Thursday, August 15, 2013

Baby Cam Hackers Can See You, Hear You, and Talk to You... and Your Kids

A hacker was able to shout abuse at a two-year-old child by exploiting a vulnerability in a camera advertised as an ideal "baby monitor".

ABC News revealed how a couple in Houston, Texas, heard a voice saying lewd comments coming from the camera, made by manufacturer Foscam.


Vulnerabilities in Foscam products were exposed in April, and the company issued an emergency fix.

Foscam said it was unable to provide a statement at this time.

However, a UK-based reseller told the BBC it would contact its entire customer database to remind them "the importance in setting a password to their cameras".

The spokesman added that it would be urging Foscam's head office - based in Shenzhen, China - to send out a memo to all its resellers suggesting they too contact their customers.

The BBC has found evidence of hackers sharing information on how to access insecure Foscam cameras via several widely-used forums. Using specialist search engines, people can narrow their results by location...
 

Foscam is not the only company to find itself the target of hackers. Last year, camera company Trendnet had to rush out an update to fix a security hole that left thousands of cameras exposed. (more

This is not a new problem. Manufacturers have been slow to respond. (Security Scrapbook warnings from 2/12 and 7/13). Why?

Espionage Idea: Imagine your country is the top manufacturer of surveillance cameras. You build in a back-door capability to monitor each one, and hope no one notices. Salt the Earth with your product. Target the units placed in sensitive areas. Wow, what power! And, then some hackers blow it for you. Damn hackers.

Example

Wednesday, August 14, 2013

Spy Cameras, Secret Audio Help Fight Movie Piracy

If all the sounds of the summer blockbuster "Man of Steel" were stripped away ...a light humming would still be heard. The barely audible noise is an audio watermark...

Designed by engineers at San Diego company Verance Corp., the watermark is a unique signal to Blu-ray disc players that the movie being watched was illegally recorded at a movie theater. After 20 minutes of playtime, the disc player shuts the movie down and offers the viewer the chance to continue watching—by paying for the movie through legitimate sources like Amazon.com Inc. and Netflix Inc.

...a San Diego startup, PirateEye, believes they can combat piracy using a vastly different technology.


The PirateEve camera, in theaters, can spot people recording a movie.
 

It installs cameras above theater screens that can detect recording devices in the audience and then send pictures of offenders to theater security.

PirateEye's camera-spotting technology was adapted from a military application that placed sensors under combat helicopters to scan the ground below for reflections from scopes on sniper rifles. 


Hollywood studios provided several million dollars in investment for the company, which has also been funded by private investors. (more)

Former Director's Wiretapping Conviction Could Spoil MGM's Licensing Bids

On Tuesday, the Wall Street Journal’s Alexandra Berzon reported that MGM is getting a hard look from regulators regarding former board member Terry Christensen, who resigned after being indicted in 2006 (and convicted in 2008) for his involvement in the illegal wiretapping of the ex-wife of billionaire Kirk Kerkorian, who currently holds 18.6% of MGM’s stock via his investment firm Tracinda Corp.

...sources said the Christensen matter could be a “potentially significant issue” for regulators pondering MGM’s pending licensing efforts not only in New Jersey, but also in Massachusetts and Maryland. (more)

Spy Malware Buried on Official Tibetan Website

Chinese-speaking individuals visiting the website for the Central Tibetan Administration are being targeted with a Java exploit that installs advanced malware on their machines.

According to researchers at security firm Kaspersky Lab, the official site for the Tibetan government-in-exile, led by the Dalai Lama, was seeded with a backdoor that takes advantage of a vulnerability in Java, CVE-2012-4681, which was fixed by Oracle roughly a year ago.

The incident bears the signature of a watering hole attack, in which espionage malware is planted on a legitimate site, and then the attackers wait for their desired victims to visit and take the bait. (more)

Clap On - Clap Off... Some Applaud

Clapper won't lead NSA review, White House says...

Intelligence Director James Clapper will not lead a National Security Agency review President Obama vowed would be autonomous, a spokeswoman said.

An Obama memorandum Monday directing Clapper, the nation's top intelligence figure, to "establish" the review group and report its findings to the president did not mean Clapper would head the panel or be involved with the panel members' selection, White House National Security Council spokeswoman Caitlin Hayden said Tuesday.

"The panel members are being selected by the White House, in consultation with the intelligence community," she said in a statement. (more)

Britain’s Fraud Agency Admits to Loss of Data and Audio Tapes

The Serious Fraud Office has admitted accidentally sending a huge cache of confidential documents from an investigation into Britain's biggest arms firm, BAE, to the wrong person.
It did not realise for up to a year that it had misplaced the material which comprised 32,000 pages of documents, 81 audio tapes and computer files.

