Sunday, November 27, 2016

Turn Any Computer Into an Eavesdropping Device

Researchers at Israel’s Ben-Gurion University of the Negev have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones.

In a paper titled "SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit," the researchers this week described malware they have developed for re-configuring a headphone jack from a line-out configuration to a line-in jack, thereby enabling connected headphones to work as microphones.

The exploit works with most off-the-shelf headphones and even when the computer doesn’t have a connected microphone or has a microphone that has been disabled, according to the researchers. more

 Spoiler Alert: It ain't easy to do, or likely to happen to you. ~Kevin

Tuesday, November 22, 2016

Business Espionage: GSM Bugs Are Mini Cell Phones in Disguise

(from a seller's website in the UK)
GSM bugs are also known as mobile phone bugs and infinity bugs. Based around mobile technology, these devices provide a discreet listening facility with an unlimited distance.

Click to enlarge.
Up until a few years ago radio frequency transmitters were relied upon to provide an eavesdropping solution, albeit over only relatively short distances, generally up to about 800 metres line of sight. These devices are still available, but have been outlawed by OFCOM legislation and are therefore not legal to sell into the UK or operate in the UK without a radio broadcast licence. GSM Bugs use the existing GSM network as a transmission tool.

When they fist became available, the GSM bugs were literally modified mobile phones that auto-answered silently to open up the microphone and listen into the surrounding environment. These devices are still available today and some dedicated (dead phone) units have had enhanced microphone adjustments to make them more attuned to pick up sounds in a wider area, turning them into dedicated listening devices.

As the technology has moved on, these eavesdropping devices have become smaller and more sophisticated. They are really only restricted in size at present by the battery size, however, some of the latest units are built into mains powered devices such as multi-plug adapters and mains sockets, thereby making them invisible to the naked eye and with no power consumption restrictions.

Some of these eavesdropping devices are obviously for the UK market.
Bugs for other electrical standards are also available. 


Do you have electrical extension strips in your office?
Have they been inspected and sealed by a TSCM specialist

~Kevin

Hot Tech History: The "iPod" of 1938

via Matt Novak 
 Today we take it for granted that we can bring music with us wherever we go.

But that obviously wasn’t always the case. As just one example of how cumbersome portable music could sometimes be, take a look at this portable radio receiver from 1938. It was all the rage in France.

The May 1938 issue of Short Wave and Television magazine included a photo-filled spread of new radio sets that had recently been featured at an electronics exhibit in Paris. As you can see in the photo on the far left, the latest “portable radio” included a strap so that you could lug it around with you.

Radio miniaturization was happening at a quick pace in the 1920s, and this was far from the only portable radio of the 1930s. But it’s a decent reminder that portability is and always has been relative... more

Monday, November 21, 2016

3D Industrial Espionage

Your 3-D printer is leaking, but not in ways you can see.

It leaks sounds and energy. That's not a problem — unless you want to keep your creation a secret. In that case, it's time to get serious about security. Computer scientists have now shown that hackers can eavesdrop on 3-D printers — and then copy what they made. All it takes is your average smartphone.

As 3-D printing becomes more widespread, thieves will find new ways to steal original designs, worries Wenyao Xu. This computer scientist at the State University of New York in Buffalo led the new work...

To hack these printers, a spy needs to merely “listen” to the noise and energy the machine emits, including the magnetic fields that vary as it works. Both sound and electromagnetic energy travel as waves. By tapping into these waves, Xu says, a spy could identify the shape of what was being printed. This would allow someone to steal a design without ever seeing the original.

“We need to prevent these attacks,” Xu says. more

The Most Intrusive Spying Powers in the “History of Western Democracy.”

Britain’s Investigatory Powers Bill, voted through Wednesday, 

gives the government what critics claim will be some of the most intrusive spying powers in the “history of Western democracy.”

