Tuesday, October 15, 2013

Forget the NSA. That Smartphone Snooper May Be Your Spouse

It's not just the National Security Agency spying on smartphones. Many ordinary people are also using sophisticated software to eavesdrop on the wireless communications of their lovers, children and business rivals.

According to a new study that examined the data traffic of mobile devices operating on the Middle Eastern network of a European carrier, hundreds of people had some form of surveillance software installed on their phones.

These aren't malicious apps that the users had been tricked into downloading. They're pieces of commercially available spyware that people with physical access to the devices have installed to secretly log each text message, phone call and contact, and in some cases, eavesdrop on calls in real time. (more)

Business Espionage Cautionary Tale - How Bugs Get Planted and More

Last Christmas Eve, a man broke into Adara Networks’ San Jose headquarters, using copies of both physical and electronic keys. He seemed to know exactly what he was looking for. The thief left rows of desks untouched as he cruised toward the lab holding the source code for Adara’s proprietary data-center networking software. Fortunately for Adara, he triggered an alarm on the lab door and fled.

“Snatch and grab” crimes, in which crooks enter an office and carts off a few loose laptops, happen occasionally in Silicon Valley. Chief Executive Officer Eric Johnson sensed that his case was more serious, though. Adara’s next-generation networking technology could be attractive to nations hoping to capture more of the global telecommunications market. So Johnson brought in contractors to sweep the offices for bugs, in case a foreign government was listening...

To make it harder for the thieves, some companies are paying for “penetration testing,” hiring security consultants to probe their defenses... Silicon Valley has a long history of thievery and espionage. (more)

Many of my reports for clients contain details and photos about how an after-hours espionage/eavesdropping attack can easily happen to them. They receive recommendations for remediation, too. 

Spybuster Tip #004: Periodic inspections help deter penetrations and information losses. Conduct them once per quarter.

D-Link Promises Fix for Home Router Firmware Flaw by End of the Month

A backdoor has been found in firmware used in several models of D-Link and Planex home routers. The flaw can easily be exploited to take control of vulnerable devices and spy on browsing activity. D-Link is aware of the issue and says a fix will be available by the end of the month. (more)

How NSA Breakthrough May Allow 'Burner' Phone Tracking

via Dan Goodin, Ars Technica 
In the HBO hit series The Wire, disposable cell phones were the bane of detectives' lives. Drug dealers obtained these prepaid "burners" in mass quantities with cash at multiple stores hundreds of miles away from where they were used.

After a week or two of use, a crook would destroy one cheap handset and fetch a new one. The Baltimore Police detectives' inability to tap the phones stymied their investigation into one of the city's most ruthless crime families — until they found a way to track the devices.

The National Security Agency may have made a similar breakthrough. Cato Institute researcher Julian Sanchez recently pulled a few sentences from a 2009 declaration by NSA Director Keith Alexander. They describe an unnamed tool that routinely accessed the vast database of call records assembled by the NSA. Sanchez argues that the purpose may be to identify burner phones used by NSA targets. (more) (via Schneier)

The Taliban's Ultimate Bug? - A Bomb in a Microphone!

A bomb planted inside a mosque killed the governor of Afghanistan's eastern Logar province as he was delivering a speech Tuesday morning to mark the Muslim holiday of Eid al-Adha, officials said...

Tuesday's explosion took place as Jamal was speaking inside the mosque to worshipers gathered for one of Islam's holiest days, said Logar's deputy police chief, Rais Khan Abbul Rahimzai.

The bomb was apparently planted inside a microphone in the front part of the mosque, said two officials, speaking on condition of anonymity because they were not authorized to speak to the media. (more)

The Rube Goldberg Toy I Want for My Birthday

Monday, October 14, 2013

The CIA’s Most Highly-Trained Spies Weren’t Even Human

There would be a rustle of oily black feathers as a raven settled on the window ledge of a once-grand apartment building in some Eastern European capital. The bird would pace across the ledge a few times but quickly depart. In an apartment on the other side of the window, no one would shift his attention from the briefing papers or the chilled vodka set out on a table. Nor would anything seem amiss in the jagged piece of gray slate resting on the ledge, seemingly jetsam from the roof of an old and unloved building. 

Those in the apartment might be dismayed to learn, however, that the slate had come not from the roof but from a technical laboratory at CIA headquarters in Langley, Virginia. In a small cavity at the slate’s center was an electronic transmitter powerful enough to pick up their conversation. The raven that transported it to the ledge was no random city bird, but a U.S.-trained intelligence asset. 


Half a world away from the murk of the cold war, it would be a typical day at the I.Q. Zoo, one of the touristic palaces that dotted the streets of Hot Springs, Arkansas, in the 1960s. With their vacationing parents inca tow, children would squeal as they watched chickens play baseball, macaws ride bicycles, ducks drumming and pigs pawing at pianos. You would find much the same in any number of mom-and-pop theme parks or on television variety shows of the era. But chances are that if an animal had been trained to do something whimsically human, the animal—or the technique—came from Hot Springs. 

Two scenes, seemingly disjointed: the John le Carré shadows against the bright midway lights of county-fair Americana. But wars make strange bedfellows, and in one of the most curious, if little-known, stories of the cold war, the people involved in making poultry dance or getting cows to play bingo were also involved in training animals, under government contract, for defense and intelligence work. (more)

Sunday, October 13, 2013

NIST - Not Indelibly Secure & Trustworthy?

The National Institute of Standards and Technology (NIST) has an image problem. 

Last month, revelations surfaced indicating that the National Security Agency (NSA) may have planted a vulnerability in a widely used NIST-approved encryption algorithm to facilitate its spying activities. And cryptographers are also questioning subtle changes that might weaken a new security algorithm called Secure Hash Algorithm-3, or SHA-3. 

