Friday, June 8, 2018
U.S. Embassy in China Sends Alert About Mystery Health Issue
The U.S. Embassy in China sent its second alert in two weeks Friday to its citizens over unexplained health issues that have prompted the evacuation of a number of U.S. government employees working at a consulate in a southern city...
The incidents have raised fears the unexplained issues that started in Cuba in 2016 have expanded to other countries. China says it has uncovered no information that could point to a cause...
Friday's alert called for people to be attentive of symptoms including "dizziness, headaches, tinnitus, fatigue, cognitive issues, visual problems, ear complaints and hearing loss, and difficulty sleeping." It urged them "not to attempt to locate the source of any unidentified auditory sensation. Instead, move to a different location." more
Two theories. One solution.
A new theory.
Attackers can cause potentially harmful hard drive and operating system crashes by playing sounds...
The attacks use sonic and ultrasonic sounds to disrupt magnetic HDDs as they read or write data. The researchers showed how the technique could stop some video-surveillance systems from recording live streams. Just 12 seconds of specially designed acoustic interference was all it took to cause video loss in a 720p system made by Ezviz. Sounds that lasted for 105 seconds or more caused the stock Western Digital 3.5 HDD in the device to stop recording altogether until it was rebooted.
U.S. to Thwart Spying at Singapore Summit with TSCM Bug Sweeps
U.S. officials say they are preparing to counter the Chinese spies they expect to be all over Singapore next week seeking inside information on the talks.
The Chinese, who have been known to bug everything from hotel keys to the gifts given to American visitors, are expected to deploy their increasingly sophisticated repertoire of intelligence gathering techniques, both human and electronic, in Singapore.
Areas of concern for the U.S. at the summit include:
He brought one of the key cards back to the U.S., where security officials found a microphone embedded inside, according to the U.S. officials.
The Chinese have placed listening and tracking devices in chips embedded in credit cards, key chains, jewelry, and even event credentials, the officials said, often with the intent of capturing secret conversations among American officials. more
You can be sure same eavesdropping techniques and technology are being used for economic espionage here in the U.S.
Fortunately, savvy private sector businesses are successfully employing similar Technical Surveillance Countermeasures (TSCM) bug sweeps on a regular basis. Businesses that do not are getting their intellectual property pockets picked. ~Kevin
The Chinese, who have been known to bug everything from hotel keys to the gifts given to American visitors, are expected to deploy their increasingly sophisticated repertoire of intelligence gathering techniques, both human and electronic, in Singapore.
Areas of concern for the U.S. at the summit include:
- U.S. officials are concerned China has recruited informants among the waiters and other staff in Singapore’s restaurants and bars, who are paid to eavesdrop on American customers and report back to their Chinese handlers.
- Officials also expect electronic surveillance of the summit meeting sites. Americans will sweep for bugs (TSCM) in rooms at the Capello Hotel that could be used for side discussions, and could erect tents inside hotel meeting rooms to block any concealed cameras from viewing classified documents.
- Chinese intelligence agencies have shown the ability to penetrate mobile phones even when they are off, and U.S. officials are now told to take their batteries out when they are concerned about eavesdropping, according to a U.S. intelligence official.
He brought one of the key cards back to the U.S., where security officials found a microphone embedded inside, according to the U.S. officials.
The Chinese have placed listening and tracking devices in chips embedded in credit cards, key chains, jewelry, and even event credentials, the officials said, often with the intent of capturing secret conversations among American officials. more
You can be sure same eavesdropping techniques and technology are being used for economic espionage here in the U.S.
Fortunately, savvy private sector businesses are successfully employing similar Technical Surveillance Countermeasures (TSCM) bug sweeps on a regular basis. Businesses that do not are getting their intellectual property pockets picked. ~Kevin
Woman Faces 4 Years in Jail, in Siberia, for GPS-Tracking Her Partner
Russia - A woman is facing up to four years in jail after trying to spy on her husband using a hidden GPS tracking and recording device.
The 33-year-old resident of Russia’s Siberian region of Omsk bought the GPS tracker online and installed the device in her husband's car as she suspected him of infidelity, according to a statement by Russia’s Investigative Committee.
