Monday, October 27, 2014
Saturday, October 25, 2014
Justice Department's National Security Division Tackles Economic Espionage
The Justice Department has reorganized its National Security Division to combat the increasing threat of state-sponsored economic espionage and theft of corporate America’s secrets.
“Nation states day in and day out intrude” into U.S. computer networks, Assistant Attorney General John Carlin told reporters today. “Committing intrusions for economic benefit by nation states … is not something that’s going to be accepted.”
The reorganization lets Carlin, who was confirmed in April after nearly a year as acting head of NSD, put his stamp on a division that has been jockeying for turf and recognition since it was created in 2006 as part of the national security reforms after the Sept. 11, 2001 terrorist attacks.
As a law enforcement matter, it means bringing an “all-tools” approach to combating cyber attacks and economic spying, Carlin said. (more)
Extra credit reading for Mr. Carlin, Anita M. Singh, and staff... (more) (more)
Cyber isn't the only door to the goods. |
The reorganization lets Carlin, who was confirmed in April after nearly a year as acting head of NSD, put his stamp on a division that has been jockeying for turf and recognition since it was created in 2006 as part of the national security reforms after the Sept. 11, 2001 terrorist attacks.
As a law enforcement matter, it means bringing an “all-tools” approach to combating cyber attacks and economic spying, Carlin said. (more)
Extra credit reading for Mr. Carlin, Anita M. Singh, and staff... (more) (more)
Home of the Stingray Bans its Warrentless Use
Thanks to the Florida Supreme Court and a drug dealer, Sunshine State police can no longer track unsuspecting citizens through their cellphones without a warrant.
That’s welcome news to those concerned about local law enforcement’s use of advanced surveillance technology, sometimes supplied by military contractors, to monitor cellphone locations and incoming and outgoing phone numbers.
Public records obtained by the American Civil Liberties Union show the practice has been widespread and mostly under the radar. (more)
That’s welcome news to those concerned about local law enforcement’s use of advanced surveillance technology, sometimes supplied by military contractors, to monitor cellphone locations and incoming and outgoing phone numbers.
Public records obtained by the American Civil Liberties Union show the practice has been widespread and mostly under the radar. (more)
Labels:
cell phone,
government,
law,
lawsuit,
privacy,
tracking
Spy Phone Labs Sues Google for 2 Million
Spy Phone Labs of Wayne, N.J., claims in its complaint that its app (Spy Phone) was downloaded more than 1.1 million times in its first year on the Google Play marketplace, where most smartphone apps for the Android operating system are sold.
But downloads plummeted to 260,000 in the second year, after Spy Phone complained to Google about trademark infringement by competing products and the app maker was twice suspended from Google Play, the suit claims...
The Spy Phone app allows the location of the phone to be monitored remotely, and allows a remote user, such as a parent, to see the phone numbers of persons exchanging calls or messages with the phone’s user. The app also allows Internet usage on the phone to be monitored remotely. While the app is available for free, Spy Phone generates revenue from ad sales on the website where users download information about the phone’s usage, the suit says. (more)
But downloads plummeted to 260,000 in the second year, after Spy Phone complained to Google about trademark infringement by competing products and the app maker was twice suspended from Google Play, the suit claims...
The Spy Phone app allows the location of the phone to be monitored remotely, and allows a remote user, such as a parent, to see the phone numbers of persons exchanging calls or messages with the phone’s user. The app also allows Internet usage on the phone to be monitored remotely. While the app is available for free, Spy Phone generates revenue from ad sales on the website where users download information about the phone’s usage, the suit says. (more)
Friday, October 24, 2014
White House Fence Jumper Bugged About Bugs
Latest White House intruder wanted to talk to president about spy devices, father says...
The first time Dominic Adesanya tried to speak to President Obama about the spying devices supposedly stashed in the Adesanya home, his father said Adesanya hopped on a Megabus and headed to Washington, where he had a run-in at the White House...
