An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.
US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008... According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.
The "Internet of automobiles" may hold promise, but it comes with risks, too."Anything on the bus can talk to anything [else] on the bus," Thuen was quoted as saying in an article from Dark Reading. "You could do a cellular man-in-the-middle attack" assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.
(more)
Wednesday, January 21, 2015
Tuesday, January 20, 2015
Coming Soon - Confide - The Vanishing App for Executives
Sometime in the coming weeks, confidential-messaging startup Confide will launch a service that allows businesses to send documents, not just texts, using its signature version of disappearing ink.
This advanced Snapchat for grown-ups, the company believes, will bring back the sense of privacy and control that has increasingly become a casualty of online communications. It should also provide a defense against hackers...
The system has been envisioned as a sort of online version of the private business call...
Alone among ephemeral apps, Confide cloaks the text in a way that makes it impossible to capture with a screen shot. The user reads by moving a finger underneath each line of text, which unveils just a few words at a time... Confide's other selling points include end-to-end encryption... The message vanishes from users' phones once it's sent and after it's read.
(more)
This advanced Snapchat for grown-ups, the company believes, will bring back the sense of privacy and control that has increasingly become a casualty of online communications. It should also provide a defense against hackers...
The system has been envisioned as a sort of online version of the private business call...
Alone among ephemeral apps, Confide cloaks the text in a way that makes it impossible to capture with a screen shot. The user reads by moving a finger underneath each line of text, which unveils just a few words at a time... Confide's other selling points include end-to-end encryption... The message vanishes from users' phones once it's sent and after it's read.
(more)
Monday, January 19, 2015
Security Director Alert - China Travel and Email
Users of Microsoft's Outlook email service in China had their accounts hacked on Saturday 17 January by the Chinese government, according to web monitoring website GreatFire.org.
The attacks affected people using email clients such as Outlook, Mozilla's Thunderbird and apps on their smartphones that use the SMTP and IMAP protocols, but did not affect the browser versions such as www.outlook.com.
The man-in-the-middle attack used by the hackers allowed them to intercept conversations between victims, which appear to be private but are in fact controlled by the hackers.
GreatFire.org was able to reproduce the results seen by victims, including the fake certificates used by the hackers to pretend they were the intended recipient.
"If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor," a blog post said on Monday 19 January.
The attack on Outlook comes just a month after the Chinese government blocked the use of Google's Gmail service in the country.
(more)
The attacks affected people using email clients such as Outlook, Mozilla's Thunderbird and apps on their smartphones that use the SMTP and IMAP protocols, but did not affect the browser versions such as www.outlook.com.
The man-in-the-middle attack used by the hackers allowed them to intercept conversations between victims, which appear to be private but are in fact controlled by the hackers.
GreatFire.org was able to reproduce the results seen by victims, including the fake certificates used by the hackers to pretend they were the intended recipient.
"If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor," a blog post said on Monday 19 January.
The attack on Outlook comes just a month after the Chinese government blocked the use of Google's Gmail service in the country.
(more)
Sunday, January 18, 2015
Know What They Call... Spy vs. Spy vs. Spy vs Spy?
A tranche of fresh Snowden leaks... detailing the bizarre, fractal practices of "fourth-party collection" and "fifth-party collection."
"Fourth party collection" is the practice of spying on spy agencies to gather all the data they're taking in. "Fifth-party collection" is the practice of spying on spies who are spying on other spies. Really.
(more)
"Fourth party collection" is the practice of spying on spy agencies to gather all the data they're taking in. "Fifth-party collection" is the practice of spying on spies who are spying on other spies. Really.
(more)
Spy Penned Friends, or You Look a Lot Hotter on the Net
PA - A Blairsville man has pleaded guilty to a single charge that he surreptitiously photographed friends, co-workers, relatives and others without permission, using a digital “spy pen” to capture their images in May 2013.
Wesley Lear, 57, also was accused by investigators of editing the photos to place his victims’ faces on nude bodies and circulated them on the Internet, and was charged with downloading child pornography images to his computer.
(more)
Wesley Lear, 57, also was accused by investigators of editing the photos to place his victims’ faces on nude bodies and circulated them on the Internet, and was charged with downloading child pornography images to his computer.
