The scary version...
A massive security hole in modern telecommunications is exposing billions of mobile phone users in the world to covert theft of their data, bugging of their voice calls, and geo-tracking of their location from by hackers, fraudsters, rogue governments and unscrupulous commercial operators using hundreds of online portals across the planet.
In a world-first, 60 Minutes has proven the worst nightmares of privacy advocates around the world: that mobile phone calls and data are wide open to interception because of flaws in the architecture of the signalling system – known as SS7 - used to enable mobile phone roaming across telecommunications providers. Despite this concern, the Australian Government’s own Cyber Security Threat Report, published in June, makes no mention of what is probably the biggest threat to this country’s commercial secrets and individual privacy.
60 Minutes’ story shows how German hackers working from Berlin, given legal access to SS7 for the purposes of the demonstration, were able to intercept and record a mobile phone conversation between 60 Minutes reporter Ross Coulthart while he was speaking from Germany to Independent Australian Senator Nick Xenophon in Australia’s Parliament House. As further proof of the hack, Coulthart then made another phone call from London, England, to the Senator in Australia which the Berlin hackers were also able to intercept and record, even though they were in Germany 1000 kilometres distant. The Berlin hackers from SR Labs, who first warned of the vulnerability in SS7 in 2008, were also able to intercept and read the Senator’s SMS’ from Australia to Coulthart in London. The hackers were also then able to geo-track the Senator as he travelled to Japan on official business, mapping his movements around Tokyo and Narita down to the nearest cell tower (within a few hundred metres), and later precisely tracking around the streets of his South Australian home suburb when he returned to Australia.
The demonstration also shows how the key fraud protection relied on by banks to protect banking transactions from fraud – verification by SMS message – is useless against a determined hacker with access to the SS7 portal because they can intercept and use the SMS code before it gets to the bank customer. The same technique can also be used to take over someone’s online email account. The call-forwarding capacity of SS7 also allows any mobile to be forcibly redirected to call hugely expensive premium numbers, the cost of which is then billed to that customer’s account. SS7 also allows any number to be blocked, raising the fearful possibility that the vulnerability could be used by criminals or terrorists to stop a victim from calling police or emergency services. Cellular telephony is also used to remotely manage large industrial equipment, to send instructions to gas, electricity and other utililities and factories over 2G and 3G mobile communications. It is not inconceivable that an SS7 hack could be used to change settings or shut down a power station. more
The counterpoint version...
If you own a mobile phone, “you can be bugged, tracked and hacked from anywhere in the world”. That was the throughline of a particularly problematic story on the 60 Minutes program last night. It’s now being hailed as “the end of privacy” for all Australians, but let me assure you, that moment passed a long time ago.
“How it has been done, has never been shown before”, claimed the 20-minute report which demonstrated how a vulnerability in a global forwarding network can be “hijacked” to listen in on a user’s calls and text messages in real time.
After a lot of teasing and set-up, the report eventually took us to a basement in Germany, where security researcher Luca Melette demonstrated how he could intercept a phone call between the reporter and Australian Senator Nick Xenophon. Luca was able to intercept the call (if we’re to believe that there wasn’t any camera trickery going on), as well as a text message sent between the pair. Big drums. The hack has been reveeeeeeealed. more
Thursday, August 20, 2015
Wednesday, August 19, 2015
Security Director Alert - NLRB Bans Blanket Confidentiality Policies for Workplace Investigations
It is common practice for employers to prohibit their employees from discussing ongoing workplace investigations.
Many employers believe that this restriction is necessary to ensure the integrity and fairness of investigations involving employee misconduct. As a result, employers often have policies that require confidentiality in all workplace investigations.
According to a 2015 decision by the National Labor Relations Board (NLRB), these policies are illegal. The decision, known as Banner Estrella, states that employers cannot enforce a blanket policy requiring confidentiality during workplace investigations. Because of this decision, many employers will need to update their policies and human resources (HR) practices. more
Many employers believe that this restriction is necessary to ensure the integrity and fairness of investigations involving employee misconduct. As a result, employers often have policies that require confidentiality in all workplace investigations.
According to a 2015 decision by the National Labor Relations Board (NLRB), these policies are illegal. The decision, known as Banner Estrella, states that employers cannot enforce a blanket policy requiring confidentiality during workplace investigations. Because of this decision, many employers will need to update their policies and human resources (HR) practices. more
Priest Fleas After Spycam Discovered in Chuch Bathroom
OR - Father Ysrael Bien logged on to a spy-gear website and paid $295 for the hidden camera that was discovered last spring in a Sherwood church bathroom, according to information turned over to police this week.
