Sunday, April 3, 2016

Spy Agency Few Know Gets Free Land for HQ

A US spy agency's new $1.7 billion western headquarters will be constructed in St Louis, Missouri...

NGA Campus East, the headquarters of the agency
The National Geospatial-Intelligence Agency (NGA) hopes to build its new western HQ in north St Louis, where it was offered free land...

So what exactly is the NGA?

The NGA is part of the Department of Defense and works with the CIA and the Air Force to provide intelligence that is largely geographical in nature...

According to the NGA, "anyone who sails a U.S. ship, flies a U.S. aircraft, makes national policy decisions, fights wars, locates targets, responds to natural disasters, or even navigates with a cellphone relies on NGA." more

Saturday, April 2, 2016

The Erin Andrews $55,000,000 verdict: Can it happen to your property?

by David C. Tryon - Porter Wright Morris & Arthur LLC

If you own or manage a hotel or inn, the Erin Andrews $55,000,000 verdict probably caught your attention. You wonder, “could that happen to my hotel?” Yes it can...

One fact which has not been widely reported is that Andrews’ room was allegedly on a “secure floor” – a designation which likely has varying meanings to property owners and guests. Barrett was able to use his immediate proximity to tamper with the peep hole on Andrews door at an ideal time – allowing him to see from the outside in. A disturbing reality is that anyone can do this with a readily available $60 (or $12.99) device. Barrett then videoed Andrews nude in her room without being detected by the hotel staff. He later posted the video on the Internet, which subsequently went viral...

So, what steps can you take to prevent something like this from happening to your property? Start by having a very direct conversation with your staff about your security measures. Assess what efforts you have in place and if those efforts should be enhanced. Ask yourself these questions... more

PS - Hotels are not the only vulnerable targets. The term "property" easily expands to include: country clubs, gyms, schools, hospitals, and more. In fact, all corporate locations offering rest room / maternity room / changing room / shower and locker room facilities to their employees and visitors is at risk. 

The best first steps to protecting yourself and your company:
1. Have a written Recording in the Workplace Policy in place.
2. Train security and facilities employees how to conduct inspections for spycams.
3. Conduct in-house spy camera inspections periodically, and document your efforts.

Friday, April 1, 2016

Spycam Lawsuit: Female Oil Rig Worker Sues for $1 Million

It looked like a normal clothing hook -- small and unsuspecting, mounted on the back door of her sleeping quarters on the Transocean Deepwater oil rig.

But to her, for some reason it just didn't feel right.

"The rooms are pretty bare and minimum, so when you notice something that's different, it kind of sticks out to you."

Though 26, she'd been on plenty of rigs before. In fact, she'd spent much of her life dedicated to working offshore in the Gulf of Mexico. But she says she'd never seen something like this.
"It was out of place."

She dismissed the weird feeling and thought to herself, "Well, it must just be extra storage."
That was a Friday in August 2015. Four days later, the hook was gone. more

Thursday, March 31, 2016

Security Director Alert: 20,000 Printers Under the Siege

The notorious hacker and troll Andrew Auernheimer, also known as “Weev,” just proved that the Internet of Things can be abused to spread hateful propaganda.

On Thursday, Auernheimer used two lines of code to scan the entire internet for insecure printers and made them automatically spill out a racist and anti-semitic flyer. 

Hours later, several people started reporting the incident on social media, and eventually a few local news outlets picked up on the story when colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer.

Auernheimer detailed this “brief experiment,” as he called it, in a blog post on Friday. Later, in a chat, he said that he made over 20,000 printers put out the flyer, and defended his actions. more

Imagine the chaos if he sent a more realistic version of the coupon shown above, or false documents to internal company printers. Make sure all printers associated with your company operate in a secure manner – internal and home office units. Don't forget to check for insecure Wi-Fi settings as well. Need help? Call me.