(more)
UK - Former Deputy Prime Minister Finds Car Bugged
UK - John Prescott has turned detective after finding his Jaguar had been bugged.
The former Deputy Prime Minister discovered the device hidden in his car when he took it to a garage because it had problems starting.
Mechanics found a tracker concealed under the driver’s seat that was hooked up to the car battery, draining its power.
The sophisticated device uses mobile phone technology and is capable of reporting the Jag’s movements at all times. It also has an inbuilt microphone enabling it to pick up conversations.
And the 6 inch-square black box is even capable of immobilising the car if instructed to by mobile phone.
Lord Prescott told the Sunday Mirror: “I’ve been told that whoever knows the SIM card that goes with the tracker can send out a signal and stop the engine...
"This type of surveillance breaches our right to privacy – I’ve had my mobile hacked, my phone tapped, and now someone might have been tracking my car.”
But insisting he was calm about the find he joked: “I can only hope whoever listened to my conversations installed an automatic bleeper too.”
(more)
Best guess from here... Installed by the car dealership, or previous owner, to thwart late payments or theft.
The former Deputy Prime Minister discovered the device hidden in his car when he took it to a garage because it had problems starting.
Mechanics found a tracker concealed under the driver’s seat that was hooked up to the car battery, draining its power.
The sophisticated device uses mobile phone technology and is capable of reporting the Jag’s movements at all times. It also has an inbuilt microphone enabling it to pick up conversations.
And the 6 inch-square black box is even capable of immobilising the car if instructed to by mobile phone.
Lord Prescott told the Sunday Mirror: “I’ve been told that whoever knows the SIM card that goes with the tracker can send out a signal and stop the engine...
"This type of surveillance breaches our right to privacy – I’ve had my mobile hacked, my phone tapped, and now someone might have been tracking my car.”
But insisting he was calm about the find he joked: “I can only hope whoever listened to my conversations installed an automatic bleeper too.”
(more)
Best guess from here... Installed by the car dealership, or previous owner, to thwart late payments or theft.
History: The Case of the Vanishing Private Eyes
How 19th-century America's biggest, most dogged detective agency went on to get unceremoniously acquired 100 years later by a Swedish conglomerate...
Sam (Dashiell) Hammett was a wayward youth. Having left school at the age of 13, he spent his teenage years holding down odd jobs, blowing his paychecks on horse races and boxing matches, and consorting with prostitutes in the rougher sections of Baltimore and Philadelphia. Within a few years, alcoholism had its claws in him, and by age 20 it was rumored that he had already contracted a venereal disease.
In 1915, Hammett, the son of a Maryland farmer, joined the Pinkerton National Detective Agency at the age of 21. During the early 1890s, the Pinkertons, as they were more commonly known, had boasted a force of 2,000 active operatives and some 30,000 reserve officers. By comparison, the United States Army, which for decades had been primarily concerned with fighting Native Americans in the West, had fewer than 30,000 officers and enlisted men assigned to active duty.
(more)
Sam (Dashiell) Hammett was a wayward youth. Having left school at the age of 13, he spent his teenage years holding down odd jobs, blowing his paychecks on horse races and boxing matches, and consorting with prostitutes in the rougher sections of Baltimore and Philadelphia. Within a few years, alcoholism had its claws in him, and by age 20 it was rumored that he had already contracted a venereal disease.
In 1915, Hammett, the son of a Maryland farmer, joined the Pinkerton National Detective Agency at the age of 21. During the early 1890s, the Pinkertons, as they were more commonly known, had boasted a force of 2,000 active operatives and some 30,000 reserve officers. By comparison, the United States Army, which for decades had been primarily concerned with fighting Native Americans in the West, had fewer than 30,000 officers and enlisted men assigned to active duty.
(more)
60 Seconds + 1 USB Necklace = A Spy Hiding in Your Computer
The necklace, called USBdriveby, it’s a USB-powered microcontroller-on-a-chain, rigged to exploit the inherently awful security flaws lurking in your computer’s USB ports. In about 60 seconds, it can pull off a laundry list of nasty tricks...
...this device hijacks your machine, disables many layers of security, cleans up the mess it makes, and opens a connection for remote manipulation even after the device has been removed..
