Thursday, September 10, 2015

Windows 10 is a Window into Your World - Kill its Keystroke Logger

via Lincoln Spector, Contributing Editor, PCWorld 
 
Microsoft pretty much admits it has a keylogger in its Windows 10 speech, inking, typing, and privacy FAQ: “When you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information—including information about your Calendar and People (also known as contacts)…”

The good news is that you can turn off the keylogging. Click Settings (it’s on the Start menu’s left pane) to open the Settings program. You’ll find Privacy on the very last row.
Once in Privacy, go to the General section and Turn off Send Microsoft info about how I write to help us improve typing and writing in the future. While you’re there, examine the other options and consider if there’s anything else here that you may want to change.
Now go to the Speech, inking and typing section and click Stop getting to know me. (I really wanted to end that sentence with an exclamation point.)
You may also want to explore other options in Privacy. For instance, you can control which apps get access to your camera, microphone, contacts, and calendar. more


Spies Don't Often Complain, But When They Do They Prefer Revolting

It’s being called a ‘revolt’ by intelligence pros who are paid to give their honest assessment of the ISIS war—but are instead seeing their reports turned into happy talk.

More than 50 intelligence analysts working out of the U.S. military's Central Command have formally complained that their reports on ISIS and al Qaeda’s branch in Syria were being inappropriately altered by senior officials...

Some of those CENTCOM analysts described the sizable cadre of protesting analysts as a “revolt” by intelligence professionals who are paid to give their honest assessment, based on facts, and not to be influenced by national-level policy. more

Wednesday, September 9, 2015

Private Investigator Posts a TSCM Question to an Industry Newsgroup - Scary

Q. Looking for a cheap, do it yourself debugging product. Any recommendations?

It's one thing to be ignorant. We all are at one point. But, we do our own homework and learn. Copying other people's homework never leads to the A+ answer.

It's a, "Which end of the soldering iron should I hold?" question. If you don't know, better find something else to do. 

The Editor-in-Chief of PI Magazine, kindly responded with the following cogent reply... 

A. There really is no such thing as a cheap do-it-yourself debugging product. Even the most basic TSCM / debugging inspect requires you search for RF (radio frequency) signals, hidden video cameras that are either wired or wireless, on or off, hidden audio records, telephone instrument and phone line inspection, as well as searching for GPS trackers that can be battery operated or hardwired.

Each of the categories listed above require specialized equipment unique to the item(s) being searched. Even if you were to acquire a cheap RF detector, you wouldn’t know what type of signal you’re picking up or the source...  Just because you own a piece of equipment doesn’t mean you’ll know how to use it.

By the way, the FTC has been known to criminally charge private individuals and PIs for “theft by deception” for conducting bugsweeps without the proper equipment and training.


For anyone seeking to hire a Technical Surveillance Countermeasures (TSCM) "expert", this is a cautionary tale. Please, do your due diligence. The TSCM field is littered with gum-under-the-table trolls out to make a fast buck with cheap sweeps. ~Kevin 

UPDATE: A Blue Blazer Regular writes in with his two cents... "Doing it yourself is like do-it-yourself brain surgery."

Chess Cheat Caught Using Morse Code and Spy Camera

An Italian chess player has been removed from one of Italy’s most prestigious tournaments after allegedly using Morse code and a hidden camera to cheat. 

Arcangelo Ricciardi ranked at 51,366 in world when he entered the International Chess Festival of Imperia in Liguria, Italy and surprised his competitors when he easily escalated to the penultimate round...

Jean Coqueraut, the tournament's referee told La Stampa newspaper: “In chess, performances like that are impossible. I didn’t think he was a genius, I knew he had to be a cheat.”

He was “batting his eyelids in the most unnatural way,” added Mr Coqueraut. “Then I understood it. He was deciphering signals in Morse code.”

Mr Riccardi was forced to pass through a metal detector by the game organisers, revealing a sophisticated pendent hanging round his neck beneath his shirt, according to the Telegraph.

The pendant reportedly contained a small video camera, wires, which attached to his body, and a 4cm box under his arm pit.

To conceal the pendant around his neck, Mr Riccardi drank constantly from a glass of water and wiped his face with a handkerchief, according to Mr Coqueraut.