The camera, designed to look like an electrical outlet, came from the online retailer SpyGuy Security based in Dallas, Texas. Police served a search warrant for transaction records there Monday after the business tipped them off.
A Washington County judge signed a warrant Tuesday for Bien's arrest on misdemeanor charges of invasion of privacy, tampering with evidence and initiating a false report, but police think the priest may not be in the U.S.
They did not find him at his last known address in Sherwood. Another priest there told them that Bien had left the country....
A 15-year-old St. Francis parishioner found the hidden camera affixed to a bathroom wall on April 26. The device looked like a power outlet placed at waist-height near the toilet. Thinking that was odd, the teenager pulled it off the wall and brought it to the priest. more
The camera, designed to look like an electrical outlet, came from the online retailer SpyGuy Security based in Dallas, Texas. Police served a search warrant for transaction records there Monday after the business tipped them off.
A Washington County judge signed a warrant Tuesday for Bien's arrest on misdemeanor charges of invasion of privacy, tampering with evidence and initiating a false report, but police think the priest may not be in the U.S.
They did not find him at his last known address in Sherwood. Another priest there told them that Bien had left the country....
A 15-year-old St. Francis parishioner found the hidden camera affixed to a bathroom wall on April 26. The device looked like a power outlet placed at waist-height near the toilet. Thinking that was odd, the teenager pulled it off the wall and brought it to the priest. more
Hamas Claims: We Trapped a Dolphin Spying for Israel
Hamas claimed on Wednesday that the terrorist organization trapped a dolphin that was spying for Israel.
Sources in Gaza say that the dolphin was outfitted with spyware and cameras, Army Radio reports. Israel has not confirmed that it has a dolphin spying on its behalf. more
Sources in Gaza say that the dolphin was outfitted with spyware and cameras, Army Radio reports. Israel has not confirmed that it has a dolphin spying on its behalf. more
Dressing Room SpyCam'er Convicted - Taped over 30 Females
NY - A Victor businessman is slapped with the maximum sentence after illegally videotaping dozens women in and outside his store.
At least nine women spoke directly to Glen Siembor in court today. Calling him a despicable man.
Glen Siembor was sentenced to 5-15 years for video tapping over 30 females anywhere from the ages of 8 to 49...
Siembor was convicted of 33 counts of 2nd degree unlawful surveillance and one count of possession of child pornography.
Many of his videos were taken in his victor shop's dressing room.. With the victims either nude or partially nude stood. more
At least nine women spoke directly to Glen Siembor in court today. Calling him a despicable man.
Glen Siembor was sentenced to 5-15 years for video tapping over 30 females anywhere from the ages of 8 to 49...
Siembor was convicted of 33 counts of 2nd degree unlawful surveillance and one count of possession of child pornography.
Many of his videos were taken in his victor shop's dressing room.. With the victims either nude or partially nude stood. more
Trashnet - Garbage Trucks with License Plate Readers
CA - San Jose may enlist garbage trucks as eyes on the ground for a short-staffed police force.
Equipping trash haulers with license plate readers would turn them into roving scouts for the San Jose Police Department. Already, the trucks travel every city street every single week, covering more ground than a cop car.
Mayor Sam Liccardo proposed the idea with support from council members Raul Peralez—a former policeman—and Johnny Khamis. more
Equipping trash haulers with license plate readers would turn them into roving scouts for the San Jose Police Department. Already, the trucks travel every city street every single week, covering more ground than a cop car.
Mayor Sam Liccardo proposed the idea with support from council members Raul Peralez—a former policeman—and Johnny Khamis. more
Labels:
dumpster,
FutureWatch,
government,
optics,
police,
privacy,
product,
spybot
Freaks Tattoo Owner Charged - Spied on Female Employee with (11) Hidden Cameras
MO - In March 2014, a 21-year-old woman who worked at, and lived in an apartment above, Nu Troost Tattoo (4101 Troost) discovered an intricate system of wires and hidden cameras installed inside her apartment that led down to a computer in the basement of the building. When the police were called, they found 11 hidden video cameras in the apartment. Four had been installed in the tenant's bathroom, including one with a view of the shower and one facing the toilet.
