Wednesday, May 7, 2014

New Spy Game: Tag Your IT

Foreign intelligence agencies are trying to recruit tech staff in big businesses in an attempt to gain access to vital IT systems, MI5 has warned British business chiefs.

In recent months, the UK security service has had a series of "high-level conversations with executives" to warn of the risk, according to the Financial Times. Targeting IT staff — who often have unfettered access to the most important systems — is seen as one of the quickest ways to gain access.

The security service is warning that IT workers have been recruited to help overseas spies gain sensitive personnel information, steal corporate or national secrets and even upload malware to compromise the network.
(more)

FutureWatch: Smartphones Always Snitch (Care to guess how this will be used?)

Sensors in smartphones collect data which can be used to identify you and pinpoint your location, regardless of your privacy settings, study finds...
Data gathered by smartphone sensors can be used to identify you, pinpoint your location and monitor your phone, irrespective of your privacy settings, new research has found.


Accelerometers, sensors used to track movement of smartphones, are used in countless apps, including pedometers, playing games and monitoring sleep. Research from the University of Illinois' Department of Electrical and Computer Engineering found that minuscule imperfections during the manufacturing process create a unique 'fingerprint' on the generated data.

The gathered data can be used to identify you as it is sent to the cloud for processing, bypassing privacy settings concerning the withholding of location data and with no need to discern your phone number or SIM card number, leaving you potentially vulnerable to cyber attack...

Graduate student Sanorita Dey said you can best protect yourself and your device by not sharing your accelerometer data without thinking about how legitimate or how secure that application is. (more)

Thursday, May 1, 2014

Security Alert: Yet Another Creepy Peeper Baby Cam Hack Story

OH - According to FOX19, Heather and Adam Schreck were woken up in the middle of the night recently to hear a man screaming “wake up baby.”
The man had hacked the monitor, which streams video to the Schreck’s cell phone, and was watching the baby sleep.


When Heather and Adam ran to her room, they saw the camera moving, and it eventually pointed away from the baby to Adam.

The man then started swearing and screaming at Adam from the monitor.

They quickly unplugged the camera. (more with video report) (more)


An almost identical incident occurred last August in Texas.

Murray Security Tip #823 - Hackers search for and post the URLs of unsecured cameras. Once your camera is tagged, you can expect any number of outsiders peering through your electronic window. If you remotely view your baby camera (or other home surveillance products) do the following:
• Replace the default password with your own (decent) password.
• Use a non-standard port. Hackers generally target camera default ports. (8100 or highter)
• Periodically check the manufacturer's web site for software and firmware updates. Often these updates are released to specifically fix security loopholes. Example.
• Foscam cameras were mentioned in both of these hacks. If you have a Foscam product, read their security alert.
• Don't forget to secure your home wireless network as well. Top 10 Tips.

Example of someone who didn't take security seriously.

Related Security Scrapbook items: here & here.

Thursday, April 24, 2014

Voyeurgler Caught - Check Your Vents

CA - On March 18, San Luis Obispo County Sheriff’s Deputies responded to a report of a burglary at a home in the area of Bonita Place and Verde Place in San Miguel. A suspect was identified at that time.

During the course of the investigation, deputies discovered the suspect had gained access to three homes in that area and installed a camera in the ventilation system. In each case, a camera was positioned behind a vent in the master bedroom of the house.

The suspect was able to record images by use of a wireless camera and receiver. The suspect has been identified as Eutimio Contreras Anguiano, 34 of San Miguel. Anguiano was arrested on April 13 and faces charges of burglary, eavesdropping, and making criminal threats. (more)

Wednesday, April 23, 2014

Security Alert: iPhones, iPads, iMacs, etc.

Apple has patched versions of its iOS and OS X operating systems to fix yet another extremely critical cryptography vulnerability that leaves some users open to surreptitious eavesdropping. Readers are urged to install the updates immediately. (more)

An Extraordinary Collection of Spy Cameras

'Willie Feinberg was not a spy as far as we know," says Charles Leski of Mossgreen Auctions, "but he certainly understood their tradecraft."

Click to enlarge.
Evidence of this is his extraordinary collection of 225 miniature cameras, many designed especially for spying and espionage. These went on sale through Mossgreen in Melbourne on April 13, and sold well, fetching a total of $75,847 (including buyer's premiums, IBP). The average result was 10 per cent above estimates.

Click to enlarge.
Leski says there were about 50 people in the rooms and another 150 participating by phone, on the web and through prior bids. Foreign interest came from Germany, China and the United States.

