Tuesday, January 28, 2014

Spy ‘Numbers Stations’ Still Baffle, Enthrall

In the early 1990s, at the end of the Cold War, before the onset of the Internet Age, 
Courtesy, SpyArtStudios
you could tune across the shortwave bands and hear the monotonous drone of an automated woman’s voice calling out long strings of numbers in Spanish. “Siete — Quatro — Cinqo — Cinqo — Cinqo,” the voice would say, pause, and then switch to a new set of numbers. The Spanish-language female voice station became known as “Attenćion,” due to its repeated use of that phrase at the beginning of each transmission.

These transmissions, which had started at the end of the Second World War, weren’t always in Spanish, nor were they always female. Other languages were used to broadcast entire strings of numbers, which many believed made up a coded message that could be heard by anyone with a shortwave radio. The consensus view at the time was they were meant for secret agents operating in foreign countries...

Today, with the Internet Age fully mature and the Cold War buried under 20 years of modern history, the numbers are still being transmitted. (more)

Surreptitous Workplace Recording - IT Guy Receives Sentence

PA - The Easton Area School District's former technology director has entered a first-time offenders program after being accused of illegally recording a private meeting.

That's according to the Morning Call, which says Thomas Drago's record will be expunged following a year on probation and a psychiatric evaluation.

Drago, 54, of Bushkill Township, resigned from his post in late 2012, just before the district began investigating whether he had been spying on his colleagues.

Police say investigators eventually learned Drago had used his iPhone to audio tape an "Act 93" meeting in March 2012. He was charged in August of last year with one count of felony wiretapping. (more)


Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Sunday, January 26, 2014

How to Stop Websites from Eavesdropping Via Google Chrome

...review the sites you've allowed to access your microphone and camera in Chrome.

1. Open Chrome, and type chrome://settings/contentExceptions#media-stream into the Omnibar.
 

2. You'll see the Media Exceptions screen, where you can see which host names have permissions to your microphone and camera, and which of those two each site has access to.
 

3. Highlight any site you want to remove, and click the "x" on the right side of the line.
 

4. Save your changed by clicking Done.

PCWorld also notes that if you prefer, you can just go to: chrome://settings/content Scroll down to Media, and instead of "Ask me when a site wants to use a plug-in to access my camera and microphone" (which is the default setting), select "Do not allow any sites to access my camera and microphone," which is kind of the nuclear option. 

Doing this will also disable features like Google's Conversational Search, which can be pretty useful, likely break any voice integration with Google Now (which will arrive in Chrome any day now), and disable any other voice-activated features in Chrome or elsewhere on the web. (more) (background)

800+ Detained in China for Illegal Surveillance

Chinese police have arrested over 800 people suspected of producing, selling and using illegal wiretapping and photography equipment to conduct surveillance.

Through joint efforts by police from 14 provincial regions, 13 production facilities have been destroyed and 67 groups associated with illegal wiretapping equipment have been uncovered in the action, the Ministry of Public Security said. 

The police have uncovered over 1,550 criminal cases involving the use of wiretapping equipment in blackmail, kidnapping, illegal detention and other crimes. Over 15,000 sets of equipment for covert tracking, positioning, photographing and recording have been confiscated, state-run Xinhua news agency reported today. (more) (sing-a-long)

Cell Phone Snitch Stories

Butt Dialing Law Suit Busted
KY - A federal judge has dismissed a lawsuit filed by Kenton County Airport Board Chairman Jim Huff and his wife after an airport secretary that Huff called accidentally overheard their private conversation... Huff accidentally dialed secretary Carol Spaw while on a business trip. Spaw overheard Huff discussing ways to demote the Cincinnati/Northern Kentucky International Airport's chief executive officer or get her to resign... Spaw took notes on the conversation and recorded a portion of it... (The judge) ruled that even though the cell phone call was accidental, Spaw was under no obligation to hang up. (more)

Butt Photos Proved It
A suspicious Kuwait man thought it was his chance to verify whether his wife is loyal to him when she went out and left her mobile phone at home. As he surfed through the phone’s files, he got the shock of his life when he saw obscene pictures of her with another man... “The man rushed to the police station and showed them what he found on his wife’s mobile. “He accused her of adultery and police decided to summon the wife to face her with the charges,” the Kuwaiti daily Al Shahid said. (more)

Saturday, January 25, 2014

Tennessee Bill Would Shut Down NSA Spy Center

Legislators in Tennessee have introduced a bill that would ban the state from providing water and electricity to an NSA data center which is currently involved in building supercomputers designed to crack encrypted data.

