Thursday, December 4, 2014

Espionage Conference: Beat Security into CEOs with a Stick

CEOs and business leaders often ignore cyber intrusions or even cover them up, allege IT experts who attended an espionage conference near Ottawa this week.

But those actions leave publicly listed companies and their corporate boards exposed to massive legal liabilities when cyber attacks leak customer info or damage the company’s competitive value...

...compel company executives and corporate boards to fix security holes, says Errol Mendes, a law professor at the University of Ottawa, who also spoke at the espionage conference.

“Tell them about the potential legal liability,” he said. “Use the legal stick.” (more)

Business Espionage: GlobeRanger Awarded $15 million in Trade Secrets Espionage Case

Background
A lawsuit filed in state court Friday reads like a Hollywood script: It includes sex, deception and espionage in an alleged conspiracy to rob a Richardson company of its livelihood. (more)

The Verdict
According to a Nov. 28 court filing, on Nov. 20 a jury in federal court in Dallas awarded Richard, Texas-based GlobeRanger $15 million in a case that involved the misappropriation of trade secrets related to radio frequency identification technology.  

The case is GlobeRanger Corp. v. Software AG, 3:11-cv-00403, U.S. District Court, Northern District of Texas (Dallas). (more)

Wednesday, December 3, 2014

Russian Politicians May Be Required to Use Dumb Phones

A leftist Russian lawmaker has prepared a bill recommending all MPs to stop using iPhones and iPads to protect themselves from eavesdropping by foreign special services.

Dmitry Gorovtsov, of the center-left Fair Russia party, told the Interfax news agency that his suggestion applied primarily to politicians who had access to classified information...

“In principle, the MPs know that using the most primitive mobile phones, those that cost no more than $20, is a guarantee not only against the theft of your own financial data or spying on your e-mail, but also against bugging,” Gorovtsov said. (more)

The least expensive way to assure you will not be tracked, eavesdropped, or have your information stolen by spyware is to use a dumb cell phone. Sources: johnsphones.com, Kyocera Marbl K127, Motorola W260g, Motorola C139, more

Wiretap Costs Drops

How much does a wiretap actually cost?

Last year, the average wiretap cost $41,119, according to the U.S. Courts Wiretaps Report for 2013, down from $57,540 the previous year. The steady decrease in wiretapping price means it's highly likely that wiretapping is cheaper now than it has ever been before. The average length of these wiretaps was 40 days, and the most prominent wiretapping happened in northern Illinois, where narcotics officers intercepted 136,378 text messages. (more)

Chanel #007 - It Stinks

French researchers claim to have found indisputable evidence that Coco Chanel worked as a spy for the Nazis during the Second World War.

A written record made public for the first time in a documentary broadcast on French television last night is said to prove that the late fashion designer was a member of Abwehr - Adolf Hitler's secret military intelligence agency. (more)

The Amazon is Full of Bugs, or...

...14 more reasons you should have us check your office for electronic eavesdropping devices.

I received the following in my email. It dispels the myth that bugging devices are expensive and difficult to obtain. Most of these are under $100. 

One is $8.06 and holds 150 hours of audio.

Last summer it was reported that Ford Motor Company found similar voice recorders under about eight of their conference room tables.

A Technical Surveillance Countermeasures (TSCM) inspection (conducted by qualified security technicians) is the quickest and most economical way to protect yourself against being a victim. 

Want to know more? Call me.

Click to enlarge.


Monday, December 1, 2014

Australia - Two Anti-Voyeurism Measures

New Anti-Voyeurism Law
Attorney-General Simon Corbell said the wide-ranging crimes legislation would provide greater protection from invasions of privacy in response to advances in technology.

