DEA Uses License-Plate Readers to Build Database for Federal, Local Authorities
The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists, according to current and former officials and government documents.
The primary goal of the license-plate tracking program, run by the Drug Enforcement Administration, is to seize cars, cash and other assets to combat drug trafficking, according to one government document. But the database’s use has expanded to hunt for vehicles associated with numerous other potential crimes, from kidnappings to killings to rape suspects, say people familiar with the matter.
(more)
Monday, January 26, 2015
EP Team Alert - Dating Apps Let Snoopers Track Users
Snoopers have spied on massive numbers of amorous singletons by exploiting security flaws in dating apps.
Luckily, the spies were not creepy stalkers or violent perverts, but a group of cybersecurity experts on a mission to make life safer for daters.
They were able to track volunteers' every move in a discovery which should send chills down the spine of anyone using apps to find love...
This weekend, Colby Moore (security researcher at Synack) will present a talk at the tech conference ShmooCon, where he will discuss how he managed to track "tens of thousands" of amorous app users at the same time.
He suggested dating app security holes could even be used to spy on celebs.
"We [will] show just how easy it might be to reveal the identity of and track your favorite athlete, politician, or movie star," Moore wrote.
(more)
Luckily, the spies were not creepy stalkers or violent perverts, but a group of cybersecurity experts on a mission to make life safer for daters.
They were able to track volunteers' every move in a discovery which should send chills down the spine of anyone using apps to find love...
This weekend, Colby Moore (security researcher at Synack) will present a talk at the tech conference ShmooCon, where he will discuss how he managed to track "tens of thousands" of amorous app users at the same time.
He suggested dating app security holes could even be used to spy on celebs.
"We [will] show just how easy it might be to reveal the identity of and track your favorite athlete, politician, or movie star," Moore wrote.
(more)
Snow Day Project - Make a Sneaky Snake Spycam for <$20.
It's snowing here in the Northeast United States. Tomorrow will be a down day. Need a spy project to combat cabin fever? This guy shows you how...
Tom Cruise Bugged Nicole Kidman's Phone, says Scientology movie
Church of Scientology leaders ordered the wiretapping of Nicole Kidman's telephones
...during her marriage to Tom Cruise as part of a campaign to break up the couple, according to an explosive new documentary.
Marty Rathbun, formerly the religion's second highest-ranking official, told Oscar-winning film-maker Alex Gibney, that his role was to "facilitate the break-up" for church leader David Miscavige.
The church on Monday said that the "accusations made in the film" were "entirely false".
(more) (more)
...during her marriage to Tom Cruise as part of a campaign to break up the couple, according to an explosive new documentary.
Marty Rathbun, formerly the religion's second highest-ranking official, told Oscar-winning film-maker Alex Gibney, that his role was to "facilitate the break-up" for church leader David Miscavige.
The church on Monday said that the "accusations made in the film" were "entirely false".
(more) (more)
SpyCam News - Internal Affairs Agent Overly Into His Job
CA - A camera found in the women's bathroom at the Border Patrol compound in San Ysidro has one agent in a lot of trouble.
San Diego police told Team 10 that a ranking agent hid the camera and someone found it.
Officers confronted the agent at the Border Patrol administrative offices on West Ash Street in downtown San Diego.
Two separate Team 10 sources confirmed the agent works with internal affairs.
(more with video)
Officers confronted the agent at the Border Patrol administrative offices on West Ash Street in downtown San Diego.
Two separate Team 10 sources confirmed the agent works with internal affairs.
(more with video)
Countering Light Bulb Eavesdropping
Q. "How to prevent light bulbs from being used as pickups for speech?" (meaning, being used as part of an eavesdropping system)
A. The easiest way, of course, is to keep the bulb turned off, however, I know that's not what you mean.
The second best way is to make sure there is no way for the bad guy to see the light bulb. Most attacks require accessing the bulb's variations in light so they can be remotely demodulated. (See Leon Theremin's invention.)
Some bulb attacks are made possible because additional electronics are placed inside the bulb (cameras, transmitters, microphones, etc.). The easiest countermeasure to this is to replace the bulbs with bulbs you purchased from a local Home Depot / Lowe's type store. Mark the bulbs when you install them, then check periodically to make sure they haven't been switched out.
