Monday, July 29, 2013

World's Biggest Data Breaches - Infographic

A beautiful way to get the point across...

Be sure to visit the interactive original HERE.

And, the winner of Who's Got the Biggest Electronic Ear is...

"According to the Max Planck Institute, you're 100 times more likely to be surveilled by your own government if you live in the Netherlands or you live in Italy," Baker said. 

"You're 30 to 50 times more likely to be surveilled if you're a French or a German national than in the United States." (more)

Israel's Verint to Get Indian Government Contract for Interception Tools

India - Verint's leadership team recently met communications minister Kapil Sibal in Israel and indicated the company's desire to work with the government to intercept all forms of encrypted communications to address India's cyber security needs.

Sibal has also apprised Israel's IT & communications minister Gilad Erdan about engaging Verint to implement an interception solution. "Verint is willing to work with the Indian government to address the issue of intercepting encrypted communications like Gmail, Yahoo-. mail and others. It will shortly co-ordinate with DoT's security wing and CERT-In teams to implement a customized interception solution," says an internal telecom department note, a copy of which was reviewed by ET. (more)

But wait! There's more!

India - Worried over increasing tiger deaths each year and many due to poaching and poisoning, India plans to start round-the-clock electronic surveillance of some of the tiger habitats using high definition cameras. (more)

Surveillance Camera Hack to be Reveled at Black Hat

A US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military, something that could potentially allow hackers to spy on facilities or gain access to sensitive computer networks.

Craig Heffner, a former software developer with the National Security Agency (NSA) who now works for a private security firm, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet...

He plans to demonstrate techniques for exploiting these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas.

ISPs Grossed as Feds Net Passwords

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. (more)

Saturday, July 27, 2013

Wiretap Evidence Included in SAC Capital Case

The evidence of insider trading at SAC Capital Advisors LP includes court-authorized wiretaps, a U.S. prosecutor said at the $14 billion hedge fund’s arraignment in federal court in Manhattan.

The discovery will be voluminous, including a large number of electronic recordings, including electronic messages, instant messages, court-authorized wiretaps and consensual recordings,” Assistant U.S. Attorney Antonia Apps told U.S. District Judge Laura Taylor Swain yesterday about the pretrial evidence-gathering process. “In short, a tremendous volume.” (more)

Friday, July 26, 2013

Double-Edged Sword Zone - Protect Your Office with iSpy (FREE)

iSpy (64-bit) uses your webcams and microphones to detect and record movement or sound and provides security, surveillance, monitoring and alerting services. You can Control cameras with PTZ, one-click or auto upload to YouTube, auto FTP to any servers, Listen to and monitor audio live over the network, connect and monitor as many cameras and microphones as you like, import and export object lists to share with colleagues, connect multiple computers in a group and manage over the web. FREE Download. (free warning sticker - download and print)


Of course, you can see how this could be used against you, and there is no free lunch. The software download is free, but there are $ enhancements ~Kevin

Did You Know... Surprising Spy Facts!

• The new NSA center in Utah is 15 times the size of MetLife Stadium, home to the New York Giants and Jets, and 7 times bigger than the Pentagon. (more) 

• Spy blimps can stay aloft for almost 3 weeks. (more) And, they are coming to Washington, DC (more) (video)

• 1,600 intelligence gatherers working at the Rivanna Station along with NGIC— DIA (Defense Intelligence Agency), NGA (National Geospatial-Intelligence Agency, and the frequently-in-the news National Security Agency (NSA)— call them the "crown jewels" of the Department of Defense intelligence. (more)
 

• The S&P 500 SPDR (SPY, A) is the oldest and best-known exchange-traded fund. (more) (oops, wrong spy)
 

• Authorities in eastern Turkey have cleared a small bird detained on suspicions of spying for Israel. (more)

• North Korea to put captured US spy ship on display. (more) 

• The real danger the NSA poses can be found here.

Happy Birthday, CIA

On July 26, 1947, 
President Truman signed the National Security Act, creating the Department of Defense, the National Security Council, the Central Intelligence Agency and the Joint Chiefs of Staff. (more)

Wednesday, July 24, 2013

Hot Stock Tip...

