Monday, August 4, 2014

FutureWatch: Eavesdropping on Potato Chip Bags... You may be next.

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year’s Siggraph, the premier computer graphics conference.


 

“When sound hits an object, it causes the object to vibrate,” says Abe Davis, a graduate student in electrical engineering and computer science at MIT and first author on the new paper. “The motion of this vibration creates a very subtle visual signal that’s usually invisible to the naked eye. People didn’t realize that this information was there.” (more)

Spy Tradecraft FutureWatch - 3-D Room Scan Mapping

Despite the promise of Google's Movidius-equipped Project Tango, there are still no depth-sensing, SLR-stomping smartphones on the market. But Movidius thinks that could change soon, thanks to its brand new chip: the Myriad 2 vision processor unit (VPU). 

"The Myriad 2 is going to provide more than 20x the power efficiency of the Myriad 1, and enable camera features that were not possible before in mobile devices," CEO Remi El-Ouazzane tells me. If you'll recall, Tango's original tech brought faster focus, improved depth of field, near-optical zooming and higher light sensitivity to smartphone cameras (and now, tablets).



It also let researchers scan a room in 3D to provide interior navigation, among other cool tricks. (more)

From a Security Scrapbook Blue Blaze Irregular...
So, letting uncleared persons into secure facilities just became even more stupid. With new processing chips, surreptitious video recording becomes even more dangerous. Movidius makes the chips. And Matterport makes the 3D modelling software. This is very cool but at the same time very disturbing. How many tradecraft applications will this have? Security managers should see, at least, the Matterport video.

USB - Unfixable Security Broken

It is well known that USB drives can be dangerous. Companies run strict screening policies and it has long been known that running unknown ‘exe’ files is a bad idea. But what if the threat was undetectable, unfixable and could be planted into any USB device be it a USB drive, keyboard, mouse, web camera, printer, even smartphone or tablet? Well this nightmare scenario just became reality.

The findings will be laid out in a presentation next week from security researchers Karsten Nohl and Jakob Lell who claim the security of USB devices is fundamentally broken. More to the point they said it has always been fundamentally broken, but the holes have only just been discovered.

BadUSB


To demonstrate this the researchers created malware called ‘BadUSB’. It can be installed on any USB device and take complete control over any PC to which it connects. This includes downloading and uploading files, tracking web history, adding infected software into installations and even controlling the keyboard so it can type commands.

“It can do whatever you can do with a keyboard, which is basically everything a computer does,” explains Nohl... (more)


The short-term solution to BadUSB isn’t a technical patch so much as a fundamental change in how we use USB gadgets. To avoid the attack, all you have to do is not connect your USB device to computers you don’t own or don’t have good reason to trust—and don’t plug untrusted USB devices into your own computer. ...or, treat USB sticks the same way you would hypodermic needles. (more)

Android Warning - Don't Click SMS Links Without Thinking First

A virus known as 'Andr/SlfMite-A' has been recently discovered that is spreading throughout the Android world through text messages (SMS)...
 
Andr/SlfMite-A virus sends SMSs, which includes a malicious link. If you unknowingly click on the embedded link within the SMS, then the virus easily get installed on your phone. Once the virus is downloaded onto your phone, it secretly sends text messages with malicious link to the first 20 contacts from your contact list. 


These self-replicating 'worms' send SMSs to your contact list, thus playing with the trust that the receiver has in you. Just because the person from your contact thinks that the message is from you and hence is a genuine text message, they might just get tricked into clicking the link and unknowingly allow the virus to get installed onto their phone. (more)

PI Tip #251 - Clean Up Your Crummy Surveillance Videos - FREE

VideoCleaner is FREE professional open-source video enhancement software. With VideoCleaner, you can brighten poorly lit scenes, increase detail clarity, correct the viewing perspective, reverse lens distortion, repairs VHS recordings, improve color contrast, isolate channels, and so much more.

VideoCleaner makes faint movements, distant traffic signal color changes, and small details obvious. You can annotate on-screen with text and highlighting, correct playback speed, provide sweeping or adjacent before-after views, and extract stills.

Being open-source means that you can customize VideoCleaner to fit your needs and delve deep into the science. Everything is free, even the support.
VideoCleaner is free without any purchase price, support or update fees. You are welcome to use VideoCleaner and its components for any legal purpose, personal or commercial, without any requirements or obligations beyond the open-source General Public License (GPL) of its components. You are free to redistribute this software in accordance with its associated GPL. (more)

Wealth Managers Enlist Spy Tools to Map Portfolios

Some of the engineers who used to help the Central Intelligence Agency solve problems have moved on to another challenge: determining the value of every conceivable investment in the world.

Five years ago, they started a company called Addepar, with the aim of providing clear and reliable information about the increasingly complex assets inside pensions, investment funds and family fortunes. In much the way spies diagram a communications network, Addepar filters and weighs the relationships among billions of dollars of holdings to figure out whether a portfolio is about to crash. (more)

Tuesday, July 29, 2014

Security Scrapbook Post #5000 - FREE SpyWarn™ Announcement

Thank you to everyone who has enjoyed and contributed to Kevin's Security Scrapbook over the years. 5000 is a milestone, and a good time for you to dig into the archives. Enjoy!

It is also a good time to let my clients (and potential clients) know about a new benefit of using Murray Associates services...

