Wednesday, January 14, 2015

Why You Need to Sweep for Bugs (TSCM) - Reason #4: CYBERSPIES

Your security efforts are IT focused. 
You diligently monitor your computer's front door, the network. 
Meanwhile these hack-vac bugs are sucking it all out your back door.

A TSCM bug sweep program can catch these.

Example 1:
"KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring."

Unit Cost for Parts: $10 - 80 depending on operation
Status: Operational, open source, open hardware, declassified.
Note: KeySweeper can be built into anything that uses mains power. (Think: power strips, clocks, lamps, legitimate wall warts (as pictured), radios, print centers, fax machines, etc.)

Example 2:
The Pwn Plug Academic Edition is a penetration testing drop box.



Wireless (802.11b/g/n) high gain Bluetooth & USB Ethernet adapters
Fully-automated NAC/802.1x/Radius bypass
One-click EvilAP, stealth mode & passive recon

The Pwn Plug Academic Edition acts as a penetration testing drop box that covers most of a full-scale pentesting engagement, from physical-layer to application layer. The Pwn Plug Academic Edition is controlled through a simple web-based administration and comes preloaded with an array of penetration testing tools and Wireless, Bluetooth, and USB Ethernet adapters.

Example 3: 
The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor.

Onboard high-gain 802.11a/b/g/n wireless
Onboard Bluetooth
External 4G/GSM cellular
Greatly improved performance and reliability The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor. With onboard high-gain 802.11a/b/g/n wireless, onboard Bluetooth, external 4G/GSM cellular, ruggedized case design, and greatly improved performance and reliability, the Pwn Plug R3 is the enterprise penetration tester’s dream tool.

Example #4:
The MiniPwner

The MiniPwner is a penetration testing “drop box”. You (or maybe a cleaner you’ve bribed) needs to plug it into an Ethernet plug in the target’s building, and then you can slurp all the data out of their network via a wifi link.

The penetration tester uses stealth or social engineering techniques to plug the MiniPwner into an available network port. (common locations include conference rooms, unoccupied workstations, the back of IP Telephones, etc.)

Once it is plugged in, the penetration tester can log into the MiniPwner and begin scanning and attacking the network. The MiniPwner can simultaneously establish SSH tunnels through the target network, and also allow the penetration tester to connect to the MiniPwner via Wifi.  

Example #5:
WiFi Pineapple Mark V
Slightly larger than a smartphone the WiFi Pine-apple Mark V is the “ultimate” cyber surveillance device. It uses an “intuitive” web interface to enable hackers to break into a corporate’s IT networks through its wifi connections. It costs $100.

Example #6: 
USB Switchblade
"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc.

This gadget, which looks like a USB stick, has a program that swings into action when it’s inserted into the USB drive. It then begins its naughty work (without the user knowing) it by exploiting a flaw in USB autorun settings. How about dropping it in the car park of your target’s offices, seeing if someone will pick it up and plug it in to see what’s on it..."

Tuesday, January 13, 2015

Book Review: “Cell Phone Investigations” by Aaron Edens

Until now, if you wanted to learn all about cell phone investigations you would be cobbling together knowledge in scavenger hunt fashion. Your trek might include:
  • seminars, given by a few universities and forensic software vendors; 
  • technical law enforcement newsgroups where tips are swapped; 
  • articles and white papers ferreted out on a topic by topic basis;
  • and a lot of personal trial and error.
Times have changed.

All the basics one needs to know is clearly laid out in this book. Each chapter is packed with many interesting sub-chapters like: caller ID spoofing, cell site dumps, storing and preserving evidence. The Table of Contents shows the important bases covered…

  • Chapter 1: Search Warrants
  • Chapter 2: Phone Records
  • Chapter 3: Tools for Examining Records
  • Chapter 4: Cell Towers and Cell Sites
  • Chapter 5: Cell Phone Forensics
  • Chapter 6: Digital Evidence
  • Chapter 7: Types of Examinations
  • Chapter 8: Using Cell Phone Forensics
  • Chapter 9: Locked Devices
  • Chapter 10: iPhone Backup Files
  • Chapter 11: Sample Search Warrants
  • Templates
  • Appendix

Law enforcement investigators will particularly appreciate Mr. Edens’ street tips. 