Also, be sure to check the fixtures and wiring paths for attached microphones and modulation circuitry. Cut the power while doing these things.
These are not high-tech countermeasures, but they are effective.
Hope that helps,
Kevin
A. The easiest way, of course, is to keep the bulb turned off, however, I know that's not what you mean.
The second best way is to make sure there is no way for the bad guy to see the light bulb. Most attacks require accessing the bulb's variations in light so they can be remotely demodulated. (See Leon Theremin's invention.)
Some bulb attacks are made possible because additional electronics are placed inside the bulb (cameras, transmitters, microphones, etc.). The easiest countermeasure to this is to replace the bulbs with bulbs you purchased from a local Home Depot / Lowe's type store. Mark the bulbs when you install them, then check periodically to make sure they haven't been switched out.
Also, be sure to check the fixtures and wiring paths for attached microphones and modulation circuitry. Cut the power while doing these things.
These are not high-tech countermeasures, but they are effective.
Hope that helps,
Kevin
Sunday, January 25, 2015
Industrial Design Theft is No Joke
As I was marched over to an unfamiliar bank of elevators towards the back of the building, I realized I was the prime suspect.
An unreleased design that I had access to, and had done dozens of renderings of, had suddenly appeared on the market—produced by a prime competitor of ours. I was in the elevator with my boss, who was the Head of Global Industrial Design at this particular corporation, where I'd been working as a CAD and rendering jockey for many years.
But I was still a contract employee, not staff. And I had access to this design that few people in the design group had even seen.
The elevator doors opened at a high floor I'd never been to, and I got my first glimpse of the Legal Department...
(more)
An unreleased design that I had access to, and had done dozens of renderings of, had suddenly appeared on the market—produced by a prime competitor of ours. I was in the elevator with my boss, who was the Head of Global Industrial Design at this particular corporation, where I'd been working as a CAD and rendering jockey for many years.
But I was still a contract employee, not staff. And I had access to this design that few people in the design group had even seen.
The elevator doors opened at a high floor I'd never been to, and I got my first glimpse of the Legal Department...
(more)
Business Espionage - The South Africa Report
SA - As the current Sony-North Korea tit-for-tat game attests, industrial espionage has now been brought to an open space, and its debilitating consequences are evident – including in South Africa...
Industrial espionage is the least-known concept within the intelligence compendium, although many agencies are now involved in this activity... Several private businesses have been mentioned in cases involving illegal theft of commercial information. This attests to the fact that in modern societies, as was the case in earlier centuries, economic intelligence is an integral aspect of business, albeit as a business risk.
Studies conducted under the auspices of the University of the Witwatersrand and the University of South Africa for several years have found that industrial espionage in SA is on the rise...
SA-specific accounts of industrial espionage are mostly contained in business publications...
For example, in 2003, The Star reported that British American Tobacco SA (BATSA) conducted spying activities on its rival, Apollo Tobacco; and Finsettle, a subsidiary of Barnard Jacobs Mellet, stole business information secrets of CST Outsourcing. In March 2014, Business Day reported on a suspected case of industrial espionage practices of BATSA involving spy networks and payment of agents by the JSE-listed company. The inference is that industrial espionage is a burgeoning business strategy in SA.
(more)
Click to enlarge. |
Studies conducted under the auspices of the University of the Witwatersrand and the University of South Africa for several years have found that industrial espionage in SA is on the rise...
SA-specific accounts of industrial espionage are mostly contained in business publications...
For example, in 2003, The Star reported that British American Tobacco SA (BATSA) conducted spying activities on its rival, Apollo Tobacco; and Finsettle, a subsidiary of Barnard Jacobs Mellet, stole business information secrets of CST Outsourcing. In March 2014, Business Day reported on a suspected case of industrial espionage practices of BATSA involving spy networks and payment of agents by the JSE-listed company. The inference is that industrial espionage is a burgeoning business strategy in SA.
(more)
Hacking Wi-Fi is Child's Play - Now run out and find me a child.
The great Groucho Marx, in character, was reading a report and remarked that a 4-year-old child could understand it. So, he said, "run out and find me a 4-year-old child."
Betsy Davis isn't 4. She's 7, but it's still pretty impressive that a computer-savvy 7 year old could Google the information she needed in order to hack into a public Wi-Fi system in a little under 11 minutes. Fortunately, Betsy is not a criminal hacker, but was enlisted as a part of a security experiment to show how easy it is to hack into such network and steal information from unwary people.