Dominic Adesanya dropped out of school and for the past year he has been worried about cameras hidden in the family’s house or people spying on him, his father said.
He has torn up the home, cutting through drywall and crawling through the attic, looking for the devices, his father said. (more)
The first time Dominic Adesanya tried to speak to President Obama about the spying devices supposedly stashed in the Adesanya home, his father said Adesanya hopped on a Megabus and headed to Washington, where he had a run-in at the White House...
Dominic Adesanya dropped out of school and for the past year he has been worried about cameras hidden in the family’s house or people spying on him, his father said.
He has torn up the home, cutting through drywall and crawling through the attic, looking for the devices, his father said. (more)
FutureWatch - Carhacking
As high-tech features like adaptive cruise control, automatic braking and automatic parallel parking systems make cars smarter, it's also making them more vulnerable to hackers – a risk that an automotive security researcher says carmakers appear to be ignoring.
"There's no culture of security," said Chris Valasek, director of vehicle security research at the computer security consulting firm IOActive, in a keynote speech at the SecTor IT security conference in Toronto this week....
In recent years, security researchers at the University of Washington showed they could hack a car and start it either via the systems used for emissions testing or remotely using things like Bluetooth wireless connectivity or cellular radio to start the car.
Read more about the study
Others showed they could hack a car remotely via a cellular-based car alarm system to unlock the doors and start the engine.
Valasek himself and his research partner Charlie Miller, a security engineer at Twitter, have been starting to experiment with remote attacks after demonstrating that a laptop inside the car can be used to disable brakes and power steering and confuse GPS and speedometers.
Hackers hijack car computers and take the wheel (more)
"There's no culture of security," said Chris Valasek, director of vehicle security research at the computer security consulting firm IOActive, in a keynote speech at the SecTor IT security conference in Toronto this week....
In recent years, security researchers at the University of Washington showed they could hack a car and start it either via the systems used for emissions testing or remotely using things like Bluetooth wireless connectivity or cellular radio to start the car.
Read more about the study
Others showed they could hack a car remotely via a cellular-based car alarm system to unlock the doors and start the engine.
Valasek himself and his research partner Charlie Miller, a security engineer at Twitter, have been starting to experiment with remote attacks after demonstrating that a laptop inside the car can be used to disable brakes and power steering and confuse GPS and speedometers.
Hackers hijack car computers and take the wheel (more)
Rainy Weekend Fun - Make a Paper Boomerang for Indoor Throwing
via futilitycloset.com
Mathematician Yutaka Nishiyama of the Osaka University of Economics has designed a nifty paper boomerang that you can use indoors. A free PDF template (with instructions in 70 languages!) is here.
Hold it vertically, like a paper airplane, and throw it straight ahead at eye level, snapping your wrist as you release it. The greater the spin, the better the performance. It should travel 3-4 meters in a circle and return in 1-2 seconds. Catch it between your palms.
Mathematician Yutaka Nishiyama of the Osaka University of Economics has designed a nifty paper boomerang that you can use indoors. A free PDF template (with instructions in 70 languages!) is here.
Hold it vertically, like a paper airplane, and throw it straight ahead at eye level, snapping your wrist as you release it. The greater the spin, the better the performance. It should travel 3-4 meters in a circle and return in 1-2 seconds. Catch it between your palms.
Thursday, October 23, 2014
Ask the Consultant - Spycam Question Received this Week
"Have you ever been called upon by a client to check for unauthorized or hidden cameras?
And to that end, is there some technology available to security professionals (not what the Secret Service uses) that can identify wireless cameras?"
Yes. The video voyeurism craze had prompted requests from corporate clients, country clubs, private schools and religious institutions (usually in response to an incident), and occasionally pro-actively, for due diligence purposes.
DIY detecting cameras in situ can be accomplished in several ways...
by Kevin D. Murray CPP, CISM, CFE
And to that end, is there some technology available to security professionals (not what the Secret Service uses) that can identify wireless cameras?"
