Beijing authorities have initiated a ban on all secret surveillance equipment in the city amid increasing pressure from the central government to crack down on spying activities.
The decision was issued jointly by the city's Administration for Industry and Commerce, Beijing Municipal Public Security Bureau and Beijing National Security Bureau, which added that purchases of these devices–such as surreptitious cameras installed in glasses or walking sticks to secretly record photos or videos of people in bathrooms and changing rooms–could lead to serious criminal liability...
Chinese media outlets reported that the majority of buyers are private detectives and investigators, debt collectors and lawyers looking to collect evidence for their cases. There have so far been 91 official investigations into illegal surveillance in Beijing this year. (more) * Except their own, we presume.
The National Security Agency has some of the brightest minds... But a new chat program designed by a middle-school dropout in his spare time may turn out to be one of the best solutions to thwart those efforts...
John Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client...
A team of researchers from Stanford University and the University of California, Berkeley, has created prototype radio-on-a-chip communications devices that are powered by ambient radio waves. Comprising receiving and transmitting antennas and a central processor, the completely self-contained ant-sized devices are very cheap to manufacture, don't require batteries to run and could give the "Internet of Things" (IoT) a serious kick start.
(more)
A Metasploit module has been developed to easily exploit a dangerous flaw in 75 percent of Android devices that allows attackers to hijack a users' open websites... Tod Beardsley, a developer for the Metasploit security toolkit dubbed the "major" flaw a "privacy disaster".
"What this means is any arbitrary website - say, one controlled by a spammer or a spy - can peek into the contents of any other web page," Beardsley said.
"[If] you went to an attackers site while you had your web mail open in another window, the attacker could scrape your email data and see what your browser sees.
"Worse, he could snag a copy of your session cookie and hijack your session completely, and read and write web mail on your behalf." (more) Solution: Use a Firefox or Chrome browser.
Wireless (802.11b/g/n) high gain Bluetooth & USB Ethernet
adapters
Fully-automated NAC/802.1x/Radius bypass
One-click EvilAP, stealth mode & passive recon
The Pwn Plug Academic Edition acts as a penetration testing drop
box that covers most of a full-scale pentesting engagement, from
physical-layer to application layer. The Pwn Plug Academic Edition
is controlled through a simple web-based administration and comes
preloaded with an array of penetration testing tools and Wireless,
Bluetooth, and USB Ethernet adapters.
The Pwn
Plug R3 is a next-generation penetration testing
device in a portable, shippable, “Plug-and-Pwn” form factor.
Onboard high-gain 802.11a/b/g/n wireless
Onboard Bluetooth
External 4G/GSM cellular
Greatly improved performance and reliability
The Pwn Plug R3 is a next-generation penetration testing device
in a portable, shippable, “Plug-and-Pwn” form factor. With onboard
high-gain 802.11a/b/g/n wireless, onboard Bluetooth, external
4G/GSM cellular, ruggedized case design, and greatly improved
performance and reliability, the Pwn Plug R3 is the enterprise
penetration tester’s dream tool.
The MiniPwner The MiniPwner
is described as a penetration testing “drop box”. You (or maybe a
cleaner you’ve bribed) needs to plug it into an Ethernet plug in
the target’s building, and then you can slurp all the data out of
their network via a wifi link.
The penetration tester uses stealth or social engineering
techniques to plug the MiniPwner into an available network port.
(common locations include conference rooms, unoccupied
workstations, the back of IP Telephones, etc.) Once it is plugged in, the penetration tester can log into the
MiniPwner and begin scanning and attacking the network. The MiniPwner can
simultaneously establish SSH tunnels through the target network,
and also allow the penetration tester to connect to the MiniPwner
via Wifi.
WiFi
Pineapple Mark V Slightly larger than a smartphone the WiFi Pine-apple Mark V is
the “ultimate” cyber surveillance device. It uses an “intuitive”
web interface to enable hackers to break into a corporate’s IT
networks through its wifi connections. It costs $100.
USB Switchblade
The goal of the USB Switchblade is to silently recover information
from a target Windows 2000 or higher computer, including password
hashes, LSA secrets, IP information, etc.
A gadget that looks like a USB stickhas a
program that swings into action when it’s inserted into the USB
drive and can then begin its naughty work without the user knowing
it by exploiting a flaw in USB autorun settings. How about
dropping it in the car park of your target’s offices, seeing if
someone will pick it up and plug it in to see what’s on it…
The thing
about these is that the bad guy can carry a load of malware, ready
for use at any time. These go for less than $50. Easy to smuggle
in.
The
Rubber Ducky
The Rubber Ducky is becoming the “field-weapon of choice” for
cyber spies. It’s the size of a normal USB stick but when you plug
it in to a PC it pretends to be a keyboard and starts ‘typing’
away, possibly trying to break into systems or maybe stealing
passwords. If you get a few seconds alone with someone’s phone
you can get an adapter to plug it in and maybe hack that too. (The last five items courtesy of Financial News.)
MEMS gyroscopes found on modern smart phones are sufficiently sensitive to measure acoustic signals in the vicinity of the phone. The resulting signals contain only very low-frequency information (< 200 Hz). Nevertheless we show, using signal processing and machine learning, that this information is sufficient to identify speaker information and even parse speech.
Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone. (more)
Your information assets have never been more crucial, more valuable, or more at risk. This is why information security is becoming a crucial business priority in many organizations. Moreover, complying with (international) information standards and guidelines (such as the NIST Handbook, ISO 17799, CobiT, and ITIL Security Management) is becoming a hot issue worldwide. This unique distance learning course provides you with vital information for developing or reviewing your information security management framework. The course will help you determine the levels of risk your organization is facing and the steps you will need to take to provide adequate protection.