The building and the business were owned by a 47-year-old man named Rodney Sanell, who also owned the three branches of Freaks Tattoo and Piercing: Freaks on Broadway, Freaks on 39th, and Freaks on Noland. The woman told police that Sanell had been in her apartment to install smoke detectors while she was out of town the previous October. She also said Sanell had sexually propositioned her several times — advances she had rebuffed.
As we reported at the time, the discovery shook up the local tattoo community. Some Freaks tattoo artists quit on principle, some had to scramble to find new jobs, and others — who had nothing to do with Sanell's activity — tried to repair the Freaks public image.
Today, Jackson County Prosecutor Jean Peters Baker announced that Sanell will face 42 counts of invasion of privacy for using cameras to "observe victims in states of full or partial nudity without their knowledge," Baker's office says. Five victims — names withheld — are listed in the complaint. more
The building and the business were owned by a 47-year-old man named Rodney Sanell, who also owned the three branches of Freaks Tattoo and Piercing: Freaks on Broadway, Freaks on 39th, and Freaks on Noland. The woman told police that Sanell had been in her apartment to install smoke detectors while she was out of town the previous October. She also said Sanell had sexually propositioned her several times — advances she had rebuffed.
As we reported at the time, the discovery shook up the local tattoo community. Some Freaks tattoo artists quit on principle, some had to scramble to find new jobs, and others — who had nothing to do with Sanell's activity — tried to repair the Freaks public image.
Today, Jackson County Prosecutor Jean Peters Baker announced that Sanell will face 42 counts of invasion of privacy for using cameras to "observe victims in states of full or partial nudity without their knowledge," Baker's office says. Five victims — names withheld — are listed in the complaint. more
Tapes Released - Eavesdropping on Henry Kissinger's Telephone Conversations
CIA director William Colby’s openness about more odious U.S. intelligence practices did not go over well with Henry Kissinger.
Speaking on the phone with McGeorge Bundy, the National Security Advisor to Presidents John F. Kennedy and Lyndon B. Johnson, Kissinger referred to Colby as a “psychopath.”
[A film by the son of CIA spymaster William Colby has divided the Colby clan]
The two men were chatting about congressional investigations into the CIA activities post-Watergate and worried about leaks and misinformation.
“On top of it you have the pysopath(sic)/running the CIA. You accuse him of a traffic violation and he confesses murder,” Kissinger said in the June 1975 telephone conversation. Colby, Loop fans will recall, was replaced soon after as director of CIA by George H.W. Bush.
That conversation is part of 900 final Kissinger phone transcripts from the Gerald Ford administration released Wednesday by the National Security Archive, which sued the State Department in March to have them released. For history buffs the tapes are precious gold... more
Speaking on the phone with McGeorge Bundy, the National Security Advisor to Presidents John F. Kennedy and Lyndon B. Johnson, Kissinger referred to Colby as a “psychopath.”
[A film by the son of CIA spymaster William Colby has divided the Colby clan]
The two men were chatting about congressional investigations into the CIA activities post-Watergate and worried about leaks and misinformation.
“On top of it you have the pysopath(sic)/running the CIA. You accuse him of a traffic violation and he confesses murder,” Kissinger said in the June 1975 telephone conversation. Colby, Loop fans will recall, was replaced soon after as director of CIA by George H.W. Bush.
That conversation is part of 900 final Kissinger phone transcripts from the Gerald Ford administration released Wednesday by the National Security Archive, which sued the State Department in March to have them released. For history buffs the tapes are precious gold... more
...thus making future eavesdropping devices infinitely more effective.
Although the ability tends to wane as we get older, the human auditory system is pretty good at filtering out background noise and making a single voice able to be understood above the general hubbub of a crowded room.
But electronic devices, such as smartphones, aren't quite as gifted, which is why getting Siri or Google Now to understand you in crowded environments can be an exercise in futility. But now researchers have developed a prototype sensor that’s not only able to figure out the direction of a particular sound, but can also extract it from background noise.
To create the sensor, scientists at Duke University in Durham, North Carolina used a class of materials known as metamaterials, which boast properties not found in nature, and a signal processing technique known as compressive sensing. The disk-shaped device is made of plastic and doesn't have any electronic or moving parts. Rather, it features a honeycomb-like structure and is split into dozens of slices which each feature a unique pattern of cavities of different depths. It is these cavities that distort the sound waves and give the sensor its unique capabilities. more
But electronic devices, such as smartphones, aren't quite as gifted, which is why getting Siri or Google Now to understand you in crowded environments can be an exercise in futility. But now researchers have developed a prototype sensor that’s not only able to figure out the direction of a particular sound, but can also extract it from background noise.
