Monday, December 25, 2017

Santa Claus is Coming to Town


You'd better watch out,
You'd better not cry,
You'd better not pout;
I'm telling you why.
Santa Claus is tapping
Your phone.

He's bugging your room,
He's reading your mail,
He's keeping a file
And running a tail.
Santa Claus is tapping
Your phone.

He hears you in the bedroom,
Surveills you out of doors,
And if that doesn't get the goods,
Then he'll use provocateurs.

So–you mustn't assume
That you are secure.
On Christmas Eve
He'll kick in your door.
Santa Claus is tapping
Your phone.

Author unknown

Sunday, December 24, 2017

Espionage Backdoor Installs via Printer-Spoofing Campaign

For many large organizations, emails from corporate printers and scanners are commonplace, and cyber-criminals are finding this vector to be a lucrative host to launch cyber-attacks.

Barracuda Networks has tracked an uptick in attacks through Canon, HP and Epson printer and scanner email attachments of late: Since late November, cyber-criminals have made millions of attempts to infect unsuspecting users by sending impersonated or spoofed emails from these common printer and scanner brands, with attachments that contain malware.

Once unpacked, the malware installs a backdoor on the machine that offers unauthorized access to a victim PC and cyber-espionage capabilities...

Further, indicating a ramsomware-ready aspect, attackers also can change the victim’s wallpaper to display a message of their choice.

Workers should use common sense to avoid the threat: 
  • double-check with the sender if one didn’t know a scanned document was coming; 
  • hovering the mouse over every hyperlink to make sure it’s legitimate; 
  • and simply not clicking if there’s any doubt whatsoever.  more
Example of a fake email.

Fun Spy Facts

Too much training.
The research team behind BBC2 quiz show QI have published a new book of facts and stats. Here are a few...
  • The first editorial assistant to work on the Oxford English Dictionary was sacked for industrial espionage.
  • Secret agents have to be trained to forget their advanced driving courses.
  • The French air force have a squad of golden eagles, trained to hunt down drones.
The QI Christmas Special is on BBC1, Boxing Day, 10pm more

"Hey, kids. Make BIG money in your spare time. Train spies!"

The UAE is recruiting former CIA and US government officials in a bid to create a professional intelligence body modeled on leading Western agencies.

The Gulf state has long relied on Western countries to build up its intelligence infrastructure, but are now paying big bucks to hire former US intelligence employees to build its spying capabilities.

Details of the training were reviewed by Foreign Policy and show daily seminars, scavenger hunts and training exercises in four-to-six man surveillance teams.

The following weeks provide advanced training on creating undercover identities when attending embassy functions and how to groom intelligence assets...

Former CIA and US government officials are drawn to the promise of a lucrative career, with instructor salaries of up to $1,000 a day funding an extravagant lifestyle, Foreign Policy reported. more

The Catch Santa in the Act App, by Snowden?!?!

Earlier this year, NSA whistleblower Edward Snowden met with Jacqueline Moudeina, the first female lawyer in Chad and a legendary human rights advocate... 

Snowden told Moudeina that he was working on an app that could turn a mobile device into a kind of motion sensor in order to notify you when your devices are being tampered with.

The app could also tell you when someone had entered a room without you knowing, if someone had moved your things, or if someone had stormed into your friend’s house in the middle of the night.

Snowden recounted that pivotal conversation in an interview with the Verge. “She got very serious and told me, ‘I need this. I need this now. There’s so many people around us who need this.’”

Haven, announced today, is an app that does just that. Installed on a cheap burner Android device, Haven sends notifications to your personal, main phone in the event that your laptop has been tampered with.

If you leave your laptop at home or at an office or in a hotel room, you can place your Haven phone on top of the laptop, and when Haven detects motion, light, or movement — essentially, anything that might be someone messing with your stuff — it logs what happened. It takes photos, records sound, even takes down changes in light or acceleration, and then sends notifications to your main phone.

