Friday, February 3, 2017

Wiretap Warrant v. Data Warrant = Kinetic v. Static

A New Jersey appeals court has ruled that law enforcement agencies can view private messages and tweets from private accounts on Twitter if they get a warrant...

The case turned on what type of warrant is needed: a communications data warrant or a wiretapping warrant, which is needed for electronic communications in transit and has tougher legal requirements.

Essex County officials argued they were trying to access audio that had already been transmitted as opposed to live transmissions. The court agreed, ruling that law enforcement could use a data warrant.

According to Assistant Essex County Prosecutor Camila Garces, the court's ruling "ensures that the state can access electronic footprints when conducting a criminal investigation."

Defense attorney Lawrence Lustberg said that investigators should only have a right to see private message if they get a wiretap because they happen in real time. more

The Birth of WiFi — Thank you, Australia

Australian scientific invention — The invention of a new wireless data transmission system in the early 1990s led to modern wi-fi, the most popular way to connect computers without wires.

The prototype test-bed invented by researchers at the Commonwealth Scientific and Industrial Research Organisation (CSIRO) Invention leads to modern wi-fi.

CSIRO’s wireless local area network led to modern wi-fi and liberated the internet from dial-up. It marked a change in communication technology that is comparable to the invention of the telegraph in 1831.

The WLAN allowed instant contact with, and access to, information resources – anytime and anywhere in the world. It solved the main problem of indoor wireless networking – radio waves bouncing off walls and furniture, creating a distorted signal – by transmitting several signals over various frequencies simultaneously, merging into a complete signal at the reception point. more

Thank you, Mike! ~Kevin

Thursday, February 2, 2017

Spy Sites of Washington, DC (book)

SPY SITES OF WASHINGTON, D.C.
By Robert Wallace and H. Keith Melton (with Henry R. Schlesinger)

Spy Sites” could be considered two books in one. It is a capsule history of spying in and around D.C., with crisply written profiles of the major players.

Even intelligence buffs will encounter a few unfamiliar names. Consider, for instance, Thomas Atwood Digges, a Marylander who worked in London to free American sailors imprisoned by the British. Yet he was so sloppy with his accounts that Benjamin Franklin (for whom he was a sometime courier) denounced him as a rogue and scoundrel. But there is a monument to him on the Digges family estate across the Potomac from Mount Vernon.

“Spy Sites” is also a guide book that should be invaluable for weeks of Sunday afternoon spy walks or drives — from downtown to tranquil suburbs. With maps and photos, it enables the reader to view the obscure dead drops that such rogues as Aldrich Ames, John Walker and Robert Hanssen used to pass secrets to the Soviets — “you are there” experiences of the first order.

There are also some seldom-discussed secrets as to how FBI and other counterintelligence officers “spied on the spies.”

Readers can trust the expertise of the authors. Robert Wallace ran CIA’s Office of Technical Services, which invents spycraft equipment for communications and other covert chores. R. Keith Melton, an Annapolis graduate, owns one of the largest collections of spy artifacts in existence.  more

2017 Information Security and Cryptography Seminar — Fundamentals and Applications

June 12-14, 2017 in Zurich, Switzerland | Lecturers: David Basin and Ueli Maurer

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience. This includes the foundations needed to understand the different approaches, a critical look at the state-of-the-art, and a perspective on future security technologies.

The material is presented at three different levels. At the highest level, the basic concepts are presented in detail, but abstractly (e.g., as black boxes), without mathematics. No background is required to follow at this level. At an intermediate level, the most important concrete schemes, models, algorithms, and protocols are presented as well as their applications. Here some minimal mathematical and systems background is assumed. At the deepest level, which is not required to understand the higher levels, different special topics, requiring some mathematical background, are discussed.

The lectures and all course material are in English. more

Make Your Smartphone 007 Smart (book)

via amazon.com
The smartphone in your pocket can easily be turned into a high-tech spy tool and counter-surveillance device to rival anything that Ian Fleming’s Q might have dreamt up.

$2.99 at Amazon
You can communicate secretly, browse the web anonymously, access the Deep Web and hidden networks, view banned content, download privately and continue using Twitter and Facebook if their services are ever blocked locally.

Conversely, mobile devices are not secure unless you make them so. If somebody wants to know where you are at this precise moment, your smartphone will tell them – even if it is turned off...

