The vast majority of people in developed countries now carry a smartphone everywhere. And while many of us are already well aware of privacy issues associated with smartphones, like their ability to track our movements or even take surreptitious photos, an increasing number of people are starting to worry that their smartphone is actually listening to everything they say.
There might not be much evidence for this but, it turns out, it isn’t far from the truth. Researchers worldwide have begun developing many types of powerful audio analysis AI algorithms that can extract a lot of information about us from sound alone. While this technology is only just beginning to emerge in the real world, these growing capabilities – coupled with its 24/7 presence – could have serious implications for our personal privacy.
Instead of analyzing every word people say, much of the listening AI that has been developed can actually learn a staggering amount of personal information just from the sound of our speech alone. It can determine everything from who you are and where you come from, your current location, your gender and age and what language you’re speaking – all just from the way your voice sounds when you speak.
If that isn’t creepy enough... more
Thursday, November 29, 2018
Tuesday, November 27, 2018
"A Tough Year for the GRU"
Igor Korobov, head of the Russian military intelligence agency GRU, which has been accused of meddling in U.S. elections, has died in Moscow. He was 62.
The Defense Ministry said Thursday in a statement that Korobov, who led the GRU since 2016, died Wednesday of "a lengthy and grave illness," a usual Russian euphemism for cancer. His predecessor had died two years earlier, at 58.
Russian President Vladimir Putin offered condolences to Korobov's family but did not immediately name his successor...
This has been a tough year for the GRU, which has faced a series of exposures that revealed its inner workings. more
The Defense Ministry said Thursday in a statement that Korobov, who led the GRU since 2016, died Wednesday of "a lengthy and grave illness," a usual Russian euphemism for cancer. His predecessor had died two years earlier, at 58.
Russian President Vladimir Putin offered condolences to Korobov's family but did not immediately name his successor...
This has been a tough year for the GRU, which has faced a series of exposures that revealed its inner workings. more
Multiple Audio/Video Eavesdropping Devices Found in Boardroom, Office and Records Room
South Africa - Science and technology minister Mmamoloko Kubayi-Ngubane has filed a complaint with the State Security Agency (SSA) after cameras were found in her office, the Sunday Times reports.
Police found multiple cameras which could record both video and sound, and could be accessed remotely.
The cameras were were reportedly placed within the minister’s boardroom, records room, and office.
According to the report, the cameras were discovered when senior managers confronted junior staff about discussions they had with the minister in her office. more
Note: The devices were only discovered when the eavesdroppers let on that they knew more than they should. Dumb on their part.
Dumber, however, is they were not found sooner with a routine Technical Surveillance Countermeasures (TSCM) sweep, a standard practice at many organizations these days.
Police found multiple cameras which could record both video and sound, and could be accessed remotely.
The cameras were were reportedly placed within the minister’s boardroom, records room, and office.
According to the report, the cameras were discovered when senior managers confronted junior staff about discussions they had with the minister in her office. more
Note: The devices were only discovered when the eavesdroppers let on that they knew more than they should. Dumb on their part.
Dumber, however, is they were not found sooner with a routine Technical Surveillance Countermeasures (TSCM) sweep, a standard practice at many organizations these days.
Can AI be Trusted with Surveillance Tasks?
China's war on jaywalking went to the next level last spring when AI-based facial recognition systems were integrated into some crosswalks, to punish jaywalkers by squirting them with water, sending them texts warning them about legal consequences of jaywalking, and/or publicly shaming them by displaying their pictures and names on large digital billboards.
