Friday, January 30, 2015

Cell Phone Spying Case to Court - Force Sheriff to Reveal Secrets

NY - The Erie County Sheriff's Office is scheduled to be in court next week as it refuses to hand over information regarding its use of cell phone spying equipment.

2 On Your Side was first to report on the agency's use of so-called cell site simulator equipment. The machines -- often used under the names "Stingray" and "KingFish" -- mimic cell phone towers and trick phones into sending over information.



As we reported exclusively, the county paid more than $350,000 for the machines.
(more)

The Top 5 Soviet Bugs & Wiretaps During the Cold War

In an interview Leonid Shebarshin, a former head of the First Chief Directorate of the KGB said, “Our good fortune will only be made known after we suffer a major defeat. Our real success will be made known no earlier than 50 years down the line.” Successful spy operations are already a thing of the past, with modern-day intelligence seeming to consist of a series of failures...

1. Operation “Information of Our Times”
2. The wiretapping of Franklin D. Roosevelt in Tehran
3. A bug in the U.S. coat of arms (The Great Seal Bug)
4. Bugs in Moscow and beyond
5. The Soviet Union’s Cuban ears
(more)

Thursday, January 29, 2015

This Week in World Eavesdropping Wiretapping Surveillance & Spying

Australia - Deputy Police Commissioner Nick Kaldas will front a parliamentary inquiry into a long-running NSW police bugging scandal. Mr Kaldas was one of more than 100 police alledgedly spied on more than a decade ago as part of a covert internal corruption investigation.
(more)

IL - Illinois legislators provoked public outrage by reviving an eavesdropping law that the Supreme Court of Illinois struck down earlier in the year—in part because it prohibited citizens from recording public interactions with police. Sponsors and supporters of the new version of the law... insisted that the new statute would allow citizens to record police and that the public's concern was unwarranted. In fact however, Illinois' new eavesdropping law is confusing and harsh. Although it does not ban all recording of police—the court took that off the table—it discourages it about as much possible
(more)

R. Crumb prediction (1967)
US - A program used by U.S. and British spies to record computer keystrokes was part of sophisticated hacking operations in more than a dozen countries, security experts said on Tuesday, after former NSA contractor Edward Snowden reportedly leaked the source code for the program.
(more)

Canada - On Monday, a new report was released, based on leaked documents from Edward Snowden, showing that Canadian intelligence agencies—part of the Five Eyes spying conglomerate that includes the US, the UK, Australia and New Zealand—partnered with UK spies to siphon sensitive data from thousands of smartphones by sniffing traffic between applications on the phones and the servers owned by the companies that made the applications. The so-called Badass program is designed to sniff the normal unencrypted communication traffic of certain smartphone apps to glean location information, the unique identifier of the phone and other data that can help spies learn the identity of phone users, among other things. It can also be used to uncover vulnerabilities in a phone to help spies hack it.
(more)

US - Former U.S. nuclear scientist gets 5 year sentence for spying.
(more)

US - The Department of Justice is using an expanded license plate collection program -- originally intended to track drug crime -- to monitor ordinary citizens without criminal records, government documents reveal, raising questions about how widely surveillance data is shared among agencies and companies.
(more)

NYC - A contractor for Johnson & Johnson was arrested for placing a hidden spy camera in a company bathroom that recorded multiple people using the toilet, authorities said. Stephen Lewins, 42, of Brooklyn, was arrested for unlawful surveillance on January 23, after the pinhole camera was discovered in the restroom a week earlier, the NYPD said. A Johnson & Johnson employee found the camera and an SD card hidden in a wall above a light switch inside the unisex bathroom Jan. 16. The company said it alerted the NYPD immediately.
(more)

WI - A ban on undercover videos on Wisconsin farms is being considered at the state Capitol. Though the bill is expected in the next week or so, laws known as “ag gags” have been proposed all over the country. According to the ASPCA, 26 state legislatures have looked at bans on covert video and pictures. That footage is typically used by animal rights groups to expose animal cruelty and mistreatment.
(more)

Canada - A cast member of CTV sitcom Spun Out has been accused of voyeurism after two women alleged they found hidden cameras in a Toronto condo. Jean Paul "J.P." Manoux, 45, was charged Tuesday by Toronto Police with one count of voyeurism. Last week, Police officers responded to a call from two women -- ages 27 and 25 -- at a Queen St. W. condominium building. The two women allegedly "discovered hidden cameras and video equipment connected to the Internet" in a condo they rented from a man, according to a police statement.
(more)

Wednesday, January 28, 2015

Panama’s Ex-president’s Hunger for Gossip Fueled Tapping

When the United States rejected former Panamanian President Ricardo Martinelli’s request for spying equipment to eavesdrop, U.S. diplomats feared, on his political enemies, the former supermarket baron turned to another source: Israel.

