Friday, May 11, 2018

Social Meddling on Social Media

The massive trove of Facebook ads House Intelligence Committee Democrats released Tuesday provides a stunning look into the true sophistication of the Russian government’s digital operations during the presidential election. 

...a swath of empirical and visual evidence of Russia’s disinformation campaign, in the form of more than 3,000 incredibly specific and inflammatory ads purchased by an Internet troll farm sponsored by the Kremlin.

The ads clearly show how Russia weaponized social media, the senior Democrat on the panel investigating Moscow’s interference in the presidential election said. more

Beware the Venmo

Nicole found out the guy she was dating was already in a committed relationship. Abby learned that her ex had most likely hooked up with someone new, and Ben discovered that a long-ago casual fling had apparently developed a drug habit.


The sleuthing tool that cracked these relationship mysteries was not a private investigator, but the peer-to-peer payment app Venmo.

The mobile payment service, which processed more than $35 billion in payments last year, is a no-fuss solution for splitting the dinner bill after a night out with friends.

But Venmo users have found it’s also an extremely effective tool for keeping tabs on friends, partners and exes, researching crushes, and in some cases, uncovering infidelity. Some even say Venmo is a better method for watching people than more explicitly public social media platforms like Facebook or Instagram.

Some users seem to forget that their transactions are public by default, and their payment activity provides an unfiltered paper trail of what’s really happening in their lives. more

The Skim Reaper - Detects Credit Card Skimmers

After three years of study, Patrick Traynor and two Florida graduate students invented a device they call the “Skim Reaper,” a credit-card thin gadget that slides into card reader slots and can easily and quickly detect if an ATM or gas pump has been compromised. The New York Police Department is testing the Skim Reaper with some early success in its effort to rid the streets of the pervasive devices...


Most credit card skimmers work by installing an extra “read head” inside or outside a machine. This extra read head allows criminals to make a copy of the card’s information as a consumer swipes it. Skim Reaper was built to detect when more than one read head is present, Traynor said...

The device looks like a long credit card that can be slid into a card slot in a gas pump or ATM. It’s attached by a wire to a cellphone-sized box with a small readout screen that says “possible skimmer!” when multiple read heads are detected...

Right now, it costs about $50 to make each Skim Reaper, Traynor said, but his team is working daily to get that number down...
Nolen Scaife, one of the graduate students who designed the device with Traynor, said the team is working to improve the Skim Reaper’s design so that it is wallet-sized. Then, consumers would be able to carry the device and dip it into a card reader before they get gas or use the ATM to ensure they aren’t being skimmed. more

FontCode: Embed Secret Messages Within Text

Click to enlarge.
Computer scientists have invented FontCode, a way to embed hidden information in ordinary text by imperceptibly changing the shapes of fonts in text. 

The hidden information persists even when documents or images with perturbed texts are printed or converted to another file type. Method could prevent document tampering, protect copyrights, as well as embed QR codes and other metadata without altering the look or layout of a document.

"While there are obvious applications for espionage, we think FontCode has even more practical uses for companies wanting to prevent document tampering or protect copyrights, and for retailers and artists wanting to embed QR codes and other metadata without altering the look or layout of a document," says Changxi Zheng, associate professor of computer science and the paper's senior author.  more

Thursday, May 10, 2018

Hidden Smart Device Commands: Manchurian Candidate, or "Yes, master."

Many people have grown accustomed to talking to their smart devices, asking them to read a text, play a song or set an alarm. But someone else might be secretly talking to them, too.

Over the past two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant.

Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites.  

In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio. more

Monday, May 7, 2018

Spycam: Aurora Cop Caught Spying on Ex-wife

An Aurora police officer will not be reinstated after he was fired for spying on his ex-wife through three cameras hidden in her Sugar Grove home, a judge has ruled. 

The decision by Kane County Judge David Akemann also cancels an arbitrator's ruling that would have reinstated Daniel Wagner to the Aurora Police Department this past January...

Wagner's now ex-wife found a hidden camera in her home in September 2016 and called police to investigate. Officers found a total of three cameras.
Records show she had filed for divorce in 2015, and Wagner installed the cameras during the divorce proceedings and reactivated them after it was final. more

Eavesdropping: Former Police Official Charged

A recently retired city police captain is now facing a felony charge of eavesdropping.

Brian Wentland, a former training captain who left the Lockport Police Department in February, was charged Friday, according to Niagara County District Attorney Caroline A. Wojtaszek.

The charges relate to a May 6, 2013 phone call involving his ex-wife and another person.

The timing of the charges was critical in the case.Wentland’s arrest was just two days before the five-year statute of limitations expired on the charge. more

Technical Surveillance Countermeasures (TSCM) and Cell Phone Security Presentation

As part of the New Jersey Association for Justice Boardwalk Seminar, Murray Associates president Kevin D. Murray will present a session entitled, “Technical Surveillance Countermeasures (TSCM) and Cell Phone Security.”

Eavesdropping, wiretapping, snooping, voyeurism, and espionage are covert activities. The victim rarely knows when it happens. Kevin D. Murray explores the world of corporate espionage, explaining how many companies are bleeding profits for lack of a counterespionage strategy. 

Regularly scheduled TSCM inspections narrow the window-of-vulnerability, spot new security loopholes, identify decaying security measures and practices, disrupt the spy’s intelligence collection phase, and keep counterespionage awareness levels elevated.

