Wednesday, June 27, 2018

A $5 Million Surveillance Car

A Cyprus-based surveillance company claims to have built a car full of next-generation snooping kit that can infect Apple and Google phones from as far away as 500 metres. WiSpear, founded by one of Israel’s longtime surveillance market players Tal Dilian, is selling the car for between $3.5 million and $5 million and claims it has plenty of interest already. It’s also inspired concern from the privacy community.

The SpearHead 360 vehicle uses 24 antennas to reach out to target devices. Once a phone has been chosen, the WiSpear automobile has four different ways to force a phone to connect to its Wi-Fi-based interceptors from where it can start snooping on devices (using what are known as man-in-the-middle attacks). Then there are four different kinds of malware for various operating systems, including Apple’s iOS or Google’s Android devices, according to Dilian.


WiSpear showed off the van at the ISS World and Eurosatory conferences this month. As seen in the video, police can splurge on a drone and a backpack to go inside the car for even more mobile surveillance. Both can be used to carry out the same attacks, according to Dilian, who noted a single backpack can cost as much as $1.2 million. “This takes customers from detection all the way to full interception,” he told Forbes. “I think it’s a game changer.” more

Tuesday, June 26, 2018

Darwin Award: Man Spycams Wife for 3 Years to Bug Her - Shoots Himself

Paul Lewis, 46, rigged up the secret video camera because he feared his wife Ann, 45, was having a secret affair.

His video revealed she wasn’t having sex romps while he was at work – but he carried of covertly filming her for the next three years anyway.

He said continued because he knew it would annoy her.

A court heard the marriage had been ‘effectively over’ for some time when Ann, a teacher, found the digital camera after it was moved to the kitchen of their three-bedroom village home.

She found 29 videos of herself that had been shot in the bedroom lasting between a few seconds and up to 40 minutes.

Lewis, an engineer, blundered because some of the clips showed him accidentally filming himself installing the spy camera in a bedside cabinet. more

Spy Collector Alert: Soviet Spy-Camera Auction

On July 12, Aston’s Auctioneers of Dudley, England (about halfway between Liverpool and London), will feature the Russian Collection auction, 25 lots of rare and unusual cameras collected from the Cold War days, when Russia merely constituted much of the U.S.S.R. and Germany was still separated into two states.
To find as many [cameras] in one place is pretty unusual,” says Tim Goldsmith, photographic consultant to Aston’s. The unnamed source for the auction had been collecting Soviet spy cameras for 30 to 40 years, as far back as when smuggling anything of this sort in or out of the Soviet Bloc would have needed spycraft itself. “Obviously, that’s when East Germany was still completely surrounded,” says Goldsmith. Until recently, finding such a trove in the West was nearly miraculous. “And it’s unheard of in the U.K., though it’s dribbling out since the whole universe discovered these things on the internet."

Aston’s hosts three camera auctions a year, yet this one, as Goldsmith put it, “has fired everyone’s imagination.” more

Wi-Fi to Get More Security Muscle

The Wi-Fi Alliance has officially unveiled WPA3, its next-generation security standard to keep wireless networks better protected, alongside a move to streamline the setup of the likes of smart home gadgets.

As you may be aware, WPA3 follows on from the currently employed WPA2 standard, which has been hit by security vulnerabilities that have led folks to question its overall strength in recent times.

So, the arrival of WPA3 is clearly important, and the Wi-Fi Alliance is delivering the fresh standard in two forms, one aimed at the home user, and one for businesses: WPA3-Personal and WPA3-Enterprise.

Both flavors are designed to provide far more robust security, with users benefiting from Protected Management Frames (PMF) to defend against malicious parties eavesdropping on their data transmissions. more

Dan Ingram - RIP

Dan Ingram.
Super nice guy.
Unbelievably funny, even during the songs when nobody but the engineer could hear him.
more 7/4/68 Air Check

Wednesday, June 20, 2018

Android Alert: Surveillance Malware Infects Telegram App

A new family of malware capable of comprehensive surveillance is targeting Android devices through the encrypted messaging app Telegram, according to research from antivirus vendor ESET.

The malware – which has mostly been distributed in Iran – ensnares its victims by posing as an application pledging more social media followers, bitcoin, or free Internet connections, according to ESET. Once downloaded, the malware can carry out surveillance tasks ranging from intercepting text messages to recording audio and screen images from devices, ESET researcher Lukas Stefanko explained in a blog post.