Encryption experts say NIST’s reputation has been seriously undermined but that the security community would like to continue using it as a standards body if it can show that it has reformed. (more)

Lawsuit Blames Companies for Hiring Voyeur

IN - A Hammond man who was convicted in 2011 of using his cellphone to record a woman in a Kmart changing room had a voyeurism conviction, so the victim is suing him, Kmart and the construction and staffing companies that hired him.

The companies shouldn’t have hired a convicted sex offender to remodel the bathroom, said Randy K. Fleming of Sarkisian, Fleming, Grabarek, Sarkisian.

The suit names Mark Anthony Fetzko, 28, of Hammond, as well as Kmart, Sturzenbecker Construction Company Inc. and Labor Ready Midwest Indiana as defendants. (more)


Blue Light Special - "Attention business owners." 
Avoid this type of lawsuit by doing your due diligence.
• Conduct quality background checks before hiring.
• Conduct periodic inspections for planted spycams in all areas where the visiting public and your employees have an expectation of privacy.

Saturday, October 12, 2013

One Way Your Android Phone Can Get a Virus

Kevin McNamee stands in front of his laptop on a low stage, a phone in his hand as he scrolls through a program showing his phone’s screen, magnified on a projector screen beside him.

Bits of code start flashing up the screen as he injects command-and-control malware into the command window of the app for Rovio Entertainment Ltd.’s trademark game, Angry Birds – transforming the app into a new version he’s dubbed “Very Angry Birds.”

“And here we go,” he says, frowning down at the screen as he begins to run the new app.

McNamee was presenting at Sector 2013, a conference on all things IT security held in Toronto from Oct. 7 to 9. The director of Kindsight Security Labs at Alcatel-Lucent Canada Inc. in Ottawa, McNamee wanted to show how simple it is to use an Android software development kit to add in malware.

When a user downloads a malware-infested version of the app, he or she is asked to sign off on all kinds of permissions, like access to contact lists, the camera, and so on. If a user carelessly checks off ‘yes’ on all the options, the app is activated with a piece of malware called “Droid Whisper,” and the hacker who wrote it now has access to the phone owner’s contact lists, location, messages, camera, and microphone. That means someone can remotely listen in and record phone conversations, send messages to the phone owner’s contacts, and even take pictures from that phone.

This process can work by injecting malware into basically any Android app by using its application package tool, and it just runs as a service in the background, McNamee said. (more) (presentation)

George Washington's Top-Secret Spy Ring Coming to Cable TV

VA - Gov. Bob McDonnell says a television series about George Washington's top-secret spy ring will be filmed in central Virginia.

The pilot for the AMC Studios project was shot in the Richmond area earlier this year, and AMC has ordered a 10-episode season that will start on AMC in 2014. McDonnell says the first season of the series will begin filming this fall and be completed in the spring.

The working title for the series is "Turn."
It's based on the nonfiction book "Washington's Spies: The Story of America's First Spy Ring," by Alexander Rose. It's about the band of spies who helped Washington win the Revolutionary War. (more)

Betty Boop, The Muppets & Three Wiretappers Explain NSA Spying

An entertaining short video 
about NSA spying v. the 4th Amendment to the Constitution, 
as explained in part by...




World's Heaviest Non-Electronic Eavesdropping Device

The massive concrete acoustic mirrors, or "listening ears," lining the southeast coast of England were built between the world wars to monitor the skies for the telltale sounds of airborne invasion.

Constructed between 1927 and 1930, the sound mirrors were part of Britain's national defense strategy. Their parabolic shape collected and magnified sound waves in the air over the English Channel and directed them at a microphone positioned just in front of the parabola. Anti-aircraft defenses were then deployed. The mirrors effectively gave Britain a 15-minute warning of an impending attack. 

The site features three different reflectors, including a 200-foot-long curved wall, a 30-foot-tall parabolic dish, and a 20-foot-tall shallow dish. All three can be seen in Greatstone, located on the northeast side of the Dungeness Nature Reserve. (more)

Thursday, October 10, 2013

Hannah Anderson - Be Careful What You Say Around the Hotel Staff

via allvoices.com...
Was Hannah Anderson (kidnapping victum) heard rehearsing her story for the 'Today' show interview that airs today? According to one Pierre Hotel employee -- who wishes to remain anonymous for very obvious reasons -- she was. The hotel employee reached out to me privately and shared that she had been eavesdropping while Anderson's "newly hired PR person" coached her on what to say to Savannah Guthrie during their interview. To be clear, the anonymous tipster told me that she had witnessed a "very damning prep meeting."

The Pierre Hotel employee continued to say the following... (more)

Attorney & PI -- 75-100 Illegal Bugs and Surveillance Devices

CA - Mary Nolan, a family law attorney in San Ramon, California, pleaded guilty in federal court, to four counts of tax evasion and one count of unlawful interception of communications, announced United States Attorney Melinda Haag.

Nolan, 61, entered guilty pleas to all of the substantive counts in the indictment.... according to the plea agreement, Nolan caused her staff to illegally eavesdrop by accessing a listening device that private investigator Christopher Butler had installed in a vehicle used by “N.F” (a victim). Nolan agreed to resign her bar license and never to practice law again.

Butler, who pleaded guilty to unlawful interception and several other offenses on May 4, 2012, admitted having installed approximately seventy-five to one hundred unlawful listening devices at the request of clients or their attorneys, including the listening device in “N.F.’s” vehicle in August 2007. Butler was sentenced to 60 months’ imprisonment on this charge, to be served concurrently with the 96-month sentence on his other counts of conviction. (more)