Radio hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.
The NSA’s Advanced Network Technology catalogue was part of the avalanche of classified documents leaked by Snowden, a former agency contractor. The catalogue lists and pictures devices that agents can use to spy on a target’s computer or phone. The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer’s contents.
But the catalogue also lists a number of mysterious computer-implantable devices called “retro reflectors” that boast a number of different surreptitious skills, including listening in on ambient sounds and harvesting keystrokes and on-screen images. more
Sunday, June 11, 2017
Friday, June 9, 2017
Defamation Lawsuit Filed over Methodist Hospital Phone Bugging Claims
A Houston Methodist doctor has filed a lawsuit against the hospital claiming he was demoted for raising concerns about recording of conversations on hospital phone lines.
According to the lawsuit, Dr. Eric Haufrect MD was removed as vice chairman of Methodist's obstetrics and gynecology department after he raised concerns that the hospital was illegally recording conversations between staff and patients.
Haufrect learned of the alleged phone bugging in October 2016 after a nurse said a technician working on her phone explained it to her, according to the lawsuit.
When he alerted hospital administrators to the recording, they said his department could not opt out of recordings, the suit alleges. Haufrect said he raised concerns to several different parties in the hospital about potential HIPAA violations, including CEO Dr. Robert Phillips. more
According to the lawsuit, Dr. Eric Haufrect MD was removed as vice chairman of Methodist's obstetrics and gynecology department after he raised concerns that the hospital was illegally recording conversations between staff and patients.
Haufrect learned of the alleged phone bugging in October 2016 after a nurse said a technician working on her phone explained it to her, according to the lawsuit.
When he alerted hospital administrators to the recording, they said his department could not opt out of recordings, the suit alleges. Haufrect said he raised concerns to several different parties in the hospital about potential HIPAA violations, including CEO Dr. Robert Phillips. more
Which is most secure: HomePod, Echo, or Google Home
Apple's HomePod, Google Home and Amazon Echo all encrypt the voice recordings sent to their respective servers. But there are varying degrees of how they keep the data secret...
Echo
"The recordings are securely stored in the [Amazon Web Services] cloud and tied to your account to allow the service to be personalized for each user," an Amazon spokeswoman said in an email.
Google Home
Similarly, Google Home collects data from your apps, your search and location history, and your voice commands, which are all tied to your Google account... If a government agency requests data from Google or Amazon from a voice assistant, they can point to accounts associated with the user...
Home Pod
With anonymized IDs, Apple's speakers have a much more compelling argument for not handing over data: They can't find it. In the game of hide and seek with your voice data, the advantage -- for now -- goes to Apple. more
Echo
"The recordings are securely stored in the [Amazon Web Services] cloud and tied to your account to allow the service to be personalized for each user," an Amazon spokeswoman said in an email.
Google Home
Similarly, Google Home collects data from your apps, your search and location history, and your voice commands, which are all tied to your Google account... If a government agency requests data from Google or Amazon from a voice assistant, they can point to accounts associated with the user...
Home Pod
With anonymized IDs, Apple's speakers have a much more compelling argument for not handing over data: They can't find it. In the game of hide and seek with your voice data, the advantage -- for now -- goes to Apple. more
Wednesday, June 7, 2017
Yellow Printer Dots Nail Spy Agency Leaker
‘Colour printers spy on you’: Barely visible yellow dots lead to arrest of Reality Winner, alleged NSA leaker.
According to Rob Graham, who writes for the blog Errata Security, the Intercept’s scanned images of the intelligence report contained tracking dots – small, barely visible yellow dots that show “exactly when and where documents, any document, is printed.” Nearly all modern color printers feature such tracking markers, which are used to identify a printer’s serial number and the date and time a page was printed.
“Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document,” Graham wrote. more
Long term readers of the Security Scrapbook already knew about this.
From 10 years ago... Is Your Printer Spying on You? Good!
According to Rob Graham, who writes for the blog Errata Security, the Intercept’s scanned images of the intelligence report contained tracking dots – small, barely visible yellow dots that show “exactly when and where documents, any document, is printed.” Nearly all modern color printers feature such tracking markers, which are used to identify a printer’s serial number and the date and time a page was printed.
“Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document,” Graham wrote. more
Long term readers of the Security Scrapbook already knew about this.
From 10 years ago... Is Your Printer Spying on You? Good!