There was strong interest in Feinberg's spy cameras, with some having the joke-shop quality of Get Smart. (more)
Click to enlarge.

Conversnitch Brings New Meaning to... "A little bird told me."

As former NSA director Michael Hayden learned on an Amtrak train last year, anyone with a smartphone instantly can become a livetweeting snoop. Now a whole crowd of amateur eavesdroppers could be as close as the nearest light fixture.



Two artists have revealed Conversnitch, a device they built for less than $100 that resembles a lightbulb or lamp and surreptitiously listens in on nearby conversations and posts snippets of transcribed audio to Twitter. Kyle McDonald and Brian House say they hope to raise questions about the nature of public and private spaces in an era when anything can be broadcast by ubiquitous, Internet-connected listening devices...

The surveillance gadget they unveiled Wednesday is constructed from little more than a Raspberry Pi miniature computer, a microphone, an LED and a plastic flower pot. It screws into and draws power from any standard bulb socket. Then it uploads captured audio via the nearest open Wi-Fi network to Amazon’s Mechanical Turk crowdsourcing platform, which McDonald and House pay small fees to transcribe the audio and post lines of conversation to Conversnitch’s Twitter account. “This is stuff you can buy and have running in a few hours,” says McDonald, a 28-year-old adjunct professor at the Interactive Telecommunications Program at the Tisch School of the Arts. (more)

Tuesday, April 22, 2014

Business Espionage: A Victim Business Speaks

Zimbabwe - Savanna Tobacco says industrial espionage by its tobacco industry arch rivals is suffocating its potential and capacity to increase exports by a factor of at least 50 percent.

Executive chairman Mr Adam Molai said in an interview last week that customers were being haunted and their products confiscated in what could throw the victims out of business.

Mr Molai said Savanna, one of Zimbabwe's biggest cigarette makers, could instantly increase exports by 50 percent if the issue of the alleged industrial espionage is resolved. (more)

FutureWatch: How Police Can Spy on a Whole City

CA - In a secret test of mass surveillance technology, the Los Angeles County Sheriff's Department sent a civilian aircraft over Compton, California, capturing high-resolution video of everything that happened inside that 10-square-mile municipality.

Compton residents weren't told about the spying, which happened in 2012. 

"We literally watched all of Compton during the times that we were flying, so we could zoom in anywhere within the city of Compton and follow cars and see people," Ross McNutt of Persistent Surveillance Systems told the Center for Investigative Reporting. 

The technology he's trying to sell to police departments all over America can stay aloft for up to six hours. Like Google Earth, it enables police to zoom in on certain areas. And like TiVo, it permits them to rewind, so that they can look back and see what happened anywhere they weren't watching in real time.  (more) (video)

Weird Science: Bugging Plants & Reading Minds

Spying on plant communication with tiny bugs...
Internal communications in plants share striking similarities with those in animals, new research reveals. With the help of tiny insects, scientists were able to tap into this communication system. Their results reveal the importance of these communications in enabling plants to protect themselves from attack by insect pests. (more)

Scientists explore possibilities of mind reading...

At Yale University, researchers recently used a brain scanner to identify which face someone was looking at — just from their brain activity. At the University of California-Berkeley, scientists are moving beyond "reading" simple thoughts to predicting what someone will think next. 

And at Carnegie Mellon, in Pittsburgh, cognitive neuroscientist Marcel Just has a vision that will make Google Glass seem very last century. Instead of using your eye to direct a cursor — finding a phone number for a car repair shop, for instance — he fantasizes about a device that will dial the shop by interpreting your thoughts about the car (minus the expletives).

Mind reading technology isn't yet where the sci-fi thrillers predict it will go, but researchers aren't ruling out such a future.

"In principle, our thoughts could someday be readable," said Just, who directs the school's Center for Cognitive Brain Imaging. (more)

Business Espionage: 2-Day Seminar in Australia

Today, in many countries, espionage has become a paramount threat to business corporations. Asia Pacific is no exception to economic espionage where the act of information theft, misappropriation, acquisition of sensitive financial, business or trade data, stealing proprietary and technology information, receiving, purchasing, or possessing a trade secret is becoming rampant. Many think it is fine to do this... 

Today espionage committed across the corporate landscape accounts for up to 100 billion US$ per year. This figure is a reflection of the premise: We know what we know but the total losses per annum are probably unknown. 

The vast majority of espionage activities are conducted by employees of those companies or by contractors employed by them. Statistically, 75 percent of proprietary information is lost from physical actions (bugging and traditional tactics), rather than hacking...

This course is a comprehensive and practical workshop on Economic Espionage... designed for security and business professionals who recognize the critical importance of protecting their intellectual property and sensitive data to predators.