Rather like spies in a James Bond movie, mobile users have an array of digital tools to call upon, both to mask their identity and to provide real confidence that their correspondence, data and contacts are secure.

There are smartphone apps that let you see in the dark or measure the height of a building. You can film and record without being rumbled; send emails, PMs and SMS that cannot be intercepted or read. You can even take over and control many public and private security cameras. more

The Obama Cybersecurity Report Card

by Taylor Armerding
President Obama is only a couple of weeks out of office, but his legacy on cybersecurity is already getting reviews – mixed reviews.

According to a number of experts, Obama said a lot of good things, did a lot of good things and devoted considerable energy to making cybersecurity a priority, but ultimately didn't accomplish the goal of making either government or the private sector more secure...

As Kevin Murray, director of Murray Associates, a counterespionage consultancy, put it, “government can make as many policies as it wants, but if it doesn’t solve the problem, what good is it?”

Or, as Paul Rosenzweig, founder of Red Branch Consulting, former Department of Homeland Security (DHS) official under President George W. Bush and frequent contributor to the Lawfare blog, put it, “they had the tools, they just chose not to use them when the chips were down. I don’t know why.”...

Finally, Murray said government needs to focus not just on those who hack or steal data, but also on those who let it happen. He said government won’t get better results until it demands accountability. In virtually every case of a failure, including the OPM breach, those in charge are allowed to resign, which means they keep their pension and all other government benefits.

“There’s a lot of hand wringing, but not enough action,” Murray said. “You have to make the people in charge of holding this information accountable. Somebody should get paid a lot of money, but then told, ‘You are going to be held responsible if it leaks out on your watch.’

“You start doing that, and people will start taking it (information security) seriously,” he said.  more

Sunday, January 29, 2017

Congressional Republicans' Private Meeting Bugged & Leaked

Congressional Republicans gathered behind closed doors in a Philadelphia hotel Thursday to discuss their plans to tackle national security, health care and more. Now you, too, can listen in.  

The recordings below were first provided to The Washington Post and other news outlets through an anonymous email sent Friday evening.

The author of that message asked that the recipients not publish the audio files out of concern that the author could lose his or her job.

On Saturday afternoon, the person wrote again and granted permission to publish the files, explaining that he or she had more closely reviewed the recordings and had concluded that they could not be used to identify him or her.

Washington Post reporters who reviewed the files on Thursday and Friday found revealing details within. more

Saturday, January 28, 2017

More Bad Security News for Android

A team from CSIRO's Data 61, University of NSW (Australia) and UC Berkley in the US found a whole bunch of Android VPN apps contain viruses, spyware and other adware.

Researchers analyzed the apps available for Android to look for nasties like trojans, spyware and adware — giving each an "anti-virus rank (AV)" based on what they found. The lower the rank, the better.

They found of the 283 apps they analyzed, 38 per cent contained malware or malvertising (malicious advertising containing viruses). more
-----
Check Point’s mobile security researchers have discovered a new ransomware in Google Play, dubbed Charger. 

Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding payment. more

A tip of the hat to our Blue Blaze Irregulars who submitted these news items. ~Kevin

Friday, January 27, 2017

Android Phone's Pattern Lock - Easy to Guess

Android's pattern lock, which lets you unlock your phone by swiping a specific pattern across the screen, may seem more secure than a password, but that's not always the case...

A study in 2015 suggested that 44 percent of lock patterns start in the upper left (and 77 percent start in one of the corners), and most moved left to right and up to down, just like we'd read a book. The end result? Our pattern lock patterns are pretty predictable.

A new attack makes use of that predictability: there's now an algorithm that can guess 95% of pattern locks within five attempts. This bit of code analyzes video of people using pattern lock to unlock their phones, taken from about 8 feet away with a smartphone camera (or over 29 feet away using a high-quality SLR or DSLR camera). Even without being able to see the screen, the algorithm can watch your hand movements and predict your pattern. more

Riddle: The Spies With Stamps on Their Heads

Problem
Three super spies are caught sending sensitive information to an enemy state. These three double agents are apprehended and taken out to a remote spot in the woods. They are told that one of them will be part of a prisoner exchange, and the other two will be executed.

To decide who lives, the guards decide to play a game. They show the captives eight stamps: four red, and four green. They then blindfold the three men and stick two stamps to each of their foreheads. One of the guards puts the remaining two stamps in his pocket.