FREE SMARTPHONE SECURITY PROTECTION
 


1. Free Cell Phone MicSpike with Carry Container
    Prevents phones from being turned into bugging devices.


2. Free Anti-Spyware Kit for Smartphones
    Includes the MicSpike™ and more security items.
    SpyWarn™ security kit works for all types of phones.
    It is not available elsewhere. (patent pending)
    Details and free smartphone security tips at...
    https://counterespionage.com/sw.html

3. Free SpyWarn™ Android app.
    A forensic evaluation for discovering spyware
    infections on smartphones.
    Details at... http://www.spywarn.com


4. Free book, "Is My Cell Phone Bugged?
    Amazon rated...

    

 

EXCLUSIVE
Available only to clients and those whose offices we inspect.

LIMITED TIME OFFER
This is the perfect time to add our Information
Security / TSCM* services to your security program.
*Technical Surveillance Countermeasures (aka, a bug sweep)

Download our introductory booklet.
http://www.counterespionage.com/download.html

Have questions? Need an estimate?
Just call me... from a "safe" phone.

+1-908-832-7900

Best regards,
Kevin D. Murray, CPP, CISM, CFE, MPSC

"Hey, what's your TSCM provider doing for you?"

Monday, July 28, 2014

Son Bugs Mom's Phone - $500.00 Fine

IL - A judge has fined a Lincoln man $500 for bugging his 90-year-old mother’s phone.

Richard Stamler, 60, pleaded no contest to disturbing the peace last week, and Lancaster County District Judge Andrew Jacobsen fined him... 


Stamler’s sister called police March 28, 2013, after she found a recording device in the basement of their mother’s home that had been connected to the phone line and set to record any time someone in the house picked up a phone.

She told police she recognized her brother’s voice reciting date information on the tape. He admitted to police he recorded calls on his mother's phone, but didn't think it was illegal. (more)

Snooping & Bugging: Five High Profile Cases (and this is just in India)

Was Nitin Gadkari's house bugged? The reported recovery of listening devices from Union Minister Gadkari's house has set tongues wagging in political circles, with Congress suggesting that this shows there is lack of trust among the NDA leaders. Even former Prime Minister Manmohan Singh has demanded a probe into this matter.

However, this is not the first time that news of political leaders being snooped upon by their adversaries has surfaced in the media. Let's look back at some similar controversies from the past... (more)

Sunday, July 27, 2014

The FBI Speaks Out: Economic Espionage and Protecting Trade Secrets

When: 7/30/2014
From 5:00 PM until 7:00 PM

Where: Boston Bar Association
16 Beacon Street
Boston, Massachusetts
United States


Trade secret thefts, both domestic and international, cost U.S. companies billions of dollars per year.  Over 85 percent of trade secret thefts involve employees and business partners.  It is imperative to put a trade secret protection program in place. The FBI will show you why and how. 

In a joint BBA/BPLA sponsored event, federal enforcement specialists Carmine Nigro and Ted Distaso, Brian Moriarty of Hamilton Brook Smith Reynolds, P.C., and Russell Beck of Beck Reed Riden LLP discuss methods of trade secret theft and best practices in theft prevention. (more) (register)

FYI - Just up the street from:
Cheers (pub)
84 Beacon St.
Boston, MA 02108

"Where everybody knows your name." (But that's another privacy issue.)

Reports of India Minister Bedroom Being Bugged

India - Former Prime Minister Manmohan Singh today said there should be an investigation into the report of bugging devices having been found in Union Minister Nitin Gadkari's residence and asked Government to explain the issue in Parliament.

"If Ministers' houses are bugged, then it is not a good omen. It should be investigated. How can it happen? it should be explained by the Government in the House," he told reporters at an Iftar get-together hosted by Congress President Sonia Gandhi

A media report has claimed that high power listening devices were found in the bed room at the 13 Teen Murti Lane residence here of Gadkari, the Road Transport and Highways Minister. (more)

Cost of Corporate Espionage in Germany Today

Every year, industrial espionage costs German businesses around 11.8 billion euros ($16 billion), according to a survey released Monday by the German security firm Corporate Trust.

Every second company in Germany has faced attacks - whether successful or not - with more than three-quarters of those surveyed registering financial losses as a result.

Corporate Trust said the survey reflected answers from 6,767 companies, some 40 percent of which estimated the damage from espionage had cost them anywhere from 10,000 euros to 100,000 euros.

Twelve percent said they lost more than 100,000 euros, and 4.5 percent said they lost more than 1 million euros. (more)

The Easy Fix to About 70% of Data Hacks

You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers.

Much has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.
 
It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few. If just one of these systems can be busted into, the hacker can crack ‘em all...

One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity. (more)

See Around Corners with Pocket Drone

Researchers at the U.S. Army Natick Soldier Research, Development and Engineering Center are developing a pocket-sized aerial surveillance device for Soldiers and small units operating in challenging ground environments.

The Cargo Pocket Intelligence, Surveillance and Reconnaissance program, or CP-ISR, seeks to develop a mobile Soldier sensor to increase the situational awareness of dismounted Soldiers by providing real-time video surveillance of threat areas within their immediate operational environment.

While larger systems have been used to provide over-the-hill ISR capabilities on the battlefield for almost a decade, none of those delivers it directly to the squad level, where Soldiers need the ability to see around the corner or into the next room during combat missions. (more)


See around Corners. Turn Walls into Mirrors. Well, sort of...

The functional difference between a diffuse wall and a mirror is well understood: one scatters back into all directions, and the other one preserves the directionality of reflected light.
The temporal structure of the light, however, is left intact by both: assuming simple surface reflection, photons that arrive first are reflected first. In this paper, we exploit this insight to recover objects outside the line of sight from second-order diffuse reflections, effectively turning walls into mirrors. (more)