Invest in SPYs Spies.

The string of revelations about America's surveillance apparatus by former National Security Agency contractor Edward Snowden has cast a spotlight on the growing number of American companies involved in electronic spycraft.

It hasn't visibly damped enthusiasm among Silicon Valley investors and military contractors looking for ways to get into a business many see as one of the few growth areas left as U.S. military spending contracts.

Some of the country's most influential venture capitalists and former spy chiefs are investing in companies now providing the government with the sweeping electronic spy system and evolving cyberwarfare programs exposed by Mr. Snowden. (more)

The Other Domestic Spying Scandal

With all the concern about the government spying on us, is it any wonder that couples spy on one another?

Dating site SeekingArrangement.com surveyed over 22,000 Americans and found that 55% admitted to spying on their partners.

In Houston, at least according to the survey, it isn’t that bad. Only 48.8% of the people admitted to spying, which ranks us as the 10th most trusting city in the county. (more)

Business Secrets Leak via Personal Devices

The smartphone revolution opened the floodgates to the BYOD (bring your own device) trend among workers... 

More than half of information workers own the devices they use for work, according to Forrester Research, which surveyed almost 10,000 people in 17 countries, and that proportion is likely to increase, says David Johnson, a senior analyst at Forrester.

The groundswell caused many IT directors to simply throw up their hands.
A study published last November by Kaspersky Lab, a digital-security firm, found that one in three organizations allowed personal cellphones unrestricted access to corporate resources—with troubling consequences. One in five companies in the same survey admitted losing business data after personal devices were lost or stolen. (more)


The pressure is on manufacturers to come up with better security features. 
"Certified for Business Use" has a nice value-added ring to it.

Android Phones - The New Corporate Espionage Tool

Alcatel-Lucent’s Kindsight subsidiary has released figures that show an increase in malicious software (malware) used by hackers to gain access to devices for corporate espionage, spying on individuals, theft of personal information, generating spam, denial of service attacks on business and governments and millions of dollars in fraudulent banking and advertising scams.

“Malware and cybersecurity threats continue to be a growing problem for home networks and mobile devices, particularly for Android smartphones and tablets which are increasingly targeted,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs.

A third of the top 15 security threats are now spyware related, up from only two spyware instances the last quarter,” said McNamee. “MobileSpy and FlexiSpy were already in the top 15 list, but SpyBubble moved up to take the 4th spot, while SpyMob and PhoneRecon appeared for the first time, ranking 5th and 7th respectively.

Mobile spyware in the BYOD context poses a threat to enterprises because it can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage.”

McNamee said it is “surprisingly easy” to add a command and control interface to allow the attacker to control the device remotely, activating the phone’s camera and microphone without the user’s knowledge.

This enables the attacker to monitor and record business meetings from a remote location. The attacker can even send text messages, make calls or retrieve and modify information stored on the device – all without the user’s knowledge.

“The mobile phone is a fully functional network device. When connected to the company’s Wi-Fi, the infected phone provides backdoor access to the network and the ability to probe for vulnerabilities and assets. (more)


Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."  

Monday, July 22, 2013

SIM Card Flaw Could Allow Eavesdropping on Phone Conversations

Vulnerability in the security key that protects the card could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, a security researcher warns.

Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, Nohl warned. 

Can you decode the code?
"We can remotely install software on a handset that operates completely independently from your phone," warned Nohl, who said he managed the entire operation in less than two minutes using a standard PC. "We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account." (more)


The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant."

Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks. (more)
 

You’ve Nicked Hackers... Now Expose the Buggers

UK - Phone hacking is a crude but preventable means of invading someone’s privacy.

You can go to jail for it — and many journalists face this risk as they await trial.

By comparison, breaking into a telecoms substation, plugging into a landline and intercepting private phone calls and computer traffic is a really serious crime.

Yet while those journalists were arrested at dawn and charged after long periods on police bail, nobody has been arraigned for bugging despite evidence over many years.

The difference between the two offences is important.

Hacking is opportunistic eavesdropping. Bugging is nothing less than espionage.

Once a bug is attached by stealth, it can monitor every spoken word and keystroke without the subscriber ever knowing. 
(more)