Wednesday, August 5, 2015

How Your Washing Machine Can Steal Computer Files

(Leave it to CNN to come up with such a misleading lede and headline.)


Imagine hackers stealing top secret files from a military base. Except they don't need the Internet to pull data out of the facility's computers. Instead, they can just infect an office printer and -- with software alone -- turn it into a radio.

This sounds like sci-fi, but it's now possible. Security researchers at a Manhattan startup have discovered how to make any modern device -- printer, washing machine, air conditioner -- broadcast invisible, inaudible signals for miles.

That's a game changer -- and a huge step forward for hackers...

Last week, the team at Red Balloon Security demonstrated how it works to several news reporters.

They infected a Pantum laser printer and toyed with its circuits, making it do something it was never meant to. By quickly switching a chip's energy output back and forth, the printer emits electromagnetic radiation. more

TEMPEST re-packaged.
Note to clients... Please don't worry. We can easily detect this.

Monday, August 3, 2015

No Time for Spycam'er - Video Voyeurism Victims Pissed

Kevin Thomas Roy worked on the production crews of some of Hollywood’s biggest movies,

including the “Lone Ranger,” “Transcendence” and “Pirates of the Caribbean: On Stranger Tides.” But it was the filming he was doing in secret that landed him in trouble with law enforcement, according to court documents.

Roy’s computer hard drives contained more than 40 videos and 400 photographs capturing unsuspecting women showering or changing in private areas, on film sets and at shopping centers, according to a search warrant affidavit.

Roy, a Los Angeles County district attorney’s investigator wrote, appeared to be a “prolific collector and producer of voyeuristic matter” with a “voracious appetite and affinity for videos ... depicting women in bathrooms, dressing rooms and other places of privacy.”

As part of a deal with Los Angeles prosecutors, the district attorney’s office said, Roy pleaded no contest June 26 to a single misdemeanor charge of unauthorized invasion of privacy. He was sentenced to three years of probation and required to undergo 52 weeks of sex offender counseling in Georgia, where he now lives.

“It’s an awful feeling knowing that you’re a victim of such a sneaky, disgusting crime, and it is as though the law isn’t protecting us or any other women out there,” said Donna Unsinn, who was identified in the search warrant as being shown in some of the images.

A district attorney’s spokesman declined to respond to the criticism, saying the office’s investigation into Roy is ongoing. Roy, 38, and his attorney did not return calls seeking comment. more

Down Under News - Spy Camera Found in Toilet at Shopping Center

Australia - Detectives are investigating how a small camera came to be hidden inside a smoke alarm in a public toilet at a suburban Perth shopping centre.

Its discovery by a worker, understood to be an electrician, on Friday prompted management at Belmont Forum to conduct a “thorough sweep” of all its facilities to ensure there were no other devices.

WA Police are examining the contents on the camera.

A man posted on Facebook on Friday that he was working at Belmont Forum and when he went to the toilet he noticed the smoke alarm flashing. He said he pulled the smoke alarm cover off the ceiling and found a cordless camera inside.

The man said the discovery made him feel sick. He urged people to be vigilant about anything “dodgy” and to check for “domestic battery-operated smoke alarms” in public toilets.

Images posted on Facebook of what looks like a hidden camera, discovered in a smoke detector.

A spokeswoman for Belmont Forum said: “The device was immediately handed into centre management and subsequently turned over to WA Police.

“Belmont Forum is assisting WA Police with the investigation and has conducted a thorough sweep of all the facilities in the shopping centre. No further devices have been found.” more 

Interesting... This is the same camera I featured in the Basic Cameras chapter of my on-line Spycam Detection training course. Even more interesting... the camera also transmits a wireless signal directly to a smartphone. You can preview the Basic Cameras chapter for FREE. https://www.udemy.com/spycam-detection/ (scroll down to Basic Cameras)

New Ultra Low Light Level Camera for Investigators... named Amos Burke

Ever been poking around in low-light with your camera and thought, "you know what, I could really do with an extra few million ISO"? To be honest, neither have we because such a light-sensitivity would be ludicrous for most users.

