Tuesday, January 16, 2018

Hawaiian Emergency Management - Passwords on Post-it Notes on Computer Screens

The Hawaii Emergency Management false alarm mess was not caused by pressing the wrong button. It was caused by poor design.

Ever select the wrong thing from a drop-down menu? Sure, it happens all the time.

The Washington Post reports...
The menu, which triggers alerts, contains a jumble of options, ranging from Amber alerts to Tsunami warnings to road closures. Some of them, such as “High Surf Warning North Shores,” are in plain English.

Others, including the one for a missile attack, “PACOM (CDW)-STATE ONLY,” use shorthand initials. (PACOM refers to the United States Pacific Command based in Hawaii.)

And the menu contained no ballistic missile defense false alarm option — which has now been added at the top of the image, marked up by officials for explanatory purposes. more
 Suggestions: 
1. Separate the messages into smaller groups: Routine Tests | Advisories | Life Threatening
2. Drop the jargon. Say what you mean, clearly.
3. Do not use instant-select dropdown menus.
4. Use radio buttons to select the message, plus a CONFIRMATION and CANCEL button to activate the selected alert, or not. Two extra seconds of thought can prevent a lot of mistakes.

If you need help with design, call on the master, John McWade. He can teach you.

And, what's with posting the passwords to an emergency management computer screen?!?!
If the personnel can't memorize a password as lame as this, they shouldn't be allowed anywhere near a keyboard. more

Password: Warningpoint2

Monday, January 15, 2018

Spy Drone Filming - Detection Method Developed

The first technique to detect a drone camera illicitly capturing video is revealed in a new study published by Ben-Gurion University of the Negev (BGU) and Weizmann Institute of Science cyber security researchers.

The study addresses increasing concerns about the proliferation of drone use for personal and business applications and how it is impinging on privacy and safety.

In a new paper, "Game of Drones - Detecting Captured Target from an Encrypted Video Stream," the researchers demonstrate techniques for detecting if a targeted subject or house is being recorded by a drone camera. "The beauty of this research is that someone using only a laptop and an object that flickers can detect if someone is using a drone to spy on them," says Ben Nassi... more video

"Listening In: Cybersecurity in an Insecure Age" (book)

A cybersecurity expert and former Google privacy analyst’s urgent call to protect devices and networks against malicious hackers​.

New technologies have provided both incredible convenience and new threats. The same kinds of digital networks that allow you to hail a ride using your smartphone let power grid operators control a country’s electricity—and these personal, corporate, and government systems are all vulnerable.

In Ukraine, unknown hackers shut off electricity to nearly 230,000 people for six hours. North Korean hackers destroyed networks at Sony Pictures in retaliation for a film that mocked Kim Jong-un. And Russian cyberattackers leaked Democratic National Committee emails in an attempt to sway a U.S. presidential election.

And yet despite such documented risks, government agencies, whose investigations and surveillance are stymied by encryption, push for a weakening of protections. In this accessible and riveting read, Susan Landau makes a compelling case for the need to secure our data, explaining how we must maintain cybersecurity in an insecure age. more

Saturday, January 13, 2018

Ikea Spying Trial Recommended by French Prosecutors

French prosecutors are recommending that Ikea France and 15 people, including police officials, be put on trial on charges of spying on employees and customers.


Three former senior Ikea executives including two ex-chief executive officers (CEOs) are among those charged after an investigation that dates back to 2012. more

40 Second Spy Chase... commercial

Creepy Peeper Spied 1000+ Computer Mics and Cameras... for 13+ years!

The technical description of the “Fruitfly” malware is “spyware.” But given the way it has allegedly been used, a better label would be creepware...

According to a 16-count indictment unsealed on Wednesday in US District Court for the Northern District of Ohio, its creator, Phillip R. Durachinsky, 28, used it to spy on thousands of victims for more than 13 years. Durachinsky spent this time not only collecting personal data but also watching and listening to victims through their webcams and microphones, and using some of what he collected to produce child abuse imagery...

The victims ranged from individuals to companies, schools, a police department and government entities including one owned by a subsidiary of the US Department of Energy.

According to the DoJ:
(It) enabled him to control each computer by accessing stored data, uploading files, taking and downloading screenshots, logging a user’s keystrokes, and turning on the camera and microphone to surreptitiously record images and audio.

(He) used the malware to steal the personal data of victims, including their logon credentials, tax records, medical records, photographs, banking records, internet searches, and potentially embarrassing communications.
It said he saved millions of images, kept detailed notes on what he observed, and designed it to alert him if a user typed words associated with pornography. more

Spycam Found in Mall Family Restroom

MD - Authorities say a man set up a spy camera that recorded both children and adults in the family restroom of a Baltimore-area mall.



The Baltimore Sun reports a patron at White Marsh Mall found the camera Dec. 23, and the incident was made public Thursday, when Baltimore County police released footage of the suspect. The camera was found at a restroom located near the food court. more

Like most spycamers, this guy gets our Darwin Award... for taking a video of himself while installing the camera. 

Do you offer restrooms to employees, visitors and the public. A spycam incident will put you at risk of being sued. Proactive due diligence is your best defense. Click here for the complete solution.

