Tuesday, May 29, 2018

Amazon Echo/ Google Home/ HomePod spying on you? Fight Back!

The recent incident of a smart speaker secretly recording a couple’s conversation and sending it to one of their contacts has implanted a seed of doubt in every smart speaker’s user. 


While manufacturers assure their customers of protecting their privacy, it often gets tough to believe in their claims.

Following some simple steps can ensure you aren’t spied by your smart speaker.
  • Mute the microphone/camera when not needed...
  • Turn up the volume to the max...
  • Keep it disconnected from the Wi-Fi...
  • Don’t give access to contacts...
  • Turn off calling and messaging...
  • Lastly, don’t buy one, if you are suspicious... more
Need some smartphone security tips?
Check here.

In other news...
Facebook is now delaying the release of its smart speaker, based on widespread fears of eavesdropping and unauthorized audio recording. Those fears appeared in a recent focus group conducted by the social network... or, Because There’s No Way In Hell Any Sane Person Is Buying That Right Now. more

World's First Ultrasound 'Firewall' for Smartphones

Scientists have developed the first ultrasound-firewall that can prevent hackers from eavesdropping on hidden data transmission between smartphones and other mobile devices.

The permanent networking of mobile devices can endanger the privacy of users and lead to new forms of monitoring. New technologies such as Google Nearby and Silverpush use ultrasonic sounds to exchange information between devices via loudspeakers and microphones.

More and more of our devices communicate via this inaudible communication channel. Ultrasonic communication allows devices to be paired and information to be exchanged. It also makes it possible to track users and their behavior over a number of devices, much like cookies on the Web. Almost every device with a microphone and a loudspeaker can send and receive ultrasonic sounds. Users are usually unaware of this inaudible and hidden data transmission.

Researchers from the St Polten University of Applied Sciences in Austria has developed a mobile application that detects acoustic cookies, brings them to the attention of users and if desired, blocks the tracking. The app is, in a sense, the first available ultrasound-firewall for smartphones and tablets... more

Monday, May 28, 2018

A Memorial Day Thought - The Thing We Forgot to Fight For

We fight like hell for freedom, but we let the world pick our intellectual pockets.

Sure, the US has a counterespionage law. But it is a half-way measure. Ok, we do more than Canada. They don't even have a law.

Question... What is the quality of your freedom once your jobs are stolen, and your intellectual property is ripped out from under you? 

Memorial Day is a good day to re-print this post from April 5, 2012.

----------------------------------

Gen. Keith B. Alexander, (NSA)
...called the continuing, rampant cybertheft “the greatest transfer of wealth in history.” (bio)
---
Shawn Henry, (FBI) 
...current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said. (bio)
---
Richard A. Clark, (presidential advisor) 
"Yet the same Congress that has heard all of this disturbing testimony is mired in disagreements about a proposed cybersecurity bill that does little to address the problem of Chinese cyberespionage." (bio)
---
Letter to the Editor - The New York Times

Dear Editor,

Richard A. Clarke’s op-ed piece, “How China Steals Our Secrets,” (4/2/12) states the current business espionage problem perfectly, but we need a solution. Consider this...

The Chinese secrets of: silk and tea production; making porcelain, gunpowder and paper, could not survive Western espionage attacks – not even when protected with death penalties. Espionage killed their economy, and the damage lasted for centuries. Obviously, our competitive advantages are also our National Interest Assets.

The one-sided, punish-the-spy security model, still being used today, never worked. We need to make it two-sided. There must be a proactive legal responsibility to protect.

The solution... Corporate caretakers must be held accountable for protecting their valuables; our national treasures. We need a law creating business counterespionage security standards, with penalties for inadequate protection. We already
successfully employ the same concept with medical and financial record privacy.

Kevin D. Murray
Spybusters, LLC
---
A cybersecurity law alone will not stop spying. 
If implemented, it will force an increase in traditional spy techniques, such as: bugging, wiretapping, physical intrusions and social engineering. (Remember, computer data is available elsewhere long before it is computerized.) 
Protecting our competitive advantages requires a holistic approach; a National Interest Assets law which would also...