The Fourth Amendment Protection Act, which mirrors legislation introduced in other states, would prohibit local and state agencies from “providing material support to…any federal agency claiming the power to authorize the collection of electronic data or metadata of any person pursuant to any action not based on a warrant.”

The bill also disincentivizes local companies from doing business with the NSA. (more)


Interestingly, Tennessee is the home of the most patriotic city in the U.S., Knoxville, and the largest manufacturer of counterspy gear in the U.S., REI. Tennessee's slogan, "America at its best."

Two New Android Spyware Issues

Hop, Skip and a Bank Bug...
Malware capable of infecting Android handsets using Windows PCs and laptops has been uncovered targeting developers.


Security response manager at Symantec Alan Neville told V3 the malware is atypical as it uses a two-stage attack process to jump from Windows PCs to Android handsets.

"It starts with a Trojan that when executed creates a new service on a Windows machine," he said. "It then targets Android devices that connect on USB. It uses the Android debugging bridge to deliver the Fakebank Trojan." Fakebank is a notorious Trojan designed to take victims' financial data. (more)


Fake Security App Intercepts Calls and Texts...
Researchers have discovered a new Android malware family that disguises itself as a security app, and intercepts the incoming texts and calls of victims.

According to Hitesh Dharmdasani, a malware researcher... six variants of the Android malware, dubbed “HeHe,” have been detected by the firm.

On Wednesday, Dharmdasani told SCMagazine.com that the free app is most likely infecting users via third party app marketplaces or through SMS spam. (more)

War On Drones Drones On War

Palindrone Palindrome of the Day...
NH - Rep. Neal M. Kurk (R) has introduced a bill that would limit the use of drones in the Granite State.  

HB1620 is similar to a bill introduced earlier in the session by Rep. Joe Duarte, but takes things a step further by applying the prohibition to drone use by the federal government and including penalties for violating its provisions.

Kurk’s proposed legislation regulates the use of drones by governments, as well as individuals. It requires search warrants, levies fines, and does not allow for the lethal or nonlethal arming of drones in the state. (more)


Hope they include some reasonable exemptions, like flying model aircraft and FedEx hospital to hospital deliveries of transplant organs.

Friday, January 24, 2014

Conflicting Reports About the Turkish President's Bug

Turkey - The Supreme Court of Appeals denied a report saying that an apparatus used to reflect signals from a bugging device found in Prime Minister Recep Tayyip ErdoÄŸan's office in Ankara in 2012 was found that same year on the roof of the top court's headquarters.

The Milliyet daily reported that the signal from a bugging device found in ErdoÄŸan's office was found to be reflected by an apparatus installed on the roof of the Supreme Court of Appeals' headquarters, which is very close to the former Prime Ministry Office in Ankara, during technical inspections of the court's headquarters soon after the bugging devices were found. (more)
  
Coincidentally... 

Turkish gov't to increase penalties for illegal wiretapping
The penalties for illegal wiretapping are to be strengthened in a government-led draft law which has stirred reactions from the opposition for increasing the justice minister’s power on the judiciary.

The draft law, on which the government is currently working, will increase the penalties for illegal wiretapping as well as limiting the wiretapping done by the permission of Turkey’s Directorate of Telecommunication (TÄ°B), which is the sole authority over all of the wiretapping and surveillance activities of security units.

The penalties for those who leaked the wiretappings will be increased. The penalties for the officials, who used their authority to wiretap illegally, will also be regulated with the draft law. The use of wiretapping and audio surveillance as part of the investigations will be limited. (more)

Spybusters Tip #873 - Eavesdropping on Foscam IP Video Cameras

The following Foscam MJPEG based video cameras (firmware version .54) can be accessed without a password: FI8904W, FI8905E, FI8905W, FI8906W, FI8907W, FI8909W, FI8910E, FI8910W, FI8916W, FI8918W, FI8919W

Foscam will be posting a firmware upgrade on their website to fix this issue. Unfortunately, most users will never know about it. 
 