So what can you do to protect yourself from things like this? Not a whole lot, really — that’s why attacks like this and BadUSB are so freaky. A lot of these flaws are inherent to the way the USB protocol was designed and implemented across so many hundreds of millions of computers; short of filling your USB ports with cement or never, ever leaving your computer’s ports unattended while out and about, there’s no magic fix.
(more)
...this device hijacks your machine, disables many layers of security, cleans up the mess it makes, and opens a connection for remote manipulation even after the device has been removed..
So what can you do to protect yourself from things like this? Not a whole lot, really — that’s why attacks like this and BadUSB are so freaky. A lot of these flaws are inherent to the way the USB protocol was designed and implemented across so many hundreds of millions of computers; short of filling your USB ports with cement or never, ever leaving your computer’s ports unattended while out and about, there’s no magic fix.
(more)
Friday, January 16, 2015
Need Some Espionage Done? Post Your Black Bag Job On Line
At a time when huge stealth attacks on companies like Sony Pictures, JPMorgan Chase and Home Depot attract attention, less noticed is a growing cottage industry of ordinary people hiring hackers for much smaller acts of espionage.
A new website, called Hacker’s List, seeks to match hackers with people looking to gain access to email accounts, take down unflattering photos from a website or gain access to a company’s database. In less than three months of operation, over 500 hacking jobs have been put out to bid on the site, with hackers vying for the right to do the dirty work.
(more)
A new website, called Hacker’s List, seeks to match hackers with people looking to gain access to email accounts, take down unflattering photos from a website or gain access to a company’s database. In less than three months of operation, over 500 hacking jobs have been put out to bid on the site, with hackers vying for the right to do the dirty work.
(more)
Thursday, January 15, 2015
What Do These 3 Spy Tools Have in Common?
SPIKE MIC™
The Spike Mic Launcher is a remote listening device delivering audio surveillance. The Spike Mic dart has a built in microphone with two interchangeable tips: Sticky Dart and Suction Cup. Launch it or stick it to a surface and listen. With a live audio feed you’ll remain undetected as you hear conversations happening in far away locations. Digital transmission in the 2.4 GHz Wi-Fi band.
TRI-OPTICS VIDEO WATCH™
Record up to 20 minutes of video using 3 unique lenses on the Tri-Optics Video Watch. Rotate the watch’s outer ring to switch between standard, wide or zoom lenses. Hide your watch in an unsuspecting location and let the internal motion detector auto-record video whenever it detects movement. Use the included USB cable to download your footage and charge the Tri-Optics Video Watch. Stream, record and capture live video and photos.
SPY WIRE MIC™
Spy Wire Mic lets you record conversations covertly! Attach the recording device to your belt and line your jacket with the wired microphone. Press the record button to activate audio recording and capture conversation.
ANSWERS
• Low price (between $9.99 and $39.99)
• Available at Walmart.
• Recommended for ages 8+
Building a generation of adults predisposed to snooping one birthday at a time.
The Spike Mic Launcher is a remote listening device delivering audio surveillance. The Spike Mic dart has a built in microphone with two interchangeable tips: Sticky Dart and Suction Cup. Launch it or stick it to a surface and listen. With a live audio feed you’ll remain undetected as you hear conversations happening in far away locations. Digital transmission in the 2.4 GHz Wi-Fi band.
TRI-OPTICS VIDEO WATCH™
Record up to 20 minutes of video using 3 unique lenses on the Tri-Optics Video Watch. Rotate the watch’s outer ring to switch between standard, wide or zoom lenses. Hide your watch in an unsuspecting location and let the internal motion detector auto-record video whenever it detects movement. Use the included USB cable to download your footage and charge the Tri-Optics Video Watch. Stream, record and capture live video and photos.
SPY WIRE MIC™
Spy Wire Mic lets you record conversations covertly! Attach the recording device to your belt and line your jacket with the wired microphone. Press the record button to activate audio recording and capture conversation.
ANSWERS
• Low price (between $9.99 and $39.99)
• Available at Walmart.
• Recommended for ages 8+
Building a generation of adults predisposed to snooping one birthday at a time.
