Trying to get a handle on hundreds of sensitive, closely held surveillance programs, a Senate committee is compiling a secret encyclopedia of American intelligence collection. It's part of an effort to improve congressional oversight of the government's sprawling global spying effort.
Sen. Dianne Feinstein launched the review in October 2013, after a leak by former National Security Agency systems administrator Edward Snowden disclosed that the NSA had been eavesdropping on German Chancellor Angela Merkel's cellphone. Four months earlier, Snowden had revealed the existence of other programs that vacuumed up Americans' and foreigners' phone call records and electronic communications.
"We're trying right now to look at every intelligence program," Feinstein told The Associated Press. "There are hundreds of programs we have found ... sprinkled all over. Many people in the departments don't even know (they) are going on." more
Friday, April 10, 2015
Ex Rigs Live Streaming Bedroom Spycam
WA - A 41-year-old Cheney, Washington, is accused of entering his ex-girlfriend's home and secretly installing a wireless camera in her bedroom to spy on her...
Court records shows the ex-girlfriend called Liberty Lake police in late March when she arrived home and found several items he had given her burned in a backyard fire pit. A few days later, she reported finding a camera hidden in a light fixture above her bed.
Liberty Lake police Chief Brian Asmus says the camera was connected to a wireless device hidden in the attic and was streaming live video. more
Court records shows the ex-girlfriend called Liberty Lake police in late March when she arrived home and found several items he had given her burned in a backyard fire pit. A few days later, she reported finding a camera hidden in a light fixture above her bed.
Liberty Lake police Chief Brian Asmus says the camera was connected to a wireless device hidden in the attic and was streaming live video. more
Monday, April 6, 2015
The World Wrestles with the Spycam Epidemic
India - After Human Resources Development Smriti Irani claims to have detected a CCTV camera facing towards a FabIndia trial* room in Goa, many shops are now being inspected to ensure that no such cameras are found inside changing rooms...
A spy camera can be fitted in the smoke detector, electrical switch and almost in any item usually found in a trial room.
Spy camera retailer Parminder Singh said, "Spy cameras can be fitted even in the fire extinguisher."
But the sophistication of these cameras and the huge variety in which they come in have reached makes it becomes difficult for a common man to detect a hidden camera with a naked eye.
While spy cam detectors are available in the market, their effectiveness is unreliable. more
* In India, a "trial room" is a changing room in a clothing store.
A spy camera can be fitted in the smoke detector, electrical switch and almost in any item usually found in a trial room.
Spy camera retailer Parminder Singh said, "Spy cameras can be fitted even in the fire extinguisher."
But the sophistication of these cameras and the huge variety in which they come in have reached makes it becomes difficult for a common man to detect a hidden camera with a naked eye.
While spy cam detectors are available in the market, their effectiveness is unreliable. more
* In India, a "trial room" is a changing room in a clothing store.
"I'm sorry I called you a spy. Let me buy you a cup of coffee."
A Starbucks executive apologized to a San Francisco man after an employee apparently accused him of being a spy for China.
Daniel Lui posted about the incident on Yelp. According to Lui, he was visiting a Starbucks location in Seattle, Washington when an executive came up to him and accused him of spying in order to open a coffee chain in China. ...the Starbucks executive called to apologize and the company put $50 on Lui’s Starbucks card.
The incident happened before Starbucks launched its controversial Race Together initiative aimed at improving race relations in the U.S. more
Daniel Lui posted about the incident on Yelp. According to Lui, he was visiting a Starbucks location in Seattle, Washington when an executive came up to him and accused him of spying in order to open a coffee chain in China. ...the Starbucks executive called to apologize and the company put $50 on Lui’s Starbucks card.
The incident happened before Starbucks launched its controversial Race Together initiative aimed at improving race relations in the U.S. more
District Officials Bugged Their Mayor’s Computer
Canada - He was ridiculed and dismissed as paranoid for claiming that district employees have installed a surveillance software in his office computer to spy on his online activities. In the end, Richard Atwell, mayor of the District of Saanich in British Columbia, is vindicated and gets to say “I told you so.”
Last week Elizabeth Denham’s, the Information and Privacy Commissioner of B.C., released a report castigating the district for installing monitoring software on employees’ computers with little regard for the people’s privacy rights covered by privacy laws that have been in place for 20 years.
Denham said her staff “observed that the software had been configured to record the activities of District employees, including recording and retaining screenshots of computer activity at 30 second intervals and every keystroke taken on a workstation’s keyboard, and retaining copies of every email sent or received.”