Test Your Camera - A quick way to verify and confirm if your camera has this issue:
1. Enter your camera's IP address in your web browser. Example: 192.168.1.101
2. When you see the password screen do not enter a User Id and Password. Simply click the OK button. If you see your camera, you have the problem. 

Use this work-around for temporary protection (here), and be sure to upgrade the firmware when it becomes available (here).

Plan to Ban Instant Messaging has Unintended Consequences

Goldman Sachs Group Inc. is planning to ban traders from using some computer-messaging services in a bid to protect proprietary information at the heart of its sales-and-trading operation.

Under a new policy, the Wall Street firm won't allow person-to-person communication over instant-messaging (IM) services created by Bloomberg LP, Yahoo Inc., AOL Inc. and other third-party providers including Pivot Inc., according to a draft of a memo reviewed by The Wall Street Journal.


Goldman is seeking to prevent information from internal conversations from being filtered and disseminated beyond the bank's walls. The planned ban reflects a mistrust of technology developed by messaging-service providers that can make its traders more efficient but also be used to mine private communications for closely guarded intelligence on securities pricing. (more)

FutureWatch: Expect other financial institutions to follow.

Unintended Consequence: Scraping (a Wall Street term for collecting useful tidbits of info) attempts will continue as always, but it won't be easy pickings anymore. Conventional spycraft (bugging and wiretapping) worked before IM came along. It continues to work, and will become the best option again. Technical Surveillance Countermeasures (TSCM) inspections are the most cost-effective defense.

Wednesday, January 22, 2014

UPDATED - Privacy Journal's Compilation of State and Federal Privacy Laws

This new book includes new privacy laws on: demands for social-media passwords by employers and universities, use of credit reports by employers, new tracking technologies, new state restrictions on use and disclosure of Social Security numbers, plus updated chapters on credit reporting, medical, financial, testing in employment, insurance, government information, and much more, grouped by categories and listed alphabetically by states. Descriptions of state, federal, and Canadian laws are included.

Privacy Journal's Compilation of State and Federal Privacy Laws replaces the 2002 book and all subsequent supplements in one consolidated hard copy edition, 80 pages, ISBN is 9780930072568

It is also available in an electronic edition so that you may store it in your computer and search later by key words and states.


Contact:
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
www.privacyjournal.net

Also available from amazon.com.

JoJo's TSCM Adventure... as told to the court.

NJ - Former city recreation employee Charles Hall III testified Tuesday that Joseph “JoJo” Giorgianni gave him anti-surveillance device to try to detect an FBI bug hidden in the clubhouse next door to JoJo’s Steakhouse on Dec. 23, 2012.

Hall testified on the seventh day of testimony in Trenton Mayor Tony Mack’s trial on bribery and extortion charges in U.S. District Court.

Hall told the court that Giorgianni had him sweep for an FBI listening device to attempt to locate a government bug.

“Nothing really happened,” Hall said. “I don’t know if the device worked at the time.” (more)

Security Alert - Eavesdropping via the Chrome Browser

Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time...
 
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor. 


The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)

Surreptitious Recording in the Future

via The Wall Street Journal...
I've been snapping photos of everything in front of me for the last week. If we've passed, even for a moment, I probably have a picture of your face.

I'm not a spy, but I've been using gear you might associate with 007. New matchbook-size cameras that clip to your tie or shirt let you capture a day's worth of encounters, then upload them to the Internet to be remembered forever.

Why on Earth would anybody want to do that? After trying out two devices that recently began shipping, the $279 Narrative Clip and $399 Autographer, I think the answer for many will be why wouldn't you? (more


The reporter, Geoffrey A. Fowler, goes on to say why these are inadequate for spy use, and reflects on the etiquette issues. 

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."  

FutureWatch - We are still in the infancy of documenting our entire lives. The black box of the future could record your life 24/7, with personal data, e.g. health statistics, your five senses and emotional states. Imagine the problems. Would using one become mandatory for law enforcement purposes? In what ways will your black box be valuable to thieves and hackers? Ultimately, who owns your life?