The material had originally been given to the SFO by 59 sources that helped the agency during one of its most high-profile investigations.

The SFO is not identifying at the moment the individual who inadvertently received the documents, nor did it spell out what they contained. (more)


If someone dumped 32,000 pages of documents, 81 audio tapes and computer files on you - "by accident" - wouldn't you immediately call the sender and say, "What do I look like, a freakin' warehouse?!?!"

Time to call in the Monty Python Very Very Serious Fraud Office to investigate.
Not a joke. Click to enlarge.

Friday, August 9, 2013

Silent Circle Silenced

...as predicted here and here and here...
Two major secure e-mail service providers on Thursday took the extraordinary step of shutting down service.

A Texas-based company called Lavabit, which was reportedly used by Edward J. Snowden, announced its suspension Thursday afternoon, citing concerns about secret government court orders.

By evening, Silent Circle, a Maryland-based firm that counts heads of state among its customers, said it was following Lavabit’s lead and shutting its e-mail service as a protective measure.

Taken together, the closures signal that e-mails, even if they are encrypted, can be accessed by government authorities and that the only way to prevent turning over the data is to obliterate the servers that the data sits on.

Mike Janke, Silent Circle’s chief executive, said in a telephone interview late Thursday that his company had destroyed its server. “Gone. Can’t get it back. Nobody can,” he said. “We thought it was better to take flak from customers than be forced to turn it over.”

The company, in a blog post dated Friday, Aug. 9, said it had taken the extreme measure even though it had not received a search order from the government. (more)

Thursday, August 8, 2013

Espionage Battlebots - China v. USA - Guess Who Wins

...by Brian Dodson, gizmag.com...
 For the past 23 years, the IARC has challenged college teams with missions requiring complex autonomous robotic behaviors that are often beyond the capabilities of even the most sophisticated military robots. This year's competition, which was held in China and the United States over the past week, saw the team from Tsinghua University in Beijing successfully complete the current mission – an elaborate espionage operation known as Mission Six.

First proposed in 2010, the Mission Six scenario is that an enemy has plans for taking control of the Eurasian banking system, a move that could throw the entire world into chaos. This plan is contained in a USB flash drive located in a remote security office of the enemy's intelligence organization.

The target building has a broken window on the same floor as the security office...and is equipped with laser intrusion detectors, floor sensors, video surveillance, and periodic patrols. Mission Six calls for covertly capturing the flash drive, and replacing it with another of the same make to postpone discovery of the theft... The mission must be carried out within ten minutes to avoid security patrols.

The vehicles are required to be completely autonomous, with no external commands accepted during the mission. The vehicles can be of any type (as long as they fly)...



(Play Mission Impossible theme while watching.)

All vehicles must contain their own power supplies. The vehicle is required to sense its immediate surroundings, and decide on its own actions, but need not contain its control computer – it can instead be linked to an external computer by radio. While external navigation aids are allowed, GPS locating is not.

...the Michigan Autonomous Aerial Vehicles team, associated with the University of Michigan, had been touted as the most likely entry at the American venue to succeed with Mission Six. Unfortunately, they encountered a perfect storm of equipment malfunctions, and were unable to complete the mission. (more)

FutureWatch - Just as piloted fighter planes are being replaced by unmanned drones, spies keep themselves out of harm's way using technology too. Bugs, wiretaps, spyware, and now robots will also be doing the dirty work in the future. Imagine, armies of robo-roaches scanning all the paperwork left out overnight, and perhaps planting themselves as audio / visual bugs.

Today in Eavesdropping History

On Aug. 8, 1974, President Richard Nixon announced he would resign following damaging revelations in the Watergate scandal. (more)
 
He submitted his official resignation the following day...

Wednesday, August 7, 2013

How to Protect Your Company Against Corporate Espionage

An abridged overview by Jim Lindell, President, Thorsten Consulting Group Inc.... 
First, the company must establish values and principles that define appropriate behavior regarding confidential information such as personnel, technologies, customers and suppliers. Once values and policies have been established, management must support, review and enforce them.

Second, make sure the hiring process emphasizes how employees must handle confidential information. Determine the candidate's ability to maintain confidentiality. How? By asking tough questions during the interview and doing thorough background checks.  

After the employee is hired, continue training and explaining your policies and procedures regarding confidential information. The role of the CEO and senior management can't be overstated.  

The CEO, on a regular basis, should highlight unacceptable public behavior and emphasize that it won't be tolerated. The Snowden/Manning incidents provide excellent examples that illustrate confidentiality expectations for all employees. At a minimum, these messages must come from the CEO at last once a year. 

