Two Canadian Spy Opportunities

Canadian students who want a career in electronic spying have until January 25 to apply to the Communications Security Establishment Canada (CSEC), the electronic surveillance arm of the federal government.

CSEC has started a hiring campaign targeting colleges and universities a few months ahead of the inauguration of its new headquarters in Ottawa (see list of opportunities). The building, with an astronomical price tag of $1.2 billion, is the most expensive government complex in Canadian history, dubbed the spy "Taj Mahal" by several critics. The immense campus is located next to the Canadian Security Intelligence Service (CSIS) headquarters, and the two will be joined by a walkway. The veritable "spy nest" will house 4,000 cryptographers, secret agents and information specialists of all kinds in Gloucester, a suburb of the nation's capital.
(more)

The new headquarters of Canada’s electronic surveillance agency had an “extreme vulnerability” which was inadvertently breached by firefighters responding to an emergency call, the Toronto Star reports. The Canadian Communications Security Establishment (CSE) revealed the vulnerability by sending uncensored documents in response to an access to information request by the Star about the fire.

The sensitive information contained in the documents was highlighted, but not censored, compounding one security breakdown with another.

During the construction of the $800 million CAD (about $660 million USD) building for the CSE, a routine call in response to a small fire lead local firefighters to different entrance than the one they were expected at. Finding no-one there, they cut a padlock to access the building.

The documents also reveal vulnerabilities such as inoperative security cameras and a long-missing visitor pass. At least some of those vulnerabilities have since been addressed, and the agency told the Star that the construction access point used in the incident no longer exists, now that the building is complete and occupied.
(more)

Weird Science - One-way Spy Mirrors Prove Zero Topological Entropy

Entropy And Complexity Of Polygonal Billiards With Spy Mirrors
We prove that a polygonal billiard with one-sided mirrors has zero topological entropy. In certain cases we show sub exponential and for other polynomial estimates on the complexity.
(more)

iPhones Have Built-in Spyware - Well, duh.

NSA whistleblower Edward Snowden has claimed that Apple’s iPhone range of devices contains built-in spy software that can be used to track the owner.

According to Snowden’s lawyer, the software can be remotely activated at any time without the user’s knowledge.
(more)

2 Million Cars Open to Hackers - "Say it ain't so, Flo."

An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.

US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008... According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.


The "Internet of automobiles" may hold promise, but it comes with risks, too."Anything on the bus can talk to anything [else] on the bus," Thuen was quoted as saying in an article from Dark Reading. "You could do a cellular man-in-the-middle attack" assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.
(more)

Coming Soon - Confide - The Vanishing App for Executives

Sometime in the coming weeks, confidential-messaging startup Confide will launch a service that allows businesses to send documents, not just texts, using its signature version of disappearing ink.

This advanced Snapchat for grown-ups, the company believes, will bring back the sense of privacy and control that has increasingly become a casualty of online communications. It should also provide a defense against hackers...

The system has been envisioned as a sort of online version of the private business call...

Alone among ephemeral apps, Confide cloaks the text in a way that makes it impossible to capture with a screen shot. The user reads by moving a finger underneath each line of text, which unveils just a few words at a time... Confide's other selling points include end-to-end encryption... The message vanishes from users' phones once it's sent and after it's read.
(more)

Security Director Alert - China Travel and Email

Users of Microsoft's Outlook email service in China had their accounts hacked on Saturday 17 January by the Chinese government, according to web monitoring website GreatFire.org.

The attacks affected people using email clients such as Outlook, Mozilla's Thunderbird and apps on their smartphones that use the SMTP and IMAP protocols, but did not affect the browser versions such as www.outlook.com.

The man-in-the-middle attack used by the hackers allowed them to intercept conversations between victims, which appear to be private but are in fact controlled by the hackers.

GreatFire.org was able to reproduce the results seen by victims, including the fake certificates used by the hackers to pretend they were the intended recipient.

"If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor," a blog post said on Monday 19 January.

The attack on Outlook comes just a month after the Chinese government blocked the use of Google's Gmail service in the country.
(more)

Know What They Call... Spy vs. Spy vs. Spy vs Spy?

A tranche of fresh Snowden leaks... detailing the bizarre, fractal practices of "fourth-party collection" and "fifth-party collection."

 "Fourth party collection" is the practice of spying on spy agencies to gather all the data they're taking in. "Fifth-party collection" is the practice of spying on spies who are spying on other spies. Really.
(more)

Spy Penned Friends, or You Look a Lot Hotter on the Net

PA - A Blairsville man has pleaded guilty to a single charge that he surreptitiously photographed friends, co-workers, relatives and others without permission, using a digital “spy pen” to capture their images in May 2013.