Wednesday, January 14, 2015
Privacy Tip #572 - Get Out of the Directories
techlicious.com recently provided some excellent help for increasing your on-line privacy...
Spokeo
Search your name on the site (if that doesn't work, try your maiden or former name), and choose the state where you live. Click the appropriate street to find your specific listing and copy the URL.
Go to the opt-out page, paste the URL, and enter your email address to remove the listing. You may have multiple listings on Spokeo if you have moved or changed your name, and will need to return to the opt-out page to remove each one.
PeopleSmart
Start on this opt-out page (not the main PeopleSmart homepage) to "manage" (aka remove or update) your listing. Once you select the listing, click on the work info that applies to you (if it's not the correct information, just skip the step and proceed).
When you reach Define Your Privacy Preferences, deselect all checks under "Contact Information" and "Work Information." Select "Apply these settings to other people search websites" and then submit.
MyLife
To remove your member profile, email privacy@mylife.com or call 1-888-704-1900. The company claims that it takes up to 10 days to process a request. If your info still appears after 10 days, don't hesitate to persist, and call or email again.
Intelius
The opt-out page will prompt you to verify your identification by attaching a scan of a driver's license, passport, military ID, state ID, or employee ID from a state agency. The photo and driver's license number should be crossed out. A notarized statement of your identity is also acceptable.
Enter in an email address to receive a confirmation when your info has been removed, and type in any additional records found on the site in the Additional Information field.
You can also fax your ID verification to 425-974-6194, or mail a copy to Intelius Consumer Affairs, P.O. Box 808, Bothell, WA 98041-0808.
Spokeo
Search your name on the site (if that doesn't work, try your maiden or former name), and choose the state where you live. Click the appropriate street to find your specific listing and copy the URL.
Go to the opt-out page, paste the URL, and enter your email address to remove the listing. You may have multiple listings on Spokeo if you have moved or changed your name, and will need to return to the opt-out page to remove each one.
PeopleSmart
Start on this opt-out page (not the main PeopleSmart homepage) to "manage" (aka remove or update) your listing. Once you select the listing, click on the work info that applies to you (if it's not the correct information, just skip the step and proceed).
When you reach Define Your Privacy Preferences, deselect all checks under "Contact Information" and "Work Information." Select "Apply these settings to other people search websites" and then submit.
MyLife
To remove your member profile, email privacy@mylife.com or call 1-888-704-1900. The company claims that it takes up to 10 days to process a request. If your info still appears after 10 days, don't hesitate to persist, and call or email again.
Intelius
The opt-out page will prompt you to verify your identification by attaching a scan of a driver's license, passport, military ID, state ID, or employee ID from a state agency. The photo and driver's license number should be crossed out. A notarized statement of your identity is also acceptable.
Enter in an email address to receive a confirmation when your info has been removed, and type in any additional records found on the site in the Additional Information field.
You can also fax your ID verification to 425-974-6194, or mail a copy to Intelius Consumer Affairs, P.O. Box 808, Bothell, WA 98041-0808.
Why You Need to Sweep for Bugs (TSCM) - Reason #4: CYBERSPIES
Your security efforts are IT focused.
You diligently monitor your computer's front door, the network.
Meanwhile these hack-vac bugs are sucking it all out your back door.
A TSCM bug sweep program can catch these.
Example 1:
"KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring."
Unit Cost for Parts: $10 - 80 depending on operation
Status: Operational, open source, open hardware, declassified.
Note: KeySweeper can be built into anything that uses mains power. (Think: power strips, clocks, lamps, legitimate wall warts (as pictured), radios, print centers, fax machines, etc.)
Example 2:
The Pwn Plug Academic Edition is a penetration testing drop box.
Wireless (802.11b/g/n) high gain Bluetooth & USB Ethernet adapters
Fully-automated NAC/802.1x/Radius bypass
One-click EvilAP, stealth mode & passive recon
The Pwn Plug Academic Edition acts as a penetration testing drop box that covers most of a full-scale pentesting engagement, from physical-layer to application layer. The Pwn Plug Academic Edition is controlled through a simple web-based administration and comes preloaded with an array of penetration testing tools and Wireless, Bluetooth, and USB Ethernet adapters.
Example 3:
The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor.