When Your Stuff Spies on You
What do a doll, a popular set of headphones, and a sex toy have in common? All three items allegedly spied on consumers, creating legal trouble for their manufacturers.
In the case of We-Vibe, which sells remote-control vibrators, the company agreed to pay $3.75 million in March to settle a class-action suit alleging that it used its app to secretly collect information about how customers used its products. The audio company Bose, meanwhile, is being sued for surreptitiously compiling data—including users’ music-listening histories—from headphones.
For consumers, such incidents can be unnerving. Almost any Internet-connected device—not just phones and computers—can collect data. It’s one thing to know that Google is tracking your queries, but quite another to know that mundane personal possessions may be surveilling you too.
So what’s driving the spate of spying? more
In the case of We-Vibe, which sells remote-control vibrators, the company agreed to pay $3.75 million in March to settle a class-action suit alleging that it used its app to secretly collect information about how customers used its products. The audio company Bose, meanwhile, is being sued for surreptitiously compiling data—including users’ music-listening histories—from headphones.
For consumers, such incidents can be unnerving. Almost any Internet-connected device—not just phones and computers—can collect data. It’s one thing to know that Google is tracking your queries, but quite another to know that mundane personal possessions may be surveilling you too.
So what’s driving the spate of spying? more
Wartime Spies Who Used Knitting as an Espionage Tool
During World War I, a grandmother in Belgium knitted at her window, watching the passing trains. As one train chugged by, she made a bumpy stitch in the fabric with her two needles. Another passed, and she dropped a stitch from the fabric, making an intentional hole. Later, she would risk her life by handing the fabric to a soldier—a fellow spy in the Belgian resistance, working to defeat the occupying German force.
Whether women knitted codes into fabric or used stereotypes of knitting women as a cover, there’s a history between knitting and espionage. “Spies have been known to work code messages into knitting, embroidery, hooked rugs, etc,” according to the 1942 book A Guide to Codes and Signals. During wartime, where there were knitters, there were often spies; a pair of eyes, watching between the click of two needles. more
Whether women knitted codes into fabric or used stereotypes of knitting women as a cover, there’s a history between knitting and espionage. “Spies have been known to work code messages into knitting, embroidery, hooked rugs, etc,” according to the 1942 book A Guide to Codes and Signals. During wartime, where there were knitters, there were often spies; a pair of eyes, watching between the click of two needles. more
You Already Bugged Your Own House Years Ago
If you're unnerved at the prospect of an always-on mic in your home, then take a second to consider the ones that are already there... more
Saturday, May 13, 2017
FutureWatch - Bugs That Know What You Are Up To
Modern day sensors have become so small and sophisticated that gathering the data from a single point has become easy.
The difficult part involves figuring out what to do with the information. Lead researcher Gierad Laput... “The average user doesn’t care about a spectrogram of EMI emissions from their coffee maker,” he said. “They want to know when their coffee is brewed.”
Synthetic Sensors aren’t just limited to detecting one activity or device at a time. The suite of sensors allows it to detect a variety of inputs at once... more
Synthetic Sensors aren’t just limited to detecting one activity or device at a time. The suite of sensors allows it to detect a variety of inputs at once... more
This Week in Spycam News - Cautionary Tales for our Times
• Fired former London teacher pleads to 16 charges for secret videos shot in staff changeroom at school. more
• “Roger” is a security guard. He’s vague on the exact details, but his jobs afford him access to several rooftops in the downtown area of an unnamed city. One of these roofs has a view of a high-rise hotel across the street. The building’s windows are so high up that guests tend to feel safe leaving the curtains open. So, Roger climbs out onto a ledge on the roof, trains his handheld high-zoom camera on the uncovered windows, and hits record. Then, if he happens to catch an unsuspecting woman, especially a naked one, he posts the video on the Internet. more
• Deputies in Chester charged a man with voyeurism Sunday after receiving a report that he hid a cell phone in a teen girl’s bedroom that took footage of her as she left the shower naked, police said. more
Read more here: http://www.heraldonline.com/news/local/crime/article149267889.html#storylink=cpy
• A Kingston man has been charged by the Ontario Provincial Police in Quinte West after a woman reported a camera taking her picture. She had been in the changing area of a Trenton business when she noticed a camera taking a picture of her. At that time the OPP charged the accused with one count of voyeurism. more