The report 35-page report revealed that the bugging of Atwell’s machine stemmed from concerns of district directors that because of Atwell’s IT background, the new mayor would be able to uncover outstanding security issues in the district’s IT infrastructure. These were issues IT security shortcomings revealed by an IT audit back in May 2014. more
Last week Elizabeth Denham’s, the Information and Privacy Commissioner of B.C., released a report castigating the district for installing monitoring software on employees’ computers with little regard for the people’s privacy rights covered by privacy laws that have been in place for 20 years.
Denham said her staff “observed that the software had been configured to record the activities of District employees, including recording and retaining screenshots of computer activity at 30 second intervals and every keystroke taken on a workstation’s keyboard, and retaining copies of every email sent or received.”
The report 35-page report revealed that the bugging of Atwell’s machine stemmed from concerns of district directors that because of Atwell’s IT background, the new mayor would be able to uncover outstanding security issues in the district’s IT infrastructure. These were issues IT security shortcomings revealed by an IT audit back in May 2014. more
Companies Warned to Sweep for Bugging Devices
SA - Companies should regularly have their boardrooms and communication devices swept for bugging devices, and even consider using the controversial cellphone jammer* for meetings to protect their corporate intelligence, a private investigator has warned.
"It is perfectly normal, good security procedure, says Kyle Condon, managing director of DK Management Consultants.
Following the outrage over the use of a cellphone jamming device in Parliament, and suspended Eskom CEO Tshediso Matona's suggestion in his court papers that an important board meeting was bugged, Condon says such tactics are not limited to governments. more
* The use of a cell phone jammer is illegal in the United States.
"It is perfectly normal, good security procedure, says Kyle Condon, managing director of DK Management Consultants.
Following the outrage over the use of a cellphone jamming device in Parliament, and suspended Eskom CEO Tshediso Matona's suggestion in his court papers that an important board meeting was bugged, Condon says such tactics are not limited to governments. more
* The use of a cell phone jammer is illegal in the United States.
Thursday, March 26, 2015
Air-Gapped Computer Hack
Ben-Gurion University of the Negev (BGU) researchers have discovered a new method to breach air-gapped computer systems called “BitWhisper” which enables two-way communications between adjacent, unconnected PC computers using heat.
The research, conducted by Mordechai Guri, Ph.D. is part of an ongoing focus on air-gap security at the BGU Cyber Security Research Center. Computers and networks are air-gapped when they need to be kept highly secure and isolated from unsecured networks, such as the public Internet or an unsecured local area network. Typically, air-gapped computers are used in financial transactions, mission critical tasks or military applications.
According to the researchers, “The scenario is prevalent in many organizations where there are two computers on a single desk, one connected to the internal network and the other one connected to the Internet. BitWhisper can be used to steal small chunks of data (e.g. passwords) and for command and control." View BitWhisper video demo. more
The research, conducted by Mordechai Guri, Ph.D. is part of an ongoing focus on air-gap security at the BGU Cyber Security Research Center. Computers and networks are air-gapped when they need to be kept highly secure and isolated from unsecured networks, such as the public Internet or an unsecured local area network. Typically, air-gapped computers are used in financial transactions, mission critical tasks or military applications.
According to the researchers, “The scenario is prevalent in many organizations where there are two computers on a single desk, one connected to the internal network and the other one connected to the Internet. BitWhisper can be used to steal small chunks of data (e.g. passwords) and for command and control." View BitWhisper video demo. more
Tuesday, March 24, 2015
"Is there a phone number I can call to see if my phone is tapped?"
I read this on a private detectives' news group this week... "Does anyone remember the phone number which can be called to determine if a phone is bugged? I can't find it now that I have a use for it."
One of the answers this gentleman received, "http://800notes.com/Phone.aspx/1-202-543-9994" I visited the link and had a good laugh reading the posts.
From a non-technical perspective, just looking at it logically, the answer is obviously, NO. If there were a number, everyone would be using it and covert wiretapping would be impossible.
From a technical perspective the answer is obviously, NO. There are a multitude of ways to bug or wiretap phones, many of which do not affect the electrical characteristics of the phone.
1. There was one telephone bugging device called the Telecommand, and its variants Infinity Transmitter and Harmonica Bug. Generally speaking, these were audio room bugs, which could either built into the phone or attached to the line somewhere near the phone. They were activated by a tone sent up the line by the eavesdropper.
2. The phone company, at the time, had test numbers used by their techs. One of these test numbers produced a sweeping tone from low frequency to high frequency. Back in the early 1970's some of the sweep tone numbers were 212-324-0707, 213-615-0003, 213-277-9291, 213-783-0001, 202-560-9944.
