Wednesday, May 13, 2015

New Protection Against Commjacking (Wi-Fi & Cellular)

An Israel-based cyber security software company, CoroNet, announced on Tuesday the launch of a breakthrough product addressing the fastest growing cyber threat worldwide -- cellular and Wi-Fi hacking or “commjacking.” Commjacking involves an attacker hijacking a communication channel between any device and the WiFi network or cellular tower to which it is connected. CoroNet is launching a new software service that that detects and evades commjacking on networks, in real-time, making any device resilient to the attack...

“Equipment used for commjacking used to be only in government domains because it cost some $2.5 million and was very large,” said Liwer. “Now, equipment which used to require a whole van to transport fits into a 13-inch laptop bag and costs between $29 and $1500 dollars for cellular or Wi-Fi.”



Cellular hacking stations or IMSI Catchers are now the size of a 13-inch lap top, making it cheap and convenient to access. (Reuters)

It happens like this. Cell phones are designed to look for the closest and best cellular connection on their particular network and then automatically connect to it. The cell phone doesn’t ask your permission to connect to that tower because its job, fundamentally, is to ensure you have the best possible service you can get wherever you are.

By setting up a “fake” tower (that 13-inch laptop sized hardware we mentioned before) the attacker can force any nearby smartphones or cellular devices to join his network. The hacker then has the ability to see and collect all the data flowing to and from your device as it travels to the real cellular tower. The tools are so efficient there’s no lag in transmission at all, and victims won’t even notice they’ve been attacked.

“This is a completely unprotected backdoor,” Liwer said, “And it’s unprotected because any research on protection against this has been suppressed by governments around the world who enjoyed having that backdoor. They never imagined this technology would leak into the hands of the wrong people. But now it leaves the majority of the population completely defenseless.”

According to Liwer, there are two main types of attackers who use these cell phone spying tools: Members of organized crime and tactical targeted attackers.

The first kinds of attackers have the goal of gathering as much data as they possibly can...

The other kinds of attackers are known as tactical targeted attackers. These are attackers who are employed to conduct corporate or government espionage. These attackers are hoping to gather very specific kinds of data. Often times the data has been encrypted, for example via a VPN, and so the attacker will seek to disable that encryption method, forcing the target to use less secure means of transmitting information. If the target can’t be forced to use a less secure methods, however, the attacker can still gather that encrypted data and with a little time and effort decrypt it.

“Encryption works on keys,” said Liwer “and in order to get encryption keys all you need is computing power and time … in the last two years the cost of computing went down dramatically. An attacker can have a super computer working for him on Amazon servers for pennies per minute. If the information is important enough to him, he will be able to get it.”

In light of these attacks, Liwer and the team at CoroNet have been working on a groundbreaking new solution they hope will help close the gaping backdoor in our cellular communications. The software service CoroNet is launching has the ability to detect commjackers in the network and route data and voice around the attacker to safe network nodes, so that the device will not be able to connect to the malicious network.

“Think of CoroNet as a sonar,” Liwer said, “and the networks, both cellular and Wi-Fi, around your device as the ocean. Using about 300 different parameters we are able to construct an image of the network outside of your device, identify anomalies in the network behavior and mark those anomalies as hostile or non-hostile,” said Liwer.

 

CoroNet's new software service detects and evades cellular commjack attacks, helping users stay safe. CoroNet

Using a complex algorithmic system, CoroNet’s software examines network behavior over time and identifies patterns attackers execute to lure devices into their network or disturb the network around in general.

“We can’t see the cellular and Wi-Fi networks surrounding us, but they are a physical thing,” said Liwer, in which attackers leave their “footprints.”



CoroNet real time threat map. more

Weatherwoman Damned as a Spy

In October 2014, we heard an odd story about a National Weather Service employee in Ohio:
the FBI announced that Xiafen “Sherry” Chen, a 59-year-old hydrologist at the Wilmington, Ohio, Weather Service office, was arrested — handcuffed and escorted out of the building — for charges that ultimately amounted to spying for China.

Except, it turns out, she wasn’t a spy... more sing-a-long

New Spy Briefcase Tracks Itself... and much more

The iMbrief is designed to function as a mobile office and is aimed at being fashionable, secure and versatile. First thing's first, of course, it provides users with a means of storing and transporting documents securely, with an LED light inside to illuminate the contents.

• Access to the iMbrief is via a fingerprint scanner or the accompanying mobile app.
• It has a Kensington lock slot.
• A siren to warn users of any unauthorized access attempts and to scare thieves.
• An SD card slot for internal data storage.
• A Wi-Fi SD card allows data to be accessed wirelessly.
• Mobile devices can be charged both internally and externally (four USB charging ports in total)
• A GPS sensor allows the location of the iMbrief to be tracked.
• Can be use to play music and calendar appointments via its built-in Bluetooth speakers.
• The speaker is used as the security siren as well.