Onboard high-gain 802.11a/b/g/n wireless
Onboard Bluetooth
External 4G/GSM cellular
Greatly improved performance and reliability The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor. With onboard high-gain 802.11a/b/g/n wireless, onboard Bluetooth, external 4G/GSM cellular, ruggedized case design, and greatly improved performance and reliability, the Pwn Plug R3 is the enterprise penetration tester’s dream tool.
Example #4:
The MiniPwner
The MiniPwner is a penetration testing “drop box”. You (or maybe a cleaner you’ve bribed) needs to plug it into an Ethernet plug in the target’s building, and then you can slurp all the data out of their network via a wifi link.
The penetration tester uses stealth or social engineering techniques to plug the MiniPwner into an available network port. (common locations include conference rooms, unoccupied workstations, the back of IP Telephones, etc.)
Once it is plugged in, the penetration tester can log into the MiniPwner and begin scanning and attacking the network. The MiniPwner can simultaneously establish SSH tunnels through the target network, and also allow the penetration tester to connect to the MiniPwner via Wifi.
Example #5:
WiFi Pineapple Mark V
Slightly larger than a smartphone the WiFi Pine-apple Mark V is the “ultimate” cyber surveillance device. It uses an “intuitive” web interface to enable hackers to break into a corporate’s IT networks through its wifi connections. It costs $100.
Example #6:
USB Switchblade
"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc.
This gadget, which looks like a USB stick, has a program that swings into action when it’s inserted into the USB drive. It then begins its naughty work (without the user knowing) it by exploiting a flaw in USB autorun settings. How about dropping it in the car park of your target’s offices, seeing if someone will pick it up and plug it in to see what’s on it..."
You diligently monitor your computer's front door, the network.
Meanwhile these hack-vac bugs are sucking it all out your back door.
A TSCM bug sweep program can catch these.
Example 1:
"KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring."
Unit Cost for Parts: $10 - 80 depending on operation
Status: Operational, open source, open hardware, declassified.
Note: KeySweeper can be built into anything that uses mains power. (Think: power strips, clocks, lamps, legitimate wall warts (as pictured), radios, print centers, fax machines, etc.)
Example 2:
The Pwn Plug Academic Edition is a penetration testing drop box.
Wireless (802.11b/g/n) high gain Bluetooth & USB Ethernet adapters
Fully-automated NAC/802.1x/Radius bypass
One-click EvilAP, stealth mode & passive recon
The Pwn Plug Academic Edition acts as a penetration testing drop box that covers most of a full-scale pentesting engagement, from physical-layer to application layer. The Pwn Plug Academic Edition is controlled through a simple web-based administration and comes preloaded with an array of penetration testing tools and Wireless, Bluetooth, and USB Ethernet adapters.
Example 3:
The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor.
Onboard high-gain 802.11a/b/g/n wireless
Onboard Bluetooth
External 4G/GSM cellular
Greatly improved performance and reliability The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor. With onboard high-gain 802.11a/b/g/n wireless, onboard Bluetooth, external 4G/GSM cellular, ruggedized case design, and greatly improved performance and reliability, the Pwn Plug R3 is the enterprise penetration tester’s dream tool.
Example #4:
The MiniPwner
The MiniPwner is a penetration testing “drop box”. You (or maybe a cleaner you’ve bribed) needs to plug it into an Ethernet plug in the target’s building, and then you can slurp all the data out of their network via a wifi link.
The penetration tester uses stealth or social engineering techniques to plug the MiniPwner into an available network port. (common locations include conference rooms, unoccupied workstations, the back of IP Telephones, etc.)
Once it is plugged in, the penetration tester can log into the MiniPwner and begin scanning and attacking the network. The MiniPwner can simultaneously establish SSH tunnels through the target network, and also allow the penetration tester to connect to the MiniPwner via Wifi.
Example #5:
WiFi Pineapple Mark V
Slightly larger than a smartphone the WiFi Pine-apple Mark V is the “ultimate” cyber surveillance device. It uses an “intuitive” web interface to enable hackers to break into a corporate’s IT networks through its wifi connections. It costs $100.
Example #6:
USB Switchblade
"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc.