Last week, this system entered a new and exciting failure mode when a traffic-cam in the port city of Ningbo captured a face displayed on the side of a passing bus, correctly identified it as belonging to Dong Mingzhu, CEO of Chinese AC giant Gree Electric Appliances, and then plastered Ms Dong's face all over a giant billboard, falsely accusing her of jaywalking. more
Last week, this system entered a new and exciting failure mode when a traffic-cam in the port city of Ningbo captured a face displayed on the side of a passing bus, correctly identified it as belonging to Dong Mingzhu, CEO of Chinese AC giant Gree Electric Appliances, and then plastered Ms Dong's face all over a giant billboard, falsely accusing her of jaywalking. more
This Week in Spycam News
AZ - A Phoenix-based American Airlines flight attendant was sentenced to five
years of probation for taking videos of men and boys using public
restrooms. more
WA - Ex-South Seattle College director Gene Baker 52 was arrested last Tuesday after a teenage tenant of his told police that he had planted a camera in an alarm clock in her bedroom and that it had captured footage of her in various states of dress. more
Japan - An analysis of 406 patients who visited a sex addiction clinic here for treatment for camera voyeurism showed that they took 1,000 peeping shots on average before seeking medical help, a clinic official reported. more
S. Korea - Police recently busted a website that was used to share pornographic pictures -- including spycam porn -- arresting the suspected owner and booking 86 others without detention. more
UK - A man who took covert video footage of young women in a state of undress has been jailed for six months and placed on the sex offenders register. Jonathan Thomas Watson, 21, from Harrogate, videoed one woman as she was getting changed in a cubicle at Knaresborough Swimming Pool...Watson filmed six other females at a property in Knaresborough using similar covert means. more
FL - Investigators say a Florida teacher confessed to secretly videotaping a high school student as she changed her shirt. more
S. Korea - After a months-long investigation into Yang Jin-ho, the owner of the nation's two biggest file sharing sites, police have confirmed the existence of a million-dollar cartel for the production and distribution of spycam porn videos. Apart from owning WeDisk and Filenori, file sharing platforms where spycam clips and revenge porn were circulated, police found Yang had a hand in virtually every stage of the profitable operation. more
WA - Ex-South Seattle College director Gene Baker 52 was arrested last Tuesday after a teenage tenant of his told police that he had planted a camera in an alarm clock in her bedroom and that it had captured footage of her in various states of dress. more
Japan - An analysis of 406 patients who visited a sex addiction clinic here for treatment for camera voyeurism showed that they took 1,000 peeping shots on average before seeking medical help, a clinic official reported. more
S. Korea - Police recently busted a website that was used to share pornographic pictures -- including spycam porn -- arresting the suspected owner and booking 86 others without detention. more
UK - A man who took covert video footage of young women in a state of undress has been jailed for six months and placed on the sex offenders register. Jonathan Thomas Watson, 21, from Harrogate, videoed one woman as she was getting changed in a cubicle at Knaresborough Swimming Pool...Watson filmed six other females at a property in Knaresborough using similar covert means. more
FL - Investigators say a Florida teacher confessed to secretly videotaping a high school student as she changed her shirt. more
S. Korea - After a months-long investigation into Yang Jin-ho, the owner of the nation's two biggest file sharing sites, police have confirmed the existence of a million-dollar cartel for the production and distribution of spycam porn videos. Apart from owning WeDisk and Filenori, file sharing platforms where spycam clips and revenge porn were circulated, police found Yang had a hand in virtually every stage of the profitable operation. more
Monday, November 26, 2018
When VPN means Very Poor Network
Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.
"Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal.
"Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support," Migliano said.
The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. more
Kevin's Spybuster Tip # 724 - Check out Outline.
"Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal.
"Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support," Migliano said.
The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. more
Kevin's Spybuster Tip # 724 - Check out Outline.
IT Director Alert - Patch Those Printers... now
Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers.
Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fax capabilities simply by sending a fax.
In July, Positive Technology shared a proof-of-concept attack that shows how attackers can compromise a corporate network via installing a customized Xerox printer firmware on a targeted printer.
In August, HP Inc. patched hundreds of inkjet models vulnerable to two vulnerable remote code execution flaws (CVE-2018-5924, CVE-2018-5925).
Printers, security researchers say, are the Achilles Heel for network management. They sit on the network like a PC and need regular updating like any other network endpoint – but often don't. more
Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fax capabilities simply by sending a fax.
In July, Positive Technology shared a proof-of-concept attack that shows how attackers can compromise a corporate network via installing a customized Xerox printer firmware on a targeted printer.
In August, HP Inc. patched hundreds of inkjet models vulnerable to two vulnerable remote code execution flaws (CVE-2018-5924, CVE-2018-5925).