Example 1: Arresting officers need training when it comes to electronic evidence collection. If 12 gang members are arrested you are likely to get a bag o’ phones without knowing which suspect owns what phone. “Without a doubt if they had seized 12 firearms the process would have been completely different. The firearms would have been photographed in place to precisely document the location at which they were found, and to establish dominion and control.”

Example 2: The five errors law enforcement officers make when using cell site information. Most of these apply to private investigators and attorneys as well. “Investigators will commonly refer to the cell phone and the target of the investigation interchangeably. I strongly recommend you avoid this dangerous habit,” and goes on to explain the important reason why.

Strip away the some of the law enforcement only information and you have an excellent book for the private sector with fascinating CSI tidbits tossed in. Say the phone you want to examine is soaked in blood or some other yuck biohazard. What can / should you do? Hint, don’t try cleaning it with soap, water and your electric toothbrush. Nah, I’m sure you knew better about the toothbrush. Try alcohol in an ultrasonic tub instead.

New devices like smart watches, and breadcrumbs from the Internet-of-things, are bringing new opportunities and challenges continually. Updates and revised editions of this book are to be expected, and a companion web page with late breaking news would be a welcome addition.

Having all the information in one place has been accomplished very well. Transferring the knowledge to the reader – easily – will take a little more finesse.

In its current form, Cell Phone Investigations is a tiring read. Some basic visual communications tenets were overlooked. Lines of type stretch across 6.5 inches of an 8.5 inch page, averaging about 113 characters per line. This makes focusing difficult. To compound the visual felony the text is entirely sans-serif type, making reading even more challenging. The solution for future editions is simple. Use two columns per page, with no more than 55-65 characters (including spaces) per line. Use serif type for the text. Save the sans-serif type for titles and headlines. These typographical shortcomings should not deter you from this edition, however. Just expect you won’t be reading this cover to cover in one sitting.

“Cell Phone Investigations” (238 pages) is perfect for law enforcement, attorneys, and students entering either field. If it was written only for private investigators, security directors and people who deal with the public answering questions about cell phones, it would just be fewer pages. In the end, all groups get the education they need in an accurate, well written, well organized manner, with illustrations and charts appropriately sprinkled throughout. ~Kevin

Monday, January 12, 2015

Why You Need to Sweep for Bugs (TSCM) - Reason # 6: LAWSUITS

The cost of illegal bugging, wiretapping and video voyeurism is more than emotional distress and lost information...

IN - South Bend taxpayers have so far been saddled with about $1.6 million in attorney fees and the costs of settling lawsuits sparked by the police department's recording of some officers' telephone conversations. 

The city and its Common Council have together spent almost $800,000 on attorney fees to date in the ongoing legal battle over the recordings. South Bend also has settled three lawsuits for another $810,000, boosting the total cost of the litigation to about $1.6 million, the South Bend Tribune reported.

The last remaining legal question is whether the wiretapping was illegal... South Bend, joined by four officers, battled the council on that question during a two-day trial in August. A federal judge has not yet ruled. Expect more attorney fees and possibly fines.
(more)

A due diligence debugging sweep program (2-4 times per year) cost most companies less than $35,000. per year.  

$1.6 million dollars equals 45+ years of due diligence. 

Interested in lowering your risk and establishing due diligence? I am here to help. ~Kevin

Miss-Fortune Crookie

The executive vice-minister of the Chinese ministry of state security and one of the top spy chiefs in the country, Ma Jian has been arrested on charges of corruption, the South China Morning Post reported Monday.
(more)

Sunday, January 11, 2015

Yes, Chinese Police Openly Spy on Your Calls and Texts

via Bloombergnews.com... 
Police across China are buying software and equipment to tap mobile phones as President Xi Jinping tightens control of public opinion and the spread of information.