Each compromised device is controlled via a bot that the attacker commandeers via Telegram, which recently boasted 200 million monthly users.

Attackers can control victimized devices by simply tapping the buttons available in the version of the malware they are operating,” Stefanko wrote.

Such nefarious programs have been knocking on Google Play’s door in droves: With the help of machine learning, security specialists removed 700,000 malicious apps from the store last year. more

For Sale: Your Whereabouts

Verizon and AT&T have promised to stop selling their mobile customers' location information to third-party data brokers following a security problem that leaked the real-time location of US cell phone users.

Sen. Ron Wyden (D-Ore.) recently urged all four major carriers to stop the practice, and today he published responses he received from Verizon, AT&T, T-Mobile USA, and Sprint.

Wyden's statement praised Verizon for "taking quick action to protect its customers' privacy and security," but he criticized the other carriers for not making the same promise.

"After my investigation and follow-up reports revealed that middlemen are selling Americans' location to the highest bidder without their consent or making it available on insecure Web portals, Verizon did the responsible thing and promptly announced it was cutting these companies off," Wyden said. "In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers' private information to these shady middle men, Americans' privacy be damned." more

Tesla's Sabotage / Espionage Wake-Up Call

Tesla has routed out a saboteur who changed code on internal products and exfiltrated data to outsiders, damaging company operations and possibly causing a fire, CEO Elon Musk told employees in an email...

Musk wrote in an email obtained by CNBC. “This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.”

While Musk said Tesla doesn't know the full extent of the employee's actions, “what he has admitted to so far is pretty bad,”...

“Trusted users always pose the highest risk as they have the means and only lack the motivation. In this instance, the motivation sounds personal, and that is quite often the case in corporate sabotage,” said Chris Morales, head of security analytics at Vectra. “It is not clear how this event was detected, but it sounds like it was discovered after the damage already occurred and there is still work to uncover the extent of that damage.”

Whether addressing a rogue insider or an outsider who has gained access to employee credentials, he said, “enterprises benefit from internal monitoring that can detect suspicious behavior in order to prevent damage,” more

Thursday, June 14, 2018

World Cup Tip - Leave Your Electronics at Home


The top U.S. counterintelligence agent has warned Americans traveling to Russia for the 2018 World Cup against taking any electronics with them, saying soccer fans could be targeted by hackers.

William Evanina, an FBI agent and the director of the U.S. National Counterintelligence and Security Center, said in a Tuesday statement that even those who see themselves as insignificant could become victims of Russian spying.

“If you’re planning on taking a mobile phone, laptop, PDA, or another electronic device with you—make no mistake—any data on those devices (especially your personally identifiable information) may be accessed by the Russian government or cyber criminals,” Evanina said, according to Reuters. more

Three Tips for Protecting a Business's Passwords

One of the common areas we see companies and technology groups struggling to manage securely and effectively is… passwords.  We know we need them (passwords), we know they need to be “secure”, and we know they’re a pain in the neck to keep organized.  That’s exacerbated exponentially when you factor in shared passwords and accounts for teams.
Tip 1:  Quit Using Excel to Manage Your Passwords...
Tip 2:  Know All of Your Org’s Accounts...
Tip 3:  Know Your Password Security Options...

Read the full details about each tip at criticalinformatics.com

Cell Phone Passcode of 1+2+3+4 = 18 Years in Prison


A man serving 18 years in prison in South Carolina for burglary was rightfully convicted in part because he left his cellphone at the crime scene and a detective guessed his passcode as 1-2-3-4 instead of getting a warrant, the state Supreme Court ruled Wednesday.

Lawyers for Lamar Brown argued detectives in Charleston violated Brown’s right to privacy by searching his phone without a warrant.

After storing the cellphone in an evidence locker for six days in December 2011, the detective guessed right on Brown’s easy passcode, found a contact named “grandma” and was able to work his way back to Brown.

The justices ruled in a 4-1 decision that Brown abandoned his phone at the Charleston home and made no effort to find it. The law allows police to look at abandoned property without a court-issued warrant allowing a search. more

X-Ray Vision Using Wi-Fi

The Machines now have X-ray vision. A new piece of software has been trained to use wifi signals — which pass through walls, but bounce off living tissue — to monitor the movements, breathing, and heartbeats of humans on the other side of those walls. The researchers say this new tech’s promise lies in areas like remote healthcare, particularly elder care, but it’s hard to ignore slightly more dystopian applications.