Printers, security researchers say, are the Achilles Heel for network management. They sit on the network like a PC and need regular updating like any other network endpoint – but often don't. more
Labels:
#espionage,
#hack,
#IoT,
advice,
cybersecurity,
photocopier
Tuesday, November 20, 2018
From the Don't Poop Where You are Going to Eat Files
For a century, Vienna has been the world capital of espionage.
It’s a city of world-class mystery and intrigue, as depicted in countless spy novels and films. Vienna has it all: lovely vistas, great food and wine, affordable prices, and an extraordinarily permissive environment for espionage.
In Austria, you’re free to spy on nearly whomever you want, and there are plenty of targets. Everybody has an embassy in Vienna, plus it’s the second city of the United Nations. When it comes to espionage, the only way to get in trouble in Vienna is by spying on your hosts—and that’s just what the Russians got caught doing. more
It’s a city of world-class mystery and intrigue, as depicted in countless spy novels and films. Vienna has it all: lovely vistas, great food and wine, affordable prices, and an extraordinarily permissive environment for espionage.
In Austria, you’re free to spy on nearly whomever you want, and there are plenty of targets. Everybody has an embassy in Vienna, plus it’s the second city of the United Nations. When it comes to espionage, the only way to get in trouble in Vienna is by spying on your hosts—and that’s just what the Russians got caught doing. more
Spy Rule #629 - Don't Order Bugs Using Company Email
Eavesdropping charges have been filed against a central Illinois schools administrator who allegedly planned to secretly record a closed session of the school board.
The News-Gazette reports Champaign County State's Attorney Julia Rietz alleged Thursday that Samuel Byndom used a device disguised as a pen to record an Oct. 28 closed session of the school board. The 35-year-old Byndom is Urbana District 116's assistant superintendent of learning and instruction.
Rietz said Urbana police have been investigating Byndom since a school district employee found an email order confirmation on a school district computer for a voice-activated recorder pen from a company called "SpyGuy."
Members of the school board members went forward with the closed session after learning about the recording device order, but searched the room before starting. They found the device and removed it. more
The News-Gazette reports Champaign County State's Attorney Julia Rietz alleged Thursday that Samuel Byndom used a device disguised as a pen to record an Oct. 28 closed session of the school board. The 35-year-old Byndom is Urbana District 116's assistant superintendent of learning and instruction.
Click to enlarge. |
Members of the school board members went forward with the closed session after learning about the recording device order, but searched the room before starting. They found the device and removed it. more
A New EU Spy School... with some possible strings attached.
The defense ministers of 25 EU member countries agreed Monday on a joint EU intelligence school, along with 16 other new projects, as part of their military pact...
The establishment of a joint EU spy school would be a big step forward for the bloc’s intelligence community. Until recently, a significant deepening of intelligence cooperation in the Union was blocked by the U.K., which viewed it as unwelcome competition to the Five Eyes intelligence alliance... With Brexit approaching, London no longer stands in the way.
However, eyebrows will be raised by the proposal to have Greece lead the academy, with help from Cyprus, meaning two of the EU’s members with the closest ties to Moscow would run the project. more
The establishment of a joint EU spy school would be a big step forward for the bloc’s intelligence community. Until recently, a significant deepening of intelligence cooperation in the Union was blocked by the U.K., which viewed it as unwelcome competition to the Five Eyes intelligence alliance... With Brexit approaching, London no longer stands in the way.
However, eyebrows will be raised by the proposal to have Greece lead the academy, with help from Cyprus, meaning two of the EU’s members with the closest ties to Moscow would run the project. more
"So, uh, what's your Social Security number, kid?"
It's the cute toy tipped to be a Christmas hit, but there are fears ‘Dino’ the dinosaur may be vulnerable to hackers who could steal information about its young owners.
The ‘smart toy’, which is able to ‘learn’, answer questions and read bedtime stories, is among a series of technology gifts that have failed to win approval from the Mozilla Foundation...said it had been unable to determine if Dino – an internet-connected toy...uses sufficient encryption to guard against hackers.
It was also critical of the complexity of its privacy policy which includes an admission in the small print that, when a child plays with Dino, it automatically collects information about a child’s ‘likes and dislikes, interests, and other educational metrics’. more
The ‘smart toy’, which is able to ‘learn’, answer questions and read bedtime stories, is among a series of technology gifts that have failed to win approval from the Mozilla Foundation...said it had been unable to determine if Dino – an internet-connected toy...uses sufficient encryption to guard against hackers.