The guards then take the blindfolds off the captives, who can each see the stamps on the other two men's heads, but not the two stamps on their own head, and not the two stamps in the guard's pocket. These spies are highly intelligent—they're perfect logicians who know they can count on each other to correctly and quickly interpret the information they have.

The guard captain tells them that the first man to figure out the color of the stamps on his own head will be used for the prisoner exchange, and the other two will be executed. If anyone guesses wrong, they will be shot dead on the spot.

The captain then asks the spies in order if they know what color stamps they have on their head. The answers are as follows:
  • A: "No."
  • B: "No."
  • C: "No."
  • A: "No."
  • B: "Yes."
Spy B answers correctly. What color are the stamps on his head, and how does he know?

Hint
Don't forget about the stamps in the guard's pocket. solution

Technical Surveillance Countermeasures To Prevent Corporate Espionage

via Veteran Investigation Services
You're at an important company board meeting discussing a top secret product development project. If this unique product idea gets leaked to your competitors, the consequences could be dire. The key stakeholders are in the conference room or participating via conference call. The meeting goes well and later you find out your competitor has beat you to market with the same product idea. How could this have happened?

Your business or organization could be the victim of corporate espionage. Someone could be collecting competitive intelligence through unethical means, such as listening devices, video surveillance, or even something as basic as rummaging through your trash. Whether the threat comes from bugging devices at a one-time event, or ongoing surveillance at your corporate site, make sure you are aware of surveillance techniques, find the threats, determine who is behind the intelligence gathering and put systems in place to prevent future breaches.

COMPETITIVE INTELLIGENCE GATHERING
Your competitors and corporate enemies want to know what is said at meetings with shareholders, new business partners or clients or new product development teams. They may be seeking information about your financial outlook, or access to your intellectual property. Some companies will stop at nothing to gain that information and for many reasons, it's easier than ever for them to get it.

Today, surveillance is easier than ever. Advanced wireless devices such as covert listening devices, miniature cameras, concealed, wearable recording devices or hidden micro-cameras are just a click away online and can be very inexpensive. Employees or someone on the cleaning crew could be paid to place a device in a conference room or collect paper trash afterwards, or look for computer passwords left on desks or taped under keyboards. Safeguarding your company secrets requires a preventative approach.

The most common surveillance targets are CEO offices, their private conference rooms, and assistant's work area, since these spaces are the most likely locations for strategic meetings where valuable company information is discussed. These areas should be swept for bugging devices before critical meetings and at regular intervals, based on the level of risk.

TECHNICAL SURVEILLANCE COUNTERMEASURES
If you suspect that someone is obtaining company secrets or you've already experienced a damaging leak of information, we recommend screening for potential threats to prevent further leaks. A TSCM (technical surveillance countermeasure) examination can be performed to look for surveillance equipment or detect other risks. These can be done before an important meeting, at an off-site event, or at your site at regular intervals.

A TSCM examination may include such counter surveillance tactics as:
  • Full Radio Frequency (RF) Spectrum Analysis
  • Infrared Spectrum Analysis (IR)
  • Detecting transmitting devices in the electrical system/wiring
  • Computer forensics (for example, searching for emails that mention a sensitive topic after a meeting has taken place to look for leaks).
  • Disrupting laser frequencies with static "white noise" and or window coatings to prevent laser listening systems from gathering micro-vibrations from the surface of a window to listen in on conversations from outside of a room.
  • Conducting a physical search looking for:
    • Idle surveillance equipment that may be turned off or out of batteries.
    • Cameras or microphones in the ceiling.
    • Reflections from camera lenses.
    • Radio transmitters that could broadcast to an external radio.
    • Bugged telephones. Polycom phone systems are easy to turn into listening devices.
    • Easily found passwords left on desks or under keyboards.
    • Computers left on and logged in.
    • Document disposal and inadequate document shredders.
COUNTER SURVEILLANCE TECHNIQUES OFF-SITE
Important business meetings held off-site at hotel convention centers can be easy opportunities for surveillance. Sweeps of the meeting rooms, guest rooms, or bathrooms can be done, and then security staff should maintain custody of the room to ensure the room stays free of bugs until after the meeting. Executive cars can be targeted and especially at risk if using valet parking, as well as executive phones which are susceptible to Trojan horse software that can allow someone to listen in on all the conversations or steal data from email or text messaging.

