Wednesday, February 18, 2015

Is Your Home Security System Putting You at Risk? ...news at eleven.

HP has released results of a security testing study revealing that owners of Internet-connected home security systems may not be the only ones monitoring their homes. The study found that 100 percent of the studied devices used in home security contain significant vulnerabilities, including password security, encryption and authentication issues.

Home security systems, such as video cameras and motion detectors, have gained popularity as they have joined the booming Internet of Things (IoT) market and have grown in convenience... The new HP study reveals how ill-equipped the market is from a security standpoint for the magnitude of growth expected around IoT...

The HP study questions whether connected security devices actually make our homes safer or put them at more risk...
(more)

Busman's Holiday, or Moonlighting Surveillance

Australia - A police officer installed a tracking device on a woman's car illegally to detail her movements, a magistrates court in Perth has been told.

The detective sergeant, who has been a police officer for more than 20 years, was on holiday at the time of the alleged offence with the woman's boyfriend, also a police officer.
(more)
(Sing-a-long)

Tuesday, February 17, 2015

Yet another Hollywood Bugging Scandal

CA - A West Hollywood City Council aide has been suspended and is being investigated by sheriff’s detectives on charges of eavesdropping on another council deputy and then e-mailing portions of her private conversations to local bloggers and residents in the city.

Ian Owens, a deputy to Councilman John Duran, is accused of bugging the City Hall office of Fran Solomon, the deputy to Councilman John Heilman, said city officials who requested anonymity because they were not authorized to discuss the matter.

But, wait. There's more...

Last month, City Council candidate Larry Block was sued by celebrity spray tanner Jimmy Jimmy Coco. The professional tanner... claimed in his suit that Block was his landlord, that he wrongly evicted him and that he had installed “spy cameras” to catch him in the nude.
(more)

Monday, February 16, 2015

Science Magazine - The End of Privacy

The whole magazine is devoted to privacy.

At birth, your data trail began. You were given a name, your height and weight were recorded, and probably a few pictures were taken. A few years later, you were enrolled in day care, you received your first birthday party invitation, and you were recorded in a census. Today, you have a Social Security or national ID number, bank accounts and credit cards, and a smart phone that always knows where you are. Perhaps you post family pictures on Facebook; tweet about politics; and reveal your changing interests, worries, and desires in thousands of Google searches. Sometimes you share data intentionally, with friends, strangers, companies, and governments. But vast amounts of information about you are collected with only perfunctory consent—or none at all. Soon, your entire genome may be sequenced and shared by researchers around the world along with your medical records, flying cameras may hover over your neighborhood, and sophisticated software may recognize your face as you enter a store or an airport.
(more)

Friday, February 13, 2015

Private Investigators Are Being Nailed for Hacking

Private investigators may be the newest front for federal prosecutors in cracking down on the hacker-for-hire business.

In the coming weeks, a private investigator in New York is expected to plead guilty to charges of paying a so-called hacker-for-hire firm to steal email passwords and credentials, said three people briefed on the matter, who spoke on the condition of anonymity because no charges had been filed yet. The guilty plea would wrap up a nearly yearlong investigation by the Federal Bureau of Investigation and federal prosecutors in New York.

Separately, federal prosecutors in San Francisco on Wednesday announced the indictment of two private investigators and two computer hackers on charges that they illegally entered email and Skype accounts to gather information for matters they were working on for clients. Some of the illegally gathered information was intended to support a lawsuit, authorities said.

The identity of the private investigator in New York, who works for a small firm, could not be determined.
(more)

Study - 16 Million Smartphones Infected with Spyware / Malware

About 16 million mobile devices are infected by malicious software that is secretly spying on users, stealing confidential information and pilfering data plans.

That’s the word from Alcatel-Lucent’s Motive Security Labs, which in a study found that malware infections in mobile devices rose a full 25% in 2014, compared to a 20% increase in 2013. In fact, the uptick is so spectacular that Android devices have now caught up with Windows laptops, which had been the primary workhorse of cybercrime, with infection rates between Android and Windows devices split an even 50/50 in 2014.