Click to enlarge.
 While it’s easy to think of this new technology as a futuristic Life Alert® monitor, it’s worth noting that at least one member of the research team at the Massachusetts Institute of Technology behind the innovation has previously received funding from the Pentagon’s Defense Advanced Research Projects Agency (DARPA). Another also presented work at a security research symposium curated by a c-suite member of In-Q-Tel, the CIA’s high-tech venture capital firm.

Inverse recently caught up with project’s leader Dina Katabi, a 2013 MacArthur “Genius Grant” Fellow who teaches electrical engineering and computer science at MIT, to talk about how the new tech may be used... more

Auction - Original artwork from Carry On Spying (1964)


Original artwork from Carry On Spying (1964) and Carry On Cowboy (1965) will go under the hammer with an estimate of £2,000 - 3,000 and £3,000 - 5,000 respectively

Both artwork pieces were illustrated by legendary British cinema poster designer, Tom Chantrell of Star Wars fame.

The auction will be live-streamed online for fans to track the bidding on auction day. Registration and bidding is now open. Bids can be placed online at www.propstore.com/liveauction, over the phone or in person.

Prop Store's Cinema Poster Live Auction is on Thursday 28th June.  more

Friday, June 8, 2018

U.S. Embassy in China Sends Alert About Mystery Health Issue


The U.S. Embassy in China sent its second alert in two weeks Friday to its citizens over unexplained health issues that have prompted the evacuation of a number of U.S. government employees working at a consulate in a southern city...

The incidents have raised fears the unexplained issues that started in Cuba in 2016 have expanded to other countries. China says it has uncovered no information that could point to a cause...

Friday's alert called for people to be attentive of symptoms including "dizziness, headaches, tinnitus, fatigue, cognitive issues, visual problems, ear complaints and hearing loss, and difficulty sleeping." It urged them "not to attempt to locate the source of any unidentified auditory sensation. Instead, move to a different location." more

Two theories. One solution.

A new theory.
Attackers can cause potentially harmful hard drive and operating system crashes by playing sounds...

The attacks use sonic and ultrasonic sounds to disrupt magnetic HDDs as they read or write data. The researchers showed how the technique could stop some video-surveillance systems from recording live streams. Just 12 seconds of specially designed acoustic interference was all it took to cause video loss in a 720p system made by Ezviz. Sounds that lasted for 105 seconds or more caused the stock Western Digital 3.5 HDD in the device to stop recording altogether until it was rebooted.

U.S. to Thwart Spying at Singapore Summit with TSCM Bug Sweeps

U.S. officials say they are preparing to counter the Chinese spies they expect to be all over Singapore next week seeking inside information on the talks.

The Chinese, who have been known to bug everything from hotel keys to the gifts given to American visitors, are expected to deploy their increasingly sophisticated repertoire of intelligence gathering techniques, both human and electronic, in Singapore.

Areas of concern for the U.S. at the summit include:
  • U.S. officials are concerned China has recruited informants among the waiters and other staff in Singapore’s restaurants and bars, who are paid to eavesdrop on American customers and report back to their Chinese handlers.
  • Officials also expect electronic surveillance of the summit meeting sites. Americans will sweep for bugs (TSCM) in rooms at the Capello Hotel that could be used for side discussions, and could erect tents inside hotel meeting rooms to block any concealed cameras from viewing classified documents.
  • Chinese intelligence agencies have shown the ability to penetrate mobile phones even when they are off, and U.S. officials are now told to take their batteries out when they are concerned about eavesdropping, according to a U.S. intelligence official.
According to three U.S. officials, in one recent case a top U.S. official working in China repeatedly had trouble with his hotel key card. He had to replace it several times at the front desk because it wouldn’t open his door.

He brought one of the key cards back to the U.S., where security officials found a microphone embedded inside, according to the U.S. officials.

The Chinese have placed listening and tracking devices in chips embedded in credit cards, key chains, jewelry, and even event credentials, the officials said, often with the intent of capturing secret conversations among American officials. more

You can be sure same eavesdropping techniques and technology are being used for economic espionage here in the U.S. 

Fortunately, savvy private sector businesses are successfully employing similar Technical Surveillance Countermeasures (TSCM) bug sweeps on a regular basis. Businesses that do not are getting their intellectual property pockets picked. ~Kevin