This gadget, which looks like a USB stick, has a program that swings into action when it’s inserted into the USB drive. It then begins its naughty work (without the user knowing) it by exploiting a flaw in USB autorun settings. How about dropping it in the car park of your target’s offices, seeing if someone will pick it up and plug it in to see what’s on it..."
Tuesday, January 13, 2015
Book Review: “Cell Phone Investigations” by Aaron Edens
Until now, if you wanted to learn all about cell phone investigations you would be cobbling together knowledge in scavenger hunt fashion. Your trek might include:
All the basics one needs to know is clearly laid out in this book. Each chapter is packed with many interesting sub-chapters like: caller ID spoofing, cell site dumps, storing and preserving evidence. The Table of Contents shows the important bases covered…
Law enforcement investigators will particularly appreciate Mr. Edens’ street tips.
Example 1: Arresting officers need training when it comes to electronic evidence collection. If 12 gang members are arrested you are likely to get a bag o’ phones without knowing which suspect owns what phone. “Without a doubt if they had seized 12 firearms the process would have been completely different. The firearms would have been photographed in place to precisely document the location at which they were found, and to establish dominion and control.”
Example 2: The five errors law enforcement officers make when using cell site information. Most of these apply to private investigators and attorneys as well. “Investigators will commonly refer to the cell phone and the target of the investigation interchangeably. I strongly recommend you avoid this dangerous habit,” and goes on to explain the important reason why.
Strip away the some of the law enforcement only information and you have an excellent book for the private sector with fascinating CSI tidbits tossed in. Say the phone you want to examine is soaked in blood or some other yuck biohazard. What can / should you do? Hint, don’t try cleaning it with soap, water and your electric toothbrush. Nah, I’m sure you knew better about the toothbrush. Try alcohol in an ultrasonic tub instead.
New devices like smart watches, and breadcrumbs from the Internet-of-things, are bringing new opportunities and challenges continually. Updates and revised editions of this book are to be expected, and a companion web page with late breaking news would be a welcome addition.
Having all the information in one place has been accomplished very well. Transferring the knowledge to the reader – easily – will take a little more finesse.
In its current form, Cell Phone Investigations is a tiring read. Some basic visual communications tenets were overlooked. Lines of type stretch across 6.5 inches of an 8.5 inch page, averaging about 113 characters per line. This makes focusing difficult. To compound the visual felony the text is entirely sans-serif type, making reading even more challenging. The solution for future editions is simple. Use two columns per page, with no more than 55-65 characters (including spaces) per line. Use serif type for the text. Save the sans-serif type for titles and headlines. These typographical shortcomings should not deter you from this edition, however. Just expect you won’t be reading this cover to cover in one sitting.
“Cell Phone Investigations” (238 pages) is perfect for law enforcement, attorneys, and students entering either field. If it was written only for private investigators, security directors and people who deal with the public answering questions about cell phones, it would just be fewer pages. In the end, all groups get the education they need in an accurate, well written, well organized manner, with illustrations and charts appropriately sprinkled throughout. ~Kevin
- seminars, given by a few universities and forensic software vendors;
- technical law enforcement newsgroups where tips are swapped;
- articles and white papers ferreted out on a topic by topic basis;
- and a lot of personal trial and error.
All the basics one needs to know is clearly laid out in this book. Each chapter is packed with many interesting sub-chapters like: caller ID spoofing, cell site dumps, storing and preserving evidence. The Table of Contents shows the important bases covered…
- Chapter 1: Search Warrants
- Chapter 2: Phone Records
- Chapter 3: Tools for Examining Records
- Chapter 4: Cell Towers and Cell Sites
- Chapter 5: Cell Phone Forensics
- Chapter 6: Digital Evidence
- Chapter 7: Types of Examinations
- Chapter 8: Using Cell Phone Forensics
- Chapter 9: Locked Devices
- Chapter 10: iPhone Backup Files
- Chapter 11: Sample Search Warrants
- Templates
- Appendix
Law enforcement investigators will particularly appreciate Mr. Edens’ street tips.
Example 1: Arresting officers need training when it comes to electronic evidence collection. If 12 gang members are arrested you are likely to get a bag o’ phones without knowing which suspect owns what phone. “Without a doubt if they had seized 12 firearms the process would have been completely different. The firearms would have been photographed in place to precisely document the location at which they were found, and to establish dominion and control.”
