Thursday, May 15, 2014

Just Tell the Boss You Are on Loan to the CIA... for 10 years.

The EPA’s highest-paid employee and a leading expert on climate change deserves to go to prison for at least 30 months for lying to his bosses and saying he was a CIA spy working in Pakistan so he could avoid doing his real job, say federal prosecutors.

John C. Beale, who pled guilty in September to bilking the government out of nearly $1 million in salary and other benefits over a decade, will be sentenced in a Washington, D.C., federal court on Wednesday. In a newly filed sentencing memo, prosecutors said that his lies were a "crime of massive proportion" and “offensive” to those who actually do dangerous work for the CIA.

Beale’s lawyer, while acknowledging his guilt, has asked for leniency and offered a psychological explanation for the climate expert’s bizarre tales. (more)

Dumb Law + Dumb Statement... What could possibly go wrong?

A Massachusetts woman's arrest has brought the state's strict wiretapping law into the national spotlight.

Karen Dziewit was arrested early Sunday morning outside of a Springfield home, charged with disorderly conduct, carrying an open container of alcohol and an illegal wiretap, according to the Boston Herald.

The last charge came after the 24-year-old allegedly told the police, "I’ve been recording this thing the whole time, my phone is in my purse, see you in court."

A Massachusetts statute states that a private citizen can't record another person without first getting their consent. (more)


Illinois recently overturned a similar law. This may prompt Massachusetts to do the same.

Could this be the end of the flashlight?

New, low-cost chips for sensing thermal energy could lead to a raft of new night-vision products, engineers say, ushering in everything from smarter cars to handheld devices for spelunking (and possibly bug hunting).
A new technology used by Raytheon, “wafer-level packaging,” dramatically reduces the cost of making these thermal sensors. The advances could – for the first time – put a thermal weapons sight in the hands of every soldier in a platoon. But the commercial and law-enforcement uses are endless, too, developers say.

“Once it reaches a certain price point, you’ll see it kind of popping up in a lot of different areas,” said Adam Kennedy, a lead engineer at Raytheon Vision Systems. “That’s just very, very exciting.” (more)

Thursday, May 8, 2014

Verizon's 2014 Data Breach Investigations Report

Gain fresh insight into cyber espionage and denial-of-service attacks in the 2014 Data Breach Investigations Report (DBIR). 

This year’s report features nine common incident patterns, bringing together insights from 50 global organizations, from around the globe, and more than 63,000 confirmed security incidents. 

Discover how attackers can affect your business, and learn the steps you need to take to counter threats and protect your reputation. (download)

PI Alert: Low Cost Spy Photo/Movie Gadget for Your Smartphone

Peek-I – it’s a tiny spy gadget that helps you take pictures discreetly. 

Peek-I - Easily attaches’ magnetically to the camera of your mobile device. It works as a periscope, reflecting the image at a 90 degree angle. 

Is so tiny, that it’s hard to notice it is on your device at all. And no one will ever know you were the ONE who took THAT picture or film THAT video!!! So do you feel like James Bond yet? 

Make awesome shots of your friends, completely unaware that they were on camera!!! You don’t need to point camera directly on the object! Don’t scare your astonishing award winning picture away! Peek-I is there for you! 

Only a few of us have the courage to openly take pictures of other people or objects, at times it’s merely impossible. But the outer lens for devices Peek-I opens completely new prospective for all sorts of pictures, without being afraid to draw attention. Thanks to Peek-I, you can take a picture from around a corner without being noticed. You can also get great shots of weirdos walking down the street right next to you, without them realizing what you are doing. 

The cute design makes it look like another accessory for your device; moreover it can be easily removed, like it was never there! (more)

Wednesday, May 7, 2014

Murray Security Tip #631 - Text 911 - Coming Soon

Starting May 15, Verizon, AT&T, T-Mobile, and Sprint will let you text police in case of an emergency. Here's how it works...

Text-to-911 is a free program for sending a text message addressed to "911" instead of placing a phone call. To use it, you address the message to 911 and enter the emergency in the body of the text, making sure that you also add your exact location -- or else emergency services won't be able to dispatch help your way. (Dumb. It should attach GPS coordinates.) 


Since it's all SMS-based, you will hear a response for more follow-up questions, or when help is on the way.

Who is Text-to-911 for?
Text-to-911 is useful for any situation in which it is dangerous or impossible to speak. Texting is also a useful way to help the younger demographic that feels more comfortable texting than calling.

Although the carriers have committed to supporting 911 texting in their service areas, that doesn't mean that text-to-911 will be available everywhere.
Emergency call centers, called PSAPs (Public Safety Answering Points), are the bodies in charge of implementing text messaging in their areas. These PSAPs are under the jurisdiction of their local states and counties, not the FCC, which governs the carriers. In other words, it's up to the call centers to receive and dispatch your texts. Until the PSAP in your county first requests Text-to-911 support, implements the technology, and trains its staff, you won't be able to use texting in an emergency. (Dumb. Should be seamless.) (more)

Spy vs Guy (short movie)

A retired Russian spy hunts down sensitive technology after it falls into unsuspecting hands. Well done, cute, improbable, with humorous moments.

New Spy Game: Tag Your IT

Foreign intelligence agencies are trying to recruit tech staff in big businesses in an attempt to gain access to vital IT systems, MI5 has warned British business chiefs.

In recent months, the UK security service has had a series of "high-level conversations with executives" to warn of the risk, according to the Financial Times. Targeting IT staff — who often have unfettered access to the most important systems — is seen as one of the quickest ways to gain access.

The security service is warning that IT workers have been recruited to help overseas spies gain sensitive personnel information, steal corporate or national secrets and even upload malware to compromise the network.
(more)

FutureWatch: Smartphones Always Snitch (Care to guess how this will be used?)