The case is charged via a USB port and takes around two hours for a full charge of the 5,000 mAh primary battery. A full charge can apparently last for over a month if only the fingerprint scanner is being used, but if it runs out of power, it must be charged before it can be opened again.


The briefcase has an aluminum-alloy shell and is will be offered in grey, black and burgundy if it reaches the market (December or January). It weighs around 4 lb (1.8 kg) and measures 450 x 330 x 95 mm (17.7 x 13 x 3.7 in). It is available with a detachable shoulder strap. more

I'm in!

Monday, May 4, 2015

Spy Babe - Computer Harpie or Siren - You Decide

Canada - A Quebec woman is facing criminal charges for allegedly taking over people's computers remotely, spying on them through their web cameras and harassing them through their computer speakers. 

Valérie Gignac, 27, was released on bail today on the condition that she not use a computer or have access to the internet...

Investigators allege the suspect used malicious software to spy on people through their web cameras.

Police also say Gignac eavesdropped on private conversations, communicated with victims through their computer speakers and logged onto extreme pornography websites...

Investigators believe the victims included children in Canada and abroad, and say there could be more victims.

They also say Gignac is the owner of an online hacking forum that has 35,000 users worldwide. more sing-a-long

Politico's Son Complains About Being Tapped... While Being Tapped

NY - A powerful New York State legislative leader was allegedly recorded complaining about his calls being recorded — while his conversation was being recorded.

Majority Leader Dean Skelos (R) and his son, Adam Skelos, were arrested Monday on federal corruption charges. US Attorney Preet Bharara accused them of a orchestrating a scheme that led to Adam Skelos getting a job in exchange for government sewer contracts and other favors...

According to the complaint, Adam Skelos was caught in an "intercepted call" telling his father it was unfortunate he couldn't get any "real advice" because "you can't talk normally because it's like f---ing Preet Bharara is listening to every f---ing phone call. It's just f---ing frustrating." more sing-a-long

Current King of the Voyeur Jungle - Pleads Not Guilty - Judge Says Stop, Lyon

CA - Disgraced Sacramento real estate mogul Michael Lyon was back in court Monday... after being released from jail last month...

His hearing was postponed to May 18 in Sacramento Superior Court on 16 felony counts of electronic eavesdropping that expose him to potentially more time behind bars.

When he was released April 1, Lyon, 59, the former chief executive officer of Lyon Real Estate, had served six months for violating the terms of a plea agreement his lawyer worked out with the District Attorney’s Office in 2011. During that arrest last year, prosecutors allege, investigators discovered methamphetamine and other drugs in his home and seized electronic equipment that they analyzed in preparing the latest eavesdropping charges.

The new case follows a similar set of charges brought against Lyon in 2010, in which he was accused of secretly videotaping his interactions with prostitutes and making surreptitious recordings of friends and employees in bathrooms and elsewhere. He pleaded guilty...

Prosecutors now allege that he continued the illicit recordings, despite repeated warnings from the court that he stop. The new complaint alleges that the 16 counts took place on 14 separate dates with eight different unnamed victims between Jan. 15, 2014, and Sept. 27, 2014.

Lyon has pleaded not guilty.

When he was released last month, Sacramento Superior Court Judge Ben Davidian told him he could have “no cameras of any kind” in his possession, including a cellphone camera. more

Sunday, May 3, 2015

Kolon Blows $360 Million Down the Crapper - DuPont Still Bullet-Proof

Kolon Industries Inc. admitted conspiring to steal DuPont Co.’s Kevlar trade secrets 
as a U.S. judge signed off on its plea agreement and $360 million penalty...

“There’s no doubt this case involves brazen and blatant conduct,” U.S. District Judge Anthony Trenga said before accepting the company’s guilty plea. Trenga said he was particularly troubled by Kolon employees destroying documents after DuPont sued in 2009.

The charges were initially filed against Gyeonggi, South Korea-based Kolon Industries Inc., which split into two public companies in 2010, Kolon Industries and Kolon Corp. The theft of secrets occurred before the split.

Kolon’s guilty plea also covered attempts to steal trade secrets from a second company, Tokyo-based Teijin Ltd. more

Airbus'ed by Spies

Airbus on Thursday said it would file a criminal complaint against unknown parties after German media reports of the company having been the target of industrial espionage by the U.S. ...
German newspaper Bild reported earlier this week that the National Security Agency spied or sought to spy on Airbus and other companies and that the German government had known about it for several years. more

Edinburgh Spy Week

Edinburgh Spy Week: Fictions of Espionage will run again in May 2015 with a whole new range of talks, films and events that explore the world of espionage in literature and film.