"The offences introduced by the bill, to protect the privacy of individuals, will ensure that the law can appropriately deal with people who indecently engage in behaviour sometimes referred to as up-skirting and down-blousing without the consent of the person being observed, filmed or photographed," he said. (more)

No Drone Voyeurism in Fire Zones
State aviation operations manager David Pearce said drones could be lethal to aircraft, regardless of size, much like a bird strike that "took down an airliner" if it hit the wrong spot. "Helicopters are particularly susceptible. If the drone is sucked into the intake of the jet engines, or goes into the tail rotor, then it's probably curtains for the helicopter.

Mr Pearce said firefighting aircraft would be immediately grounded if a UAV was spotted either near, or within, a fire zone. (more)

Yes, you're a doctor. No, it's not all right.

UK - A South London doctor who took secret video footage of patients and colleagues on the toilet has been jailed for eight years. 

Hearing specialist Lam Hoe Yeoh was sentenced at Croydon Crown Court after it was discovered that he had secretly hoarded 1,100 indecent images and videos of his patients at his home.

The 62-year-old man admitted to seven counts of voyeurism, six counts of taking an indecent photograph of a child and one count of possessing extreme pornography. (more)

FutureWatch: The Uber Hack Will Taxi In Soon

Imagine for a second that your job is to gather intelligence on government officials in Washington, or financiers in London, or entrepreneurs in San Francisco. Imagine further that there existed a database that collected daily travel information on such people with GPS-quality precision– where they went, when they went there and who else went to those same places at the same times.

Now add that all this location data was not held by a battle-hardened company with tons of lawyers and security experts, such as Google. Instead, this data was held by a start-up that was growing with viral exuberance – and with so few privacy protections that it created a “God View” to display the movements of riders in real-time and at least once projected such information on a screen for entertainment at a company party.

And let’s not forget that individual employees could access historical data on the movements of particular people without their permission, as an Uber executive in New York City reportedly did when he pulled the travel records of a Buzzfeed reporter who was working on a story about the company.

Wouldn’t that strike you as a hacking opportunity of remarkable awesomeness?

James A. Lewis, a cyber-security expert with the Center for Strategic and International Studies, said, “Most people have really bad operational security.” (more)

Friday, November 28, 2014

The Bug Heard Round the World

Katana FT-1 is a miniature voice recorder with built-in Wi-Fi transmitter. 

It records high quality audio on a MicroSD card. Yet to listen to the records you don’t even have to touch the voice recorder. All the collected data can be downloaded to an FTP server or host computer using ad-hoc Wi-Fi connection or via Internet. 

To ensure high quality sound and fast upload Katana FT-1 exploits a dedicated audio processor with sophisticated voice compression algorithms (like Vorbis Ogg) and hi-speed Wi-Fi module. So 1 hour of high quality audio recording can be uploaded in just about 14 seconds. (more)

Why do I mention it?
So you will know what you're up against.

Aged Law Urped Up to Decrypt Phone Data

The Justice Department is turning to a 225-year-old law to tackle a very modern problem: password-protected cellphones.

Prosecutors last month asked a federal magistrate in Manhattan to order an unnamed phone maker to provide “reasonable technical assistance” to unlock a password-protected phone that could contain evidence in a credit-card-fraud case, according to court filings... 

...the government on Oct. 10 obtained a search warrant to examine the contents of the phone. In the credit-card case, the phone was locked, so prosecutors asked U.S. Magistrate Judge Gabriel Gorenstein to order the manufacturer to unlock it. They cited the All Writs Act, originally part of a 1789 law that gives courts broad authority to carry out their duties. (more)

Log Jam - Forces You to Shut Up and Experience Where You Are

Artist and coder Allison Burtch has created a new device to save us from our cellphones and ourselves. 

It comes in the form of a 10-inch birch log that jams cellular radio signals, and it’s called the Log Jammer. Packed with about $200 of hardware including a power source, a circuit board of her own design, voltage control components, an amplifier, and an antenna, it can produce radio noise at the 1950 megahertz frequency commonly used by cellphones. It’s powerful enough to block all cellphone voice communications in a 20-foot bubble, and its log-like exterior is designed to unobtrusively create that radio-jamming zone in the great outdoors...