Time to put 1 & 2 together...
If your phone or line was bugged by this specific type of eavesdropping device, AND you called the sweep tone test number from your phone, you MIGHT be able to detect that you activated the bug. Most of the professional TSCM telephone testers of this era had sweep tone testers built into them. The party ended when the phone company migrated from analog to digital (SS7) switching beginning in the mid-to-late 1970s.
With digital switching the ringtone the caller hears is not coming from the phone, but rather from the phone company switch. There is no audio path to the phone until it is answered. So, trying to send a tone up the line before the phone is answered is futile. Some versions of the bug tried to overcome this death knell by letting the call be answered, and then sending the tone as the person was hanging up, thus its name, Keepalive.
Tip: If you have eavesdropping and wiretapping questions, please, contact a qualified specialist with a good reputation. There are plenty of us around. ~Kevin
P.S. Another phone number urban legend...
If you think your phone is tapped dial this # to find out: 101073217709889664
An automated voice will then repeat your phone number followed by an "8" then nine "0's" and a number. If the last number is 1, 2, or 3 your phone is NOT tapped if it is larger than 3 then you have a problem.
One of the answers this gentleman received, "http://800notes.com/Phone.aspx/1-202-543-9994" I visited the link and had a good laugh reading the posts.
From a non-technical perspective, just looking at it logically, the answer is obviously, NO. If there were a number, everyone would be using it and covert wiretapping would be impossible.
From a technical perspective the answer is obviously, NO. There are a multitude of ways to bug or wiretap phones, many of which do not affect the electrical characteristics of the phone.
- So, why does this urban legend persist?
- Is there a shred of truth in it?
- When did it start?
1. There was one telephone bugging device called the Telecommand, and its variants Infinity Transmitter and Harmonica Bug. Generally speaking, these were audio room bugs, which could either built into the phone or attached to the line somewhere near the phone. They were activated by a tone sent up the line by the eavesdropper.
2. The phone company, at the time, had test numbers used by their techs. One of these test numbers produced a sweeping tone from low frequency to high frequency. Back in the early 1970's some of the sweep tone numbers were 212-324-0707, 213-615-0003, 213-277-9291, 213-783-0001, 202-560-9944.
Time to put 1 & 2 together...
If your phone or line was bugged by this specific type of eavesdropping device, AND you called the sweep tone test number from your phone, you MIGHT be able to detect that you activated the bug. Most of the professional TSCM telephone testers of this era had sweep tone testers built into them. The party ended when the phone company migrated from analog to digital (SS7) switching beginning in the mid-to-late 1970s.
With digital switching the ringtone the caller hears is not coming from the phone, but rather from the phone company switch. There is no audio path to the phone until it is answered. So, trying to send a tone up the line before the phone is answered is futile. Some versions of the bug tried to overcome this death knell by letting the call be answered, and then sending the tone as the person was hanging up, thus its name, Keepalive.
Tip: If you have eavesdropping and wiretapping questions, please, contact a qualified specialist with a good reputation. There are plenty of us around. ~Kevin
P.S. Another phone number urban legend...
If you think your phone is tapped dial this # to find out: 101073217709889664
An automated voice will then repeat your phone number followed by an "8" then nine "0's" and a number. If the last number is 1, 2, or 3 your phone is NOT tapped if it is larger than 3 then you have a problem.
Monday, March 23, 2015
Union Claims Zoo Eavesdropped - Weasle Dance at 11
CA - Allegations that upper management at the San Francisco Zoo eavesdropped on employees using a radio communication system as a bugging device has union teamsters demanding the zoo uphold their employees' right to privacy.
According to Teamsters Local Union 856 representative Tim Jenkins, the San Francisco Zoo's executive director Tanya Peterson and its vice president of operations Robert Icard both have radios equipped with spyware giving them the capability to listen in on zoo employees' private conversations without their knowledge. more video
Viet Hong Spyware Brains Head to Court
Hanoi prosecutors said they will take seven people of a technology firm to court for developing and selling a mobile application that allowed users to spy on more than 14,000 phones from 2013 to 2014.
Viet Hong Technology Company’s Deputy Director Nguyen Viet Hung and six employees will stand trial on charges of “illegally using information gained from computer, internet and telecommunication networks.”
The crime is punishable by a jail term of up seven years and an additional fine of up to VND200 million (US$9,300).
According to the case file, Hung, 41, hired Le Thanh Lam to write the spying app called “Ptracker”. more
Viet Hong Technology Company’s Deputy Director Nguyen Viet Hung and six employees will stand trial on charges of “illegally using information gained from computer, internet and telecommunication networks.”