Well, that hasn't stopped the folks at Canon stepping things up in a big way with its full-frame ME20F-SH, a 4,000,000 ISO HD video camera that seems sure to bring the noise.

The seeds were sewn for Canon's new shooter in 2013, when the company announced the development of a new 35 mm full-frame CMOS sensor specifically for filming in poorly lit environments. This sensor has now found its way into a cubed-shaped 4 x 4.5 x 4.4 in (10.2 x 11.4 x 11.2 cm) body that weighs approximately 2.4 lb (1.1 kg) and features an EF mount for compatibility with the Canon's interchangeable EF glass...

The result is, Canon says in lieu of sample footage, the capture of low-noise, color, Full-HD video of subjects with a minimum illumination of less than 0.0005 lux. For reference, a crescent moon is about 0.3 lux. Infrared illumination has made it possible to capture such dim environments previously, but only in black and white. more

Suggested retail price: US$30,000

Great On-Line Movie - Dr Megavolt: from Geek to Superhero - Pay What You Want to See It

For 30 days, pay what you want is on!
Buy Dr Megavolt: From Geek to Superhero the feature documentary for as little as...

But, please, don't be too cheap. It cost him a lot of money to give you these visual thrills.

Run time 72 minutes.

Saturday, August 1, 2015

Interesting Case - Two Lawyers Face Felony Wiretap Charges.

Pennsylvania Attorney General Kathleen Kane filed criminal charges against two Pennsylvania lawyers alleging violations of the Pennsylvania Wiretapping and Electronic Surveillance Control Act, 18 Pa. C.S.A. §§ 5701, et seq. (“Wiretap Act”).

Both lawyers are facing two felony counts under the Wiretap Act, and the charges arise from allegedly using illegally-obtained recordings in court proceedings. More specifically, charges against attorney Stanley T. Booker arise from his alleged use of a recorded telephone call (between his client and the victim of a robbery) during his cross-examination of a witness during a preliminary hearing. Attorney Gerald V. Benyo, Jr., allegedly attached a transcript of an unlawfully recorded call when he filed a motion for an evidentiary hearing. Both attorneys questioned why the Attorney General “would press charges,” but an Attorney General spokesperson stated: “Given all the new technology that is available today, we are aware that there may be more opportunities for potential violations of these laws. We are prepared to act when the situation warrants prosecution.” However, the Pennsylvania Supreme Court’s 2014 decision, Commonwealth v. Spence, which held that telephones are expressly exempt from the devices prohibited by the Wiretap Act, could be a challenge to the Attorney General’s prosecution of these cases. more

Ratters: Hackers spying through computer microphones, webcams

A new report says hackers can take remote control of a computer and not only steal passwords and credit card numbers, but also listen through the microphone and watch through the webcam.

The hackers, known as ratters, can then post that information online with advertising.

It’s done by Remote Access Trojans, or RATs. According to the Digital Citizens’ Alliance, they are a growing threat to innocent people...

Benson shared a few tips to help computer users protect themselves:
  • Cover a webcam when it’s not in use
  • Update the computer’s operating system and make sure its anti-virus software and firewalls are up to date
  • Beware of suspicious links 
more


Kevin's Spybusters Tip #834: Blind Ratters with this.

Guy Shoots Drone To Smithereens For Spying On Sunbathing Daughter

William Merideth was arrested and charged with criminal mischief and wanton endangerment Sunday evening after shooting down an $1800 drone he claims was spying on his teenage daughter sunbathing in Hillview, KY.

“My daughter comes in and says, ‘Dad, there’s a drone out here flying,’ ” William H. Merideth told WDRB, Tuesday.

“I came out and it was down by the neighbor’s house, about 10 feet off the ground, looking under their canopy … in their back yard," Merideth said. "I went and got my shotgun and I said, ‘I’m not going to do anything unless it’s directly over my property … Within a minute or so, here it came … hovering over top of my property, and I shot it out of the sky."