To create the sensor, scientists at Duke University in Durham, North Carolina used a class of materials known as metamaterials, which boast properties not found in nature, and a signal processing technique known as compressive sensing. The disk-shaped device is made of plastic and doesn't have any electronic or moving parts. Rather, it features a honeycomb-like structure and is split into dozens of slices which each feature a unique pattern of cavities of different depths. It is these cavities that distort the sound waves and give the sensor its unique capabilities. more
Sunday, August 16, 2015
See Through Walls by the Glow of Your Wi-Fi
Researchers at University College London (UCL) have devised a system for detecting the Doppler shifts of ubiquitous Wi-Fi and mobile telephone signals to “see” people moving, even behind masonry walls 25 centimeters thick.
Related...
Thursday, August 13, 2015
Secrets: Managing Information Assets in the Age of Cyberespionage
The following is from Jim Pooley’s new book on trade secrets — Secrets: Managing Information Assets in the Age of Cyberespionage.
Bankrupt networking giant Nortel reveals that its key executives’ email passwords were stolen and the company’s network hacked for a decade.
Boeing, hiring away Lockheed employees who bring documents to their new employer, pays $615 million to avoid criminal prosecution, while two of its former managers are indicted.
Apple scrambles to recover a sample of its unreleased new model iPhone that was left by an employee in a bar – a year after the same thing happened in a different bar.
Starwood employees leave to join Hilton, taking with them ideas for a new kind of hotel.
And the owner of Thomas’ English Muffins goes to court to protect its “nooks and crannies” recipe from being used by a competitor.
What do these corporate crises all have in common? Trade secrets. They reflect the enormous value of – and threats to – the most important assets of modern business...
Reading my new book — Secrets: Managing Information Assets in the Age of Cyberespionage — will give you a deeper understanding of how your business differentiates itself from the competition, and how it must work to keep its edge. As an executive or manager or small-business owner you will come away armed to protect and exploit your company’s advantages. As an individual you will have a greater appreciation for what intellectually belongs to you and how to use it to advance your career without being sued. And whatever your interest or line of work, you will have a much better understanding of how information has become the global currency of the 21st century.
Bankrupt networking giant Nortel reveals that its key executives’ email passwords were stolen and the company’s network hacked for a decade.
Boeing, hiring away Lockheed employees who bring documents to their new employer, pays $615 million to avoid criminal prosecution, while two of its former managers are indicted.
Apple scrambles to recover a sample of its unreleased new model iPhone that was left by an employee in a bar – a year after the same thing happened in a different bar.
Starwood employees leave to join Hilton, taking with them ideas for a new kind of hotel.
And the owner of Thomas’ English Muffins goes to court to protect its “nooks and crannies” recipe from being used by a competitor.
What do these corporate crises all have in common? Trade secrets. They reflect the enormous value of – and threats to – the most important assets of modern business...
Reading my new book — Secrets: Managing Information Assets in the Age of Cyberespionage — will give you a deeper understanding of how your business differentiates itself from the competition, and how it must work to keep its edge. As an executive or manager or small-business owner you will come away armed to protect and exploit your company’s advantages. As an individual you will have a greater appreciation for what intellectually belongs to you and how to use it to advance your career without being sued. And whatever your interest or line of work, you will have a much better understanding of how information has become the global currency of the 21st century.
J. Wallace LaPrade, New York F.B.I. Chief in ’70s, Dies at 89
J. Wallace LaPrade, who oversaw the safe return of several celebrity kidnapping victims and was later fired as the Federal Bureau of Investigation’s
New York chief, accused of not being forthcoming about the bureau’s
role in illegally investigating radical groups in the 1970s, died on
July 31 in Lexington, Va. He was 89. more
(Thank you for giving me what I needed to get through college.)
(Thank you for giving me what I needed to get through college.)
NEW Cyber-Flashing - Thus proving there is a first time for everything.
Police are investigating a "new" crime of cyber-flashing after a commuter received an indecent image on her phone as she traveled to work. The victim received two pictures of an unknown man's (you know what) on her phone via Apple's Airdrop sharing function.