Yes. The video voyeurism craze had prompted requests from corporate clients, country clubs, private schools and religious institutions (usually in response to an incident), and occasionally pro-actively, for due diligence purposes.
DIY detecting cameras in situ can be accomplished in several ways...
Spycam finds courtesy Murray Associates. |
- Physical inspection - If you know where a spycam is likely to be looking (bathroom, bedroom, office, etc.), stand there and do a 360º turn. The camera will be in your line-of-sight (take into account mirrors).
- Look for the lens - This may be accomplished with this device, or with this app. Neither solution is 100% effective, however.
- If the device is not recording internally, but broadcasting a FM radio-frequency signal, there are these detectors 1 2 . Neither solution is 100% effective, however.
- If the camera is transmitting to the Internet via Wi-Fi (popular with the baby monitors), detection options 1 & 2 are the best bet for the amateur sleuth. A professional TSCM team will be able to conduct a Wi-Fi analysis to absolutely detect the transmitter.
- Thermal imaging is also very effective for finding "live" cameras (as opposed to the battery powered ones that just snap photos upon sensing movement). This has become affordable this year with the introduction of this iPhone add-on.
- Call us. In addition to Wi-Fi analysis, we also use Non-Linear Junction Detection (NLJD), more sensitive thermal imaging, and spectrum analysis detection techniques.
by Kevin D. Murray CPP, CISM, CFE
...which left us wondering about the clowns in business and government who spy.
A new study finds that more Americans fear spying from corporations than the government (but only slightly).
In total, 82 percent of Americans fear corporations, while 74 percent fear the government.
The data comes from a new Chapman University survey of everything that freaks Americans out. In addition to Internet fears, around 65 percent of Americans also fear public speaking — meaning that more Americans are concerned about Internet privacy than speaking in public.
Interesting, but unrelated: 20 percent of Americans are at least somewhat afraid of clowns. (more)
In total, 82 percent of Americans fear corporations, while 74 percent fear the government.
The data comes from a new Chapman University survey of everything that freaks Americans out. In addition to Internet fears, around 65 percent of Americans also fear public speaking — meaning that more Americans are concerned about Internet privacy than speaking in public.
Interesting, but unrelated: 20 percent of Americans are at least somewhat afraid of clowns. (more)
Wednesday, October 22, 2014
Why the IT Guy Can't Protect Your Information
- Most “computerized” information is available
elsewhere long before it is put into a computer. - Hacking is only one tool in the spy's kit.
- Data theft is the low-hanging fruit of the business
espionage world. Pros use bucket trucks. - Traditional spying is invisible. Hacking leaves trails.
Result... IT guy gets budget. Company is still a sieve.
Go Holistic
Close All Loopholes
Loophole 1: Information Generation
People generate information. They talk, discuss, plan. The human voice contains the freshest information.
Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices, labs, conference and boardrooms on a scheduled basis. TSCM works.
Ford Motors found voice recorders hidden in seven of their conference rooms this summer.
Loophole 2: Information Transmission
People communicate. They phone, fax, email, hold teleconferences — over LAN, Wi-Fi and cables.
Traditional wiretapping and VoIP/Wi-Fi transmission intercepts are very effective spy tools. TSCM sweeps discover attacks.
Loophole 3: Information Storage
People store information all over the place; in unlocked offices, desks, and file cabinets. Photocopiers store all print jobs in memory. TSCM surveys identify poor storage, and the perimeter security gaps which put storage at risk.
Loophole 4: Information Handling
People control information. Educate them. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Enforce them.
Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.
by Kevin D. Murray CPP, CISM, CFE
Tuesday, October 21, 2014
Watergate - Ben Bradley Dies at 93
Ben Bradlee, the former top editor of The Washington Post who oversaw
the paper's coverage of the Watergate scandal, has died, the newspaper
said Tuesday.
He was 93.
He was 93.
Yo, Jimmy. You know how to use this thing?