Scary Password Stats

Market Pulse Survey 
Click to enlarge.
Reveals Growing Security Negligence in the Workplace 
Despite Employees’ Concern Over Risk to Personal Data 
more 

Yes, 1 in 5 would sell their passwords... and it only take one to spring a leak.  ~Kevin

Business Espionage: Guaranteed Rate Hit with $25M Judgment

A jury awarded Mount Olympus Mortgage Co. more than $25 million in a lawsuit alleging "corporate espionage" by former employee Benjamin Anderson and his new employer, Guaranteed Rate.

Anderson and another former Mount Olympus originator who now works for Guaranteed Rate, Brian Decker, were accused of stealing loan files, borrower information and other proprietary data from the Irvine, Calif.-based lender.

"The purpose of the scheme was to divert hundreds of MOMCo loan customers to Guaranteed. The Individual Defendants misappropriated MOMCo's confidential and proprietary information and directed MOMCo customers to Guaranteed," the lawsuit, filed in an Orange County, Calif., superior court, reads.

The complaint alleges the pair acted with the encouragement of Chicago-based Guaranteed Rate. more

Surveillance Self-Defense 101: A teach-in for activists

On Sunday, April 3, 

EFF will co-host a free workshop on surveillance self-defense with local grassroots groups in New York and Brooklyn. The workshop will be open to the public, though particularly structured for activists supporting social movements.

Participants need not wield technical expertise to attend this session, which is geared towards regular smartphone and laptop users. EFF's Shahid Buttar will facilitate a teach-in and skill-share on surveillance, some immediate and practical steps you can take to protect your communications, and how to work with neighbors to inform surveillance policy at the state and local level. An EFF staff technologist will remotely join for a question & answer session. more

Laker Rookie Secretly Filmed Teammate Admitting Cheating

A shocking video surfaced of Los Angeles Lakers forward Nick Young,

filmed by his rookie teammate D’Angelo Russell, admitting that he cheated on his fiancée Iggy Azalea.

The video shows Russell talking to Young saying, “You was 30 and she was 19?” referencing a woman the 30-year-old Young met in a nightclub...

According to Hollywoodlife.com the 25-year-old Azalea plans to now call off their wedding plans. more

Security Director Alert: Update Your HID Card Reader Software - NOW

Let Me Get That Door for You: Remote Root Vulnerability in HID Door Controllers

If you’ve ever been inside an airport, university campus, hospital, government complex, or office building, you’ve probably seen one of HID’s brand of card readers standing guard over a restricted area. HID is one of the world’s largest manufacturers of access control systems and has become a ubiquitous part of many large companies’ physical security posture.

Each one of those card readers is attached to a door controller behind the scenes, which is a device that controls all the functions of the door including locking and unlocking, schedules, alarms, etc...

Technical details...
...if we send a Linux command wrapped in backticks, like `id`, it will get executed by the Linux shell on the device. To make matters worse, the discovery service runs as root, so whatever command we send it will also be run as root, effectively giving us complete control over the device.

Since the device in this case is a door controller, having complete control includes all of the alarm and locking functionality. This means that with a few simple UDP packets and no authentication whatsoever, you can permanently unlock any door connected to the controller. And you can do this in a way that makes it impossible for a remote management system to relock it. On top of that, because the discoveryd service responds to broadcast UDP packets, you can do this to every single door on the network at the same time! Needless to say, this is a potentially devastating bug. The Zero Day Initiative team worked with HID to see that it got fixed, and a patch is reportedly available now through HID’s partner portal. more

Covert Recording: Governor of Alabama, Robert Bentley, Says He Won’t Quit

“I have no intentions of resigning,” said Mr. Bentley, a Republican in his second term...

Within hours, Rebekah C. Mason, the governor’s senior political adviser and the woman with whom he engaged in suggestive conversations, captured on tape, said she had quit. And by day’s end, it was uncertain whether it would be politically feasible for Mr. Bentley, 73, to remain in office in this state, which has a gaudy history of scandal but has been in something of a morals-driven meltdown since the governor’s admission last Wednesday.