Soon after Merideth shot the drone, four men showed up at his door “looking for a fight” and asked Merideth if he was “the son of a bitch that shot my drone.”



Merideth, with a 10mm Glock holstered on his hip, confirmed he had shot down the drone and told his accuser "if you cross that sidewalk onto my property, there’s going to be another shooting."
The men left, but soon after the police arrived and arrested Merideth. Though Ars Technica reports that law enforcement officials allegedly told Merideth they agreed with his actions, he was being charged due to an ordinance against discharging firearms in the city.

Though Merideth was disappointed in the law enforcement’s response to the situation, he feels “confident” his charges will be reduced or dismissed entirely. more

Thursday, July 23, 2015

Do the Butt Dial Blues, You Lose

The Sixth Circuit Court of Appeals has ruled that if you accidentally call someone and don't take reasonable steps to prevent it, you don’t have an expectation of privacy if that person listens in. more

Want to Shoot Down Your Neighbor's Drone? Think twice.

Before you decide to shoot that drone out of your backyard, there are a few important things you need to know. 

First of all, damaging any flying robot is a federal crime. It doesn’t matter if it’s crashing your pool party or watching you in your skivvies through the skylight in your master bath.

“In my ​legal opinion,” says Peter Sachs, a Connecticut attorney and publisher of Drone Law Journal, “it is never okay to shoot at a drone, shoot down a drone​,​ or otherwise damage, destroy​ or disable ​a drone, ​or attempt to ​do so. ​Doing so is a federal crime.​”...

It sounds like a cyberpunk, apocalyptic scenario, but if you ever found yourself in a situation where a drone is not only trespassing on your property, but is intentionally trying to harm you, then you can probably shoot it down. But this is only if the drone is swooping and trying to ram itself into you, or was outfitted with some (illegal) ammo of its own and started opening fire.  more

Wednesday, July 22, 2015

Spycam News - Rhino Spy Cameras to Help Crackdown on Poachers

Rhinos being hunted by poachers have received a new boost thanks to a British-designed spy camera and GPS system that can be implanted in their horns.

Experts hope the technology, which also includes a heart-rate monitor that triggers an alarm if a rhino is shot, could help turn the tables on poachers.

Park rangers will be helicoptered to the scene within minutes of an alarm, guided by the GPS, giving poachers no time to escape.

The video footage captured on the horn camera can then be used as evidence to secure a conviction. more

Spycam News - Planned Parenthood Pinged

Anti-abortion activists on Tuesday released a second undercover video aimed at discrediting Planned Parenthood's procedures for providing fetal tissue to researchers.

The video shows a woman identified as Dr. Mary Gatter, a Planned Parenthood medical director in California, meeting with people posing as potential buyers of intact fetal specimens. Much of the conversation on the video deals with how much money the buyers should pay. more

SPY Act - Senate Bill To Lock Hackers Out Of Connected Cars

As reporter Andy Greenberg recently detailed in Wired, hackers were able to remotely disable a Jeep while he was driving it. In a country where car ownership and the freedom of the open road are closely tied to individual and national identity, losing control over any vehicle you're driving is a nightmarish scenario.

Connecting more devices and vehicles to the Internet has immense economic potential but carries both security and privacy risks. The number of ways cars and trucks can be hacked has grown quickly, as automakers roll out new vehicles more screens and navigation, entertainment and communications systems in response to consumer demand.

Concern about the lack of security in vehicles led Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) to introduce on Tuesday the Security and Privacy in Your Car Act, or the "SPY Act," which would require automobile manufacturers to build IT security standards into connected cars. more

Friday, July 17, 2015

How IT Can Spy on Your Smartphone

So what can your employer see about you on your smartphone if you let IT manage that device through an MDM tool?