• A man is charged with video recording a 16-year-old girl without her knowledge while she was in the shower, according to the Pinellas County Sheriff’s Office. more
• An ex-finance director who hid spycams to secretly film almost 700 videos of colleagues has walked free from court. Mark Logan planted the cameras in digital clocks in a toilet at the Wheatley Group offices in Glasgow city centre. The shamed 48 year-old also carried out the crime while on business trips in Edinburgh and London. A sheriff heard how Logan could be seen in footage putting a device on the bedside table of one of his victims... The secret cameras had been hidden in a toilet. Logan was snared when bosses at Wheatley discovered three digital clocks which had recording equipment inside them. more
• Former Palm Beach Gardens High School's athletic director William Weed has turned in his resignation. Weed was arrested Monday after an investigation that started in February. A police report stated that he used a covert camera to obtain videos and images of a female juvenile. more
Businesses: Embarrassment, reputation damage and lawsuits are the end result of these incidents. Learn how to protect your employees, customers, visitors and yourself. more
• “Roger” is a security guard. He’s vague on the exact details, but his jobs afford him access to several rooftops in the downtown area of an unnamed city. One of these roofs has a view of a high-rise hotel across the street. The building’s windows are so high up that guests tend to feel safe leaving the curtains open. So, Roger climbs out onto a ledge on the roof, trains his handheld high-zoom camera on the uncovered windows, and hits record. Then, if he happens to catch an unsuspecting woman, especially a naked one, he posts the video on the Internet. more
• Deputies in Chester charged a man with voyeurism Sunday after receiving a report that he hid a cell phone in a teen girl’s bedroom that took footage of her as she left the shower naked, police said. more
Read more here: http://www.heraldonline.com/news/local/crime/article149267889.html#storylink=cpy
• A Kingston man has been charged by the Ontario Provincial Police in Quinte West after a woman reported a camera taking her picture. She had been in the changing area of a Trenton business when she noticed a camera taking a picture of her. At that time the OPP charged the accused with one count of voyeurism. more
• A man is charged with video recording a 16-year-old girl without her knowledge while she was in the shower, according to the Pinellas County Sheriff’s Office. more
• An ex-finance director who hid spycams to secretly film almost 700 videos of colleagues has walked free from court. Mark Logan planted the cameras in digital clocks in a toilet at the Wheatley Group offices in Glasgow city centre. The shamed 48 year-old also carried out the crime while on business trips in Edinburgh and London. A sheriff heard how Logan could be seen in footage putting a device on the bedside table of one of his victims... The secret cameras had been hidden in a toilet. Logan was snared when bosses at Wheatley discovered three digital clocks which had recording equipment inside them. more
• Former Palm Beach Gardens High School's athletic director William Weed has turned in his resignation. Weed was arrested Monday after an investigation that started in February. A police report stated that he used a covert camera to obtain videos and images of a female juvenile. more
Businesses: Embarrassment, reputation damage and lawsuits are the end result of these incidents. Learn how to protect your employees, customers, visitors and yourself. more
North Korean Spy News
• In a nation as bizarre as North Korea is, it comes as no surprise that their broadcasting of secret spy codes over the airwaves would be equally as bizarre.
While no official explanation for North Korea’s coded broadcasts has been solidified, many believe that the seemingly random numbers and phrases are codes understood by North Korean spies living under the radar in South Korea. more numbers stations
• North Korean prosecutors Friday demanded the extradition of those they say plotted to assassinate leader Kim Jong Un, including South Korea's outgoing spy chief and unnamed "masterminds" in the US Central Intelligence Agency.
The demand comes a week after the North sensationally alleged it uncovered a US-South Korean plot to kill Kim with biochemical, radioactive or poisonous substances during a major event, such as a military parade. more
While no official explanation for North Korea’s coded broadcasts has been solidified, many believe that the seemingly random numbers and phrases are codes understood by North Korean spies living under the radar in South Korea. more numbers stations
• North Korean prosecutors Friday demanded the extradition of those they say plotted to assassinate leader Kim Jong Un, including South Korea's outgoing spy chief and unnamed "masterminds" in the US Central Intelligence Agency.
