Monday, August 22, 2016

Bugging devices 'widespread' According to Prime Minister

NZ - Prime Minister John Key says he too has been bugged, but won't go into specifics about how often that has happened, where it occurred and who might have been responsible.

His comments come as police in Sydney investigate the discovery of a listening device in a hotel meeting room used by the All Blacks.

Example of a digital transmitter.
Mr Key said it had happened to him, but would not give any details, except to say he would only know about a fraction of the times he had been bugged.

"I'm just saying it's not a new concept that people would put in bugging devices ... I'm just saying it's widespread and I think people would be wise to consider those factors." more

When you think about it, we only know about covert bugging, wiretapping and optical surveillance from the failed attempts. 

By definition, all successful eavesdropping is never discovered. (Usually because no one is looking for it.)

This is why smart businesses, like the All Blacks rugby organization, conduct proactive technical surveillance countermeasures inspections (aka TSCM).

If you would like to add TSCM inspections to your security strategy, contact me. I'll recommend a trusted specialist in your area. ~Kevin

Facebook Surveillance Would Make Santa Jealous, or...

...98 personal data points that Facebook uses to target ads to you...

Say you’re scrolling through your Facebook Newsfeed and you encounter an ad so eerily well-suited, it seems someone has possibly read your brain.

Maybe your mother’s birthday is coming up, and Facebook’s showing ads for her local florist. Or maybe you just made a joke aloud about wanting a Jeep, and Instagram’s promoting Chrysler dealerships.

Whatever the subject, you’ve seen ads like this. You’ve wondered — maybe worried — how they found their way to you...

While you’re logged onto Facebook, for instance, the network can see virtually every other website you visit. Even when you’re logged off, Facebook knows much of your browsing: It’s alerted every time you load a page with a “Like” or “share” button, or an advertisement sourced from its Atlas network. Facebook also provides publishers with a piece of code, called Facebook Pixel, that they (and by extension, Facebook) can use to log their Facebook-using visitors. more

Banksy Spy Art Destroyed


This famous Banksy artwork showing "snooping" in Cheltenham has been removed. 

Spy Booth depicts three 1950s-style agents, wearing brown trench coats and trilby hats, using devices to tap into conversations at a telephone box.

On April 13, 2014 the mural first appeared on the house in Fairview Road, Cheltenham.

The graffiti street art - which highlights the issue of Government surveillance - is located on the Grade II listed building near GCHQ, where the UK's surveillance network is based.

Spy Booth was granted listed status by Cheltenham Borough Council but the house itself has been put up for sale in January this year.

A social media post yesterday appeared to show the mural being cut down behind a tarpaulin. more

Sunday, August 21, 2016

TSCM Find: Bug Discovered in Hotel Meeting Room Used by New Zealand Rugby Team

New Zealand Rugby says a Sydney hotel room where the All Blacks held meetings was bugged before their first Bledisloe Cup match against Australia.

The New Zealand Herald reported that a "sophisticated" listening device found on Monday had been hidden in a chair...

The paper reported that hiding the bug "was a highly skilled and meticulous act and whoever put it there would have needed a significant amount of time to have pulled off such an accomplished job".

Indications are that the device was working and would have transmitted conversations about the All Blacks' strategy for Saturday's match. more

The Herald understands the foam of the seat appeared to have been deliberately and carefully cut to make way for the device and then sewn or glued back together to be almost undetectable. more


It Just Got Harder to Spy on Your Spouse Online

Joseph Zhang became suspicious of his wife Catherine’s online activities, so he installed software called WebWatcher on their home computer in Ohio to track her. The fallout was not just a divorce, but a landmark court ruling that could have long-term implications for both users and makers of so-called spyware.

According to an appeals court in Cincinnati, the maker of the spyware used by Zhang violated federal and state wire-tapping laws by intercepting the messages of a Florida man, Javier Luis, who had been communicating with Catherine in an America Online chatroom called “Metaphysics.”

The legal case begin in 2010 not long after Zhang used messages captured with the spyware to obtain leverage in divorce proceedings, even though a court said the relationship between his wife and Luis was “apparently platonic.” more

Man Charged with Eavesdropping on Family

NY - A Bloomingburg man was charged Thursday with eavesdropping on family members. 

State police said their investigation found that Joseph Codi, 33, of Bloomingburg, used a hidden electronic monitor to overhear conversations between other family members without their consent or knowledge for more than a month.

Codi was charged with eavesdropping, a felony. He was arraigned before Mamakating Town Justice Cynthia Dolan and released on his own recognizance, pending further court action. more

Friday, August 19, 2016

Privacy Guidebook for Eavesdropping on Americans Draws Flack

A privacy update to 1982 Defense Department rules for conducting surveillance on Americans contains a loophole...

that lets the National Security Agency continue eavesdropping on a wide swath of online conversations, critics say.

"DOD Manual 5240.01: Procedures Governing the Conduct of DOD Intelligence Activities" was last issued when all email addresses could fit in a Parent Teacher Association-sized directory. The new rules reflect a shift in intelligence gathering from bugging an individual’s phone to netting communications in bulk from the global internet...

It remains to be seen, or unseen, how U.S. spies are following the new data-handling guidelines in practice when scanning networks. 

On Wednesday, Defense officials declined to comment on internet cable-tapping. more

The 10 Best Offbeat Spy Movies

You can see all the trailers here.