• Protect the entire intellectual property timeline, from brainstorming and initial discussions, to the final product or business strategy. 
• Impose a responsibility of due care upon the creators and holders competitive advantage information.
• Specify compliance requirements aimed at countering traditional business espionage practices. Technical Surveillance Countermeasures Inspections (TSCM / bug sweeps), information-security audits, and information-security compliance procedures; safeguards which can be easily mandated and monitored.
This is a no-brainer, Congress.

The cost of keeping National Interest Assets safe is infinitesimal compared to current losses (not to mention the long-term effects). Just ask the Chinese.
~Kevin

Saturday, May 26, 2018

The Great Seal Bug Story - 58 Years Ago Today

In 1946, Soviet school children presented a two foot wooden replica of the Great Seal of the United States to Ambassador Averell Harriman.

May 26, 1960 – Ambassador Henry Cabot Lodge, Jr. displays the Great Seal bug at the United Nations.
The Ambassador hung the seal in his office in Spaso House (Ambassador’s residence). During George F. Kennan’s ambassadorship in 1952, a secret technical surveillance countermeasures (TSCM) inspection discovered that the seal contained a microphone and a resonant cavity which could be stimulated from an outside radio signal.
The cavity resonator ‘bug’ microphone found inside.

On May 26, 1960, U.S. Ambassador to the United Nations Henry Cabot Lodge, Jr. unveiled the Great Seal Bug before the UN Security Council to counter Soviet denunciations of American U-2 espionage. The Soviets had presented a replica of the Great Seal of the United States as a gift to Ambassador Averell Harriman in 1946.

The gift hung in the U.S. Embassy for many years, until in 1952, during George F. Kennan’s ambassadorship, U.S. security personnel discovered the listening device embedded inside the Great Seal.

Lodge’s unveiling of this Great Seal before the Security Council in 1960 provided proof that the Soviets also spied on the Americans, and undercut a Soviet resolution before the Security Council denouncing the United States for its U-2 espionage missions. – U.S. Department of State... 

Read the fascinating full history here.

Thursday, May 24, 2018

Alexa - Busted for Eavesdropping

A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list.


"My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name.

Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system.

But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. "'You're being hacked.'"

That person was one of her husband's employees, calling from Seattle.

"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" more

General Data Protection Regulation (GDPR), or D-Day for Data

Effective, Friday, May 25, 2018

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. more
  • This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
  • This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
  • The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. more
GDPR in a nutshell.
GDPR explanation from Mozilla.

How to encrypt your entire life in less than an hour

Quincy Larson has written an excellent article on how to protect your digital privacy. Worth reading. Worth doing. ~Kevin

“Only the paranoid survive.” — Andy Grove

And Grove isn’t the only powerful person urging caution. Even the director of the FBI — the same official who recently paid hackers a million dollars to unlock a shooter’s iPhone — is encouraging everyone to cover their webcams.

But you obey the law. What do you have to worry about? As the motto of the United Kingdom’s surveillance program reminds us, “If you’ve got nothing to hide, you’ve got nothing to fear.”

Well, law-abiding citizens do have reason to fear. They do have reasons to secure their devices, their files, and their communications with loved ones.
“If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” — Cardinal Richelieu in 1641
In this article, I will show you how you can protect yourself by leveraging state-of-the-art encryption. In a single sitting, you can make great strides toward securing your privacy. more

Wednesday, May 23, 2018

Dumpster Diving…A Treasure Trove

From the book, What You Don't Know... Your Guide to Achieving "Knowledge Advantage" in the Information Age!

"Valuable Open Source information is thrown away every day, waiting to be collected by the thoughtful researcher. Dubbed “dumpster diving,” or “trash picking” a wastebasket becomes a friend to researchers and a foe of anyone you are collecting on...

How useful dumpster diving is can be readily seen by the fact that a highly-placed US intelligence official was convicted and sentenced to life in prison for working with Moscow operatives. He had thoughtlessly thrown away key clues to his betrayal, not thinking they would end up on a prosecutor’s desk. Expecting anything to be buried forever in a trash heap can be a major mistake...

In the United States the Supreme Court has said that, as a general rule, things left in trash cans curbside are considered “abandoned” and are there for the taking."

Related: Confidential Paperwork Security

Infographic - The History of Privacy

Click to enlarge.


