Tuesday, March 1, 2016

SeaWorld Admits Employees Spied

SeaWorld admits employees posed as animal activists to spy on critics...

Multiple SeaWorld employees posed as animal-welfare activists so they could spy on critics, the company admitted Thursday.
The acknowledgment comes seven months after People for the Ethical Treatment of Animals accused SeaWorld of spying. The animal-welfare group, which has waged an intense campaign against SeaWorld, went public with evidence that a San Diego employee attended protests and made incendiary comments on social media while posing as an activist.

Reading from a statement while speaking with analysts, Chief Executive Officer Joel Manby said SeaWorld's board of directors has "directed management to end the practice in which certain employees posed as animal-welfare activists. more

Corporate Espionage: British American Tobacco Accused in South Africa

Lawyers investigating bribery and corruption allegations against one of the world’s leading tobacco firms have been urged to expand their investigation after fresh international accusations emerged.

British American Tobacco, BAT, has been accused of corporate espionage against rival cigarette makers in South Africa.

According to court documents seen by The Independent on Sunday, two former police officers who went to work for private corporate investigation companies paid cash to South African law enforcement officials to disrupt BAT’s competitors’ business operations.

Mr Hopkins (a BAT whistleblower) said he... ran a corporate spying operation, and conducted “black ops” to put rivals out of business. more

Looking to Rent a Bedroom Without a Spy Camera?

$850 Room and bath in an Irvine condo without spying camera

In my two bedroom two bathroom brand new luxury condo, you rent a room and bath without any crazy person watching your every move in the name of security.

Also, im not poor so i dont have to charge you a huge deposit to pay for my mortgage and then file bankruptcy and not return your deposit. I dont have to check your credit by illegally getting your social security number. I am not a creepy home owner and will not deny you access to kitchen and laundry.

The only requirement is if you are decent, are respectful and considerate and we meet and find each other acceptable. No age, race, culture requirement but women are preferred. If interested email me so we meet like two adults that we are. You need a room and i need money. (Craigslist)

Politician Promises Surveillance Transparency - Guess what happened.

TN - Memphis Mayor Jim Strickland confirmed Monday that the city is using cell phone eavesdropping technology with court approval, but said he couldn't discuss specifics.
Not Strickland.

Strickland said while campaigning last year that he would be transparent about the city's use of the "cell-site simulator" device known as StingRay, which lets law enforcement gather information from any phones that connect to a cellular network.

But as mayor, he said, he's legally bound to silence by the terms of the city's contract with Florida-based Harris Corporation. more (A Memphis phone call sing-a-long.)

Wednesday, February 24, 2016

Spycam News - Teachers (2) Resign Following Arrest For Secretly Videotaping Teens

GA - An Alpharetta man and former middle school teacher has been charged with secretly videotaping a teenager inside his home.

Alpharetta police have charged John Link Walsh, 43, with one count of unlawful eavesdropping or surveillance, the agency said on Tuesday...

According to an incident report released by the Alpharetta Department of Public Safety... The teenager said she woke up from sleeping on the sofa and went to take a shower. When she went to her bedroom to get dressed, “she noticed a camera that was hidden on a bookshelf in her room,” according to the report. more

---

UK - A teacher at a top grammar school used a hidden camera to spy on a teenage girl in the shower...

A court heard how the 53-year-old secretly deployed two cameras to film his victim washing and being intimate with her boyfriend...

Liverpool Crown Court heard the girl discovered the first camera, which contained footage of her showering, last year. Neville Biddle, prosecuting, said she confronted Smith, who made a “spurious excuse”, and persuaded his embarrassed victim not to make a complaint.

However, the girl then found another hidden camera - this time in the shape of a pen - which Smith used to film her and her boyfriend... Officers recovered his computer and recording equipment including 22 videos. more

Spys with Balls - "Life's Good"

LG just unveiled its new G5 smartphone
and with it a bunch of accessories, including this: the LG Rolling Bot, a ("drunken headless") BB-8-type device that can come equipped with a camera and can be controlled (via the LG G5, of course) from anywhere.