The crime is punishable by a jail term of up seven years and an additional fine of up to VND200 million (US$9,300).
According to the case file, Hung, 41, hired Le Thanh Lam to write the spying app called “Ptracker”. more
Florida Working on a Drone Law
FL - A law that would make it illegal to use a drone to spy on your family is moving through the Florida Legislature right now.
Under the proposed law, the government and police would be forbidden from using drones for surveillance, and so would everyday people like your neighbors.
The ban would only apply to private property and only to places where someone has "a reasonable expectation of privacy." more
Under the proposed law, the government and police would be forbidden from using drones for surveillance, and so would everyday people like your neighbors.
The ban would only apply to private property and only to places where someone has "a reasonable expectation of privacy." more
Security Director Alert - Cisco VoIP Phone Eavesdropping Vulnerability
Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones.
Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is working on a new version of the firmware to fix the bugs.
“A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” Cisco said in its advisory.
“The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”
...The fix for the bug is not yet available, but Cisco said it is preparing one. more
“A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone,” Cisco said in its advisory.
“The vulnerability is due to improper authentication settings in the default configuration. An attacker could exploit this vulnerability by sending a crafted XML request to the affected device. An exploit could allow the attacker to listen to a remote audio stream or make phone calls remotely.”
...The fix for the bug is not yet available, but Cisco said it is preparing one. more
Labels:
advice,
business,
eavesdropping,
Hack,
telephone,
VoIP,
wiretapping
CSIS Sends 6-year-old Boy Tips on How to Become a Spy
Canada - When six-year-old Jacob St. Jean found out that secret agents weren't just the stuff of stories, he asked his mom, Erin, to help him track down some real spies.
The pair wrote a letter to CSIS, asking if Canada's spy agency would set up a club for kids.
For four months, Jacob checked the mail daily, only to be disappointed...
Then, earlier this week, Jacob received a mysterious package in the mail — and an apology for the delayed response — from the B.C. regional director of CSIS. more
The pair wrote a letter to CSIS, asking if Canada's spy agency would set up a club for kids.
For four months, Jacob checked the mail daily, only to be disappointed...
Then, earlier this week, Jacob received a mysterious package in the mail — and an apology for the delayed response — from the B.C. regional director of CSIS. more
Thursday, March 19, 2015
Security Director Alert - iPhone Password Crack
via... blog.mdsec.co.uk
We recently became aware of a device known as an IP Box that was being used in the phone repair markets to bruteforce the iOS screenlock. This obviously has huge security implications and naturally it was something we wanted to investigate and validate. For as little as £200 we were able to acquire one of these devices and put it to work.
Although we’re still analyzing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially bruteforces every possible PIN combination. That in itself is not unsurprising and has been known for some time. What is surprising however is that this still works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN.
...our advice to all is ensure you have a sufficiently complex password applied to your device rather than a PIN. more
We recently became aware of a device known as an IP Box that was being used in the phone repair markets to bruteforce the iOS screenlock. This obviously has huge security implications and naturally it was something we wanted to investigate and validate. For as little as £200 we were able to acquire one of these devices and put it to work.
Although we’re still analyzing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially bruteforces every possible PIN combination. That in itself is not unsurprising and has been known for some time. What is surprising however is that this still works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN.
...our advice to all is ensure you have a sufficiently complex password applied to your device rather than a PIN. more
Wednesday, March 18, 2015
NYPD Blue IT
NYC - A rogue auxiliary cop hacked into an NYPD database for confidential information about traffic accidents, then contacted the victims posing as an ambulance-chasing lawyer, federal authorities said Tuesday.
Yehuda Katz devised an elaborate scheme inside the 70th Precinct station house in Flatbush, Brooklyn, where he was not only able to access law enforcement databases from a remote location, but also installed a hidden camera in a cable TV box in the traffic safety office to make sure he wouldn’t be found out...
Investigators found an electronic device connected to the computer had been logging into the NYPD database using the passwords of three cops on their days off.
The surveillance camera had the capability to broadcast a live image of the office to the Internet. Investigators suspect Katz would activate the device from a remote location to make sure no one was using the computer so he could log into the database. more
"Mr. Katz will see you, as soon as you put on this neck brace." |
Investigators found an electronic device connected to the computer had been logging into the NYPD database using the passwords of three cops on their days off.
The surveillance camera had the capability to broadcast a live image of the office to the Internet. Investigators suspect Katz would activate the device from a remote location to make sure no one was using the computer so he could log into the database. more
Subscribe to:
Posts (Atom)