“With one billion Android devices shipped in 2014, the platform is a favorite target of cybercriminals who can have lots of infection success without a lot of work,” said Kevin McNamee, director of Motive, in a blog. “Android is more exposed than rivals because of its open platform and by allowing users to download apps from third-party stores where apps are not always well-vetted.”

The mobile infection rate in 2014 was 0.68%. Fewer than 1% of infections come from iPhone and Blackberry smartphones.
(more)

Tuesday, February 10, 2015

Build Your Own Invisiability Device for Under $150

Researchers at the University of Rochester create a 3-D, transmitting, continuously multidirectional cloaking device. ... and they say you can too!
(more)
(more)
To build your own Rochester Cloak, follow these simple steps:
lens diagram
For their demonstration cloak, the researchers used 50mm achromatic doublets with focal lengths f1 = 200mm and f2 = 75mm
  1. Purchase 2 sets of 2 lenses with different focal lengths f1 and f2 (4 lenses total, 2 with f1 focal length, and 2 with f2 focal length)
  2. Separate the first 2 lenses by the sum of their focal lengths (So f1 lens is the first lens, f2 is the 2nd lens, and they are separated by t1= f1+ f2).
  3. Do the same in Step 2 for the other two lenses.
  4. Separate the two sets by t2=2 f2 (f1+ f2) / (f1 f2) apart, so that the two f2 lenses are t2 apart.
NOTES:
  • Achromatic lenses provide best image quality.
  • Fresnel lenses can be used to reduce the total length (2t1+t2)
  • Smaller total length should reduce edge effects and increase the range of angles.
  • For an easier, but less ideal, cloak, you can try the 3 lens cloak in the paper.
A patent has been filed for this cloaking device. Please contact UR Ventures for additional information.

Sunday, February 8, 2015

5 Million People Wiretapped in One Year (Must be some sort of record.)

Some 5 million people in Turkey were listened in on in 2012, Interior Minister Efkan Ala has stated, referring to a calculation that around 250,000 people who were wiretapped spoke to at least 20 people on the phone. He blamed officers affiliated with the movement of U.S.-based Islamic scholar Fethullah Gülen for the scandal.

“A decision was made [to wiretap] one person, but that person speaks to tens of people. Imagine that he or she spoke to 20 other people - this adds up to 5 million people,” Ala said told state-run Anadolu Agency.

All these [conversations] were stored and used for blackmailing or threatening. How can such a thing happen?” he asked.
(more)

Why Hotels Check Your ID ...and who gets to see it.

If you’re a privacy-conscious traveler, you may have wondered from time to time why hotels ask for ID when you check in, or why they ask you to give them the make and model of your car and other information that isn’t essential to the transaction. What’s the ID-checking for? ...

DIY ID card
Well, in many jurisdictions around the country, that information-gathering is mandated by law. Local ordinances require hotels, motels, and other lodgers (such as AirBnB hosts) to collect this information and keep it on hand. These laws also require that the information be made available to the police on request, for any reason or no reason, without a warrant.
(more)

Extra...
13 Things Your Hotel Front Desk Clerk Won't Tell You

Privacy Quote of the Week

"The age of information-sharing is brilliant, as long as you have no secrets."
~ Heather du Plessis-Allan
 

...your spoken words will be transmitted to a third party via Voice Recognition.

As the number of connected devices — aka the Internet of Things, aka the sensornet — proliferates so too does the number of devices leaning on voice recognition technology as an interface to allow for hands free control...

The potential privacy intrusion of voice-activated services is massive. Samsung, which makes a series of Internet connected TVs, has a supplementary privacy policy covering its Smart TVs which includes the following section on voice recognition:

You can control your SmartTV, and use many of its features, with voice commands... Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.