So, basically, a thing for spying, right? Is there anything else that this could be for?

If you are in the market for a smartphone accessory that will make it a lot easier for you to spy on people, check out this spherical robot... but also maybe don't. more

Business Espionage: A Tale of Two Companies

Recent news that a former BlueScope Steel software development manager has been accused of downloading a trove of company documents over a four-year period before being made redundant, should have board level executives at all organizations concerned.

BlueScope Steel is the latest in a long line of companies to experience a serious data breach as a result of corporate espionage.

In another example in the US, ride sharing service Lyft is suing a former employee for allegedly stealing secret documents before joining rival Uber.

Lyft’s former chief operating officer, Travis VanderZanden allegedly downloaded private financial and product information before leaving the company to become Uber’s vice president of international growth...
more

Star Wars: Episode VIII - Drones to Create No-Spy Zone

Disney and Lucasfilm are reportedly utilizing drones to ensure spying doesn't happen during filming of Star Wars: Episode VIII in Croatia.

Artist's conception.
Making Star Wars (via MosCroatia) reports there is a Star Wars team that will go to drone warfare with people using drones to get pictures of the set and cast of Episode VIII. And that's on top of apparently 600 guards.

Star Wars: Episode VIII has already begun filming, with the movie premiering December 15, 2017. more

Technical Espionage Tool #423 - Wireless Keyboards & Mice

The wireless link between your mouse and dongle might not be as useful as you think. A new hack shows that the links are often unencrypted and can be used to gain control of your computer.

Security researchers from Bastille Networks have found that non-Bluetooth wireless keyboards manufactured by Logitech, Dell, and Lenovo don’t encrypt communication between the input device and the dongle plugged into a computer’s USB slot. That’s allowed them to create an attack—that they’re calling Mousejack—which injects commands into the dongle.

The team claims the attack can be carried out from up to 300 feet away from the victim’s computer given the right hardware. Once compromised, the hacked dongle allows the team to transmit malicious packets that generate keystrokes.

While that might not sound too useful, remember that one of those packets can hold an awful lot of keystrokes—the equivalent of 1,000 words-per-minute of typing, according to the researchers. That’s enough to install a rootkit capable opening access to your whole computer in under 10 seconds, apparently—which means you might never know your wireless mouse dongle had been hacked. And once that’s done, it’s game over. more

Tuesday, February 23, 2016

The Cell Phone with the Infrared Eye

This rough-and-tumble phone's major selling point is a Flir thermal imaging camera,

which can visualize heat as a colorful map, taking measurements from up to 30 meters (100 feet) away. You can use it for a huge number of tasks, from detecting heat loss around windows and doors to identifying overheating circuitry, or just seeing in the dark.

The main target audience is, as with previous Cat-branded phones, people who work in construction and plumbers or electricians. The S60 will be available later this year for $599, which converts to around £425 or AU$835.

In case of emergency
Flir imagines that others, including emergency first responders and outdoor enthusiasts, may also find uses for the phone. If police come across an abandoned car, for example, they can use the thermal imaging camera to determine whether the engine or seats are still warm, or whether there's a body anywhere in the vicinity. more

Friday, February 19, 2016

Business Espionage: GSK Plugs Trade Secret Leaks

The United States Attorney’s Office for the Eastern District of Pennsylvania announced the indictment of five people, including two research scientists at GlaxoSmithKline (“GSK”), on charges of stealing trade secrets from the company, wire fraud in connection with the theft of confidential information, money laundering and conspiracy. While the majority of the charges in the 43-count indictment focus on the role of Yu Xue, described in the indictment as “one of the top protein biochemists in the world, the indictment describes an elaborate scheme to sell the stolen information through companies in China, and to launder the proceeds.

