Saturday, November 21, 2015

Ads Go from Subliminal to Ultrasonic - "PSSST... Any devices nearby?"

Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person's online behavior across a range of devices, including phones, TVs, tablets, and computers.

The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

Cross-device tracking raises important privacy concerns, the Center for Democracy and Technology wrote in recently filed comments to the Federal Trade Commission. The FTC has scheduled a workshop on Monday to discuss the technology. Often, people use as many as five connected devices throughout a given day—a phone, computer, tablet, wearable health device, and an RFID-enabled access fob. Until now, there hasn't been an easy way to track activity on one and tie it to another.

"As a person goes about her business, her activity on each device generates different data streams about her preferences and behavior that are siloed in these devices and services that mediate them," CDT officials wrote. "Cross-device tracking allows marketers to combine these streams by linking them to the same individual, enhancing the granularity of what they know about that person." more

FBI Investigates Drone Crash Outside NJ Refinery

Industrial espionage, terrorists, or innocent hobbyist? You decide.

The FBI and local police are investigating after a drone fell out of the sky and crashed into a truck in New Jersey on Wednesday morning.

As CBS2’s Christine Sloan reported, of particular concern to authorities is that the incident happened on a road just outside a Phillips 66 refinery in Linden.

The driver of the truck apparently got out and had words with the operator of the drone, who took off, investigators said.
John Victor Jacobson, head of New Jersey-based Drone Service Systems, said he cannot think of a good reason to fly one of these air crafts in such a sensitive area. more

This location is also very close to Newark Airport, to the South of its runway flight path. 

The New Cowboy Spy

From the Ol' Timer...
"Howdy, partner. There is a new surveillance risk in town, and he be a-aimin' at you.


Worried about board meeting eavesdroppers; business espionage desperados, and bad egg buggists? Darn tootin' you are, and you've hired the local TSCM-slinger to keep you above snakes. Does a fine job of it, too. 


Oh, about Mr. New Surveillance Risk. He ain't no fancy foreign spy, crow-bait competitor, or even a chiseler employee. No sir, bub, he's the cow chip of the spy world; a tenderfoot with a mighty powerful weapon. A sneaky dude who'll leave you in court, emptyin' your wallet faster than greased lightning. Yes sir'ee, he's the Workplace Video Voyeur, and he ain't a-playing according to Hoyle."



Thanks for the warning, old timer. You're right as rain. I know. I've run into a couple of these hombres during my time on the trail. Let me tell you a story... 


My Fortune 50 client called me a few months ago. Seems, an employee found a spy camera hidden in one of their restrooms. The news media caught wind of it and jumped all over the story. It was an embarrassing mess. It may also be an expensive mess if the people caught by the camera decide to sue. 


We had been inspecting their boardroom, executive offices and off-site meeting locations for over two decades. This due diligence resulted in the capture of one spy, on-site (a competitor's employee), one wireless bug, and several general information security loopholes which they quickly patched up. 


Nobody expected a bathroom video voyeur, however. Yet this incident held promise of greater damage than any corporate espionage attack. In addition to being costly in dollars and damaging reputation-wise, a video voyeur attack directly affects employee morale. Its hard to put a price on that.


The company asked me for help. They needed to prevent future incidents. Made sense. After one incident, they could face "foreseeability," a legal term. In short, it is the theory that if something happens once you become aware it could happen again. If you do nothing to correct the situation, and it does happen again, you are considered negligent. Sexual harassment in the workplace also plays into future incidents. This makes for an expensive mix in court. 


In addition to protecting themselves, the company really wanted to assure their employees that they were taking the situation very seriously.

We discussed several possible solutions. 

Sending our Technical Surveillance Countermeasures (TSCM) team to inspect all their restrooms and locker rooms (worldwide) was impractical, of course. What we eventually decided upon was a three-fold strategy, which turned out to be very cost-effective.
  1. A review of their Recording in the Workplace Policy for completeness and effectiveness. This policy covers all aspects of recording anything to do with the company (audio, video and data). Most companies don't even have policy.

  2. Development of an on-line spycam detection training program for their local facilities managers and security staff. This would professionally prepare them to conduct simple periodic inspections of the 'expectation of privacy' areas on company property. An inspection log and photos would be kept on file. The log documents inspection dates and results. The photos document changes in the area over time. Both may be used to show due diligence in court.
 
  3. A short on-line spycam awareness video was produced for all employees to view. This was placed on the company intranet. It explained the growing social problem of video voyeurism, the steps the company is taking to prevent the problem in the workplace, and self-protection tips employees can use to protect themselves and their families, wherever they are.