Highlights include:
  • May 19th - An Evening with Graham Greene at the National Library of Scotland.
  • May 22nd - James Robertson, ‘The Blanket of the Dark: Secrets, Truth and Lies in Real and Imagined Scotland’.
  • May 22nd - Publish your own spy fiction! A workshop with Tim Stevens.
  • May 23rd - ‘Secrecy and the Modern World’: a day of talks and discussions at the University of Edinburgh. Speakers include Kieron O’ Hara and Charles Cumming.
  • Throughout the week: A series of Greene adaptations at the Edinburgh Filmhouse.
For more information on the week, including a full programme of events and details on how to book a place, visit the website at: www.spyweek.llc.ed.ac.uk

Wednesday, April 29, 2015

Who's Behind Those Ray Bans

ACLU - The map below tracks what we know, based on press reports and publicly available documents, about the use of stingray tracking devices by state and local police departments. 

Following the map is a list of the federal law enforcement agencies known to use the technology throughout the United States. The ACLU has identified 51 agencies in 21 states and the District of Columbia that own stingrays, but because many agencies continue to shroud their purchase and use of stingrays in secrecy, this map dramatically under represents the actual use of stingrays by law enforcement agencies nationwide.


Stingrays, also known as "cell site simulators" or "IMSI catchers," are invasive cell phone surveillance devices that mimic cell phone towers and send out signals to trick cell phones in the area into transmitting their locations and identifying information. When used to track a suspect's cell phone, they also gather information about the phones of countless bystanders who happen to be nearby. Click here for more info on stingrays.

It's Just Not Cricket

India
Former Board of Control for Cricket in India (BCCI) chief N Srinivasan allegedly hired the services of a London firm to spy on BCCI officials, The Times of India reports...

According to reports, Srinivasan paid Rs 14 crore of BCCI's money to spy on his fellow board members and asked them to tap their phones and track their e-mails. It is expected that BCCI will investigate this matter further lead by new secretary Anurag Thakur. more "It's just not cricket"

Bugging Concerns Prompt City Hall TSCM Sweep

UK - Council chiefs were forced to pay a specialist security firm to “sweep” for electronic recording devices after an ex-councillor hinted the council house had been bugged...

It is understood the un-named company carried out a sweep of the council house at some stage in the past month, but no such electronic items were found.

A spokesman for Plymouth City Council said: “We received a communication that suggested recording devices may have been installed in the council house.

Given the highly confidential nature of some of the meetings held in the building, which include those about the safeguarding of vulnerable children, we had a duty to look into it and had the building checked.  more

Student Uses Keystroke Logger to Change Grades - Fail & Jail

UK - Student uses a keyboard spying device to hack the computer of Birmingham University to up his own grades and has been sentenced for 4 months of jail.

A final year student was found guilty of hacking the university computers to change his marks and to increase his overall final year grades has been sentenced by the court for a 4 months of jail.

Imran Uddin, a 25 year old student of Bio Science, at the University of Birmingham hacked the university computers by using “keyboard spying device”. This device resembles a USB stick and can be purchased from the internet sites for as low as £49. Mr. Uddin had bought these equipments from online website ebay and implanted them on a number of computers in the university where he was studying. more cue the cat

The Rayney Wiretap Trial Continues

Lloyd Rayney phone-tapping trial: Fingerprints on roof manhole match alleged installer of bugging equipment.

Australia - Two fingerprints on a manhole cover* from the home of Lloyd Rayney matched those of the man he is alleged to have paid to install phone-bugging equipment, a police officer has told the District Court in Perth.

Senior Constable Damian Sheridan was testifying at the trial of Mr Rayney on two charges of aiding, abetting or procuring the interception of the landline telephone at his family's home over two periods in 2007, before the death of his wife Corryn. more *The cover plate for an in-wall wiring junction box.

Monday, April 13, 2015

Beauty Queen Sues In-Laws For Bugging Bedroom

A former Turkish beauty queen has sued her former in-laws for bugging her bedroom with the help of her ex-husband, according to a local media report.

Sinem SĂĽlĂĽn, who was crowned Miss Model Turkey in 2005 and was runner-up at Miss Turkey-Universe in 2007, divorced her husband Mustafa YĂĽksel last month. She was awarded 200,000 Turkish Liras in compensation and 2,500 liras as a monthly alimony after the divorce.

Daily Milliyet reported on April 1 that the divorce case led to a fierce argument between the two sides, after SĂĽlĂĽn claimed that her husband and his parents had illegally wiretapped their private conversations by bugging a power socket in their bedroom.

The 5th Criminal Court of Peace recently ruled for the trial of businessman YĂĽksel and his parents on charges of illegally recording a private conversation, the report said. more