When all the objects in your home have networked ears that are fine-tuned for commercial intelligence gathering, where will you go to talk about “personal” or “sensitive” stuff?
(more)

Thursday, February 5, 2015

Some Simple Corporate Spy Countermeasures

Some information spies navigate the hiring process with every intention to steal corporate secrets for a competitor or foreign state once inside. Others turn against an employer when angered and leave, lured by job offers and incentives to haul out as much data as they can when they go.

Meanwhile, enterprise efforts to spot traitors and limit their access to sensitive data may not be enough. With the right job and the right access, operatives posing as janitors, mailroom employees, or IT staff can skirt efforts to defend data, using their broad access to walk data out the door.

CSO looks at enterprise barriers to these information sleeper agents, how corporate spies get past the protections, and what security leaders can do technically and otherwise to keep their data vaults safe from prying eyes...
(more)

Summary... Thorough background checks, limit access, keep your eyes open.

Security Director Alert - DarkLeaks - The Espionage Bazaar

It looks like the days when concerned individuals share the inner secrets of corporations and governments only due to their nagging consciences are numbered, from here on in they will do so for nothing more than a fast buck. 

A new WikiLeaks-style website has recently been announced that will reward its contributors with Bitcoins in exchange for information.  

If the most valuable commodity is information then it is about to get its own hypermarket; DarkLeaks will allow uses to sell leaked data to the highest bidder in an anonymous blockchain-powered environment where anything goes.

DarkLeaks is being developed by unSystem who are behind DarkWallet, and DarkMarket an anonymous ebay-style marketplace which unlike Silk Road operates on the P2P model so that there is no central point of failure for law enforcement to take down.

The DarkLeaks system is so secure that it does not even allow communication between the seller and the buyer of information. Their website states: “The software uses bitcoin’s blockchain to encrypt files which are released when payment is claimed by the leaker. Files are split into segments and encrypted. These segments are unlocked only when the leaker reveals the key by claiming his bitcoins.”

There are also no limits on the type of content that can be bought and sold. Everything from evidence of corporate corruption to naked pictures of celebrities is up for grabs. UnSystem developer Amir Taaki has told CoinDesk that platforms like DarkLeaks provide a financial incentive for insiders to reveal information thereby “devaluing business models based around proprietary secrecy”.
(more)

This is going to be a BIG problem for corporations. 
Those without a counterespionage strategy will hurt first.

Tuesday, February 3, 2015

Night Janitor Admits to Hiding Spycam in Staff Bathroom


NV - A former school district janitor told police he hid a video camera in a staff bathroom with the intent to record people using the bathroom in various stages of undress, according to the arrest report.

Gary Wayne Higbee, who has only been employed part-time with the district since September 2014, is facing three counts of capturing an image or the private area of another person...

The video camera was discovered when an employee at Givens Elementary School noticed what appeared to be something hidden next to a silk plant on the bathroom sink.

Another employee told police she noticed Higbee checking out the unisex bathroom every time someone came out of it.

According to the arrest report, Higbee told police he took the camera from his other job at Southwest Airlines, where he works as a ramp agent. He said, he researched on the Internet how to do hidden recordings of people.
(more)

Chinuts - Move Here, Give Us Source Code and Build Some Back Doors (wtf?!?!)

China plans to unveil new cybersecurity rules that require tech companies to hand over source code and build back doors in hardware and software for government regulators. The rules only apply to companies selling computer products to Chinese banks, but they have already sparked anxiety on the part of Western tech companies about being trapped between either giving up intellectual property or not doing business in China.

The new rules—part of cybersecurity policies intended to protect China’s critical industries—first appeared in a 22-page document at the end of 2014, according to a New York Times report. Such rules have not been officially announced yet. But the U.S. Chambers of Commerce joined a number of other foreign business groups in sending a letter [pdf] to the Central Leading Group for Cyberspace Affairs, chaired by President Xi Jinping, that called for “urgent discussions” about the policies. Tech giants such as Microsoft, Cisco, and Qualcomm have also independently voiced their concerns.

Under the bank rules, tech companies would have to hand over source code, set up research and development centers in China, and build hardware and software back doors that would permit Chinese officials to monitor data within their computer systems
.
(more)