Min
We discuss the topic of mobile risk and espionage via compromised mobile device. viaForensics' Director of R&D Thomas Cannon recently demonstrated "Corporate Espionage via a Mobile Device" as a proof of concept attack. In this demonstration, an innocent application is leveraged to harbor malware and exfiltrate data from a mobile device. The attacker is able to remotely activate phone features such as the camera and microphone, and the device can be used to bypass corporate defenses and infiltrate a corporate network. (Register)
Wednesday, July 10, 2013
02:00 PM Eastern DT (11:00 AM Pacific)
Duration: 45 Min
We discuss the topic of mobile risk and espionage via compromised mobile device. viaForensics' Director of R&D Thomas Cannon recently demonstrated "Corporate Espionage via a Mobile Device" as a proof of concept attack. In this demonstration, an innocent application is leveraged to harbor malware and exfiltrate data from a mobile device. The attacker is able to remotely activate phone features such as the camera and microphone, and the device can be used to bypass corporate defenses and infiltrate a corporate network. (Register)
Labels:
cell phone,
FREE,
Hack,
privacy,
spyware,
surveillance,
wiretapping
Saturday, July 6, 2013
How Eavesdropping Was Punished in Medieval Times
via Arika Okrent - theweek.com
The problem of eavesdropping dates back to the 1370s, according to one historian.
When people live together in small communities, they can be a great source of comfort and support to each other — but they can also really get on each other's nerves. Every community must figure out the best way to keep conflict to a minimum. In the late middle ages, English village courts tried to maintain equilibrium by imposing punishment for eavesdropping, scolding, and noctivagation (aimless night wandering), three offenses, as Marjorie McIntosh explains in her book Controlling Misbehaviour in England, 1370-1600, "often said in local records to be damaging to local harmony, goodwill, and peaceful relations between neighbors."
The term "eavesdropping" originally came from Anglo-Saxon laws against building too close to the border of your land, lest the rain running off your roof, the yfesdrype or "eaves drip," mess up your neighbor's property. "Eavesdropper" became the word for a person who stands within range of the eaves drip — too close — in order to listen in on what was going on inside the house...
Eavesdropping was best carried out under cover of darkness, hence the suspicion under which noctivagators, or "nightwalkers," were held. Anyone found to be wandering round at night without a good reason was assumed to be eavesdropping...
The problem with eavesdropping wasn't so much about notions of rights to privacy as about people who "perturbed the peace" by using the information they gained through eavesdropping to sow discord. Getting the goods on your neighbors might lead to scolding — verbally attacking, berating, stirring things up. Where eavesdropping might get you fined, the punishment for scolding could be much worse. Repeat scolders might get dunked in the water on the "cucking-stool" until they were thoroughly soaked and humiliated, or made to wear a "scold's bridle," an iron muzzle with a spiked gag to keep the tongue from moving.
..."for a good two hundred years, beginning in the 1370s, the medieval cocktail of eavesdropping and tale-telling comprised about 8 percent of all social crimes." (more)
The problem of eavesdropping dates back to the 1370s, according to one historian.
When people live together in small communities, they can be a great source of comfort and support to each other — but they can also really get on each other's nerves. Every community must figure out the best way to keep conflict to a minimum. In the late middle ages, English village courts tried to maintain equilibrium by imposing punishment for eavesdropping, scolding, and noctivagation (aimless night wandering), three offenses, as Marjorie McIntosh explains in her book Controlling Misbehaviour in England, 1370-1600, "often said in local records to be damaging to local harmony, goodwill, and peaceful relations between neighbors."
The term "eavesdropping" originally came from Anglo-Saxon laws against building too close to the border of your land, lest the rain running off your roof, the yfesdrype or "eaves drip," mess up your neighbor's property. "Eavesdropper" became the word for a person who stands within range of the eaves drip — too close — in order to listen in on what was going on inside the house...
Eavesdropping was best carried out under cover of darkness, hence the suspicion under which noctivagators, or "nightwalkers," were held. Anyone found to be wandering round at night without a good reason was assumed to be eavesdropping...
The problem with eavesdropping wasn't so much about notions of rights to privacy as about people who "perturbed the peace" by using the information they gained through eavesdropping to sow discord. Getting the goods on your neighbors might lead to scolding — verbally attacking, berating, stirring things up. Where eavesdropping might get you fined, the punishment for scolding could be much worse. Repeat scolders might get dunked in the water on the "cucking-stool" until they were thoroughly soaked and humiliated, or made to wear a "scold's bridle," an iron muzzle with a spiked gag to keep the tongue from moving.
..."for a good two hundred years, beginning in the 1370s, the medieval cocktail of eavesdropping and tale-telling comprised about 8 percent of all social crimes." (more)
Subscribe to:
Posts (Atom)