"Success-to-failure ratios are similar… most airplanes don’t crash; most people don’t drown in their baths; most houses don’t burn to the ground whenever the stove is used… and, most spying goes undiscovered." ~Kevin   more

Thursday, May 3, 2018

Audio Adversarial Examples: Targeted Attacks on Speech-to-Text

We construct targeted audio adversarial examples on automatic speech recognition. 

Given any audio waveform, we can produce another that is over 99.9% similar, but transcribes as any phrase we choose (recognizing up to 50 characters per second of audio).

We apply our white-box iterative optimization-based attack to Mozilla’s implementation DeepSpeech end-to-end, and show it has a 100% success rate.

The feasibility of this attack introduces a new domain to study adversarial examples. more audio examples

From one of our Blue Blaze irregulars... "Audio Adversarialism is the practice of fooling voice-to-text and voice recognition systems by effectively embedding ‘hidden’ commands in audio files which are inaudible to human ears but which are picked up by speakers and mean, in theory, that we might hear the telly saying “Should have gone to Specsavers!” where instead our Amazon Echo is in fact hearing “Alexa, lock all the doors, turn on the gas and start sparking all the bogs in 00:59, 00:58…”. This is...not scary at all, oh no. Hi Siri! Hi Alexa!"

Thursday, April 26, 2018

Spycam Found in Starbucks Restroom... again.

GA - Police have launched an investigation after a camera was discovered last week inside a restroom at a Starbucks store in an Atlanta suburb.

http://tinyurl.com/ya5xvns2
A 25-year-old customer reportedly found the device Tuesday, taped under a baby changing station.

According to a police report, the woman removed the camera and alerted the manager. The manager then notified Starbucks’ corporate office...

The manager gave the camera to police for inspection. Authorities reportedly found 25 videos stored on the camera, including several that reportedly showed people using the restroom. more

N.B. Starbucks, you and any business with restrooms really need to read this.

Wednesday, April 25, 2018

A.I. vs. Human Spies - Guess who wins

Human spies will soon be relics of the past, and the CIA knows it. Dawn Meyerriecks, the Agency’s deputy director for technology development, recently told an audience at an intelligence conference in Florida the CIA was adapting to a new landscape where its primary adversary is a machine, not a foreign agent.

Meyerriecks, speaking to CNN after the conference, said other countries have relied on AI to track enemy agents for years. She went on to explain the difficulties encountered by current CIA spies trying to live under an assumed identity in the era of digital tracking and social media, indicating the modern world is becoming an inhospitable environment to human spies.

But the CIA isn’t about to give up...

Today’s spies have the same problem as yesterday’s: the need to be invisible. What’s changed is the adversary. Instead of fooling people with fake documents and well-told lies, agents have to fool computers capable of picking out a single face in a crowd.

According to Meyerriecks at least 30 countries have the capability to do this with current CCTV camera systems...

We’ve always thought spies, like James Bond, had the coolest gadgets. Now they’re being replaced by them. more

Politician: His Office Was Bugged and I am Really Pissed

Ghana - Maverick Politician and Member of Parliament for Assin South, Ken Agyapong has said he would have shot to death the Security Coordinator of Metro Mass Transit (MMT) Company if he were to be the Managing Director, Bennet Aboagye...

The Security Coordinator, Fusseini Lawal Laah has confessed to bugging the office of the MMT Boss, Bennet Aboagye by secretly installing a recording device.

“The Security Coordinator had the confidence to go and meet with the National Security Coordinator and other big men and has confessed that he bugged the MD’s office. What is going on in this country, and you entertain such person, that guy has to be arrested. He bugged the office and has transcribed all the recording and he’s moving about with it. The guy, I’m warning him, if this country were to be America, they would have taken care of him easily," Ken Agyapong said. more

Corporate Espionage: Spying on X-Ray Machines

A mysterious hacking group has been spying on the healthcare sector by going as far to infect computers that control X-ray and MRI machines with malware.

Fortunately, sabotage and patient data collection doesn't appear to be a motive behind the hacking. The attackers were probably focused on corporate espionage and studying how the medical software onboard the computers worked, the security firm Symantec said on Monday.

Evidence shows that the hackers were focused on collecting data about the infected computers and their networks. DiMaggio speculates this may have been done to learn how to pirate the medical software onboard. more

Digital Assistants: The Eavesdropping Attacks Begin

It's important not to overstate the security risks of the Amazon Echo and other so-called smart speakers. They're useful, fun, and generally have well thought-out privacy protections.

Then again, putting a mic in your home naturally invites questions over whether it can be used for eavesdropping—which is why researchers at the security firm Checkmarx started fiddling with Alexa, to see if they could turn it into a spy device. They did, with no intensive meddling required.

The attack, which Amazon has since fixed, follows the intended flow of using and programming an Echo. Because an Echo's mic only activates to send sound over the internet when someone says a wake word—usually "Alexa"— the researchers looked to see if they could piggyback on one of those legitimate reactions to listen in. A few clever manipulations later, they'd achieved their goal...

There are clear limitations to this eavesdropping approach. It would only have given attackers transcriptions, not audio recordings, of a target's conversations. more

Our advice to clients, "Keep these things out of offices and conference rooms where confidential discussions are held." ~Kevin

Saturday, April 21, 2018