Sunday, August 21, 2016

TSCM Find: Bug Discovered in Hotel Meeting Room Used by New Zealand Rugby Team

New Zealand Rugby says a Sydney hotel room where the All Blacks held meetings was bugged before their first Bledisloe Cup match against Australia.

The New Zealand Herald reported that a "sophisticated" listening device found on Monday had been hidden in a chair...

The paper reported that hiding the bug "was a highly skilled and meticulous act and whoever put it there would have needed a significant amount of time to have pulled off such an accomplished job".

Indications are that the device was working and would have transmitted conversations about the All Blacks' strategy for Saturday's match. more

The Herald understands the foam of the seat appeared to have been deliberately and carefully cut to make way for the device and then sewn or glued back together to be almost undetectable. more


It Just Got Harder to Spy on Your Spouse Online

Joseph Zhang became suspicious of his wife Catherine’s online activities, so he installed software called WebWatcher on their home computer in Ohio to track her. The fallout was not just a divorce, but a landmark court ruling that could have long-term implications for both users and makers of so-called spyware.

According to an appeals court in Cincinnati, the maker of the spyware used by Zhang violated federal and state wire-tapping laws by intercepting the messages of a Florida man, Javier Luis, who had been communicating with Catherine in an America Online chatroom called “Metaphysics.”

The legal case begin in 2010 not long after Zhang used messages captured with the spyware to obtain leverage in divorce proceedings, even though a court said the relationship between his wife and Luis was “apparently platonic.” more

Man Charged with Eavesdropping on Family

NY - A Bloomingburg man was charged Thursday with eavesdropping on family members. 

State police said their investigation found that Joseph Codi, 33, of Bloomingburg, used a hidden electronic monitor to overhear conversations between other family members without their consent or knowledge for more than a month.

Codi was charged with eavesdropping, a felony. He was arraigned before Mamakating Town Justice Cynthia Dolan and released on his own recognizance, pending further court action. more

Friday, August 19, 2016

Privacy Guidebook for Eavesdropping on Americans Draws Flack

A privacy update to 1982 Defense Department rules for conducting surveillance on Americans contains a loophole...

that lets the National Security Agency continue eavesdropping on a wide swath of online conversations, critics say.

"DOD Manual 5240.01: Procedures Governing the Conduct of DOD Intelligence Activities" was last issued when all email addresses could fit in a Parent Teacher Association-sized directory. The new rules reflect a shift in intelligence gathering from bugging an individual’s phone to netting communications in bulk from the global internet...

It remains to be seen, or unseen, how U.S. spies are following the new data-handling guidelines in practice when scanning networks. 

On Wednesday, Defense officials declined to comment on internet cable-tapping. more

The 10 Best Offbeat Spy Movies

You can see all the trailers here.


10. Casino Royale
9. Our Man Flint
8. The Man Who Knew Too Little
7. Burn After Reading
6. Confessions of a Dangerous Mind
5. Spies Like Us
4. What’s Up, Tiger Lily?
3. Austin Powers: International Man of Mystery
2. Top Secret!
1. Spy


Enjoy the weekend! ~Kevin

Three Espionage Tests

Denmark - The EspionageTest is the name of a newly developed free online test designed to reveal whether businesses are vulnerable to industrial espionage.

“The test is designed to provide an immediate picture of a business’s strengths and weaknesses. It provides a picture of the business’s challenges and the areas that need strengthening. The test looks at digital security, employee behaviour, culture and physical security,” says Senior Consultant Christine Jøker Lohmann from the Confederation of Danish Industry who is a member of the project steering group.

Employee behaviour and technology are tested
The test, which has been financed by the Danish Industry Foundation and developed by the intelligence and security firm CERTA Intelligence & Security, requires businesses to answer questions covering all areas of security and tests both technology and employee behaviour.

In each area, businesses will be told how they score in terms of security and will be given specific tips and recommendations on how to improve or develop suitable protection against espionage... more

The EspionageTest – Launching on 23 August 2016 – will be freely available to all Danish businesses.

...and, from another point-of-view, take these two tests to see if you would be good at espionage...

Espionage Spy Test #1
Espionage Spy Test #2

Video Camera Video

Tiny video cameras are fascinating...

Thursday, August 18, 2016

Spycam News: Gawker Smacks Down on Monday

Gawker, the best known part of Gawker Media, but apparently the least salvageable, will not be welcomed aboard the lifeboat that Univision has sent to the sinking company in the form of a $135 million bid for its assets. The site will cease publishing on Monday, according to a person familiar with the situation...

Gawker's nearly 14 years' worth of media-world scoops, amusing rants, gratuitous take-downs and occasional investigative gems will be archived, according to a memo company founder and Chief Executive Nick Denton sent to staffers Thursday announcing the site's closure.