Current cell phone call capture technique.
The police department of the Wenzhou Economic and Technological Development Zone said it spent 149,000 yuan ($24,000) to buy equipment, including what it called Trojan Horse software, from a state-owned technology company, according to a post on its website today. The software is used to monitor calls, texts and photos on smartphones, it said in the post, which was removed after gaining attention on Chinese social media.

The purchases shed light on the extent to which China monitors its citizens’ personal information amid a broader government clampdown on Internet freedom. Provincial governments and police departments in Jiangsu and Inner Mongolia are seeking to buy similar software to gather information from mobile devices, according to procurement lists on their websites.
(more)

Tip: Turn Your Old iPod into a Security Camera for Free (UPDATE)

Last summer I tipped you off about an app that turns your old Apple devices into video surveillance cameras. It is called Manything.

Manything recently made the news...

A Tempe homeowner caught a would-be burglar rummaging through her house on her "puppy" cam.

Mia used an iPhone app called Manything to set up a live video feed to keep an eye on her dogs while she was away at work. She pulled up the feed on her work computer and saw an unknown man walking through her living room.

Dispatcher: 911. What is your emergency?

Caller: Hi. There's someone in my house

"My dogs are there, he's giving the dog treats," she told the dispatcher. The man then noticed the camera and turned it off, but Mia has already contacted the police.

Officers surrounded the home and took the man into custody.
(more) (video)

"The World's First Espionage Snacks"

New Branding and Espionage Snacks at the Winter Fancy Food Show, January 11-13, 2015

 ...launching at the show, and sure to change the snacking game as we know it, are Captain Honeypot and Admiral Hornblower, the world’s first espionage snacks that allow you to spy on yourself and honeypot with others.

At the helm of these snack innovations is Robert Ehrlich, who has rocked the snack world as the Shaman of Snacks for the past 29 years, creating some of the most iconic snacks on the planet.
(more)

Cash Machine SpyCam Scam

UK - An iPod nano was turned into a spy camera and taped to a cashpoint by thieves in a bid to steal unsuspecting user's bank details.

The Apple device was found by police attached to the hole-in-the wall in Northenden Road in Gatley, Stockport, Greater Manchester.

They discovered that the iPod nano had been turned into a camera and attached to the ATM using duct tape and a fake plastic case was added.
(more)

Privacy App Alert - Turn Your Phone into a Burner Phone

Burner is a privacy layer for your phone. Create unlimited numbers at the touch of a button, and keep your personal number private. 

Real phone numbers when you need them
Burners are real numbers with local area codes you can use for calls, texts, and voicemail to stay in touch with anyone.

Control your mobile identity
Manage who can reach you without compromising your personal information. Features like Touch ID lock and custom line colors will keep you organized and in control.

Burn to "disconnect"
Keep a Burner as long as you want... or delete at the touch of a button. Like magic, your number goes out of service and the data is wiped from your phone.
(more)

The information above is from Burner's publicity material. Keep in mind your calls are going through a 3rd party. Confidential discussions should be avoided on principle. ~Kevin

Friday, January 9, 2015

Hacktivist Group Anonymous Finds a Worthy Target

Hacktivist group Anonymous has come out to avenge the attacks on the office of Paris-based magazine Charlie Hebdo in which 12 people were murdered.

The Belgian 'branch' of Anonymous posted a video message to YouTube describing a new campaign against jihadists, called #OpCharlieHebdo.

The video, which features someone wearing the Guy Fawkes mask and speaking with their voice obscured, explains (in French) that its members have decided to "declare war on you, the terrorists" - referring to Al-Qaeda and ISIS specifically.

"We will track you down - every last one - and will kill you,” the spokesman says. "You allowed yourselves to kill innocent people, we will therefore avenge their deaths."