Newly released documents definitively show that local law enforcement in Washington, DC, possessed a cellular surveillance system—commonly known as a "stingray"—since 2003.
However, these stingrays literally sat unused in a police vault for six years until officers were trained on the devices in early 2009.
"It's life imitating The Wire," Chris Soghoian, a staff technologist at the American Civil Liberties Union, told Ars. "There's an episode in Season 3 where [Detective Jimmy] McNulty finds a [stingray] that has been sitting on the shelf for a while." (more)
However, these stingrays literally sat unused in a police vault for six years until officers were trained on the devices in early 2009.
"It's life imitating The Wire," Chris Soghoian, a staff technologist at the American Civil Liberties Union, told Ars. "There's an episode in Season 3 where [Detective Jimmy] McNulty finds a [stingray] that has been sitting on the shelf for a while." (more)
Traveling to China? Have an iPhone? Clear Your Cloud First
Chinese authorities just launched “a malicious attack on Apple” that could capture user names and passwords of anyone who logs into the iCloud from anywhere in the country, the well-respected censorship watchdog GreatFire.org reports.
With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud.
China has an estimated 100 million iPhone users in China, and all of them could be vulnerable, GreatFire reports, thanks to a “man in the middle” attack that tricks users into believing they are logging into a secure connection, when they are actually logging into a Chinese government-controlled site instead. (more)
With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud.
China has an estimated 100 million iPhone users in China, and all of them could be vulnerable, GreatFire reports, thanks to a “man in the middle” attack that tricks users into believing they are logging into a secure connection, when they are actually logging into a Chinese government-controlled site instead. (more)
A Police Commander's Wife, Their Unlicensed PI Business and Spyware...
Woo-woo-woo-woo-woo-woo, nyunt, nyunt, nyunt!
A Monterey County woman was charged with wiretapping a police officer and possessing "illegal interception devices,” according to the Northern California District Attorney’s office. The District Attorney said that Kristin Nyunt, age 40, allegedly intercepted communications made by a police officer on his mobile phone.
Nyunt is the ex-wife of former Pacific Grove Police Commander John Nyunt, and she has already been sentenced to eight years and four months in prison after pleading guilty in July to five counts of identity theft, two counts of computer network fraud, one count of residential burglary, and two counts of forgery.
In the latest charges [PDF], the District Attorney accused Nyunt of using illegal spyware including MobiStealth, StealthGenie, and mSpy to intercept "sensitive law enforcement communication” in real time. Nyunt allegedly placed the spyware on a police officer’s phone surreptitiously, although court documents do not detail how or why...
...between 2010 and 2012, Nyunt and her husband operated an unlicensed private investigator business called Nyunt Consulting and Investigative Services Corporation and used access to their customers’ devices and information to later commit identity theft. (more)
A Monterey County woman was charged with wiretapping a police officer and possessing "illegal interception devices,” according to the Northern California District Attorney’s office. The District Attorney said that Kristin Nyunt, age 40, allegedly intercepted communications made by a police officer on his mobile phone.
Nyunt is the ex-wife of former Pacific Grove Police Commander John Nyunt, and she has already been sentenced to eight years and four months in prison after pleading guilty in July to five counts of identity theft, two counts of computer network fraud, one count of residential burglary, and two counts of forgery.
In the latest charges [PDF], the District Attorney accused Nyunt of using illegal spyware including MobiStealth, StealthGenie, and mSpy to intercept "sensitive law enforcement communication” in real time. Nyunt allegedly placed the spyware on a police officer’s phone surreptitiously, although court documents do not detail how or why...
...between 2010 and 2012, Nyunt and her husband operated an unlicensed private investigator business called Nyunt Consulting and Investigative Services Corporation and used access to their customers’ devices and information to later commit identity theft. (more)
Labels:
business,
cell phone,
dumb,
Hack,
lawsuit,
police,
privacy,
scam,
spyware,
wiretapping
Subscribe to:
Posts (Atom)