This company-wide solution cost them about as much as a one-day sweep of their executive offices, and it will be used at all their locations, for years to come. 


Other companies have not been so lucky. Another New York City firm paid two employees one million dollars apiece in connection with their video voyeur incident.

Yup, ol' timer. The times are changing. Companies need to start watching their butts, when it comes to butt watchers.


~Kevin

Wednesday, November 18, 2015

A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps

A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps
Click to Enlarge
 Tested - 110 popular, free Android and iOS apps to look for apps that shared personal, behavioral, and location data with third parties

73% of Android apps shared personal information such as email address with third parties, and 47% of iOS apps shared geo-coordinates and other location data with third parties

93% of Android apps tested connected to a mysterious domain, safemovedm.com, likely due to a background process of the Android phone

A significant proportion of apps share data from user inputs such as personal information or search terms with third parties without Android or iOS requiring a notification to the user more

FCC Chairman Suggests Expanded Wiretap Laws

The nation’s top telecom regulator recommended broadening America’s wiretapping laws Tuesday, in response to the recent attacks in Paris by the Islamic State that left more than 120 people dead.

While the Federal Communications Commission cannot take direct action against the Islamic State, such as shutting down its Web sites or social media accounts, Congress could do “specific things” allowing the FCC to assist law enforcement more effectively, agency Chairman Tom Wheeler told a House subcommittee.

That includes revisiting the wiretap legislation, said Wheeler. The 1994 law, known as the Communications Assistance for Law Enforcement Act, or CALEA, provides for the “lawful intercept” of a suspect’s telephone and online communications. It requires telecom companies and Internet providers, not to mention some online voice services, to build their networks in ways that grant authorities easier access to those communications. more

A $50. Audio Video Bugging Device is Child's Play

Remote Spy Mode
The Video Walkie Talkies act as a hidden camera. Place one Walkie in a secret location, press the activation button on the other and you’ll instantly have a hidden, live-feed surveillance cam. If you leave your Video Walkies for 15 minutes unused they automatically turn off to save power. When your mission is complete, the Video Walkie Talkies easily fold up for compact storage and screen protection! Gear up with the Spy Gear Video Walkie Talkies!

No Data or Wi-Fi Required
The Video Walkie Talkies do not require Data or Wi-Fi to use! Just press the activation button and you can wirelessly communicate with your friends on video! With a range of up to 160 feet you’ll be in constant communication with your fellow agent.

Quick Set Up – Easy As 1-2-3
Only Spy Gear has the spy technology to let you stay in constant 2-way, visual and audio communication at long range! Open up your Video Walkie Talkies and turn the power on. You’ll instantly be able to see your friends on the LCD screen. Now press the TRANSMIT BUTTON for audio communication with the other Video Walkie. Want to go stealth? Plug headphones into both Video Walkies to listen in secret and communicate without pressing the TRANSMIT BUTTON. more

Monday, November 16, 2015

BlackBerry SecuSUITE - Voice Encryption for iOS, Android & BlackBerry

BlackBerry Limited and its subsidiary Secusmart has today announced the release of SecuSUITE for Enterprise, 
a new voice encryption solution that protects mobile calls on the Android, iOS and BlackBerry operating systems.

By using the VoIP, software-based, cloud-hosted solution, employees will be able to conduct secure conversations worldwide and be able to send encrypted text messages of any length.

Voice and text messages are encrypted with 128-bit Advanced Encryption Standard (AES) on the individual device level, meaning messages are stored on the receiver’s smartphone and only sent to the recipient when they are available to receive them. more

The Newest Anti-Espionage Agents... Monks & Nuns!?!?

China is training Buddhist monks and nuns in Tibet to carry out anti-espionage operations
along the remote Sino-Indian border to prevent attempts to create "conflict" by "ethnic separatists", in a veiled reference to the Dalai Lama and his supporters.

"Twenty-two monks and nuns from three temples in Nyingchi, a city in southeastern Tibet, close to the Sino-Indian border, received the three-hour lecture at Lamaling Temple on the counter-espionage law by local and national security officials," state-run news portal Tibet.Cn reported.

The lecture conducted in the Himalayan region along the border with India was about how to abide by the counter-espionage law and the legal consequences of violating the law, it said. more 

Sunday, November 15, 2015

Every James Bond Gadget. Ever.