10. Casino Royale
9. Our Man Flint
8. The Man Who Knew Too Little
7. Burn After Reading
6. Confessions of a Dangerous Mind
5. Spies Like Us
4. What’s Up, Tiger Lily?
3. Austin Powers: International Man of Mystery
2. Top Secret!
1. Spy


Enjoy the weekend! ~Kevin

Three Espionage Tests

Denmark - The EspionageTest is the name of a newly developed free online test designed to reveal whether businesses are vulnerable to industrial espionage.

“The test is designed to provide an immediate picture of a business’s strengths and weaknesses. It provides a picture of the business’s challenges and the areas that need strengthening. The test looks at digital security, employee behaviour, culture and physical security,” says Senior Consultant Christine Jøker Lohmann from the Confederation of Danish Industry who is a member of the project steering group.

Employee behaviour and technology are tested
The test, which has been financed by the Danish Industry Foundation and developed by the intelligence and security firm CERTA Intelligence & Security, requires businesses to answer questions covering all areas of security and tests both technology and employee behaviour.

In each area, businesses will be told how they score in terms of security and will be given specific tips and recommendations on how to improve or develop suitable protection against espionage... more

The EspionageTest – Launching on 23 August 2016 – will be freely available to all Danish businesses.

...and, from another point-of-view, take these two tests to see if you would be good at espionage...

Espionage Spy Test #1
Espionage Spy Test #2

Video Camera Video

Tiny video cameras are fascinating...

Thursday, August 18, 2016

Spycam News: Gawker Smacks Down on Monday

Gawker, the best known part of Gawker Media, but apparently the least salvageable, will not be welcomed aboard the lifeboat that Univision has sent to the sinking company in the form of a $135 million bid for its assets. The site will cease publishing on Monday, according to a person familiar with the situation...

Gawker's nearly 14 years' worth of media-world scoops, amusing rants, gratuitous take-downs and occasional investigative gems will be archived, according to a memo company founder and Chief Executive Nick Denton sent to staffers Thursday announcing the site's closure.

"We have not been able to find a single media company or investor willing to take on Gawker.com," he wrote. "The campaign being mounted against its editorial ethos and former writers has made it too risky. I can understand the caution. Gawker.com may, like Spy Magazine in its day, have a second act. For the moment, however, it will be mothballed, until the smoke clears and a new owner can be found."...

Gawker Media, which declared bankruptcy in June after losing an invasion-of-privacy suit brought by Hulk Hogan. A Florida jury awarded him $140 million in the case, which revolved around a sex tape of the wrestler, whose real name is Terry Bollea, that Gawker published.  more

Early 20th Century Phone Privacy Gadgets

Invented in 1921, the Hush-A-Phone was advertised as a “telephone silencer” and a device that “Makes your phone private as a booth.”

It produced the same effect as cupping both your hands around the mouthpiece of the two-pieced candlestick model telephone, with others in the room only hearing a rumbling of indiscernible sounds.

Callers only needed to slide the Hush-A-Phone over the mouthpiece of the phone, place their lips in the circular opening, and speak. The device was simple, easy to use, and it worked.

Yet, the Hush-A-Phone isn’t remembered for its simplicity, or success in creating an artificial cone of silence. Rather, the device is known for waging a war against the telecommunication giant, AT&T—a historic legal battle law experts compare to feuds over today’s open internet. more

Predating the Hush-A-Phone by about 20 years was The Whispering Mouthpiece. ~Kevin



Wednesday, August 17, 2016

Court: Producers of Spyware Can Be Held Liable

A federal appeals court says the maker of an online spying tool can be sued on accusations of wiretapping. The federal lawsuit was brought by a man whose e-mail and instant messages to a woman were captured by the husband of the woman. That husband used that data as a "battering ram" as part of his 2010 divorce proceedings.

It's the second time in a week that a federal court has ruled in a wiretapping case—in favor of a person whose online communications were intercepted without consent. The other ruling was against Google. A judge ruled that a person not using Gmail who sent e-mail to another person using Gmail had not consented to Gmail's automatic scanning of the e-mail for marketing purposes. Hence, Google could be sued (PDF) for alleged wiretapping violations.

For the moment, the two outcomes are a major victory for privacy. But the reasoning in the lawsuit against the makers of the WebWatcher spy program could have ramifications far beyond the privacy context—and it places liability on the producers of spyware tools. more

Friday, August 12, 2016

"DiskFiltration" - Siphons Data Even When Computers are Disconnected from the Internet.

Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores. 

The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data.

By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes. more

Solution: Upgrade to a solid state drive.

Mom Alerted - Daughters' Bedroom Nanny Cam Streaming on Internet

A mother from Texas was horrified to learn that the cameras she used to keep watch on her 8-year-old girls had been hacked and were being live streamed on the internet.

She made the appalling discovery after she found a screenshot posted by another woman on a Facebook group for Houston Mothers, who was trying to alert mothers after stumbling across a free app ‘Live Camera Viewer.’ ...

According to security experts, her private cameras had been hacked by accessing the household’s IP address through her daughter’s iPad whilst she was playing a video game, and was consequently live streamed to an online feed.

The feed, which is sorted according to the number of ‘likes’ that users give, had been available since July, and had 571 ‘likes,’ meaning at least that many people had been watching it over the course of the stream.  more