"We have not been able to find a single media company or investor willing to take on Gawker.com," he wrote. "The campaign being mounted against its editorial ethos and former writers has made it too risky. I can understand the caution. Gawker.com may, like Spy Magazine in its day, have a second act. For the moment, however, it will be mothballed, until the smoke clears and a new owner can be found."...

Gawker Media, which declared bankruptcy in June after losing an invasion-of-privacy suit brought by Hulk Hogan. A Florida jury awarded him $140 million in the case, which revolved around a sex tape of the wrestler, whose real name is Terry Bollea, that Gawker published.  more

Early 20th Century Phone Privacy Gadgets

Invented in 1921, the Hush-A-Phone was advertised as a “telephone silencer” and a device that “Makes your phone private as a booth.”

It produced the same effect as cupping both your hands around the mouthpiece of the two-pieced candlestick model telephone, with others in the room only hearing a rumbling of indiscernible sounds.

Callers only needed to slide the Hush-A-Phone over the mouthpiece of the phone, place their lips in the circular opening, and speak. The device was simple, easy to use, and it worked.

Yet, the Hush-A-Phone isn’t remembered for its simplicity, or success in creating an artificial cone of silence. Rather, the device is known for waging a war against the telecommunication giant, AT&T—a historic legal battle law experts compare to feuds over today’s open internet. more

Predating the Hush-A-Phone by about 20 years was The Whispering Mouthpiece. ~Kevin



Wednesday, August 17, 2016

Court: Producers of Spyware Can Be Held Liable

A federal appeals court says the maker of an online spying tool can be sued on accusations of wiretapping. The federal lawsuit was brought by a man whose e-mail and instant messages to a woman were captured by the husband of the woman. That husband used that data as a "battering ram" as part of his 2010 divorce proceedings.

It's the second time in a week that a federal court has ruled in a wiretapping case—in favor of a person whose online communications were intercepted without consent. The other ruling was against Google. A judge ruled that a person not using Gmail who sent e-mail to another person using Gmail had not consented to Gmail's automatic scanning of the e-mail for marketing purposes. Hence, Google could be sued (PDF) for alleged wiretapping violations.

For the moment, the two outcomes are a major victory for privacy. But the reasoning in the lawsuit against the makers of the WebWatcher spy program could have ramifications far beyond the privacy context—and it places liability on the producers of spyware tools. more

Friday, August 12, 2016

"DiskFiltration" - Siphons Data Even When Computers are Disconnected from the Internet.

Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores. 

The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data.

By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes. more

Solution: Upgrade to a solid state drive.

Mom Alerted - Daughters' Bedroom Nanny Cam Streaming on Internet

A mother from Texas was horrified to learn that the cameras she used to keep watch on her 8-year-old girls had been hacked and were being live streamed on the internet.

She made the appalling discovery after she found a screenshot posted by another woman on a Facebook group for Houston Mothers, who was trying to alert mothers after stumbling across a free app ‘Live Camera Viewer.’ ...

According to security experts, her private cameras had been hacked by accessing the household’s IP address through her daughter’s iPad whilst she was playing a video game, and was consequently live streamed to an online feed.

The feed, which is sorted according to the number of ‘likes’ that users give, had been available since July, and had 571 ‘likes,’ meaning at least that many people had been watching it over the course of the stream.  more

Wednesday, August 10, 2016

IT Guy Pleads Not Guilty to Eavesdropping Charge — Recordings Found

IL - The technology director of Abingdon-Avon schools pleaded not guilty to charges of eavesdropping Tuesday at a hearing.

Mark L. Rogers, 56, of Abingdon, is on paid administrative leave from Abingdon-Avon School District 276 and has been charged with three felony counts of eavesdropping. Abingdon Police Chief Kenneth Jones testified...

Jones said authorities found that Rogers had installed a webcam in his office that was not part of the school system. Authorities found a "number of videos collected from February 2016," including one of a meeting between Rogers and Drew Witherall, who was assistant technology director at the time. Witherall said he was unaware of the Feb. 11 recording.  more

Car Key Fobs — Wireless = Useless

...a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. 

One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.

Both attacks use a cheap, easily available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key. The attacks, the researchers say, can be performed with a software defined radio connected to a laptop, or in a cheaper and stealthier package, an Arduino board with an attached radio receiver that can be purchased for $40. “The cost of the hardware is small, and the design is trivial,” says Garcia. “You can really build something that functions exactly like the original remote.”

...they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.” more
original paper

Quote of the Week

"We have never had absolute privacy in this country." ~FBI Director James Comey more