The course will be of particular benefit to:
CIOs, CISOs and anyone who has direct line responsibility for information security
Business Continuity Planners, Asset Managers, Risk Managers
Legal Advisors and Corporate Security Consultants
Company Secretaries, Finance Directors and Auditors (more)
Soldiers from Israel's elite wire-tapping unit are refusing to spy on Palestinians in a rebuke to prime minister Benjamin Netanyahu.
More than 40 former soldiers and current army reservists have signed a letter refusing future service in the Israeli Defence Force (IDF) military intelligence wing, known as Unit 8200.
Unit 8200 is often compared to the United States National Security Agency. It uses sophisticated technology to monitor the lives of Palestinians, gathering information which is then used by Israel's military. It also carries out surveillance overseas. (more)
In a wide-ranging interview with Rolling Stone, Taylor Swift gets candid about her love life, her professional feuds and being very cautious about janitors and wiretapping.
1. She's pretty much always worried about privacy Swift is acutely aware that people are out to invade her privacy. “There's someone whose entire job it is to figure out things that I don't want the world to see,” she told Rolling Stone. She's also paranoid about basically anyone she lets get too close... I have to stop myself from thinking about how many aspects of technology I don't understand.” (more) Taylor, there are some nice professional privacy consultants who can help you.
T-Mobile US sued Huawei for corporate espionage, alleging that the vendor's employees illegally photographed and tried to steal parts of a robot it developed in its labs, called "Tappy," to test cell phones.
Tappy's Grandfather
The lawsuit, filed last week in federal court in Seattle, claims that two Huawei employees gained illicit access to its lab in Bellevue, Wash., photographed the robotic arm, tried to smuggle parts of it out of the lab, and then tried to sneak back in after they were banned from the facility... In 2012 and 2013, the suit claims, Huawei employees engaged in the subterfuge. At one point, the suit alleges, a Huawei engineer put one of the robot's simulated fingertips into his laptop bag. Huawei "ultimately admitted that its employees misappropriated parts and information about T-Mobile's robot," the suit says. (more)
...also charged with having guns in his home which he's not allowed to have based on his criminal history. Last year at this time (9/29/13) subject was sentenced to probation for a term of seven years with the condition that he have no contact with minors, and a fine of $2000, for the offense of Corruption of Minors. (more)
Russia - The Defense Ministry has challenged reports that a Kobalt-M spy satellite reentered the Earth's atmosphere and burnt up over the U.S., potentially leaving Russian military intelligence photos lying in Colorado or Wyoming...
The satellite, launched from the Plesetsk Cosmodrome near Arkhangelsk on May 6, was not equipped to digitally transmit its photographs back to its handlers at Russia's military intelligence unit, the GRU. Instead, it was designed to drop its film in special canisters from space onto Russian territory.
Interfax reported Tuesday that the satellite may have been attempting to position itself to drop a canister back to Earth, when it moved into too low of an orbit — thereby falling back to earth over the U.S. It is possible that much of the satellite and its photos survived, and are now sitting somewhere in the U.S. midwest. (more)
Namibia - A new crime trend has emerged in Windhoek, where confidential business information is stolen and sold to the victim’s competitors...
City Police Senior Superintendent Gerry Shikesho told Namibian Sun that so far three cases of theft of business secrets have been opened - one last month and two this month.
He explained that people are being sent to steal documentation that contains company strategies or business plans.
He said a Windhoek company had information stolen that was valued at N$300 000 ($27,242.00 USD).(more) Note: In Namibia, that is a lot of money for a business to lose.
Not a fan of Google Glass’s ability to turn ordinary humans into invisibly recording surveillance cyborgs? Now you can create your own “glasshole-free zone.”
Berlin artist Julian Oliver has written a simple program called Glasshole.sh that detects any Glass device attempting to connect to a Wi-Fi network based on a unique character string that he says he’s found in the MAC addresses of Google’s augmented reality headsets.
Install Oliver’s program on a Raspberry Pi or Beaglebone mini-computer and plug it into a USB network antenna, and the gadget becomes a Google Glass detector, sniffing the local network for signs of Glass users.
When it detects Glass, it uses the program Aircrack-NG to impersonate the network and send a “deauthorization” command, cutting the headset’s Wi-Fi connection. It can also emit a beep to signal the Glass-wearer’s presence to anyone nearby. (more)
The son-in-law of the late President Richard Nixon gave a lesson during a visit to Syracuse Wednesday on the difference between Watergate and the New York Republican Party's recent bugging scandal. One tactic was legal. The other was not, said Ed Cox, the chairman of the New York State Republican Party and the husband of former first daughter Tricia Nixon...
They admitted to it in court... Cox, who was in Syracuse Wednesday, said the two investigations are not the same. First of all, Assembly Republicans admitted to bugging the car.
Secondly, it was legal, he said (although he admits he doesn't know any more about the law than what he's been told by a reporter.)
He talked about bugging the car as if it was the Republican Party's responsibility. He said it is part of the "self-policing, democratic process" for one party to investigate the other party's candidate before the election.
"Watergate was using illegal means - breaking and entering and illegal bugging - in order to find out what was legal political conversation. It's just the opposite," he said.
Cox said politics in New York is a competitive sport. "It ain't bean bag," he said... What would he say if someone bugged his car?
Under the same circumstances, he said, "Sure that would be fine with me." (more)
Chinese media outlets reported that the majority of buyers are private detectives and investigators, debt collectors and lawyers looking to collect evidence for their cases. There have so far been 91 official investigations into illegal surveillance in Beijing this year. (more)