After listening to her partner's comings and goings for “several months,” the woman, whose name has not been released by authorities, decided to sell the device online for 1,000 rubles ($16). It was during the money handover that police arrested the woman and charged her with “illegal acquisition and sale of special technical equipment intended for secretly receiving information," state news agency RIA Novosti reported. more
Click-bait headline, of course. The woman was already in Siberia. Which, reminds me of a 12 year old cut-up classmate in my math class. Teachers would try to give him a detention because of his antics, but for the longest time he wiggled out of them. "My mother is coming home from the hospital today. I can't stay." He fooled a lot of teachers, for many months, until they learned his mother was a nurse. ~Kevin
The 33-year-old resident of Russia’s Siberian region of Omsk bought the GPS tracker online and installed the device in her husband's car as she suspected him of infidelity, according to a statement by Russia’s Investigative Committee.
After listening to her partner's comings and goings for “several months,” the woman, whose name has not been released by authorities, decided to sell the device online for 1,000 rubles ($16). It was during the money handover that police arrested the woman and charged her with “illegal acquisition and sale of special technical equipment intended for secretly receiving information," state news agency RIA Novosti reported. more
Click-bait headline, of course. The woman was already in Siberia. Which, reminds me of a 12 year old cut-up classmate in my math class. Teachers would try to give him a detention because of his antics, but for the longest time he wiggled out of them. "My mother is coming home from the hospital today. I can't stay." He fooled a lot of teachers, for many months, until they learned his mother was a nurse. ~Kevin
Tuesday, June 5, 2018
136 Old NSA Security Posters
In the 1950s and 1960s, the NSA made a bunch of posters to remind its employees that security is the most important thing, and that they must work hard to protect the country’s most important secrets.
Thanks to a Freedom of Information Act request by the transparency site Government Attic, we can now see these quaint, sometimes hilarious, but also menacing, posters.
Here are all the 136 posters the NSA released. We’ve chosen a few that we thought were the best ones. Some of them are cutesy, some are kind of lame, others are dark and dystopian, and others are straight up incredible. more
Don't it just give you, "The locking pneumonia and floppy-copy flue."
Thanks to a Freedom of Information Act request by the transparency site Government Attic, we can now see these quaint, sometimes hilarious, but also menacing, posters.
Here are all the 136 posters the NSA released. We’ve chosen a few that we thought were the best ones. Some of them are cutesy, some are kind of lame, others are dark and dystopian, and others are straight up incredible. more
Don't it just give you, "The locking pneumonia and floppy-copy flue."
Labels:
#NSA,
advice,
art,
historical,
information security,
weird
Sunday, June 3, 2018
Stingrays in Washington DC Attacking Cell Phones – How they Work
A federal study found signs that surveillance devices for intercepting
cellphone calls and texts were operating near the White House and other
sensitive locations in the Washington area last year...
The discovery bolsters years of independent research suggesting that foreign intelligence agencies use sophisticated interception technology to spy on officials working within the hub of federal power in the nation’s capital. Experts in surveillance technology say that IMSI catchers — sometimes known by one popular brand name, StingRay — are a standard part of the tool kit for many foreign intelligence services, including for such geopolitical rivals as Russia and China...
The discovery bolsters years of independent research suggesting that foreign intelligence agencies use sophisticated interception technology to spy on officials working within the hub of federal power in the nation’s capital. Experts in surveillance technology say that IMSI catchers — sometimes known by one popular brand name, StingRay — are a standard part of the tool kit for many foreign intelligence services, including for such geopolitical rivals as Russia and China...
The devices work by simulating cell towers to trick
nearby phones into connecting, allowing the IMSI catchers to collect
calls, texts and data streams. Unlike some other forms of cellphone
interception, IMSI catchers must be near targeted devices to work.
When
they are in range, IMSI catchers also can deliver malicious software to
targeted devices for the purpose of stealing information stored on them
or conducting longer-term monitoring of communications. more
Smartphone Security Tips
Smartphone Security Tips
Thursday, May 31, 2018
Fred Kovaleski, International Tennis-Playing CIA Spy Dies
Just coincidence? |
Fred Kovaleski, whose international tennis-playing career became his cover in the 1950s while he was working as a spy for the C.I.A., died on Friday at his home in Manhattan. He was 93.