Wesley Lear, 57, also was accused by investigators of editing the photos to place his victims’ faces on nude bodies and circulated them on the Internet, and was charged with downloading child pornography images to his computer.
(more)

UK - Former Deputy Prime Minister Finds Car Bugged

UK - John Prescott has turned detective after finding his Jaguar had been bugged.

The former Deputy Prime Minister discovered the device hidden in his car when he took it to a garage because it had problems starting.

Mechanics found a tracker concealed under the driver’s seat that was hooked up to the car battery, draining its power.

The sophisticated device uses mobile phone technology and is capable of reporting the Jag’s movements at all times. It also has an inbuilt microphone enabling it to pick up conversations.

And the 6 inch-square black box is even capable of immobilising the car if instructed to by mobile phone.

Lord Prescott told the Sunday Mirror: “I’ve been told that whoever knows the SIM card that goes with the tracker can send out a signal and stop the engine...

"This type of surveillance breaches our right to privacy – I’ve had my mobile hacked, my phone tapped, and now someone might have been tracking my car.”

But insisting he was calm about the find he joked: “I can only hope whoever listened to my conversations installed an automatic bleeper too.”
(more)

Best guess from here... Installed by the car dealership, or previous owner, to thwart late payments or theft.

History: The Case of the Vanishing Private Eyes

How 19th-century America's biggest, most dogged detective agency went on to get unceremoniously acquired 100 years later by a Swedish conglomerate...

Sam (Dashiell) Hammett was a wayward youth. Having left school at the age of 13, he spent his teenage years holding down odd jobs, blowing his paychecks on horse races and boxing matches, and consorting with prostitutes in the rougher sections of Baltimore and Philadelphia. Within a few years, alcoholism had its claws in him, and by age 20 it was rumored that he had already contracted a venereal disease.

In 1915, Hammett, the son of a Maryland farmer, joined the Pinkerton National Detective Agency at the age of 21. During the early 1890s, the Pinkertons, as they were more commonly known, had boasted a force of 2,000 active operatives and some 30,000 reserve officers. By comparison, the United States Army, which for decades had been primarily concerned with fighting Native Americans in the West, had fewer than 30,000 officers and enlisted men assigned to active duty.
(more)

60 Seconds + 1 USB Necklace = A Spy Hiding in Your Computer

The necklace, called USBdriveby, it’s a USB-powered microcontroller-on-a-chain, rigged to exploit the inherently awful security flaws lurking in your computer’s USB ports. In about 60 seconds, it can pull off a laundry list of nasty tricks...

...this device hijacks your machine, disables many layers of security, cleans up the mess it makes, and opens a connection for remote manipulation even after the device has been removed..

So what can you do to protect yourself from things like this? Not a whole lot, really — that’s why attacks like this and BadUSB are so freaky. A lot of these flaws are inherent to the way the USB protocol was designed and implemented across so many hundreds of millions of computers; short of filling your USB ports with cement or never, ever leaving your computer’s ports unattended while out and about, there’s no magic fix.
(more)

Need Some Espionage Done? Post Your Black Bag Job On Line

At a time when huge stealth attacks on companies like Sony Pictures, JPMorgan Chase and Home Depot attract attention, less noticed is a growing cottage industry of ordinary people hiring hackers for much smaller acts of espionage.

A new website, called Hacker’s List, seeks to match hackers with people looking to gain access to email accounts, take down unflattering photos from a website or gain access to a company’s database. In less than three months of operation, over 500 hacking jobs have been put out to bid on the site, with hackers vying for the right to do the dirty work.
(more)

What Do These 3 Spy Tools Have in Common?

SPIKE MIC™
The Spike Mic Launcher is a remote listening device delivering audio surveillance. The Spike Mic dart has a built in microphone with two interchangeable tips: Sticky Dart and Suction Cup. Launch it or stick it to a surface and listen. With a live audio feed you’ll remain undetected as you hear conversations happening in far away locations. Digital transmission in the 2.4 GHz Wi-Fi band.

TRI-OPTICS VIDEO WATCH™
Record up to 20 minutes of video using 3 unique lenses on the Tri-Optics Video Watch. Rotate the watch’s outer ring to switch between standard, wide or zoom lenses. Hide your watch in an unsuspecting location and let the internal motion detector auto-record video whenever it detects movement. Use the included USB cable to download your footage and charge the Tri-Optics Video Watch. Stream, record and capture live video and photos.

SPY WIRE MIC™
Spy Wire Mic lets you record conversations covertly! Attach the recording device to your belt and line your jacket with the wired microphone. Press the record button to activate audio recording and capture conversation.