Today espionage is the most lethal bug that spreads faster than diseases and cripples businesses.
If it is not the decision of the Senior Management than who else to plug the gaps and do the wrong right. 


This specialized training will be held on 18-19 Jun 2014 in Australia, Sydney. (more)

Saturday, April 19, 2014

SpyWarn™ 2.0 Anti-spyware App for Smartphones

According to The New York Times, anti-spyware apps don't work very well.

The reason...
Most "spyware detection" apps only scan for known spyware. New and well hidden spyware goes unnoticed, and detecting baseband eavesdropping (very serious) isn't even considered. 

SPYWARN™ IS DIFFERENT
(patent pending)
SpyWarn™ 2.0 is a new and unique forensic methodology. It provides the functionality to detect all active spyware by monitoring what the infection is doing, and... ALL spyware is doing something.  

Plus, SpyWarn™ 2.0 detects both spyware and baseband eavesdropping in real-time.


Not just spyware detection... 
This forensic app also contains an eBook version of, "Is My Cell Phone Bugged?" at no extra charge. This informative eBook is about regaining your overall communications privacy, and keeping snoops out of your life.

A forensic examination by a specialist generally costs between $200.00 - $300.00 per inspection, and the end result is not as informative as SpyWarn™.

SpyWarn™ 2.0 is priced to help everyone, only $2.99. 

Don't wait until you have a spyware problem. Get SpyWarn™ on your phone now. Start conducting benchmark tests and saving them to SpyWarn's History file. When you do get a spyware infection it will be very apparent.

Privacy Policy - We are serious about privacy. Only you get to see the data SpyWarn™ collects; it never leaves your phone.

100% Satisfaction Guarantee
Try SpyWarn™ for 7 days. If you are not satisfied with its performance, tell me why so I can improve it, and I will refund the full purchase price to you. You keep the app and eBook.

If SpyWarn™ helps you, help others regain their privacy by writing a positive review on Google Play.

Thank you,
Kevin D. Murray CPP, CISM, CFE, MPSC
and The SpyWarn™ Team

Bugging Fears Force a Conference to Switch Hotels.

Turkey - AK Party officials decided not to hold their biannual meeting at the Asya Termal, a hotel run by a Gülen Movement affiliate, over concerns that the venue may be bugged.

The hotel in Ankara's Kızılcahamam district was the traditional venue for the biannual consultation meetings of AK Party members until after private conversations in the previous meeting were secretly recorded and leaked.
Gülenists are also accused of secretly recording private meetings at hotel rooms via hidden cameras. (more)

Abandoned Spy Stations & Tunnels

Germany - A Cold War relic lies abandoned on top of a mountain made of rubble, built over a Nazi college that couldn't be destroyed after the end of World War II. 

Click to enlarge.
The gates of the former US spy station are locked and secure; its perimeter sealed by an uncompromising high fence, an angry crisscross mesh of wires that clearly imply: “Eintritt Verboten!”
Welcome to Teufelsberg, literally “Devil's Mountain,” a hill reaching 114.7 meters above sea-level, made from an estimated 12 million cubic meters of war rubble (apparently about 400,000 bombed houses) pushed together in the north of the Grunewald forest in West Berlin. (more) (video)
 

Canada - Driving aimlessly along country roads you never know what you will come across, and earlier this week while looking for visiting snowy owls, we came across something that seemed worthy of investigation. A lone government sign in a farmer’s field north of Richmond, simply labeled “Area 9” with a locked gate to a long abandoned road...

“The site was part of a Cold War Project for over the horizon radio detection finding, likely used to listen to embassy communications. It consisted of a very large array of receiver antennas laid out in a NS and EW axis. The array was almost a mile long and antennae wiring fed back to a building south along the lane-way.” (more)


...and David W. Brown chronicles... 
5 Spy Tunnels From Around the World

FutureWatch: Belkin Secure Web Camera Adapter

The Belkin Secure Web Camera Adapter is designed to securely connect USB web cameras to computers in a secure environment. It is the perfect security solution where classified or sensitive information is presented in an environment where computers are present.

A time-limited activation button disconnects the web camera’s USB connection when it is not actively used, making it impossible to keep the web camera active when a video call is not in progress. The user must periodically press the button to extend the video call if needed.

The Belkin Secure Web Camera Adapter is easy and intuitive to operate, and should be used whenever web cameras are used in boardrooms, offices, and other areas where sensitive conversations take place. (more)

Note: This product was announced March 5th, but does not appear in any on-line stores as of today.