Now scores of Panama’s political and social elite are learning that the eavesdropping program that Martinelli’s security team set in place sprawled into the most private aspects of their lives – including their bedrooms. Rather than national security, what appears to have driven the wiretapping was a surfeit of the seven deadly sins, particularly greed, pride, lust and envy.

Nearly every day, targets of the wiretapping march to the prosecutors’ office to see what their dossiers contain, often emerging in distress. Martinelli, who left office in July, is facing a rising tide of outrage not only over the wiretapping, but also over reports of vast corruption. His personal secretary has left the country. The eavesdropping equipment has vanished.
(more)

Town Supervisor Accused of Eavesdropping on Employees

NY - State Police arrested the Windham Town Supervisor after they say she used video and audio recording devices to eavesdrop on employees.

Stacy Post, 51, put the recording devices in the Windham Town Office Building after being elected to Town Supervisor, according to police.

They say Post eavesdropped on employees and other users of the town offices.

Post has been charged with felony eavesdropping and possessing eavesdropping devices.
(more)

You Only Live Once, or Die Another Day

The former Russian spy Alexander Litvinenko may have survived a previous poisoning attempt before a lethal dose of polonium was slipped into his tea at a London hotel, a long-awaited judicial inquiry into his death was told Tuesday.

The former KGB officer, an outspoken critic of Russian President Vladimir Putin, was living in Britain and doing consultancy work for the British intelligence service MI-6 when he met two Russians for a drink at the Millennium Hotel in November 2006. Weeks later, he suffered an agonizing death, apparently from the effects of radiation poisoning.

The strange case soured relations between Britain and Russia for years. On his deathbed, Litvinenko claimed that he had been poisoned on Putin’s orders.
(more)

Need A Secure Portable 1 or 2TB Hard Drive? (Yeah, you do.)

iStorage diskAshur Pro 1TB review: one of the most secure and encrypted portable hard drives you can buy...

If you use a portable drive for business, there's a very strong case for keeping that data secure with a hardware-encrypted drive. And when customer data is at stake, there's a legal obligation to button it down to keep it confidential in the event of the drive being lost or otherwise compromised.

Even home users may prefer to keep their files and data to themselves. Which is why encrypted portable drives like the iStorage diskAshur Pro can be such a great idea, with their built-in keypads that need a numerical PIN to be entered before they give up their secrets.

The diskAshur Pro follows a line of similar drives sold in this country (UK) by iStorage Limited, which are rebranded and renamed drives designed by and made for Apricorn Inc in the USA. This latest version is called the diskAshur Pro, otherwise known as the Apricorn Aegis Padlock Fortress, and has been given a FIPS 140-2 security rating.
(more)

Tuesday, January 27, 2015

Avoid Video Surveillance Liability

via Eric Pritchard, Esq...
Summary: Here are five keys to limiting your liability when using and deploying video:

1. Understand and obey wiretap laws. Federal wiretap laws prohibit the interception of oral communications with limited exceptions.

2. Obey state laws prohibiting video cameras. Several states prohibit or regulate video surveillance.

3. Obey state laws respecting privacy rights. Every state has law concerning an individual’s privacy rights.

4. (Installers) Use an effective, enforceable contract to allocate the risk of loss. An effective contract for the provision of video-related services and equipment should limit your company’s liability just like it does for other services.

5. (Installers) Installing video without a recurring contract is a missed opportunity. Develop a policy of not selling or installing video cameras without a contract for some form of recurring revenue. 

• Side note: If you are the user, keep the system maintained so you are not accused of providing a false sense of security.

NYC - Spycam Found in Bathroom Used by Top Corporations

The New York City Police Department reported today that a pinhole camera was found in a unisex bathroom at Johnson & Johnson (JNJ)’s corporate offices in NYC last week. A designer with the company discovered the camera, located above the light switch.

Johnson & Johnson ’s building maintenance supervisor reported the camera to the New York Police Department after it was discovered on Jan. 16, 2015. After examination, the camera was found to contain an SD card used for video storage. Johnson & Johnson’s Carol Goodrich said the company had immediately contacted the NYPD after the camera’s discovery...
Spycams are disguised as many things. This one is a USB stick.

“The device was hidden above a light switch in the bathroom next to offices that include Ralph Lauren and Haynes Roberts...” reported the New York Post. “The bathroom with the hidden device is open and accessible to all tenants and guests on the floor. It wasn’t clear whether the potty perv who put it there captured customers or models who do photo shoots nearby in RR Donnelley’s Studio W26. Investigators had yet to review the storage drive recovered with the camera.”...