It is believed the camera was used to transmit the chess game to an accomplice or computer, which then suggested the moves Mr Riccardi should perform next. These moves were allegedly communicated to him through the box under his arm.

Mr Riccardi denies that he cheated and has claimed that the devices were good luck charms, according to reports. more

Tuesday, September 8, 2015

So You Want to be a PI...

A reporter contacted me and asked... 

Q. What would be your advice to someone who wants to become a PI? One way to think about this question is, what you would have wanted your younger self to know before entering the career. 
  1. Know yourself. If you are not naturally inquisitive, not willing to work odd hours (24/7, including holidays), and not willing to accept financial risk once you are on your own... find something else to do.
  2. Plan on working with an established, large PI firm when you first start out. You may have been a great detective in you law enforcement career, but you'll need to learn the business of doing business to succeed if you want to eventually go out on your own in the private sector. If you have little or no experience, working for a large investigations firm is the way to get some. Large firms will teach you if... you show aptitude, good sense and have excellent writing skills.
  3. In addition to developing a general knowledge of private security, security hardware/software, etc., develop two specialties. This will make you unique and reduces the competitive pressures.
  4. Be willing to learn other aspects of business, e.g. bookkeeping, marketing, advertising, public speaking, website development, social networking, etc. You will need these skills, or you will be paying someone else too much to do them for you.
  Q. What are the career path options someone like yourself has in the field?

The private investigations field is broad: surveillance, insurance investigations, undercover employee, secret shoppers, civil investigations, fraud and counterfeit, on-line research, computer forensics, accident reconstruction, technical surveillance countermeasures (TSCM), skip tracing, pre-trial research, corporate investigations, arson investigations, background checks, domestic investigations, infidelity investigations, and more. Most PI's have many of these fields listed on their menu. The really successful ones specialize in only one or two.

Then, there is the whole field of security consulting where knowledge and experience (and nothing else) are the items being sold. This is considered the top of the field at the end of the career path. For more information on this, visit the International Association of Professional Security Consultants (iapsc.org).

Thursday, September 3, 2015

Spy equipment suppliers: Report exposes who sells surveillance tech to Colombia

A baby's car seat complete with audio and video recorder for covert surveillance...


Privacy International's investigative report reveals the companies selling surveillance tech to Columbia, despite that it may be used for unlawful spying. more 

The Spy Car You May Not Want

If, while driving, you were also chowing down food, yakking on your phone or getting distracted by the Labrador retriever, would your insurance company know?

A patent issued in August to Allstate mentions using sensors and cameras to record “potential sources of driver distraction within the vehicle (e.g. pets, phone usage, unsecured objects in vehicle).” It also mentions gathering information on the number and types of passengers — whether adults, children or teenagers.

And the insurer, based in suburban Chicago, isn’t just interested in the motoring habits of its own policyholders... more

Some Top Baby Monitors Lack Basic Security Features

Several of the most popular Internet-connected baby monitors lack basic security features, making them vulnerable to even the most basic hacking attempts, according to a new report from a cybersecurity firm.

The possibility of an unknown person watching their baby's every move is a frightening thought for many parents who have come to rely on the devices to keep an eye on their little ones. In addition, a hacked camera could provide access to other Wi-Fi-enabled devices in a person's home, such as a personal computer or security system.

The research released Wednesday by Boston-based Rapid7 Inc. looks at nine baby monitors made by eight different companies. They range in price from $55 to $260. more

26 Mobile Phone Models Contain Pre-Installed Spyware

What's in you pocket?
Over 190.3 million people in the US own smartphones, but many do not know exactly what a mobile device can disclose to third parties about its owner. Mobile malware is spiking, and is all too often pre-installed on a user’s device.

Following its findings in 2014 that the Star N9500 smartphone was embedded with extensive espionage functions, G DATA security experts have continued the investigation and found that over 26 models from some well-known manufacturers including Huawei, Lenovo and Xiaomi, have pre-installed spyware in the firmware.

However, unlike the Star devices, the researchers suspect middlemen to be behind this, modifying the device software to steal user data and inject their own advertising to earn money.