Lorraine Crighton-Smith, 34, said she felt "violated" and reported it to the British Transport Police (BTP). Supt Gill Murray said this particular crime was new to her force and urged people to report any other incidents. more
Lorraine Crighton-Smith, 34, said she felt "violated" and reported it to the British Transport Police (BTP). Supt Gill Murray said this particular crime was new to her force and urged people to report any other incidents. more
Wednesday, August 12, 2015
Four Things You Didn’t Know Could Be Hacked
At two big hacking conferences in Las Vegas over the past week, security pros revealed new vulnerabilities in daily items we never considered security risks. These events serve as annual displays of the latest hacking tricks.
Rifles
The Austin, Texas-based company TrackingPoint makes auto-aiming rifles that increase a shooter’s accuracy and have Wi-Fi connectivity. Within the 100- to 150-feet range of the Wi-Fi and using a mobile phone, a hacker can compromise the weapon and change the target of the shooter, says Runa Sandvik, one of the researchers who presented at the annual hacker gathering Def Con last week.
In a demonstration for Wired, Sandvik and a research partner finagled with a rifle’s software to shift aim 2.5 feet to the left, hitting a different target...
Electronic skateboards
Electric skateboards can make your ride smoother — until the board no longer listens to your controls and throws you off. Two researchers developed a hack they dubbed “FacePlant,” which gave them total control over digital skateboards by manipulating the Bluetooth connection.
An attacker could force the skateboard to connect to a laptop and then stop the board, alter its direction or disable its brakes.
Death records
It’s pretty simple to kill someone off — at least on paper — Chris Rock, chief executive officer and founder of the security company Kustodian, showed in a presentation at Def Con. Using information found online, anyone can complete state electronic death records, Rock found, and then register to become a funeral director online to complete a certificate of death.
Why kill someone off officially, but not physically? For revenge against an ex-partner or a jerk boss, according to Rock’s presentation, or to enjoy the insurance benefits or access elderly parents’ estates.
Teslas
We already know that the modern car is like a smartphone on wheels in that it’s susceptible to hack attacks like any other connected device... What they found: Teslas are, in fact, built with more security in mind than the average vehicle. But they also found several vulnerabilities, and were able to remotely open and close trunks, lock and unlock doors and stop a Tesla, depending on what speed it was being driven at.
The researchers worked with Tesla, and Tesla automatically pushed an update to all the cars so drivers could patch the vulnerabilities within one to two weeks — unlike other car companies, which have had to issue recalls on vehicles with security flaws. more
Rifles
The Austin, Texas-based company TrackingPoint makes auto-aiming rifles that increase a shooter’s accuracy and have Wi-Fi connectivity. Within the 100- to 150-feet range of the Wi-Fi and using a mobile phone, a hacker can compromise the weapon and change the target of the shooter, says Runa Sandvik, one of the researchers who presented at the annual hacker gathering Def Con last week.
In a demonstration for Wired, Sandvik and a research partner finagled with a rifle’s software to shift aim 2.5 feet to the left, hitting a different target...
Electronic skateboards
Electric skateboards can make your ride smoother — until the board no longer listens to your controls and throws you off. Two researchers developed a hack they dubbed “FacePlant,” which gave them total control over digital skateboards by manipulating the Bluetooth connection.
An attacker could force the skateboard to connect to a laptop and then stop the board, alter its direction or disable its brakes.
Death records
It’s pretty simple to kill someone off — at least on paper — Chris Rock, chief executive officer and founder of the security company Kustodian, showed in a presentation at Def Con. Using information found online, anyone can complete state electronic death records, Rock found, and then register to become a funeral director online to complete a certificate of death.
Why kill someone off officially, but not physically? For revenge against an ex-partner or a jerk boss, according to Rock’s presentation, or to enjoy the insurance benefits or access elderly parents’ estates.
Teslas
We already know that the modern car is like a smartphone on wheels in that it’s susceptible to hack attacks like any other connected device... What they found: Teslas are, in fact, built with more security in mind than the average vehicle. But they also found several vulnerabilities, and were able to remotely open and close trunks, lock and unlock doors and stop a Tesla, depending on what speed it was being driven at.
The researchers worked with Tesla, and Tesla automatically pushed an update to all the cars so drivers could patch the vulnerabilities within one to two weeks — unlike other car companies, which have had to issue recalls on vehicles with security flaws. more
Four Reasons To See ‘The Man From U.N.C.L.E.'
• 60’s Cool Spy Style
• The Action
• Alicia Vikander, Elizabeth Debicki and Hugh Grant
• Perfect Soundtrack
more
• The Action
• Alicia Vikander, Elizabeth Debicki and Hugh Grant
• Perfect Soundtrack
more
Subscribe to:
Posts (Atom)