Saturday, July 27, 2013

Wiretap Evidence Included in SAC Capital Case

The evidence of insider trading at SAC Capital Advisors LP includes court-authorized wiretaps, a U.S. prosecutor said at the $14 billion hedge fund’s arraignment in federal court in Manhattan.

The discovery will be voluminous, including a large number of electronic recordings, including electronic messages, instant messages, court-authorized wiretaps and consensual recordings,” Assistant U.S. Attorney Antonia Apps told U.S. District Judge Laura Taylor Swain yesterday about the pretrial evidence-gathering process. “In short, a tremendous volume.” (more)

Friday, July 26, 2013

Double-Edged Sword Zone - Protect Your Office with iSpy (FREE)

iSpy (64-bit) uses your webcams and microphones to detect and record movement or sound and provides security, surveillance, monitoring and alerting services. You can Control cameras with PTZ, one-click or auto upload to YouTube, auto FTP to any servers, Listen to and monitor audio live over the network, connect and monitor as many cameras and microphones as you like, import and export object lists to share with colleagues, connect multiple computers in a group and manage over the web. FREE Download. (free warning sticker - download and print)

Of course, you can see how this could be used against you, and there is no free lunch. The software download is free, but there are $ enhancements ~Kevin

Did You Know... Surprising Spy Facts!

• The new NSA center in Utah is 15 times the size of MetLife Stadium, home to the New York Giants and Jets, and 7 times bigger than the Pentagon. (more) 

• Spy blimps can stay aloft for almost 3 weeks. (more) And, they are coming to Washington, DC (more) (video)

• 1,600 intelligence gatherers working at the Rivanna Station along with NGIC— DIA (Defense Intelligence Agency), NGA (National Geospatial-Intelligence Agency, and the frequently-in-the news National Security Agency (NSA)— call them the "crown jewels" of the Department of Defense intelligence. (more)

• The S&P 500 SPDR (SPY, A) is the oldest and best-known exchange-traded fund. (more) (oops, wrong spy)

• Authorities in eastern Turkey have cleared a small bird detained on suspicions of spying for Israel. (more)

• North Korea to put captured US spy ship on display. (more) 

• The real danger the NSA poses can be found here.

Happy Birthday, CIA

On July 26, 1947, 
President Truman signed the National Security Act, creating the Department of Defense, the National Security Council, the Central Intelligence Agency and the Joint Chiefs of Staff. (more)

Wednesday, July 24, 2013

Hot Stock Tip...

Invest in SPYs Spies.

The string of revelations about America's surveillance apparatus by former National Security Agency contractor Edward Snowden has cast a spotlight on the growing number of American companies involved in electronic spycraft.

It hasn't visibly damped enthusiasm among Silicon Valley investors and military contractors looking for ways to get into a business many see as one of the few growth areas left as U.S. military spending contracts.

Some of the country's most influential venture capitalists and former spy chiefs are investing in companies now providing the government with the sweeping electronic spy system and evolving cyberwarfare programs exposed by Mr. Snowden. (more)

The Other Domestic Spying Scandal

With all the concern about the government spying on us, is it any wonder that couples spy on one another?

Dating site surveyed over 22,000 Americans and found that 55% admitted to spying on their partners.

In Houston, at least according to the survey, it isn’t that bad. Only 48.8% of the people admitted to spying, which ranks us as the 10th most trusting city in the county. (more)

Business Secrets Leak via Personal Devices

The smartphone revolution opened the floodgates to the BYOD (bring your own device) trend among workers... 

More than half of information workers own the devices they use for work, according to Forrester Research, which surveyed almost 10,000 people in 17 countries, and that proportion is likely to increase, says David Johnson, a senior analyst at Forrester.