Background...
Spencer Collier, head of the Alabama Law Enforcement Agency until he was fired today, said this afternoon he has seen and investigated text messages and audio recordings "of a sexual nature" between Gov. Robert Bentley and his chief advisor, Rebekah Caldwell Mason...

...former Bentley security officer Ray Lewis... brought a laptop to Collier and played an audiotape of conversations between the governor and Mason, Collier said. The tape, purportedly created by a Bentley family member hoping for an "intervention," left no doubt about the relationship, he said. more

Friday, March 25, 2016

And you thought bugging the coffin stories were outrageous...

CA - For the second time in less than six months, defense attorneys are crying foul over the placement of hidden recording devices outside Bay Area courthouses. 

Lawyers for a group of real estate professionals facing antitrust charges on Wednesday asked the judge overseeing the case to toss evidence gained from recording devices located outside the Alameda and Contra Costa County courthouses.

"The government's unauthorized use of recording devices to capture private conversations at the Alameda and Contra Costa County courthouses violated the defendants' Fourth Amendment rights to be secure against unreasonable searches and seizures," defense lawyers wrote in U.S. v Marr, 14-580. more

Bugged coffin story #1.
Bugged coffin story #2.
Bugged coffin story #3.
Bugged coffin story #4.

Just Don't Hold this "Cell Phone" to Your Head

Created by a Minnesota company called Ideal Conceal, the first product created by the startup is a handgun that can be disguised as a smartphone inside a case. 

Built into a single frame, the grip of the double barreled, .380 caliber pistol folds down and locks into place when opened. When closed, the trigger and trigger guard are completed covered by the grip, thus offering up the appearance of a standard smartphone case. There’s also a clip to attach the handgun to a belt, but in the disguised smartphone form.

Similar to the size and shape of a smartphone, the folded Ideal Conceal can be easily slipped into a pants pocket or purse when not in use....

At this time, the pistol is still being developed by Ideal Conceal and isn’t in production as of yet. more

Thursday, March 24, 2016

The Puzzling Case of Corporate Espionage

Chris Wirth started Liberty Puzzles just over a decade ago as a sort of homage to his childhood and to the original wooden puzzles of the 1930s...

...Liberty’s sales back up the idea that puzzles are popular again. Liberty has grown considerably every year since it opened up shop. Lately, though, its puzzles have been so popular it’s “overwhelming,” says Wirth. But when we asked him how many puzzles the company sells each year, he declined to reveal anything. “We’ve been the victim of corporate espionage,” he says. Like people scouting out its Boulder, Colorado factory operations and stealing precious information. Who knew puzzle intelligence operatives were a thing? more

Brussels Suicide Bombers Planted Hidden Camera...

...At Home Of Top Belgium Nuclear Official

...Belgium’s federal prosecutor confirmed that on November 30, police seized footage that appeared to show a high-ranking Belgian nuclear official in an anti-terror raid. The surveillance video was discovered in a bust that resulted in the arrest of Mohamed Bakkali, who was charged with terrorist activity and murder in connection with the Paris attacks. His home in Auvelais may have been used as a hideout...

On Thursday, we get still more chilling evidence to suggest that this is all the work of the very same Belgium-based terror cell. According to Dernier Heure, it was the Bakraoui brothers that planted a hidden camera in the bushes and captured the 10-minute surveillance video of the senior Belgian nuclear official coming and going from his home. more

A European security official told the AP the terror squads are being trained in battleground strategies, explosives, surveillance techniques and countersurveillance — “next-level” methods Stewart said will help them avoid capture and kill scores of innocents.

“They’re doing pre-operational surveillance, attack planning and clandestine communications,” Stewart said. “That kind of 
advanced tradecraft gives them capabilities that are beyond what we’ve seen.” more

Apple Concerned About Spy Tech Being Added to Servers

Apple's huge success with services like iTunes, the App Store, and iCloud has a dark side.

Apple hasn't been able to build the all the data centers it needs to run these enormous photo storage and internet services on its own. And it worries that some of the equipment and cloud services it buys has been compromised by vendors who have agreed to put "back door" technology for government spying... more