Many people assume that the Wi-Fi that they're using is secure, but this isn't always the case.
(more)
The actual quote as reported by NPR...
In the Marx Brothers classic Duck Soup, there's a scene in which Groucho's Rufus T. Firefly, the newly installed leader of Freedonia, receives a report from the Treasury Department. "I hope you'll find it clear," says the minister of finance. "Clear?" replies Firefly incredulously. "Why, a 4-year-old child could understand this report." Then he pauses for a beat: "Now run out and find me a 4-year-old child. I can't make head or tail of it."
Betsy Davis isn't 4. She's 7, but it's still pretty impressive that a computer-savvy 7 year old could Google the information she needed in order to hack into a public Wi-Fi system in a little under 11 minutes. Fortunately, Betsy is not a criminal hacker, but was enlisted as a part of a security experiment to show how easy it is to hack into such network and steal information from unwary people.
Many people assume that the Wi-Fi that they're using is secure, but this isn't always the case.
(more)
The actual quote as reported by NPR...
In the Marx Brothers classic Duck Soup, there's a scene in which Groucho's Rufus T. Firefly, the newly installed leader of Freedonia, receives a report from the Treasury Department. "I hope you'll find it clear," says the minister of finance. "Clear?" replies Firefly incredulously. "Why, a 4-year-old child could understand this report." Then he pauses for a beat: "Now run out and find me a 4-year-old child. I can't make head or tail of it."
Did Meanwell Mean Well, or... She Wanted the Cash, Man
New York Yankees general manager Brian Cashman has more than just on-the-field problems... his alleged former mistress, Louise Meanwell, is filing a lawsuit against the Yanks' front office man.
The suit says that Cashman not only hacked and spied on Meanwell's e-mails, but he also contacted the woman's mother in an attempt to have Meanwell committed in order to cover-up his affair...
Cashman's mistress is currently in court going through her own legal battles after she was arrested for attempting to extort Cashman for $15,000, and she allegedly stalked him as well after what is believed to be a 10-month fling occurred with Cashman.
It was only after Meanwell found out Cashman had another mistress and had no intention of getting a divorce from his wife that she threatened to blow the lid off their relationship.
This one just keeps getting weirder and weirder by the day.
(more)
The suit says that Cashman not only hacked and spied on Meanwell's e-mails, but he also contacted the woman's mother in an attempt to have Meanwell committed in order to cover-up his affair...
Cashman's mistress is currently in court going through her own legal battles after she was arrested for attempting to extort Cashman for $15,000, and she allegedly stalked him as well after what is believed to be a 10-month fling occurred with Cashman.
It was only after Meanwell found out Cashman had another mistress and had no intention of getting a divorce from his wife that she threatened to blow the lid off their relationship.
This one just keeps getting weirder and weirder by the day.
(more)
Email Encryption Options
Q. I have a client who wants us to use encryption for emails and attachments (not voice). Do you have a solution?
A. Thanks for asking. Your client has a number of fairly easy and low cost options.
• If they use Microsoft Office Outlook have them read this.
• Mac Mail. Read this.
• Thunderbird. Read this.
• Google Apps. Read this.
• Here are the 2015 reviews for the "Top Ten" 3rd-party email encryption programs.
• This is a good article on how to implement email encryption.
Not knowing the client, their needs, IT expertise, etc. I can't point them to anything specific, but the above links will certainly get them started.
Hope this helps,
Kevin
A. Thanks for asking. Your client has a number of fairly easy and low cost options.
• If they use Microsoft Office Outlook have them read this.
• Mac Mail. Read this.
• Thunderbird. Read this.
• Google Apps. Read this.
• Here are the 2015 reviews for the "Top Ten" 3rd-party email encryption programs.
• This is a good article on how to implement email encryption.
Not knowing the client, their needs, IT expertise, etc. I can't point them to anything specific, but the above links will certainly get them started.
Hope this helps,
Kevin
Wednesday, January 21, 2015
Two Canadian Spy Opportunities
Canadian students who want a career in electronic spying have until January 25 to apply to the Communications Security Establishment Canada (CSEC), the electronic surveillance arm of the federal government.