On an iPhone or iPad, Apple's iOS restricts IT's visibility, so your private data stays private....in iOS IT can see only your full list of apps. If you give IT permission, it can see your location. Respondents' other sensitive areas are shielded: personal email, personal contacts, texts, voicemails, phone and Internet usage details, and data stored in apps.

IT can see anything in your corporate email, contacts, and calendar since it manages those servers, and it can see your Web activities conducted on its network since it can snoop that traffic.

...IT can see what apps you have installed (not only those deployed by IT), your battery level, your storage capacity and amount used, your phone number and its hardware ID (called an IMEI), your carrier and country, and your device's model and OS version. Plus, if you give IT permission to do so, it can track your location (iOS forces apps and websites to ask for your permission first, so they can't do it secretly).

Android shields almost as much as iOS does, but IT can change that... The default situation for Android users is slightly less private than for iOS users. The big difference involves location information access. iOS asks you when an app first requests access, and it lets you revoke the access at any time in the Settings app. Android asks when you install an app and does not let you revoke the permissions later; however, the forthcoming Android M changes that, working like iOS. more

What you want kept private, and where mobile devices oblige...

Device information All adults' discomfort in IT seeing Young adults' discomfort in IT seeing iOS shields from IT Android shields from IT
Personal email 78% 66% Yes Yes
Personal contacts 75% 63% Yes Yes
Texts and instant messages 74% 62% Yes Yes [2]
Voicemails 71% 63% Yes Yes [2]
Phone and Internet usage details 69% 59% Yes Yes 
Information stored in mobile apps 71% 60% Yes [1] Yes [1]
List of all installed apps 67% 57% No No
Location 66% 57% User decides User decides [3]
Source: MobileIron
[1] Except data sent to corporate servers from apps
[2] Apps can access this data, so IT could monitor it if desired through an app
[3] At install only in Android 4 and earlier

Wednesday, July 15, 2015

iPhones Can be Infected with SpyWare Without Jailbreaking... and what you can do about it.

via lookout.com
The security world exploded with the news that Hacking Team, a vendor of Italian spyware — software that captures Skype, message, location, social media, audio, visual, and more data, and is marketed as “stealth” and “untraceable” — was hacked…
 
When it comes to iOS, public reports to-date have claimed that the Hacking Team spyware can only infect jailbroken iOS devices… this is not the case.

While Apple does an admirable job protecting users from most malicious software, the fact is that non-jailbroken devices can be infected with Hacking Team’s spyware too…

For its part, Apple created security warnings to inform users before they install apps from outside the App Store. The challenge, however, is that recent research states that people are getting increasingly conditioned to ignore these security warnings.

Here’s what the warning looks like when Hacking Team’s fake Newsstand app is installed on a non-jailbroken iPhone:

pasted image 0


Once a user clicks “trust,” the app is fully functional on the non-jailbroken iPhone…

So what can you do about it? 
First off, don’t freak out. Chances are, you do not have Hacking Team’s surveillanceware on your device. To check for this specific instance of Hacking Team’s surveillanceware you can:

Check iOS Settings for any apps with an empty name.
Screen Shot 2015-07-10 at 12.06.17 PM
  • Check iOS Settings -> General -> Keyboard -> Keyboards to make sure that only keyboards you have installed are set up on your device.
Screen Shot 2015-07-10 at 12.06.47 PM
And, here are some general tips for staying safe:
  • Keep a passcode on your phone. A lot of spyware sold on the market requires that the attacker have physical access to the target device to install the software. Putting a passcode on your phone makes it that much harder for them.
  • Don’t download apps from third party marketplaces or links online. Spyware is also distributed through these means. Only download from official and vetted marketplaces such as the Apple App Store and Google Play.
  • Don’t jailbreak your device unless you really know what you’re doing. Because jailbroken iOS devices are inherently less protected, they are more vulnerable to attack when security protection measures aren’t properly enabled.
  • Download a security app that can stop attacks before they do harm. Lookout does this, but if you’re not a Lookout user, ask your security provider if they detect Hacking Team and other forms of spyware.