Telephone Eavesdropping Prevention - Then and Now

1920's - Hush-A-Phone...
Click to enlarge. Video. More.
2018 - Hushme...

1960 v 2018...

Friday, January 12, 2018

Thursday, January 11, 2018

TSCM History: Wiretapped Phone Found at Nuclear Regulatory Commission’s Predecessor

According to the FBI file, a few months before it was abolished, a bug was discovered in the Honolulu offices of the Atomic Energy Commission. The device would not only let someone listen in on phone calls, but any conversations held around the phone - even when it wasn’t in use.

According to the file, the bug was discovered by one Lt. Colonel Harry Tear Jr., assigned to Army counterintelligence at Fort Shafter. While performing a regular electronics sweep in June of 1974, Tear discovered a modification to the phone of Williams Hills, who was the Director for the Atomic Energy Commission’s Pacific Area Support Office, reporting to the Nevada Operations Office.

When it was discovered, the phone wasn’t being used to monitor the room. The file notes, however, that it easily could be. When connected, the phone wouldn’t just transmit the conversation being held, but every conversation in the room that happened to be in range of the phone’s receiver. They were unable to determine when it had been installed or how often it had been used, but noted that the wiring appeared to have been done professionally. They were also able to confirm that the device could pick up conversation in the room in practice, not just in theory...
And now for some good advice if you find an electronic surveillance device...
...Simply knowing what information has gotten out does little good without an idea of who will have it, and it’s next to impossible to judge how information will be used without knowing who has it. This is one of the primary reasons for law enforcement to leave a bug in place. While counterintelligence officers would also be interested in the same information, a clever officer or group of officers would use the bug as a way of feeding the listener specific information and misinformation in order to manipulate them in various ways. more

Wednesday, January 10, 2018

Krebs Arraigned for Wiretapping (Joshua, not our esteemed Brian.)

What a teacher's lounge should look like.
Pleasant Valley School District Director of Support Services Joshua Krebs was arraigned on wiretapping charges...

Court papers allege Krebs electronically eavesdropped on conversations in the elementary school faculty break room in April 2016...

On April 5, 2016, it is alleged that Krebs, with the assistance of Pleasant Valley School District Technology Supervisor Alex Sterenchock planted a video and audio recording device in the teacher’s lounge, in order, Krebs later said, to catch a custodial staff member in dereliction of their duties.

The device, was discovered a day later, positioned to capture audio and video in the seating area of the lounge. more

Tuesday, January 9, 2018

The Case of the Spying Judge, or Your Honor's Poor Judgement

Two state judges have sued the New Mexico Judicial Standards Commission, demanding secret surveillance recordings they say were made by another judge who was spying on them.

Plaintiffs Trudy Reed-Chase and Barry Sharer are magistrate court judges in Aztec, New Mexico, the seat of San Juan County. Aztec, a town of about 6,000 is in a remote area of northeastern New Mexico. The nearest large town is Farmington.

Reed-Chase, Sharer and nine other court employees sued Magistrate Court Judge Connie Lee Johnston, her husband and sister-in-law and the state in February 2016, claiming that Johnston had planted listening devices around the Aztec Municipal Courthouse, including in the offices of Reed-Chase and Sharer. They claimed that electronic surveillance equipment also was placed in the court manager’s office and other workspaces, in inmate holding facilities and in at least one bathroom. more

One Million License Plates Misread by Spy Cameras in UK... every day!

UK - A network of ‘Big Brother’ spy cameras is misreading 1.2million number plates a day – meaning innocent motorists could be caught up in police investigations while criminals and terrorists escape scot-free.

A bombshell report by Britain’s surveillance tsar has warned of problems with Automatic Number Plate Recognition (ANPR) technology, which senior officers insist is invaluable in preventing and solving serious crimes

Around 9,000 cameras across the country take photos of up to 40million number plates each day. more

Unresolved Bugging of Employees Haunts Accused CEO

The newly-appointed acting CEO of the Passenger Rail Association of South Africa (Prasa), Cromet Molepo, was facing disciplinary proceedings for bugging telephones — including that of a senior shop steward — when he resigned as the head of Umgeni Water... attorney Julian von Klemperer,  was tasked by the board to investigate the phone tapping allegations.... The “bugging” scandal received widespread publicity at the time... Von Klemperer found that the telephones of three people — two former employees and the shop steward — were bugged on the instructions of Molepo...
Payments — totaling R51 000 — for the illegal surveillance were made through an attorney’s office in order to conceal them. When the attorney discovered the truth, he withdrew his services and blew the whistle. more

Reward if Found?

Lost in Space: Highly Classified Spy Satellite

An expensive, highly classified U.S. spy satellite is presumed to be a total loss after it failed to reach orbit atop a Space Exploration Technologies Corp. rocket on Sunday, according to industry and government officials.

Lawmakers and congressional staffers from the Senate and the House have been briefed about the botched mission, some of the officials said. The secret payload—code-named Zuma and launched from Florida on board a Falcon 9 rocket—is believed to have plummeted back into the atmosphere, they said, because it didn’t separate as planned from the upper part of the rocket. more