Sensors in smartphones collect data which can be used to identify you and pinpoint your location, regardless of your privacy settings, study finds...
Data gathered by smartphone sensors can be used to identify you, pinpoint your location and monitor your phone, irrespective of your privacy settings, new research has found.


Accelerometers, sensors used to track movement of smartphones, are used in countless apps, including pedometers, playing games and monitoring sleep. Research from the University of Illinois' Department of Electrical and Computer Engineering found that minuscule imperfections during the manufacturing process create a unique 'fingerprint' on the generated data.

The gathered data can be used to identify you as it is sent to the cloud for processing, bypassing privacy settings concerning the withholding of location data and with no need to discern your phone number or SIM card number, leaving you potentially vulnerable to cyber attack...

Graduate student Sanorita Dey said you can best protect yourself and your device by not sharing your accelerometer data without thinking about how legitimate or how secure that application is. (more)

Thursday, May 1, 2014

Security Alert: Yet Another Creepy Peeper Baby Cam Hack Story

OH - According to FOX19, Heather and Adam Schreck were woken up in the middle of the night recently to hear a man screaming “wake up baby.”
The man had hacked the monitor, which streams video to the Schreck’s cell phone, and was watching the baby sleep.


When Heather and Adam ran to her room, they saw the camera moving, and it eventually pointed away from the baby to Adam.

The man then started swearing and screaming at Adam from the monitor.

They quickly unplugged the camera. (more with video report) (more)


An almost identical incident occurred last August in Texas.

Murray Security Tip #823 - Hackers search for and post the URLs of unsecured cameras. Once your camera is tagged, you can expect any number of outsiders peering through your electronic window. If you remotely view your baby camera (or other home surveillance products) do the following:
• Replace the default password with your own (decent) password.
• Use a non-standard port. Hackers generally target camera default ports. (8100 or highter)
• Periodically check the manufacturer's web site for software and firmware updates. Often these updates are released to specifically fix security loopholes. Example.
• Foscam cameras were mentioned in both of these hacks. If you have a Foscam product, read their security alert.
• Don't forget to secure your home wireless network as well. Top 10 Tips.

Example of someone who didn't take security seriously.

Related Security Scrapbook items: here & here.

Thursday, April 24, 2014

Voyeurgler Caught - Check Your Vents

CA - On March 18, San Luis Obispo County Sheriff’s Deputies responded to a report of a burglary at a home in the area of Bonita Place and Verde Place in San Miguel. A suspect was identified at that time.

During the course of the investigation, deputies discovered the suspect had gained access to three homes in that area and installed a camera in the ventilation system. In each case, a camera was positioned behind a vent in the master bedroom of the house.

The suspect was able to record images by use of a wireless camera and receiver. The suspect has been identified as Eutimio Contreras Anguiano, 34 of San Miguel. Anguiano was arrested on April 13 and faces charges of burglary, eavesdropping, and making criminal threats. (more)

Wednesday, April 23, 2014

Security Alert: iPhones, iPads, iMacs, etc.

Apple has patched versions of its iOS and OS X operating systems to fix yet another extremely critical cryptography vulnerability that leaves some users open to surreptitious eavesdropping. Readers are urged to install the updates immediately. (more)

An Extraordinary Collection of Spy Cameras

'Willie Feinberg was not a spy as far as we know," says Charles Leski of Mossgreen Auctions, "but he certainly understood their tradecraft."

Click to enlarge.
Evidence of this is his extraordinary collection of 225 miniature cameras, many designed especially for spying and espionage. These went on sale through Mossgreen in Melbourne on April 13, and sold well, fetching a total of $75,847 (including buyer's premiums, IBP). The average result was 10 per cent above estimates.

Click to enlarge.
Leski says there were about 50 people in the rooms and another 150 participating by phone, on the web and through prior bids. Foreign interest came from Germany, China and the United States.

There was strong interest in Feinberg's spy cameras, with some having the joke-shop quality of Get Smart. (more)
Click to enlarge.

Conversnitch Brings New Meaning to... "A little bird told me."

As former NSA director Michael Hayden learned on an Amtrak train last year, anyone with a smartphone instantly can become a livetweeting snoop. Now a whole crowd of amateur eavesdroppers could be as close as the nearest light fixture.



Two artists have revealed Conversnitch, a device they built for less than $100 that resembles a lightbulb or lamp and surreptitiously listens in on nearby conversations and posts snippets of transcribed audio to Twitter. Kyle McDonald and Brian House say they hope to raise questions about the nature of public and private spaces in an era when anything can be broadcast by ubiquitous, Internet-connected listening devices...

The surveillance gadget they unveiled Wednesday is constructed from little more than a Raspberry Pi miniature computer, a microphone, an LED and a plastic flower pot. It screws into and draws power from any standard bulb socket. Then it uploads captured audio via the nearest open Wi-Fi network to Amazon’s Mechanical Turk crowdsourcing platform, which McDonald and House pay small fees to transcribe the audio and post lines of conversation to Conversnitch’s Twitter account. “This is stuff you can buy and have running in a few hours,” says McDonald, a 28-year-old adjunct professor at the Interactive Telecommunications Program at the Tisch School of the Arts. (more)

Tuesday, April 22, 2014

Business Espionage: A Victim Business Speaks

Zimbabwe - Savanna Tobacco says industrial espionage by its tobacco industry arch rivals is suffocating its potential and capacity to increase exports by a factor of at least 50 percent.

Executive chairman Mr Adam Molai said in an interview last week that customers were being haunted and their products confiscated in what could throw the victims out of business.

Mr Molai said Savanna, one of Zimbabwe's biggest cigarette makers, could instantly increase exports by 50 percent if the issue of the alleged industrial espionage is resolved. (more)