The demand comes a week after the North sensationally alleged it uncovered a US-South Korean plot to kill Kim with biochemical, radioactive or poisonous substances during a major event, such as a military parade. more
Uber Spying - Waymo than you know says Google
Uber is being sued by Waymo, the business unit developing self-driving vehicles at Google's parent company Alphabet, over allegations of technology theft.
The suit accuses former Google engineer Anthony Levandowski of stealing technology when he left the company to create a start-up called Otto, which was also building self-driving cars.
Uber acquired Otto for $680m (£540m) last year, at which point Mr Levandowski began to oversee Uber's work on developing autonomous cars. more
The suit accuses former Google engineer Anthony Levandowski of stealing technology when he left the company to create a start-up called Otto, which was also building self-driving cars.
Uber acquired Otto for $680m (£540m) last year, at which point Mr Levandowski began to oversee Uber's work on developing autonomous cars. more
Corporate Espionage Countermeasures Tips
via Colleen McKown – American Greed Report
Corporate espionage schemes can occur when people already working for someone else infiltrate a company, or employees who've already left a company leave behind co-conspirators who send them data.
Some important steps companies can take:
Corporate espionage schemes can occur when people already working for someone else infiltrate a company, or employees who've already left a company leave behind co-conspirators who send them data.
Some important steps companies can take:
- Install technology that monitors everything going into your email system to determine if it's a legitimate message or if it's phishing or malware.
- Monitor for what's going out of your email system as well by installing leakage control systems. These can, for example, tell whether data is being sent to Dropbox or personal Google, Amazon or Microsoft cloud accounts. They can also monitor for documents or spreadsheets going out.
- Use whitelisting, which lets you specify which applications are approved to run on a computer system. Anything not on the whitelist won't run, which protects the network from malware and other harmful applications.
- Consult with labor employment counsel to make sure your agreements on who owns intellectual property and prohibiting misuse or removal of such property are up to date. more
Labels:
#espionage,
advice,
business,
counterespionage,
email,
Tips
Friday, May 12, 2017
The Unexpected Keystroke Logger on Some HP Laptops
The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.
Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.
According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.
This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."
This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at: C:\users\public\MicTray.log more
Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.
According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.
This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."
This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at: C:\users\public\MicTray.log more
Friday, May 5, 2017
Competitive Intelligence is a Euphemism for Business Espionage
How far would you go to figure out what the competition is up to?
Test out their products and services to see how they work? Hire away their staff to learn their tricks? Monitor their job listings to glean insight about upcoming initiatives?
Such tactics are par for the course in the technology industry, in which companies go to great lengths to size up their competition.
The latest example is Uber, which according to a New York Times report employs what it calls a “competitive intelligence” team to study its rivals. That team bought anonymized data — including information on Lyft receipts gleaned from customer in-boxes — from analytics firm Slice Intelligence. more
Competitive Intelligence is a euphemism for Business Espionage. Smart businesses employ Business Counterespionage, which is a euphemism for companies like mine. ~Kevin
Test out their products and services to see how they work? Hire away their staff to learn their tricks? Monitor their job listings to glean insight about upcoming initiatives?
Such tactics are par for the course in the technology industry, in which companies go to great lengths to size up their competition.
The latest example is Uber, which according to a New York Times report employs what it calls a “competitive intelligence” team to study its rivals. That team bought anonymized data — including information on Lyft receipts gleaned from customer in-boxes — from analytics firm Slice Intelligence. more
Competitive Intelligence is a euphemism for Business Espionage. Smart businesses employ Business Counterespionage, which is a euphemism for companies like mine. ~Kevin
Sounds Like Spying - Ultrasonic Sounds
Your smartphone may have some apps that are continuously listening inaudible, high-frequency ultrasonic sounds from your surroundings and they know where you go, what you like and dislike — all without your knowledge.
Ultrasonic Cross-Device Tracking is a new technology that some marketers and advertising companies are currently using to track users across multiple devices and have access to more information than ever before for ad targeting.
For example, retail stores you visit, a commercial on TV or an advertisement on a web page can emit a unique "ultrasonic audio beacon" that can be picked up by your device’s mobile application containing a receiver. more
I plan to run some tests on this. ~Kevin
Click to enlarge. |
For example, retail stores you visit, a commercial on TV or an advertisement on a web page can emit a unique "ultrasonic audio beacon" that can be picked up by your device’s mobile application containing a receiver. more
I plan to run some tests on this. ~Kevin
Subscribe to:
Posts (Atom)