The groundswell caused many IT directors to simply throw up their hands.
A study published last November by Kaspersky Lab, a digital-security firm, found that one in three organizations allowed personal cellphones unrestricted access to corporate resources—with troubling consequences. One in five companies in the same survey admitted losing business data after personal devices were lost or stolen. (more)

The pressure is on manufacturers to come up with better security features. 
"Certified for Business Use" has a nice value-added ring to it.

Android Phones - The New Corporate Espionage Tool

Alcatel-Lucent’s Kindsight subsidiary has released figures that show an increase in malicious software (malware) used by hackers to gain access to devices for corporate espionage, spying on individuals, theft of personal information, generating spam, denial of service attacks on business and governments and millions of dollars in fraudulent banking and advertising scams.

“Malware and cybersecurity threats continue to be a growing problem for home networks and mobile devices, particularly for Android smartphones and tablets which are increasingly targeted,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs.

A third of the top 15 security threats are now spyware related, up from only two spyware instances the last quarter,” said McNamee. “MobileSpy and FlexiSpy were already in the top 15 list, but SpyBubble moved up to take the 4th spot, while SpyMob and PhoneRecon appeared for the first time, ranking 5th and 7th respectively.

Mobile spyware in the BYOD context poses a threat to enterprises because it can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage.”

McNamee said it is “surprisingly easy” to add a command and control interface to allow the attacker to control the device remotely, activating the phone’s camera and microphone without the user’s knowledge.

This enables the attacker to monitor and record business meetings from a remote location. The attacker can even send text messages, make calls or retrieve and modify information stored on the device – all without the user’s knowledge.

“The mobile phone is a fully functional network device. When connected to the company’s Wi-Fi, the infected phone provides backdoor access to the network and the ability to probe for vulnerabilities and assets. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."  

Monday, July 22, 2013

SIM Card Flaw Could Allow Eavesdropping on Phone Conversations

Vulnerability in the security key that protects the card could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, a security researcher warns.

Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, Nohl warned. 

Can you decode the code?
"We can remotely install software on a handset that operates completely independently from your phone," warned Nohl, who said he managed the entire operation in less than two minutes using a standard PC. "We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account." (more)

The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant."

Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks. (more)

You’ve Nicked Hackers... Now Expose the Buggers

UK - Phone hacking is a crude but preventable means of invading someone’s privacy.

You can go to jail for it — and many journalists face this risk as they await trial.

By comparison, breaking into a telecoms substation, plugging into a landline and intercepting private phone calls and computer traffic is a really serious crime.

Yet while those journalists were arrested at dawn and charged after long periods on police bail, nobody has been arraigned for bugging despite evidence over many years.

The difference between the two offences is important.

Hacking is opportunistic eavesdropping. Bugging is nothing less than espionage.

Once a bug is attached by stealth, it can monitor every spoken word and keystroke without the subscriber ever knowing. 

Saturday, July 20, 2013

The Wild Wild West - Town to Issue Drone Hunting Permits

Deer Trail, a small Colorado town, is considering a measure that would allow its residents to hunt for federal drones and shoot them down.

“Is it illegal? Of course it is. But it’s also illegal to spy on American citizens,” resident Phillip Steel told CNN in a phone interview. “If they fly in town, we will shoot them down.

Steel said he wrote the ordinance after he learned the Federal Aviation Administration “loosened regulations that would allow the flight of drones in domestic airspace.” (more)

Bug Found in Office of Berlusconi's Judge

An electronic bug was found in the offices of the Italian judges due to hear a final appeal this month by former premier Silvio Berlusconi against a tax fraud conviction, news reports said Friday.

An employee of the Court of Cassation discovered a device used to record or intercept conversations and alerted police Thursday afternoon, the Rome-based Il Tempo newspaper said.

The bug, which was removed by police, did not have any batteries, the daily said. (more)

Friday, July 19, 2013

If You Can Pee, You Can Make a Phone Call

If asked what would be a great power source for mobile phones, it’s a fair bet that most people wouldn't make urine their first choice. But that's exactly what a group of scientists at Bristol Robotics Laboratory in the UK have done. As part of a project to find new ways to provide electricity for small devices in emergency situations and developing countries they have created a new fuel cell system powered by pee.