The best policies and procedures
To be effective, policies and procedures must:
• Reinforce acceptable behavior.
• Create a monitoring process to detect breaches in confidential information. (An integral part of a TSCM bug sweep.)
• Create an audit process to determine whether existing rules are being followed.
(An integral part of a TSCM bug sweep.)
 
You must assess the nature of confidential information that is maintained and the potential for abuse. Both Snowden and Manning required technological tools and technological skills. You must understand the devices your employees are using, and how they can use them to access confidential information...
 

In addition to electronic access to your systems, you also must be aware of people who have physical access. The ability to take pictures of processes, documents and employees has changed dramatically. You must restrict access to your plant and offices.  

Finally, it's important to establish policies and procedures that address disposal of equipment like computers, tablets, hard disk drives and flash drives. Since we can't see the digital information, it's easy to discard hardware and not realize what we're actually tossing out.  

All businesses are at risk. Some are just more prepared than others. (more)

Tuesday, August 6, 2013

Solar-Powered Smartphones (and more) Coming Soon

Smartphones should soon be able to charge themselves

using transparent Wysips Crystal photovoltaic panels bonded into their screens. And if the idea takes off, tablets and eventually whole buildings could follow... (more) (more including photovoltaic clothing)

Imagine... 
The bug hidden in the picture frame would never have to have its battery replaced.

Think Changing Your SIM Card Can Mask Who You Are? Think Again

Tech-savvy criminals try to evade being tracked by changing their cellphone's built-in ID code and by regularly dumping SIM cards. But engineers in Germany have discovered that the radio signal from every cellphone handset hides within it an unalterable digital fingerprint — potentially giving law enforcers a simple way of tracking the handset itself.

Developed by Jakob Hasse and colleagues at the Technical Univ. of Dresden the tracking method exploits the tiny variations in the quality of the various electronic components inside a phone.

When analogue signals are converted into digital phone ones, the stream of data each phone broadcasts to the local mast contains error patterns that are unique to that phone's peculiar mix of components. In tests on 13 handsets in their lab, the Dresden team were able to identify the source handset with an accuracy of 97.6 percent. (more)

Windows Phones Susceptible to Password Theft When Connecting to Rogue Wi-Fi

Smartphones running Microsoft's Windows Phone operating system are vulnerable to attacks that can extract the user credentials needed to log in to sensitive corporate networks, the company warned Monday...

"An attacker-controlled system could pose as a known Wi-Fi access point, causing the victim's device to automatically attempt to authenticate with the access point and in turn allowing the attacker to intercept the victim's encrypted domain credentials," the Microsoft advisory warned. "An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials." (more)

Turn on certificate requirement before connecting to WPA2 networks. Now.

CreepyDOL - The sinister Espionage System for $57

Brendan O’Connor is a security researcher. How easy would it be, he recently wondered, to monitor the movement of everyone on the street – not by a government intelligence agency, but by a private citizen with a few hundred dollars to spare?

Mr. O’Connor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones.


Each box cost $57. He produced 10 of them, and then he turned them on – to spy on himself. He could pick up the Web sites he browsed when he connected to a public Wi-Fi – say at a cafe – and he scooped up the unique identifier connected to his phone and iPad. Gobs of information traveled over the Internet in the clear, meaning they were entirely unencrypted and simple to scoop up.

Even when he didn’t connect to a Wi-Fi network, his sensors could track his location through Wi-Fi “pings.” His iPhone pinged the iMessage server to check for new messages. When he logged on to an unsecured Wi-Fi, it revealed what operating system he was using on what kind of device, and whether he was using Dropbox or went on a dating site or browsed for shoes on an e-commerce site. One site might leak his e-mail address, another his photo.

It could be used for anything depending on how creepy you want to be,” he said.

You could spy on your ex-lover, by placing the sensor boxes near the places the person frequents, or your teenage child, or the residents of a particular neighborhood. You could keep tabs on people who gather at a certain house of worship or take part in a protest demonstration in a town square. Their phones and tablets, Mr. O’Connor argued, would surely leak some information about them – and certainly if they then connected to an unsecured Wi-Fi. The boxes are small enough to be tucked under a cafe table or dropped from a hobby drone. They can be scattered around a city and go unnoticed. (more) (Want your own CreepyDOL?)


Yet another thing a TSCM survey could uncover for you.

Thursday, August 1, 2013

Mystery Car Thefts - Solved

Remember this post from June
---
The news media is overflowing with reports of "High Tech" car burglars. They appear to be opening locked cars while holding a "black box" which "has police all over the nation stumped as to how it works."

Here, at the Spybusters Countermeasures Compound, we believe the black box is nothing more than a radio signal jammer. 
---

The spybusters tracked down the tool they probably used to pull off the heists...
You can read all about it here.