Burtch sees her creation as the inverse of the increasingly common sight of cellular towers disguised as trees. Instead of hiding technology in nature to let people remain connected everywhere, the Log Jammer blends into a natural setting to cut off that constant remote communication—to force people to experience the place they’re in. Burtch paraphrases French philosopher Gilles Deleuz: “The problem is no longer getting people to express themselves,” she says. “It’s creating a needed gap of solitude in which they might find something to say.” (more)

Sunday, November 23, 2014

How They Do It - Spying on Citizens in Central Asia

A recent report from Privacy International 
has tried to shine some light on the methods Central Asian governments are using to track their populaces – and to examine how closely they mirror Russian and Chinese examples, as well as which Western companies have supplied the necessary technology along the way. (more)

Hey Kids! You Too Can Have Cool NSA Spy Toys

Welcome to the home of the NSA Playset.

In the coming months and beyond, we will release a series of dead simple, easy to use tools to enable the next generation of security researchers. We, the security community have learned a lot in the past couple decades, yet the general public is still ill equipped to deal with real threats that face them every day, and ill informed as to what is possible.

Inspired by the NSA ANT catalog, we hope the NSA Playset will make cutting edge security tools more accessible, easier to understand, and harder to forget. Now you can play along with the NSA! (more) 

If you are thinking of contributing a new NSA Playset project, please keep in mind the following requirements:

1. A Silly Name
If your project is similar to an existing NSA ANT project, you can come up with a clever play on that name. For example, if your project is similar to FOXACID, maybe you could call it COYOTEMETH. Of course, if your project doesn't quite line up with anything in the ANT Catalog, you can come up with your own name. If you are feeling less creative, try out the handy name generator found here: http://www.nsanamegenerator.com/ (more)

This Week in Wiretap News

ID - The former information technology director of a hospital in Blackfoot was sentenced to three years of probation after he was convicted of wiretapping. A Bingham County judge imposed the sentence for 46-year-old Jack York on Friday. York was accused along with three others of recording telephone calls by a former hospital doctor and his staff between June 2009 and August 2010. (more) (more)

Taiwan - An aide to Ko Wen-je was arrested yesterday by Taipei prosecutors looking into alleged wiretapping of the independent Taipei mayoral hopeful's office... (more)

DC - American investigators intercepted a conversation this year in which a Pakistani official suggested that his government was receiving American secrets from a prominent former State Department diplomat, officials said, setting off an espionage investigation that has stunned diplomatic circles here,  The New York Times in a report Friday said. That conversation led to months of secret surveillance on the former diplomat, Robin L. Raphel, and an F.B.I. raid last month at her home, where agents discovered classified information, the officials said. (more)

Turkey - More details have surfaced about the Gülenists' wiretapping of the then prime minister Recep Tayyip Erdoğan, after an indictment regarding the investigation was submitted to court. The Gülenists planned every step in detail, according to the indictment. The Ankara chief public prosecutor's office has prepared an indictment on 13 suspects, who are accused of wiretapping then Prime Minister Recep Tayyip Erdoğan, charging the suspects with "political spying" after an investigation into the alleged offenders was completed. (more)

CA - Counsel Timothy Perry discusses how wiretaps are vulnerable to attack, especially in white collar cases. He explains some details of the wiretap statute and discusses how defense attorneys can best address wiretap evidence in a white collar case. (video) 

NC - A judge Friday unsealed a trove of court documents that could shed light on a secret cellphone tracking program used by police nationwide. The judge in Charlotte, N.C., acted after a petition from the Charlotte Observer to make the documents public. Included are 529 requests from local Charlotte-Mecklenburg police asking judges to approve the use of a technology known as StingRay, which allows cellphone surveillance. (more)

NYC - Add New York City’s Taxi and Limousine Commission to the list of powerful groups investigating Uber for allegedly spying on its users. The commission, which regulates Uber, is “looking into allegations” that the mobile car-hailing app violated users’ privacy by tracking them without their permission. (more)