 The key to this rather unorthodox way of powering a phone is a microbial fuel cell (MFC) that converts organic matter directly into electricity. Inside the MFC, there are a mixture of ordinary anaerobic microorganisms that release electrons as they feed – in this case, on the urine. (more)

Thus giving a whole new meaning to streaming media. (rimshot!) Gee whiz.

Mobile Security Apps Perform Dismally Against Spyware

via Josh Kirschner at Techlicious...
Mobile spyware can have a devastating effect on your life; the constant fear that a spouse, significant other or even employer is following your every move, knows everything about your life and has completely removed any vestige of privacy...

And spyware is not as rare as you may think. According to mobile security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual. Sophos reports a similar .2% infection rate from spyware. If those numbers hold true for Android users in general, that would mean tens of thousands could be infected.

I set out to test the leading Android anti-malware vendors to see how they fared at protecting us against the threat of spyware...

The results, generally speaking, were dismal. Of twelve products I tested, none was able to detect more than two-thirds of the samples. Many missed half or more of the spyware apps. And, surprisingly, the potential spyware apps least likely to be detected were those widely available in Google Play. (more)

Josh did an excellent job researching this topic and we thank him for publicly exposing the flaws. 

Now, what can be done about really detecting spyware?

Murray Associates was approached by two clients several years ago who had come to the same conclusion as Josh via their own research. They asked us to develop a solution – based on the following conditions:
  1. The solution must make quick and reasonable spyware evaluations. 
  2. No special forensic tools should be required. 
  3. No special skills should be necessary.
  4. No assistance should be necessary once the initial training is over. The phone owner must be able to conduct the test him- or herself—anytime, anyplace.
  5. Advancements in spyware software and cell phone hardware should not render the test ineffective.

The results of this project are published in the book, "Is My Cell Phone Bugged?", and are used in SpyWarn 2.0, a unique Android spyware detection app.

Android Malware that Gives Hackers Remote Control is Rising (Technical but important news.)

via... Sean Gallagher - Ars Technica 
Remote access tools have long been a major part of targeted hacker attacks on individuals and corporate networks. RATs* have been used for everything from hacking the e-mail boxes of New York Times reporters to capturing video and audio of victims over their webcams. Recently, wireless broadband and the power of smartphones and tablets have extended hackers’ reach beyond the desktop. In a blog post yesterday, Symantec Senior Software Engineer Andrea Lelli described the rise of an underground market for malware tools based on Androrat, a remote administration tool that can give an attacker complete control over devices running the Android OS.

Androrat was published on GitHub in November 2012 as an open source tool for remote administration of Android devices. Packaged as a standard Android application (in an APK file), Androrat can be installed as a service on the device that launches at start-up or as a standard “activity” application. Once it’s installed, the user doesn’t need to interact with the application at all—it can be activated remotely by an SMS message or a call from a specific phone number.

The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.

Hackers have taken Androrat’s code and run with it. Recently, underground marketplaces for malware have begun to offer Androrat “binder” tools, which can attach the RAT to the APK files of other legitimate applications. When a user downloads what appears to be a harmless app that has been bound to Androrat, the RAT gets installed along with the app without requiring additional user input, sneaking past Android’s security model. Symantec reports that analysts have found 23 instances of legitimate apps that have been turned into carriers for Androrat. The code has also been incorporated into other “commercial” malware, such as Adwind—a Java-based RAT that can be used against multiple operating systems.

Lelli said that Symantec has detected “several hundred” cases of Androrat-based malware infections on Android devices, mostly in the US and Turkey. But now that binders are available to anyone willing to pay for them, the potential for infection to spread is growing rapidly. (more)

*Spybusters Countermeasure: Android app SpyWarn detects RAT spyware activity. (