Mr. Kovaleski was well into his career on the tennis circuit, having played at Wimbledon and in tournaments abroad and in the United States, when he joined the C.I.A. in 1951 and began training in spycraft at Camp Peary, near Williamsburg, Va.
Within three years, his ability to play tennis and his Russian-language training with the C.I.A. became essential when Yuri Rastvorov, a K.G.B. lieutenant colonel and avid tennis player, defected to the United States. more
Wednesday, May 30, 2018
Randy Tanning Salon Spycam'er Nailed
WI - A man was arrested here Wednesday, May 23, after police discovered he had used a “spy camera” to view clients undressing in a tanning salon.
Randy J. Schamberger, 42, was being held in the Barron County Jail on a misdemeanor charge and a felony charge, according to a press release.
Police know of eight victims caught on camera at Sunshine Fitness and Tanning Salon in Cumberland. There could be more victims, as Schamberger admitted to viewing and deleting up to 70 other files, police said.
On April 5, a client noticed what she thought was a USB phone charger plugged into one of the wall outlets in the tanning room. When she looked closely, she realized it was actually a covert digital video camera with a memory card inside.
She turned it over to police, who found 67 video files showing numerous persons undressing and in stages of full or partial nudity inside the tanning room.
Police discovered Schamberger had used his wife’s customer key fob to gain access to the room. He admitted to buying the spy camera from Amazon in October. more
Fight back!
Randy J. Schamberger, 42, was being held in the Barron County Jail on a misdemeanor charge and a felony charge, according to a press release.
Police know of eight victims caught on camera at Sunshine Fitness and Tanning Salon in Cumberland. There could be more victims, as Schamberger admitted to viewing and deleting up to 70 other files, police said.
On April 5, a client noticed what she thought was a USB phone charger plugged into one of the wall outlets in the tanning room. When she looked closely, she realized it was actually a covert digital video camera with a memory card inside.
She turned it over to police, who found 67 video files showing numerous persons undressing and in stages of full or partial nudity inside the tanning room.
Police discovered Schamberger had used his wife’s customer key fob to gain access to the room. He admitted to buying the spy camera from Amazon in October. more
Fight back!
Drones: For Criminals and Corporate Spies, the Sky’s the Limit
Switzerland - A rogue drone found on Credit Suisse HQ’s roof; fears of acid drops into data centres: drones are the latest security threat for businesses...
Besides carrying missiles or capturing images on powerful cameras, drones are now known to carry sophisticated computers too. These can be used to hack into mobile devices – and wi-fi networks...
Up in Zurich, alarms were raised at Credit Suisse’s HQ because of a rogue drone that was found lying on the office’s rooftop 12 months ago, a source tells Spear’s. The episode was presented as a potential security breach in a confidential conference at the bank, when the drone’s hacking abilities were revealed to some of its employees worldwide. The Swiss multinational declined to comment.
As well as stealing data potentially worth millions, these drones can drop acid into data centres to achieve a complete system shutdown... more
War-Flying Drone - WiFi Hacking video
Besides carrying missiles or capturing images on powerful cameras, drones are now known to carry sophisticated computers too. These can be used to hack into mobile devices – and wi-fi networks...
Up in Zurich, alarms were raised at Credit Suisse’s HQ because of a rogue drone that was found lying on the office’s rooftop 12 months ago, a source tells Spear’s. The episode was presented as a potential security breach in a confidential conference at the bank, when the drone’s hacking abilities were revealed to some of its employees worldwide. The Swiss multinational declined to comment.
As well as stealing data potentially worth millions, these drones can drop acid into data centres to achieve a complete system shutdown... more
War-Flying Drone - WiFi Hacking video
Labels:
#eavesdropping,
#espionage,
#hack,
#spycam,
aerial,
drone,
sabotage
Tuesday, May 29, 2018
Amazon Echo/ Google Home/ HomePod spying on you? Fight Back!
The recent incident of a smart speaker secretly recording a couple’s conversation and sending it to one of their contacts has implanted a seed of doubt in every smart speaker’s user.
While manufacturers assure their customers of protecting their privacy, it often gets tough to believe in their claims.