ANSWERS
• Low price (between $9.99 and $39.99)
• Available at Walmart.
• Recommended for ages 8+

Building a generation of adults predisposed to snooping one birthday at a time.

Privacy Tip #572 - Get Out of the Directories

techlicious.com recently provided some excellent help for increasing your on-line privacy...

Spokeo
Search your name on the site (if that doesn't work, try your maiden or former name), and choose the state where you live. Click the appropriate street to find your specific listing and copy the URL.

Go to the opt-out page, paste the URL, and enter your email address to remove the listing. You may have multiple listings on Spokeo if you have moved or changed your name, and will need to return to the opt-out page to remove each one.

PeopleSmart
Start on this opt-out page (not the main PeopleSmart homepage) to "manage" (aka remove or update) your listing. Once you select the listing, click on the work info that applies to you (if it's not the correct information, just skip the step and proceed).

When you reach Define Your Privacy Preferences, deselect all checks under "Contact Information" and "Work Information." Select "Apply these settings to other people search websites" and then submit.

MyLife
To remove your member profile, email privacy@mylife.com or call 1-888-704-1900. The company claims that it takes up to 10 days to process a request. If your info still appears after 10 days, don't hesitate to persist, and call or email again.

Intelius
The opt-out page will prompt you to verify your identification by attaching a scan of a driver's license, passport, military ID, state ID, or employee ID from a state agency. The photo and driver's license number should be crossed out. A notarized statement of your identity is also acceptable.

Enter in an email address to receive a confirmation when your info has been removed, and type in any additional records found on the site in the Additional Information field.

You can also fax your ID verification to 425-974-6194, or mail a copy to Intelius Consumer Affairs, P.O. Box 808, Bothell, WA 98041-0808.

Why You Need to Sweep for Bugs (TSCM) - Reason #4: CYBERSPIES

Your security efforts are IT focused. 
You diligently monitor your computer's front door, the network. 
Meanwhile these hack-vac bugs are sucking it all out your back door.

A TSCM bug sweep program can catch these.

Example 1:
"KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring."

Unit Cost for Parts: $10 - 80 depending on operation
Status: Operational, open source, open hardware, declassified.
Note: KeySweeper can be built into anything that uses mains power. (Think: power strips, clocks, lamps, legitimate wall warts (as pictured), radios, print centers, fax machines, etc.)

Example 2:
The Pwn Plug Academic Edition is a penetration testing drop box.



Wireless (802.11b/g/n) high gain Bluetooth & USB Ethernet adapters
Fully-automated NAC/802.1x/Radius bypass
One-click EvilAP, stealth mode & passive recon

The Pwn Plug Academic Edition acts as a penetration testing drop box that covers most of a full-scale pentesting engagement, from physical-layer to application layer. The Pwn Plug Academic Edition is controlled through a simple web-based administration and comes preloaded with an array of penetration testing tools and Wireless, Bluetooth, and USB Ethernet adapters.

Example 3: 
The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor.

Onboard high-gain 802.11a/b/g/n wireless
Onboard Bluetooth
External 4G/GSM cellular
Greatly improved performance and reliability The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor. With onboard high-gain 802.11a/b/g/n wireless, onboard Bluetooth, external 4G/GSM cellular, ruggedized case design, and greatly improved performance and reliability, the Pwn Plug R3 is the enterprise penetration tester’s dream tool.

Example #4:
The MiniPwner

The MiniPwner is a penetration testing “drop box”. You (or maybe a cleaner you’ve bribed) needs to plug it into an Ethernet plug in the target’s building, and then you can slurp all the data out of their network via a wifi link.

The penetration tester uses stealth or social engineering techniques to plug the MiniPwner into an available network port. (common locations include conference rooms, unoccupied workstations, the back of IP Telephones, etc.)

Once it is plugged in, the penetration tester can log into the MiniPwner and begin scanning and attacking the network. The MiniPwner can simultaneously establish SSH tunnels through the target network, and also allow the penetration tester to connect to the MiniPwner via Wifi.  

Example #5:
WiFi Pineapple Mark V
Slightly larger than a smartphone the WiFi Pine-apple Mark V is the “ultimate” cyber surveillance device. It uses an “intuitive” web interface to enable hackers to break into a corporate’s IT networks through its wifi connections. It costs $100.

Example #6: 
USB Switchblade
"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc.

This gadget, which looks like a USB stick, has a program that swings into action when it’s inserted into the USB drive. It then begins its naughty work (without the user knowing) it by exploiting a flaw in USB autorun settings. How about dropping it in the car park of your target’s offices, seeing if someone will pick it up and plug it in to see what’s on it..."