The indictment charges Yu Xue and, to a lesser extent, Lucy Xi, with emailing trade secret and confidential information, including information about biopharmaceutical products under development, GSK research data, and GSK processes regarding the research, development, and manufacturing of biopharmaceutical products, and a business plan for a quality control unit, to their co-conspirators, Tao Li and Yan Mei, who is Lucy Xi’s husband. Yu Xue, Tao Li, and Yan Mei allegedly formed three corporations: Renopharma, Inc., which was incorporated in Delaware; and Nanjing Renopharma, Ltd, and Shanghai Renopharma, Ltd., which were established offshore and operated in China (collectively “Renopharma”), to market and sell the stolen trade secrets and confidential information. According to the indictment, Renopharma advertised that it operated as “a drug research and development company in China with limited U.S. affiliation,” and promoted itself as “‘a leading new drug research and development company, [which] specialized in providing products and services to support drug discovery programs at pharmaceutical and biotech companies.’” As the indictment also noted, the stolen documents contained information which would be especially useful for a start-up biopharmaceutical company such as Renopharma represented itself to be. more

"Take a hard look." or "Hell NO!" - You decide...

A group of 46 U.S. lawmakers urged regulators who investigate deals that could harm national security to take a hard look at a bid by a Chinese company to buy the storied Chicago Stock Exchange...
My vote.
The 46 signatories were all from the House of Representatives, and most were Republican. They included Rep. Robert Pittenger, a North Carolina Republican on the Financial Services Committee and the Congressional-Executive Commission on China.

Pittenger cited concern that China, which has been accused of corporate espionage, would have access to the data of U.S. companies who use the exchange. more

Thursday, February 18, 2016

Security Alert: Your Security Camera May Have Friends You Don't Know About

via Krebs on Security
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware.

The FI9286P, a Foscam camera that includes P2P communication by default.
Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt...

Turns out, this Focscam camera was one of several newer models the company makes that comes with peer-to-peer networking capabilities baked in. This fact is not exactly spelled out for the user (although some of the models listed do say “P2P” in the product name, others do not).

But the bigger issue with these P2P -based cameras is that while the user interface for the camera has a setting to disable P2P traffic (it is enabled by default), Foscam admits that disabling the P2P option doesn’t actually do anything to stop the device from seeking out other P2P hosts online.


Personal Security Advisory: SimpliSafe Home Security Alarm Vulnerability

Researchers with the Seattle-based security consulting firm IOActive have released an advisory regarding SimpliSafe's wireless home security systems, claiming that the system doesn't adequately protect its transmissions from being recorded and reused...

A potential intruder would need to leave the device within 100 feet of your home's keypad, then basically press record and wait for you to disarm the system with your code.

At that point, they'd have a record of the data packet that gets transmitted whenever you punch your code in. The packet doesn't tell them what the code actually is, but that doesn't matter -- all they'd need to do is use the device to resend the packet in order to disarm your system.

IOActive's researchers built and tested the device in August of 2015. After confirming that it worked, they say that they attempted to share their findings with SimpliSafe on multiple occasions, but received no reply. more

Security Director Alert - 46,000 Internet-accessible Digital Video Recorders (DVRs) Hackable

Hackers can log into DVRs from RaySharp and six other vendors using a six-digit hard-coded root password

Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.

According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account.

Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development...

RBS researchers found that they contained a routine to check if the user-supplied username was "root" and the password 519070."If these credentials are supplied, full access is granted to the web interface," the RBS researchers said... (Test it on your DVRs. ~Kevin)

RaySharp claims on its website that it ships over 60,000 DVRs globally every month, but what makes things worse is that it's not only RaySharp branded products that are affected.

The Chinese company also creates digital video recorders and firmware for other companies which then sell those devices around the world under their own brands. The RBS researchers confirmed that at least some of the DVR products from König, Swann Communications, COP-USA, KGUARD Security, Defender (a brand of Circus World Displays) and LOREX Technology, a division of FLIR Systems, contain the same hard-coded root password.

And those are only the confirmed ones. more