The figure says that 'hacktivists' from around the world will track all of jihadist activities online and close down their accounts on Twitter, YouTube and Facebook.

"You will not impose your sharia law in our democracies, we will not let your stupidity kill our liberties and our freedom of expression. We have warned you; expect your destruction."
(more) “Je Suis Charlie

The No Back Door Bill is Back

Sen. Ron Wyden (D-Ore.) is reintroducing legislation that bars the government from requiring technology companies to build so-called "backdoor" security vulnerabilities into their devices to allow access to their data.

Wyden first introduced the bill last December after FBI director James Comey criticized moves by some phone companies to encrypt devices to prevent anyone from accessing their data without permission, even law enforcement.

Comey has called on Congress to update a 1994 law to allow a workaround, saying the phone locks could stall some law enforcement investigations.

The problem with this proposal is that there is no such thing as a magic key that can only be used by good people for worthwhile reasons,” Wyden said in a floor statement Thursday. “There is only strong security or weak security.”
(more)

Hanoi Police Seek Criminal Charges in Massive Phone Bugging Case

Hanoi police have finished investigating a deputy director and six employees of a technology firm which sold a spy app that allowed its users to spy on more than 14,000 mobile phones in 2013-2014.

They said Thursday they have recommended that the prosecutor's office charge Viet Hong Technology Company’s Deputy Director Nguyen Viet Hung and six employees for “illegally using information culled from computer, internet and telecommunication networks.”

Police said Hung, 41, and the employees... developed mobile phone-monitoring software and sold it to more than 14,000 people between September 2013 and May 2014.

Hung and the six employees earned around VND900 million (US$42,000) from the illegal activity, police said. 

For VND400,000 ($19) per month, Viet Hong's customers could install the Ptracker software onto anyone's smartphones to listen on calls, read text messages, access contacts, track the owners' movements and use the phone to listen in on their daily lives.

The stolen information was archived on Viet Hong’s servers and could be accessed by signing up for a paid account.
(more)

TEMPEST in a Tea Shop, or Dude, You're Leaking

If you’re sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn’t connect to the shop’s wifi, think again. The bad guys may be able to see what you’re doing just by analyzing the low-power electronic signals your laptop emits even when it’s not connected to the Internet. And smartphones may be even more vulnerable to such spying.


Researchers at the Georgia Institute of Technology are investigating where these information “leaks” originate so they can help hardware and software designers develop strategies to plug them. By studying emissions from multiple computers, the researchers have developed a metric for measuring the strength of the leaks — known technically as “side-channel signal” — to help prioritize security efforts.
(more)

Thursday, January 8, 2015

Security Directors: Cell Phone App Security... in simple terms, pass it around.

Mobile devices, such as tablets and smartphones, have become one of the primary technologies we use in both our personal and professional lives.

What makes mobile devices so versatile are the millions of apps we can choose from...

However, with the power of all these mobile apps come risks. Here are some steps you can take to securely use and maintain your mobile apps.
(Securely Using Mobile Apps)

Peeking Through Keyholes With Lasers... well, yes and no.

An imaging technique that measures the path of a laser to build up a three-dimensional picture could now let spies map an entire room through a tiny hole.

In 2012, researchers used a laser to see around corners. The system worked by firing short laser pulses at a nearby wall, bouncing light around a corner to a hidden object, which then bounces some of it back to a camera next to the laser...

Now Chenfei Jin of the Harbin Institute of Technology in China and colleagues have taken this a step further. They used a laser set-up to measure the 3D shape and position of three cardboard letters, spelling HIT, through a 2 centimetre hole in a nearby wall...

The letters were coated in highly reflective material while the rest of the room was covered in black light-absorbing cloth, so the technique might not work as well in a real-world setting...

Guy Satat of the Massachusetts Institute of Technology says he likes the work, but points out that if the hole were easily accessible, it would be easier for would-be spies to simply put a camera up against the wall and take a photo of the room.
(more)