Following some simple steps can ensure you aren’t spied by your smart speaker.
Check here.
In other news...
Facebook is now delaying the release of its smart speaker, based on widespread fears of eavesdropping and unauthorized audio recording. Those fears appeared in a recent focus group conducted by the social network... or, Because There’s No Way In Hell Any Sane Person Is Buying That Right Now. more
While manufacturers assure their customers of protecting their privacy, it often gets tough to believe in their claims.
Following some simple steps can ensure you aren’t spied by your smart speaker.
- Mute the microphone/camera when not needed...
- Turn up the volume to the max...
- Keep it disconnected from the Wi-Fi...
- Don’t give access to contacts...
- Turn off calling and messaging...
- Lastly, don’t buy one, if you are suspicious... more
Check here.
In other news...
Facebook is now delaying the release of its smart speaker, based on widespread fears of eavesdropping and unauthorized audio recording. Those fears appeared in a recent focus group conducted by the social network... or, Because There’s No Way In Hell Any Sane Person Is Buying That Right Now. more
World's First Ultrasound 'Firewall' for Smartphones
Scientists have developed the first ultrasound-firewall that can prevent hackers from eavesdropping on hidden data transmission between smartphones and other mobile devices.
The permanent networking of mobile devices can endanger the privacy of users and lead to new forms of monitoring. New technologies such as Google Nearby and Silverpush use ultrasonic sounds to exchange information between devices via loudspeakers and microphones.
More and more of our devices communicate via this inaudible communication channel. Ultrasonic communication allows devices to be paired and information to be exchanged. It also makes it possible to track users and their behavior over a number of devices, much like cookies on the Web. Almost every device with a microphone and a loudspeaker can send and receive ultrasonic sounds. Users are usually unaware of this inaudible and hidden data transmission.
Researchers from the St Polten University of Applied Sciences in Austria has developed a mobile application that detects acoustic cookies, brings them to the attention of users and if desired, blocks the tracking. The app is, in a sense, the first available ultrasound-firewall for smartphones and tablets... more
The permanent networking of mobile devices can endanger the privacy of users and lead to new forms of monitoring. New technologies such as Google Nearby and Silverpush use ultrasonic sounds to exchange information between devices via loudspeakers and microphones.
More and more of our devices communicate via this inaudible communication channel. Ultrasonic communication allows devices to be paired and information to be exchanged. It also makes it possible to track users and their behavior over a number of devices, much like cookies on the Web. Almost every device with a microphone and a loudspeaker can send and receive ultrasonic sounds. Users are usually unaware of this inaudible and hidden data transmission.
Researchers from the St Polten University of Applied Sciences in Austria has developed a mobile application that detects acoustic cookies, brings them to the attention of users and if desired, blocks the tracking. The app is, in a sense, the first available ultrasound-firewall for smartphones and tablets... more
Monday, May 28, 2018
A Memorial Day Thought - The Thing We Forgot to Fight For
We fight like hell for freedom, but we let the world pick our intellectual pockets.
Sure, the US has a counterespionage law. But it is a half-way measure. Ok, we do more than Canada. They don't even have a law.
Question... What is the quality of your freedom once your jobs are stolen, and your intellectual property is ripped out from under you?
Memorial Day is a good day to re-print this post from April 5, 2012.
----------------------------------
Gen. Keith B. Alexander, (NSA)
Sure, the US has a counterespionage law. But it is a half-way measure. Ok, we do more than Canada. They don't even have a law.
Question... What is the quality of your freedom once your jobs are stolen, and your intellectual property is ripped out from under you?
Memorial Day is a good day to re-print this post from April 5, 2012.
----------------------------------
Gen. Keith B. Alexander, (NSA)
...called the continuing, rampant cybertheft “the greatest transfer of wealth in history.” (bio)
---
Shawn Henry, (FBI)
...current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said. (bio)
---
Richard A. Clark, (presidential advisor)
"Yet the same Congress that has heard all of this disturbing testimony is mired in disagreements about a proposed cybersecurity bill that does little to address the problem of Chinese cyberespionage." (bio)
---
Letter to the Editor - The New York Times
Dear Editor,
Richard A. Clarke’s op-ed piece, “How China Steals Our Secrets,” (4/2/12) states the current business espionage problem perfectly, but we need a solution. Consider this...