It was also critical of the complexity of its privacy policy which includes an admission in the small print that, when a child plays with Dino, it automatically collects information about a child’s ‘likes and dislikes, interests, and other educational metrics’. more
Labels:
cautionary tale,
cybersecurity,
Internet,
IoT,
Santa,
toy
Spybuster Tip #720 - iPhone Knows What You Did Last Summer... and how to stop it.
Your iPhone knows where you go and how often.
The feature is called Significant Locations, and it is buried deep within iPhone's reptilian brain.
Want a peak?
Significant Locations may include the locations of, and frequency of visits to, significant others, whom you would rather not have your other significant others know about.
Or, if you are an investigator, it just might help you crack a case!
~Kevin
The feature is called Significant Locations, and it is buried deep within iPhone's reptilian brain.
Want a peak?
- Open Settings
- Open Privacy
- Open Location Services
- Scroll to the very end and open System Services
- Keep scrolling until you hit Significant Locations
- At this point, you will need to sign in again.
Significant Locations may include the locations of, and frequency of visits to, significant others, whom you would rather not have your other significant others know about.
Or, if you are an investigator, it just might help you crack a case!
~Kevin
Monday, November 19, 2018
Renters: Beware of Creepy Landlords and their Alarm Clocks - Part II
WA - A former South Seattle College employee is in jail after allegedly putting a spy camera in an exchange student’s bedroom.
The 52-year-old man is being held in King County Jail in lieu of a $500,000 bond on suspicion of voyeurism. Q13 News is not naming the suspect because he has not yet been charged.
According to Seattle police: On Nov. 11, a foreign exchange student from South Seattle College contacted police. She said she is one of five women renting a house in the 5000 block of 16th Ave SW. The home is owned by a 52-year-old college employee who lives there. All of the renters are young women who attend the college.
The victim told police she moved into the home in September. When she moved in the suspect offered her an alarm clock. The victim accepted it. more
The 52-year-old man is being held in King County Jail in lieu of a $500,000 bond on suspicion of voyeurism. Q13 News is not naming the suspect because he has not yet been charged.
According to Seattle police: On Nov. 11, a foreign exchange student from South Seattle College contacted police. She said she is one of five women renting a house in the 5000 block of 16th Ave SW. The home is owned by a 52-year-old college employee who lives there. All of the renters are young women who attend the college.
The victim told police she moved into the home in September. When she moved in the suspect offered her an alarm clock. The victim accepted it. more
Note to Spies: Get a retainer.
A former employee at UBS Group AG’s French unit whose spying helped build a $6 billion tax case against the bank found the value of her work after she lost her job: 3,000 euros ($3,400).
The relatively paltry sum is all Stephanie Gibaud -- who organized events for wealthy UBS France clients before she was fired in 2012 -- got from a lawsuit she filed last year against the government to obtain 3.5 million euros. The court made its decision Thursday.
The Paris administrative court acknowledged her contribution and recognized the “stress” she suffered for it. Gibaud, 53, was also given an official status as “an occasional assistant to the public service” seven years after she aided investigators during a surveillance mission of UBS bankers and clients at an event organized around the 2011 Roland-Garros tennis tournament. more
The Gloves are off in Thefts of U.S. Technology Secrets
It was the great microchip heist — a stunning Chinese-backed effort that pilfered as much as $8.75 billion in patented American technology.
U.S. officials say the theft took a year to pull off and involved commercial spies, a Chinese-backed company, a Taiwanese chipmaker and employees affiliated with Micron Technology, a U.S.-based microchip behemoth.
Yet what Micron called “one of the boldest schemes of commercial espionage in recent times” is most notable because it’s not unusual. more
U.S. officials say the theft took a year to pull off and involved commercial spies, a Chinese-backed company, a Taiwanese chipmaker and employees affiliated with Micron Technology, a U.S.-based microchip behemoth.
Yet what Micron called “one of the boldest schemes of commercial espionage in recent times” is most notable because it’s not unusual. more
Subscribe to:
Posts (Atom)