CSEC has started a hiring campaign targeting colleges and universities a few months ahead of the inauguration of its new headquarters in Ottawa (see list of opportunities). The building, with an astronomical price tag of $1.2 billion, is the most expensive government complex in Canadian history, dubbed the spy "Taj Mahal" by several critics. The immense campus is located next to the Canadian Security Intelligence Service (CSIS) headquarters, and the two will be joined by a walkway. The veritable "spy nest" will house 4,000 cryptographers, secret agents and information specialists of all kinds in Gloucester, a suburb of the nation's capital.
(more)
The new headquarters of Canada’s electronic surveillance agency had an “extreme vulnerability” which was inadvertently breached by firefighters responding to an emergency call, the Toronto Star reports. The Canadian Communications Security Establishment (CSE) revealed the vulnerability by sending uncensored documents in response to an access to information request by the Star about the fire.
The sensitive information contained in the documents was highlighted, but not censored, compounding one security breakdown with another.
During the construction of the $800 million CAD (about $660 million USD) building for the CSE, a routine call in response to a small fire lead local firefighters to different entrance than the one they were expected at. Finding no-one there, they cut a padlock to access the building.
The documents also reveal vulnerabilities such as inoperative security cameras and a long-missing visitor pass. At least some of those vulnerabilities have since been addressed, and the agency told the Star that the construction access point used in the incident no longer exists, now that the building is complete and occupied.
(more)
CSEC has started a hiring campaign targeting colleges and universities a few months ahead of the inauguration of its new headquarters in Ottawa (see list of opportunities). The building, with an astronomical price tag of $1.2 billion, is the most expensive government complex in Canadian history, dubbed the spy "Taj Mahal" by several critics. The immense campus is located next to the Canadian Security Intelligence Service (CSIS) headquarters, and the two will be joined by a walkway. The veritable "spy nest" will house 4,000 cryptographers, secret agents and information specialists of all kinds in Gloucester, a suburb of the nation's capital.
(more)
The new headquarters of Canada’s electronic surveillance agency had an “extreme vulnerability” which was inadvertently breached by firefighters responding to an emergency call, the Toronto Star reports. The Canadian Communications Security Establishment (CSE) revealed the vulnerability by sending uncensored documents in response to an access to information request by the Star about the fire.
The sensitive information contained in the documents was highlighted, but not censored, compounding one security breakdown with another.
During the construction of the $800 million CAD (about $660 million USD) building for the CSE, a routine call in response to a small fire lead local firefighters to different entrance than the one they were expected at. Finding no-one there, they cut a padlock to access the building.
The documents also reveal vulnerabilities such as inoperative security cameras and a long-missing visitor pass. At least some of those vulnerabilities have since been addressed, and the agency told the Star that the construction access point used in the incident no longer exists, now that the building is complete and occupied.
(more)
Weird Science - One-way Spy Mirrors Prove Zero Topological Entropy
Entropy And Complexity Of Polygonal Billiards With Spy Mirrors
We prove that a polygonal billiard with one-sided mirrors has zero topological entropy. In certain cases we show sub exponential and for other polynomial estimates on the complexity.
(more)
We prove that a polygonal billiard with one-sided mirrors has zero topological entropy. In certain cases we show sub exponential and for other polynomial estimates on the complexity.
(more)
iPhones Have Built-in Spyware - Well, duh.
NSA whistleblower Edward Snowden has claimed that Apple’s iPhone range of devices contains built-in spy software that can be used to track the owner.
According to Snowden’s lawyer, the software can be remotely activated at any time without the user’s knowledge.
(more)
According to Snowden’s lawyer, the software can be remotely activated at any time without the user’s knowledge.
(more)
2 Million Cars Open to Hackers - "Say it ain't so, Flo."
An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.
US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008... According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.
The "Internet of automobiles" may hold promise, but it comes with risks, too."Anything on the bus can talk to anything [else] on the bus," Thuen was quoted as saying in an article from Dark Reading. "You could do a cellular man-in-the-middle attack" assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.
(more)
US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008... According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.
The "Internet of automobiles" may hold promise, but it comes with risks, too."Anything on the bus can talk to anything [else] on the bus," Thuen was quoted as saying in an article from Dark Reading. "You could do a cellular man-in-the-middle attack" assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.
(more)
Subscribe to:
Posts (Atom)