The Chinese secrets of: silk and tea production; making porcelain, gunpowder and paper, could not survive Western espionage attacks – not even when protected with death penalties. Espionage killed their economy, and the damage lasted for centuries. Obviously, our competitive advantages are also our National Interest Assets.
The one-sided, punish-the-spy security model, still being used today, never worked. We need to make it two-sided. There must be a proactive legal responsibility to protect.
The solution... Corporate caretakers must be held accountable for protecting their valuables; our national treasures. We need a law creating business counterespionage security standards, with penalties for inadequate protection. We already successfully employ the same concept with medical and financial record privacy.
Kevin D. Murray
Spybusters, LLC
Richard A. Clarke’s op-ed piece, “How China Steals Our Secrets,” (4/2/12) states the current business espionage problem perfectly, but we need a solution. Consider this...
The Chinese secrets of: silk and tea production; making porcelain, gunpowder and paper, could not survive Western espionage attacks – not even when protected with death penalties. Espionage killed their economy, and the damage lasted for centuries. Obviously, our competitive advantages are also our National Interest Assets.
The one-sided, punish-the-spy security model, still being used today, never worked. We need to make it two-sided. There must be a proactive legal responsibility to protect.
The solution... Corporate caretakers must be held accountable for protecting their valuables; our national treasures. We need a law creating business counterespionage security standards, with penalties for inadequate protection. We already successfully employ the same concept with medical and financial record privacy.
Kevin D. Murray
Spybusters, LLC
---
If implemented,
it will force an increase in traditional spy techniques, such as:
bugging, wiretapping, physical intrusions and social engineering. (Remember, computer data is available elsewhere long before it is computerized.)
Protecting our competitive advantages requires a holistic approach; a National Interest Assets law which would also...
• Protect the entire intellectual property timeline, from brainstorming and initial discussions, to the final product or business strategy.
• Impose a responsibility of due care upon the creators and holders competitive advantage information.
• Specify compliance requirements
aimed at countering traditional business espionage practices. Technical
Surveillance Countermeasures Inspections (TSCM / bug sweeps),
information-security audits, and information-security compliance
procedures; safeguards which can be easily mandated and monitored.
The cost of keeping National Interest Assets safe is infinitesimal compared to current losses (not to mention the long-term effects). Just ask the Chinese.
~Kevin
Saturday, May 26, 2018
The Great Seal Bug Story - 58 Years Ago Today
In 1946, Soviet school children presented a two foot wooden replica of the Great Seal of the United States to Ambassador Averell Harriman.
May 26, 1960 – Ambassador Henry Cabot Lodge, Jr. displays the Great Seal bug at the United Nations. |
The cavity resonator ‘bug’ microphone found inside. |
On May 26, 1960, U.S. Ambassador to the United Nations Henry Cabot Lodge, Jr. unveiled the Great Seal Bug before the UN Security Council to counter Soviet denunciations of American U-2 espionage. The Soviets had presented a replica of the Great Seal of the United States as a gift to Ambassador Averell Harriman in 1946.
The gift hung in the U.S. Embassy for many years, until in 1952, during George F. Kennan’s ambassadorship, U.S. security personnel discovered the listening device embedded inside the Great Seal.
Lodge’s unveiling of this Great Seal before the Security Council in 1960 provided proof that the Soviets also spied on the Americans, and undercut a Soviet resolution before the Security Council denouncing the United States for its U-2 espionage missions. – U.S. Department of State...
Read the fascinating full history here.
Thursday, May 24, 2018
Alexa - Busted for Eavesdropping
A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list.
"My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name.
Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system.
But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. "'You're being hacked.'"
That person was one of her husband's employees, calling from Seattle.
"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" more
"My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name.
Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system.
But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. "'You're being hacked.'"
That person was one of her husband's employees, calling from Seattle.
"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" more
General Data Protection Regulation (GDPR), or D-Day for Data
Effective, Friday, May 25, 2018
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.
It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. more
GDPR explanation from Mozilla.
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.
It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. more
- This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
- This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
- The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. more
GDPR explanation from Mozilla.
Subscribe to:
Posts (Atom)