None of this logging is stored in the cloud, and the notifications you receive on your main phone are end-to-end encrypted over Signal. more

NJ Spycam'er Gets Slammer

A Williamstown, New Jersey, man was sentenced to 180 months in prison for receiving images and videos of child sexual abuse and for producing child pornography using a hidden camera in his bathroom, Acting U.S. Attorney William E. Fitzpatrick announced. more

Wednesday, December 20, 2017

TSCM - A Prudent Business Practice - Misunderstood by the Press

The head of the Environmental Protection Agency used public money to have his office swept for hidden listening devices and bought sophisticated biometric locks for additional security.

The spending items, totaling nearly $9,000, are among a string of increased counter-surveillance precautions taken by EPA Administrator Scott Pruitt...

EPA spokesman Jahan Wilcox defended the spending. "Administrator Pruitt has received an unprecedented amount of threats against him...

Wilcox said that under the Obama administration, then-EPA Administrator Lisa Jackson also had her office swept for listening devices. more

Conducting Technical Surveillance Countermeasures (TSCM) is an integral part of any competent information security program. 

It is a common, albeit subtle, business practice in the private sector, and an absolute requirement in governments worldwide. 

The cost of a strategic information loss via undiscovered electronic surveillance makes proactive TSCM inspections look like pocket change cheap insurance. However, unlike insurance, TSCM inspections can prevent the loss.  

Visit counterespionage.com to learn more. ~Kevin

Tuesday, December 19, 2017

Hollywood Has Always Played by a Different Set of Rules

Terry Crews is alleging that he and his family are the victims of a plot to "track" and "possibly bug" them, the actor and Time Magazine Silence Breaker posted on Twitter.

"My assailant Adam Venit is the founding partner at @WME, a corporation worth over $8 billion. I believe my family is being tracked and possibly bugged," he wrote as part of a series of tweets.

Crews also claims that someone possibly hacked into his son's computer. more

Saturday, December 16, 2017

Video Voyeurism: Carnival Cruise's Botched Investigation

A Florida family was shocked to discover a camera hidden among wires in their Carnival Cruise Line cabin. 

Click to enlarge.
The Pensacola couple, along with their 10-year-old son, found the device while searching undusted areas of the room after the father suffered an allergy attack during the second night of their journey from Mobile, Al., to Mexico, the Miami New Times reported.

According to the father, who was not identified by name, the camera was placed behind a TV in their room. The lens was sticking out a bit, pointing directly at the bed.

The man claimed the device was "warm to the touch" and appeared to have an antenna, which leads him to believe it may have been transmitting information to a third party. more

The couple reported the presence of the camera and transmitter in their cabin to the cruise ship’s security department. One of Carnival’s security personnel arrived in their cabin. He disconnected and removed the camera and transmitter with no gloves on and did not attempt to secure the room. In the video below, you can hear the passenger asking the officer why he was not wearing gloves.


The passenger thereafter communicated with the security staff to obtain an update. According to the passengers, the Carnival security personnel confirmed that the camera and transmitter: (1) were operational; (2) were typically the type of devices used on video drones: and (3) the transmitter was a long range device. To the passenger's knowledge, Carnival did not promptly report the incident to the Federal Bureau of Investigation (FBI). more

This is a cautionary tale. Video voyeurism can happen to any business which offers hospitality, restrooms, changing rooms, shower areas, etc., to customers, visitors or employees. 

Handling the situation properly when it arises is important, and easy to do. Visit spycamdetection.training to learn how. Mishandling an incident, or sweeping it under the rug, will likely result in expensive litigation. Litigation you will likely lose.

Are Google and Amazon Patently Eavesdropping?

Patent applications from Amazon and Google revealed how their Alexa and Voice Assistant powered smart speakers are 'spying' on you.
The findings were published in a report created by Santa Monica, California based advocacy group Consumer Watchdog.

The study warns of an Orwellian future in which the gadgets eavesdrop on everything from confidential conversations to your toilet flushing habits...

The study found that digital assistants can be 'awake' even when users think they aren't listening...