Today’s story about the pinhole camera is part of what appears to be a trend. * NBC ran a story on March 27, 2014 about numerous reports of cameras being found in public bathrooms...

The NYPD indicates they are investigating the J&J camera as a sex crime and unlawful surveillance, with the added possibility of obscene material involving people under the age of 17.
(more)

*More like pandemic based on news reports and sweep requests received here.
• That USB stick spycam... only $8.76 here.

Economic Espionage - NYC Russian Banker Arrested by FBI

Federal prosecutors arrested a Russian banker in New York on Monday and charged him as a spy, accusing him and two others of secretly gathering information about the New York Stock Exchange, U.S. energy resources and sanctions against Moscow.

Prosecutors described clandestine meetings and coded communications between the banker and his handlers, one of whom worked as a trade representative of the Russian Federation in New York, the other as an attaché to the Permanent Mission of the Russian Federation to the United Nations.

The spycraft alleged in the complaint reads like a throwback to the Cold War. Yet the alleged operatives’ target was more modern: economic intelligence... 
The most interesting part...
Mr. Buryakov suggested they ask about the NYSE’s use of exchange-traded funds, potential limits on the use of automated high-frequency trading systems... NYSE spokesman declined to comment.
(more)

• The movie Blackhat illustrates market manipulation, and why it would interest them.
• Classic spycraft is alive and well. It ain't all IT-based.
• Nice job, FBI!

Can You Be Insecure Playing for the NFL? Sure, if you're an app.

The National Football League's official app for both iOS and Android puts users at risk by leaking their usernames, passwords, and e-mail addresses in plaintext to anyone who may be monitoring the traffic, according to a report published just five days before Superbowl XLIX, traditionally one of the world's most popular sporting events. 

(You can stop reading here. Trust me, it just gets worse.)

As Ars has chronicled in the past, large numbers of people use the same password and e-mail address to log into multiple accounts. That means that people who have used the NFL app on public Wi-Fi hotspots or other insecure networks are at risk of account hijackings. The threat doesn't stop there: the exposed credentials allow snoops to log in to users' accounts on http://www.nfl.com, where still more personal data can be accessed, researchers from mobile data gateway Wandera warned. Profile pages, for instance, prompt users to enter their first and last names, full postal address, phone number, occupation, TV provider, date of birth, favorite team, greatest NFL Memory, sex, and links to Facebook, Twitter, and other social networks. Combined with "about me" data, the personal information could prove invaluable to spear phishers, who send e-mails purporting to come from friends or employers in hopes of tricking targets into clicking on malicious links or turning over financial data. Adding to the risk, profile pages are transmitted in unencrypted HTTP, making the data susceptible to still more monitoring over unsecured networks, the researchers reported.

"Wandera's scanning technologies have discovered that after the user securely signs into the app with their NFL.com account, the app leaks their username and password in a secondary, insecure (unencrypted) API call," a report published Tuesday warned. "The app also leaks the user’s username and e-mail address in an unencrypted cookie immediately following login and on subsequent calls by the app to nfl.com domains." The app allows users to make a variety of in-app purchases.
(more)

Corporate Espionage Cartoon


Monday, January 26, 2015

U.S. Spies on Millions of Cars

DEA Uses License-Plate Readers to Build Database for Federal, Local Authorities

The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists, according to current and former officials and government documents.

The primary goal of the license-plate tracking program, run by the Drug Enforcement Administration, is to seize cars, cash and other assets to combat drug trafficking, according to one government document. But the database’s use has expanded to hunt for vehicles associated with numerous other potential crimes, from kidnappings to killings to rape suspects, say people familiar with the matter.
(more)

EP Team Alert - Dating Apps Let Snoopers Track Users

Snoopers have spied on massive numbers of amorous singletons by exploiting security flaws in dating apps.

Luckily, the spies were not creepy stalkers or violent perverts, but a group of cybersecurity experts on a mission to make life safer for daters.

They were able to track volunteers' every move in a discovery which should send chills down the spine of anyone using apps to find love...

This weekend, Colby Moore (security researcher at Synack) will present a talk at the tech conference ShmooCon, where he will discuss how he managed to track "tens of thousands" of amorous app users at the same time.

He suggested dating app security holes could even be used to spy on celebs.

"We [will] show just how easy it might be to reveal the identity of and track your favorite athlete, politician, or movie star," Moore wrote.
(more)

Snow Day Project - Make a Sneaky Snake Spycam for <$20.

It's snowing here in the Northeast United States. Tomorrow will be a down day. Need a spy project to combat cabin fever? This guy shows you how...