"Over the past year we have seen a significant increase in devices that are equipped with firmware-level spyware and malware out of the box which can take a wide range of unwanted and unknown actions including accessing the Internet, read and send text messages, install apps, access contact lists, obtain location data and more—all which can do detrimental damage,” said Christian Geschkat, G DATA mobile solutions product manager.

Further, the G DATA Q2 2015 Mobile Malware Report shows that there will be over two million new malware apps by the end of the year. more


Tuesday, September 1, 2015

Spycam News: What Happens in Vegas Doesn't Always Stay in Vegas

Police in North Las Vegas are looking for a man they say put a hidden camera in the bathroom of a business there...

Investigators have released a clip from video surveillance in the store showing the man they believe to be the suspect.

He is described as a Hispanic male adult, approximately 30 years of age, about 5’ 07”, weighing 190 lbs. He was last seen wearing black glasses, a gray polo shirt, light colored pants, and black sandals.

If you have any information that could help police in this case you’re asked to call them or Crimestoppers at 702-385-5555. more

UPDATE (9/2/2015) - North Las Vegas police say media reports led to the identification and arrest of a 37-year-old man believed to have recorded his own face while placing a hidden camera in the bathroom of a clothing store.

Officer Aaron Patty said Eduardo Rafael Chavez was arrested Tuesday. more

Wednesday, August 26, 2015

Communications Interception Device Bust Highlights the World of Non-Government Spying

Three men have been arrested by the South African Police Service in an undercover sting operation in which the Hawks posed as buyers for a cellphone locator and eavesdropping machine called a “Grabber”. The three are alleged to have listened in to government tenders related to the Airports Company of South Africa.

The machine is small enough to fit into a car or van and presidential authority is needed to operate one. The Grabber confiscated in South Africa at the beginning of this month was apparently used for corporate spying, reports The Star. The machine, made in Israel and worth over R25 million, was specially installed in a German-made multi-purpose vehicle. Two of the men arrested while trying to find a buyer for the device are a top businessman in the gold industry and a bank employee. more

TSMC Needs TSCM

Earlier this year, we covered the case of Liang Mong-song, a former TSMC engineer who stood unofficially accused of corporate espionage. Not long after we wrote the story, TSMC elected to file a lawsuit against Mong-song, and the Taiwan Supreme Court has now ruled in favor of the foundry company and against the engineer. Mong-song left TSMC and went to Samsung, not long before Samsung’s foundry plans took a significant leap forward. more

Number of Phones Infected by Dendroid Spying App Remains Unknown

An American student who hoped to sell enough malicious software to infect 450,000 Google Android smartphones pleaded guilty to a law meant to prevent hacking of phones and computers...

Infected phones could be remotely controlled by others and used to spy and secretly take pictures without the phone owner's knowledge, as well as to record calls, intercept text messages and otherwise steal information the owners downloaded on the devices...

Morgan Culbertson expected each person who bought Dendroid would be able to infect about 1500 phones with it, or 300,000 and 450,000 phones total. more

Illinois Law Allows Nursing Home Residents to Install Surveillance Equipment

Illinois Gov. Bruce Rauner signed legislation Aug. 21 supporters say will help prevent abuse and neglect of nursing home residents. The Authorized Electronic Monitoring in Long-Term Care Facilities Act allows nursing home residents to install audio and video surveillance equipment in their rooms.

Residents and their roommates must consent to having video or audio recording devices installed. The act allows legal guardians and family members to give consent for residents, if a physician determines a resident is incapable of doing so. Consent can be withdrawn at any time by residents or their roommates. more

Panel Upholds Christensen’s Conviction on Eavesdropping Charges

The Ninth U.S. Circuit Court of Appeals yesterday affirmed former powerhouse Los Angeles lawyer Terry N. Christensen’s conviction on charges of illegal eavesdropping and conspiracy.

Christensen—who practiced law in Los Angeles for more than 40 years at the famed Wyman Bautzer firm and at the firm he co-founded, Christensen Miller—was convicted along with former private investigator Anthony Pellicano, well known for his work on behalf of rich and famous clients. U.S. District Judge Dale Fischer of the Central District of California sentenced Christensen to three years in prison in 2008, but he has been free on bail pending appeal.

He has been under interim suspension from the State Bar since his conviction. more