In fact, the devices listen all the time they are turned on – and Amazon has envisioned Alexa using that information to build profiles on anyone in the room to sell them goods. more

Letter Accuses Uber of Corporate Espionage and Wiretapping

The legal battle between Uber the ride-hailing behemoth and Waymo the self-driving unit of Alphabet reached a pivotal point this week as the Judge presiding over the case released a letter based on the account of a former employee at Uber.

The letter alleged that a division with Uber has been responsible for carrying out acts such as theft of trade secrets, corporate espionage, bribery of officials in foreign countries, and different types of unlawful surveillance.

The letter, given the name “Jacobs Letter,” was authored by an attorney who represents Richard Jacobs, a former employee at Uber who held the position of global intelligence manager prior to his firing last April.

In the highly detailed account accusations are leveled of systematic illegal activities inside the Strategic Services Group (SSG) of Uber, which allegedly sought out the trade secrets of other companies through data collection and eavesdropping. more

Quote from the letter...
Uber’s Marketplace Analytics team…fraudulently impersonates riders and drivers on competitor platforms, hacks into competitor networks, and conducts unlawful wiretapping. more 

Another version of the story...
Uber illegally recorded phone calls and wiretapped the phones of executives at rival companies in a global “intelligence gathering” operation that went on for years, a former employee has alleged.

In a 37-page letter made public in federal court on Friday, Richard Jacobs, a former security employee with the ride-hailing service, alleges Uber set up internal teams whose sole purpose was to spy on competitors. “Uber has engaged, and continues to engage, in illegal intelligence gathering on a global scale,” Jacobs wrote, according to The New York Times.

The teams allegedly infiltrated chat rooms, impersonated drivers of rival companies, and placed surveillance on executives of those companies, including by illegally recording phone calls, the letter claims.

Jacobs’ allegations stem from a trade secrets case against Uber filed by Waymo, Alphabet’s self-driving unit, which says Uber stole information about autonomous driving technology. more

Wednesday, December 13, 2017

For One Family - A New Christmas Gift Rule

Op-ed, NYT opinion
Click to enlarge.

During the holiday season, my husband and I tend to offer suggestions to those who are generous enough to insist on buying presents for our kids.

Things like “Don’t spend more than $50” and “No guns.” Or, for those with whom we can be comfortably blunt, “Just cash, please....

This year we’re adding a new rule to our list: No toys that can spy. The idea: to keep seemingly innocuous internet-connected devices that may compromise our privacy and security out of our home and especially out of our children’s hands. more

• CBS video report on holiday toys that can spy.

• All the cool gifts are made for spying on you.

FutureWatch: That Photo Can Now Be Traced to Your Phone

A University at Buffalo-led team of researchers has discovered how to identify smartphones by examining just one photo taken by the device.

The advancement opens the possibility of using smartphones—instead of body parts—as a form of identification to deter cybercrime.

"Like snowflakes, no two smartphones are the same. Each device, regardless of the manufacturer or make, can be identified through a pattern of microscopic imaging flaws that are present in every picture they take," says Kui Ren, the study's lead author. "It's kind of like matching bullets to a gun, only we're matching photos to a smartphone camera." 

The new technology, to be presented in February at the 2018 Network and Distributed Systems Security Conference in California, is not yet available to the public. However, it could become part of the authentication process—like PIN numbers and passwords—that customers complete at cash registers, ATMs and during online transactions. more

Security Director Alert: HP Laptops with Hidden Keyloggers

Researcher Michael Myng found a deactivated keylogger in a piece of software found on over 460 HP laptop models. A full list of affected laptops is here. The keylogger is deactivated by default but could represent a privacy concern if an attacker has physical access to the computer...

The bottom line? Update your HP laptop as soon as possible. If you are on HP’s list of affected laptops you can download the fix heremore

Tuesday, December 12, 2017

33 Years Late, or You'll Never be a Stranger Here

China has been building what it calls "the world's biggest camera surveillance network".

Across the country, 170 million CCTV cameras are already in place and an estimated 400 million new ones will be installed in the next three years.

Many of the cameras are fitted with artificial intelligence, including facial recognition technology. The BBC's John Sudworth has been given rare access to one of the new hi-tech police control rooms. excellent video demo