U.K.-based Internet service providers will be expected to keep full records of every customer’s browsing history, stretching back a year, and the statute will provide enough legal clout for the government to force companies to decrypt data on demand as well as create security backdoors on the devices they sell in order to facilitate spying. more

The Spy Who Couldn't Spell Straight

...and now we're going to hear a story that sounds just too bizarre to be true. 

More than a decade before Edward Snowden famously leaked thousands of classified records to the world, another U.S. government contractor tried a similar move the old-fashioned way. His name is Brian Regan. And in 1999 and 2000, he smuggled classified documents out of his office and buried them in the woods hoping to sell them to a foreign government. But he was foiled in part by his own terrible spelling.

This thrilling story is out this month in a new book called "The Spy Who Couldn't Spell: A Dyslexic Traitor, An Unbreakable Code And The FBI's Hunt For America's Stolen Secrets." Michel Martin talked with author Yudhijit Bhattacharjee about the strange story of Brian Regan.

MM: Why do you think most people have never heard of this story?

YB: The main reason is that Brian Regan was arrested just two weeks before 9/11. And so his story got completely overshadowed by the coverage of what was arguably the biggest story of the last 20 years... more

Friday, November 18, 2016

How to Get Into a Locked iPhone... and what to do about it.

It's Pretty Easy For Someone To Access Your Photos And Other Personal Info On Your Locked iPhone

YouTuber iDeviceHelp is "not a hacker" but still managed to find a fairly simple way to get into a locked iPhone running iOS 9. No passcode needed.


If you have an iPhone you want to turn off SIRI when the screen is locked. ~Kevin

China Secretly Spying on Android Devices

According to Cybersecurity firm Kryptowire, some Android phones, including those from American phone manufacturer BLU, are being preinstalled with software that monitors where users go, who they call, and what they text. The information is then sent back to Chinese servers.

A software dedicated to spying on users is the trojan horse hidden inside some phones manufactured in China. Kryptowire, a Cybersecurity consulting firm, has released a report stating that such malware is being used to gather sensitive information such as GPS locations, text messages, etc. to send back to Chinese servers every 72 hours.

The piece of code has been lurking inside the Android operative system. As such, the program managed to conceal itself from the user’s perspective.

Tom Karygiannis from Kryptowire revealed that the malicious program was created by the Chinese company Adups, with the sole purpose of spying, stating that it isn’t the result of an error. Karygiannis said that the malware’s goal may be is to perform state espionage or to merely to sell advertising data....

Adups has over 700 million active users, and a market share exceeding 70% across 200+ countries and regions. 

The company’s software is used in phones, cars, and other devices. American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected, promptly stating that it had released an update to remove Adups’ spyware. more

Happy Holidays, or How Not to Get Scammed Online This Season

Protect yourself against online shopping scams by watching for these 10 telltale signs...

Many mom-and-pop retail stores maintain websites for selling their wares, and some entrepreneurs create online-only stores that ship products directly from warehouses. Unfortunately, scammers also use ecommerce as an opportunity to take shoppers' personal and financial information from afar. An odd-looking site or too-good-to-be-true deal might be the work of scammer rather than an ecommerce amateur. The following 10 signs can help shoppers distinguish between the two. more

Lawyers Should Not Bug Opposing Lawyer's Email

Alaska may have only about 2,500 active resident lawyers, but its bar ethics committee has become just the second authority in the country to weigh in on the practice of “bugging” the e-mail of opposing counsel.

The committee disapproved of this spy method in an opinion issued in late October, saying that it violated the Last Frontier’s version of Model Rule 8.4, which prohibits dishonesty and misrepresentation.

A “web bug” is a tracking device consisting of an object embedded in a web page or e-mail, that unobtrusively (usually invisibly) reveals whether and how a user has accessed the content. Other names for a web bug are web beacon, pixel tracker and page tag. more

Want to check who is secretly bugging you? Little Snitch for OSX does an excellent job and offers a free trial. Similar products exist for PC based computers. ~Kevin

Thursday, November 17, 2016

This $5 Device Can Hack Your Locked Computer In One Minute

Next time you go out for lunch and leave your computer unattended at the office, be careful. A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks.

Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there’s a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday.


And all a hacker has to do is plug it in and wait. more

Tune into PI's Declassified! Thursday, 9 am Pacific, Noon Eastern

Is Your Cell Phone Bugging You?
Do you want to know how to protect your cell phone privacy or detect spyware on your smartphone? Are there warning signs that your phone is infected with spyware? Are there applications available to prevent your phone from being tapped or to catch the spy red-handed? Kevin D. Murray is an expert on mobile phone electronic surveillance and eavesdropping detection, known as technical surveillance countermeasures. He is also the author of Is My Cell Phone Bugged? Tune in to hear Kevin Murray discuss detecting mobile phone spyware, and tips to protect your most private conversations.
Link to show

Tuesday, November 15, 2016

Shazam, You're Bugged!

Shazam Keeps Your Mac’s Microphone Always On, Even When You Turn It Off

What’s that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple’s computers, Shazam never turns the microphone off, even if you tell it to.

When a user of Shazam’s Mac app turns the app “OFF,” the app actually keeps the microphone on in the background.

For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it’s just a feature that makes the app work better. more

TSCM School: How Small Can Electronic Surveillance Bugs Be?

...or, why we listen to the wires.

Electronic surveillance devices (audio, video, data) are often referred to by their generic term — bugs.
Amplified Mic (enlarged)
Bugs may be highly specialized, as in a video only spy camera, or may incorporate audio, video and data snooping. An example of this is a device which is secreted in a vehicle, which collects GPS data, audio and video.

Most people, however, think of bugs as audio-only radio transmitters.

Often the simplest bugs are the most effective. These are just microphones attached to a length of wire.

The other end of the wire can be connected to a distant radio transmitter, voice recorder, or simply an amplifier with headphones.

Most people are surprised to learn all homes and offices come prewired, bugging-ready.

Standard telephone cables have unused pairs, and computer Ethernet cables generally only use two of the four pairs they contain. Most older office buildings also have legacy wiring which was never removed.

These "hardwired" bugs are among the most difficult to detect, which is why spies and law enforcement favor them.

Since a microphone is the main element of a hardwired bug,
I thought it might be very useful to show you how small they
can be.

These fingers are holding a real microphone, actual size.

Now you know just how much the other picture was enlarged.

Amazingly small, these microphones are mass produced by the millions.

Fortunately, most wind up in cell phones and hearing aids. However, many are sold on eBay for pennies, and then become bugs.

Not everyone knows how to find these. But, don't worry, we do.

Monday, November 14, 2016

Business Espionage: Agribusiness Now in the Crosshairs

In an industry where information is power, dishonest competitors may steal agrichemical company data and use it to their advantage. While this may sound a little like a James Bond movie plot, industrial espionage is a real event.

Take for example, the case from October 2016, when a Chinese man was sent to prison for 3 years... The crime was part of a years-long conspiracy involving several Chinese citizens aimed at stealing valuable patented corn seeds from Iowa farm fields so they could be smuggled to a Chinese agriculture conglomerate.”...

Worse still, is that this case is not an isolated incident, with Robert Anderson Jr., assistant director of counterintelligence at the F.B.I. explaining that, “Agriculture [industrial espionage] is an emerging trend that we’re seeing.” Adding that, until two years ago, “the majority of the countries and hostile intelligence services within those countries were stealing other stuff.”

Such is the power of a trade secret in modern agribusiness, that attempts to steal it are replacing efforts to learn military secrets.

Possibly, this is part of what geo-political experts call ‘food security’...

When it comes to agribusiness data, industrial espionage should leave you neither shaken nor stirred, but should simply be a case of, ‘We’ve been expecting you Mr. Bond.’ more more