Example 2: The five errors law enforcement officers make when using cell site information. Most of these apply to private investigators and attorneys as well. “Investigators will commonly refer to the cell phone and the target of the investigation interchangeably. I strongly recommend you avoid this dangerous habit,” and goes on to explain the important reason why.
Strip away the some of the law enforcement only information and you have an excellent book for the private sector with fascinating CSI tidbits tossed in. Say the phone you want to examine is soaked in blood or some other yuck biohazard. What can / should you do? Hint, don’t try cleaning it with soap, water and your electric toothbrush. Nah, I’m sure you knew better about the toothbrush. Try alcohol in an ultrasonic tub instead.
New devices like smart watches, and breadcrumbs from the Internet-of-things, are bringing new opportunities and challenges continually. Updates and revised editions of this book are to be expected, and a companion web page with late breaking news would be a welcome addition.
Having all the information in one place has been accomplished very well. Transferring the knowledge to the reader – easily – will take a little more finesse.
In its current form, Cell Phone Investigations is a tiring read. Some basic visual communications tenets were overlooked. Lines of type stretch across 6.5 inches of an 8.5 inch page, averaging about 113 characters per line. This makes focusing difficult. To compound the visual felony the text is entirely sans-serif type, making reading even more challenging. The solution for future editions is simple. Use two columns per page, with no more than 55-65 characters (including spaces) per line. Use serif type for the text. Save the sans-serif type for titles and headlines. These typographical shortcomings should not deter you from this edition, however. Just expect you won’t be reading this cover to cover in one sitting.
“Cell Phone Investigations” (238 pages) is perfect for law enforcement, attorneys, and students entering either field. If it was written only for private investigators, security directors and people who deal with the public answering questions about cell phones, it would just be fewer pages. In the end, all groups get the education they need in an accurate, well written, well organized manner, with illustrations and charts appropriately sprinkled throughout. ~Kevin
Monday, January 12, 2015
Why You Need to Sweep for Bugs (TSCM) - Reason # 6: LAWSUITS
The cost of illegal bugging, wiretapping and video voyeurism is more than emotional distress and lost information...
IN - South Bend taxpayers have so far been saddled with about $1.6 million in attorney fees and the costs of settling lawsuits sparked by the police department's recording of some officers' telephone conversations.
The city and its Common Council have together spent almost $800,000 on attorney fees to date in the ongoing legal battle over the recordings. South Bend also has settled three lawsuits for another $810,000, boosting the total cost of the litigation to about $1.6 million, the South Bend Tribune reported.
The last remaining legal question is whether the wiretapping was illegal... South Bend, joined by four officers, battled the council on that question during a two-day trial in August. A federal judge has not yet ruled. Expect more attorney fees and possibly fines.
(more)
A due diligence debugging sweep program (2-4 times per year) cost most companies less than $35,000. per year.
$1.6 million dollars equals 45+ years of due diligence.
Interested in lowering your risk and establishing due diligence? I am here to help. ~Kevin
IN - South Bend taxpayers have so far been saddled with about $1.6 million in attorney fees and the costs of settling lawsuits sparked by the police department's recording of some officers' telephone conversations.
The city and its Common Council have together spent almost $800,000 on attorney fees to date in the ongoing legal battle over the recordings. South Bend also has settled three lawsuits for another $810,000, boosting the total cost of the litigation to about $1.6 million, the South Bend Tribune reported.
The last remaining legal question is whether the wiretapping was illegal... South Bend, joined by four officers, battled the council on that question during a two-day trial in August. A federal judge has not yet ruled. Expect more attorney fees and possibly fines.
(more)
A due diligence debugging sweep program (2-4 times per year) cost most companies less than $35,000. per year.
$1.6 million dollars equals 45+ years of due diligence.
Interested in lowering your risk and establishing due diligence? I am here to help. ~Kevin
Miss-Fortune Crookie
The executive vice-minister of the Chinese ministry of state security
and one of the top spy chiefs in the country, Ma Jian has been arrested
on charges of corruption, the South China Morning Post reported Monday.
(more)
(more)
Subscribe to:
Posts (Atom)