The $8 USB Memory Stick Lock

3 Digit Combination USB Flash Drive Security Lock.
A physical lock for your USB Flash Drive.

Set your own 3 digits code to prevent your flash drive from being inserted into another computer.

Of course, it won't stop everyone, but it may thwart general snoops.  more

Saturday, November 14, 2015

Visit Switzerland in June - Information Security and Cryptography Seminar

INFORMATION SECURITY AND CRYPTOGRAPHY, FUNDAMENTALS AND APPLICATIONS (June 13-15, 2016)

Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography. The seminar takes place in Zurich, Switzerland. The lectures and all course material are in English.

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects.

A full description of the seminar, including a detailed listing of topics covered, is available at www.infsec.ch

Friday, November 13, 2015

How to Stop Your Vizio TV form Spying On You

from vizio.com
Beginning October 31, 2015, VIZIO will use Viewing Data together with your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements.
These advertisements may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV...

Smart Interactivity is a feature on Internet-connected VIZIO televisions that recognizes onscreen content. Currently, we only use this feature to gather data on a non-personal or anonymous basis, as described below...

...your VIZIO Smart TV can intelligently recognize linear television and other content shown on the screen and in the future may display accompanying interactive features such as bonus features related to the content you are viewing, the ability to vote in polls, or advertisements that match your interests...

Smart Interactivity collects information from your product which triggers events, such as pop-ups, about what you are viewing. Follow the steps below on how to turn on or off Smart Interactivity based on the version of VIZIO Internet Apps (VIA) installed on your television.

Thursday, November 12, 2015

Security Director Alert - Don't Be a Business Espionage Target While Traveling

via http://seriouslyvc.com
The following list represents the most important procedures you and your colleagues should follow on your next trip abroad:
  1. Avoid disclosing your travel details to strangers.
  2. Never put electronics in your checked luggage.
  3. Consider traveling with a disposable cellphone (they are less susceptible to eavesdropping).
  4. Use a separate “throw-away” email to communicate with your family and 
coworkers (this prevents hackers from penetrating your company’s email 
system even after you have completed your trip).
  5. Consider installing an asymmetric email encryption program such as “Pretty Good Privacy” (PGP) on your computer, which allows you to encrypt and decrypt your email over the Internet.
  6. Put sensitive business documents on password-protected USB drives (such 
as “Iron Key” or “BitLocker”).
  7. Never use complimentary WiFi when traveling, unless absolutely necessary, and always use a trusted VPN.
  8. Never leave your sensitive business materials and/or electronics unattended 
in your hotel room — and your hotel safe is not safe! Carry all electronics with you at all times (hence, the need for smaller devices).
  9. If you spend time in the hotel bar, be cautious of what you say and to whom, 
because they are prime hunting grounds for espionage operatives.
  10. Be mindful of sexual entrapment (the Russians are still the masters of “honeypots” and have blackmailed many a business traveler into disclosing sensitive information in exchange for keeping their affairs secret).
  11. Use a strong passphrase (instead of password) containing up to 14-18 characters (and change it every 180 days or after every international trip).
  12. Make it a habit to power-off your devices when they are not in use. more

Book - How to Be a Spy - WWII Training Manual

In the early years of World War II, Special Operations Executive (SOE) set up top secret training schools to instruct prospective agents in the art of being a spy.

By the end of 1941, an international network of schools was in operation in secluded locations ranging from the Scottish Highlands to Singapore and Canada.

How to Be a Spy reproduces the extensive training manuals used to prepare agents for their highly dangerous missions behind enemy lines. The courses cover a variety of clandestine skills including disguise, surveillance, burglary, interrogation, close combat, and assassination - everything needed to wreak havoc in occupied Europe.

Contest - Tell Us Everything You Know About this Wiretapping Device

I am guessing anyone who as ever used this is now pushing up punchdown blocks.
But, there is a nice prize for the person who can tell us about this device...
   • the manufacturer,
   • who used this device,
   • approximate year of manufacturer.
BONUS PRIZE if you send me the manual.
Information you submit will be shared below.
Enter HERE.

Winner: RH - Regarding your mystery wiretapping device, it is a Western Electric model 300ABC telephone line recording unit. Western Electric was the manufacturing company of AT&T up until the mid-90s, and furnished a lot of kit for the military. Based on the design and housing of this unit, it was likely manufactured some time between 1939 and 1946. While this could be used for wiretapping, these devices were common in military command posts were it would be used to record phone conversations between officers, and the recording would subsequently be transcribed and filed.

(Additional insights welcome.)