AFTER THE TSCM EXAMINATION
What happens if listening devices are found during a sweep? If surveillance equipment is found during the TSCM examination, it should not be removed immediately because it can be used as a trap to find out who put it there. The TSCM examination is just the stepping off point for a full analysis and investigation. Suspects need to be interviewed. A full security assessment may be necessary if many problems are found. Systems should be established to prevent this kind of activity. Embedded and dedicated security personnel may be needed to keep security at the forefront of executives' minds, staff who can be there to watch, learn, listen and report on surveillance threats. Everyone in the organization can contribute to prevent leaks. Policies and procedures should be developed and communicated to employees regarding the handling of passwords, access, and confidentiality agreements.

ARE YOU AT RISK OF CORPORATE SURVEILLANCE?
Companies are hungry for that competitive edge that will help crush their competition. They may hire corporate surveillance companies to gather company secrets from their competitors, often through unethical means. Low level employees with low moral or low paid personnel from external maintenance services can be paid off to gather intelligence or plant bugs. Most companies are naive and feel that industrial espionage and surveillance does not happen in real life, it only happens in the movies and "cannot happen here." They feel they can trust all of their employees like family. But all it takes is a hungry competitor and a disgruntled employee passed over for a promotion to initiate the leaking of your company secrets that could be devastating to your business. Then, with the preponderance of equipment easily available, your company's most important information and conversations could get into competitors hands in an instant.

What proprietary business information could cause damage to your company if your competitor was able to listen in on your meetings? Have you done all that you can to protect that information?  more

Monday, January 23, 2017

Special TSCM Offer for Executive Protection Professionals and their Clients

Executive Protection Professionals are talented and skilled. They handle:
  • Physical security
  • Intelligence analysis
  • Family office security
  • Transportation security
  • Communications security  
  • Advance travel preparation
  • Estate employee background checks
  • Vetting external vendors and contractors 
 and more.

They are not to be confused with bouncers or scary-looking bodyguard types.

Protection of inside information, and communications privacy, is obviously an important part of the overall EP security strategy.

Founded in 1978, Murray Associates provides these elements of security by being the adjunct technical security consultant.

If you are an Executive Protection Professional, investigate this special get-acquainted offer. Your principal will thank you.

Why the Spy Trade is Such a Booming Industry

The alleged Russian plot that targeted the U.S. presidential election has raised concerns we're headed for Cold War levels of spying, but there's actually plenty of evidence the world soared past that point years ago...

There are now an estimated 120 countries involved in espionage, each trying to infiltrate military, political and economic targets all over the world...

And those are just the official spy operations. Non-state and corporate spies have become much more active, not to mention rogue cyber warriors who sell their wares as independents and major organized crime and terror groups.

More threats, bigger budgets... more

GCHQ Spy Master Quits UK’s Eavesdropping Nerve Centre

UK - GCHQ boss Robert Hannigan only took on the post in April 2014, but on Monday—in a surprise move—

he quit the job, citing "personal reasons."

He won't be handing in his (encryption) keys until a successor is found, GCHQ said.

In a letter to the UK's foreign secretary, Boris Johnson, Hannigan said that he was "proud" of the work he has overseen at the eavesdropping concrete doughnut.

He flagged up the National Cyber Security Centre as one of GCHQ's "achievements" under his tenure.

"While this work must remain secret, you will know how many lives have been saved in this country and overseas by the work of GCHQ," he added in his missive to Johnson. more

Friday, January 20, 2017

"Make Your Phone as Private as a Phone Booth"

The Hush-A-Phone
A voice silencer designed for confidential conversation, clear transmission and office quite. Not a permanent attachment. Slips right on and off the mouthpiece of any phone.

Office quite during phone talks is also assured. The Hush-A-Phone does not allow your voice to escape into the room. It excludes noises from the transmitter, giving a quiet wire and clearer transmission.


Prominent business firms are using it and recommend it as an efficiency promoter.

Tear this (ad) out and mail with your letterhead for free booklet "How to make your phone as private as a booth."

Agents and Salesmen—Write for particulars of our attractive proposition to General Agents and Salesmen.

HUSH-A-PHONE CORPORATION
19 Madison Ave.,
New York City