Tuesday, May 22, 2018

How Domestic Abusers Use Smartphones to Spy on Their Partners

There’s more creepy spyware out there than you think — and regulating it is a legal and technological challenge.

More and more people who commit violence against their intimate partners are using technology to make their victims’ lives worse...

News media, academic researchers, and victim advocates have long acknowledged the threat of spyware in domestic abuse situations. But our research (conducted with our students) brings to light the ease with which spyware can be deployed by abusers, and the broad scope of software usable as spyware...

Installing powerful spyware is just a few clicks away. Search on the web for “track my girlfriend” and you’ll find plentiful links to software, how-to guides, and forums all aimed at making it easy for abusers to spy on victims. (Protection advice is also available.) All the tools an abuser needs are present on Google and Apple’s app stores; installation is as simple as grabbing the victim’s device, typing the password (possibly stolen), and downloading an app. Many such apps require a fee, but in some cases, you can spy free of charge.

And our research shows that current anti-malware programs most often don’t identify such software as problematic. (ours does) more

Click the "our research" link above for the research paper. ~Kevin

Secretly Recording a Witness Gets Two Arrested

NH - Two Tolles Street residents were arrested Monday morning, charged with secretly recording a witness’ private conversation from a previous investigation, police said.

The charges stem from Aug. 3, 2017, when members of the Special Investigations Division learned a witness's private conversation from a previous investigation involving Bellino and Madison may have been recorded without the witness's consent.

Zachary Madison, 27, was charged with wiretapping, a Class B felony, Brittney Bellino, 25, was charged with conspiracy to commit wiretapping during their arrest about 9:40 a.m. Both charges are Class B felonies. more

Darwin Award to Another Spycam'er Who Shot Himself


MA - A Taunton man faces allegations that he placed a small recording device in a preschool bathroom with the intent of filming the women who worked there.

Darin McNeil, 48, was arrested at the Learning Experience on Main Street on May 18 by Foxborough Police and charged with possession of a device for wiretapping, attempting to conduct secret sexual surveillance, and unlawful wiretapping...

Police responded to a report of a shiny object found in a hat placed on a shelf across from a toilet in a staff bathroom at the preschool around midday on May 18. Once officers were given the item, it was determined that it was an audio and video recorder with a small USB connection that is designed to look like a pen, according to a police report.

Video from the pen allegedly showed a worker at the Learning Experience in the bathroom and a man placing the device where it was found. The man was identified as McNeil, who was an electrician doing some work at the daycare. more

Security Installer Turned Spycam'er... again

LA - Police are looking for Jules Chauvin, the owner of Telecom Security Solutions in West Monroe.

Chauvin allegedly installed cameras in the victim's business in West Monroe.

According to police, a victim contacted them on May 7th saying she was being watched without her consent by the man who installed her security system. Police say the victim fears that Chauvin may be watching other people as well.

Police ask that anyone who feels that they may be a victim of video voyeurism to contact the police department. more

This isn't the first time a security installer got caught installing spycams...

Largest Ever Women’s Rally Protests Spycam Pornography

Some 12,000 women gathered in Seoul on Saturday to protest against the “discriminatory treatment” of cases involving male and female victims of digital and online sexual violence, including spy-cam pornography. The event was the biggest women’s rights rally in Korea’s recent history...

According to 2016 data from the Korean National Police Agency, some 5,184 sexual harassment cases including those that involved spy-cam footage -- illegally uploaded video footage created using hidden cameras in public spaces such as public toilets -- were reported that year. More than 80 percent of the victims were women.

Furthermore, more than 7,300 requests were made to remove revenge porn that was uploaded by victims’ ex-romantic partners. more

Phone Companies Know Your Location 24/7 - and they're selling it.

via Krebs on Security 
Your mobile phone is giving away your approximate location all day long.

This isn't exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location.

But now, the major mobile providers in the United States -- AT&T, Sprint, T-Mobile and Verizon -- are selling this location information to third party companies -- in real time -- without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected. 

It may be tough to put a price on one's location privacy, but here's something of which you can be sure: The mobile carriers are selling data about where you are at any time, without your consent, to third-parties for probably far less than you might be willing to pay to secure it. more