Saturday, May 18, 2019

Office Spying – The Coworking Vulnerability – Part II

Open office spaces and coworking are designed to help companies foster communication and collaboration, not only among their own employees, but also with workers from other firms.

But the intermingling also has a dark side — the risks of losing talent or intellectual property and corporate spying. And as coworking has skyrocketed in popularity over the last few years, the risks have escalated...

Some experts are raising alarm that the open, collaborative work world may be detrimental to corporate secrecy, competitiveness and intellectual property security. After all, corporate espionage is big business....

Eavesdropping is one of the biggest risks in open office environments, whether intentional or not... more

If You're a Slack'er, Patch the Hacker

A security researcher has uncovered a flaw in Slack that could've been exploited to steal files over the business messaging app and potentially spread malware.

The flaw involves Slack's Windows desktop app, and how it can automatically send downloaded files to a certain destination—whether it be on your PC or to an online storage server...

"Using this attack vector, an insider could exploit this vulnerability for corporate espionage, manipulation, or to gain access to documents outside of their purview," David Wells, a researcher at the security firm Tenable said...

Slack has patched the flaw in version 3.4.0 of the Windows desktop app. more

Thursday, May 16, 2019

To Catch a Spy - The Art of Counterintelligence

Longtime Central Intelligence Agency operative and former CIA chief of counterintelligence James “Jim” Olson delivered a talk on his career experiences and challenges Tuesday night to a near-capacity crowd at the Annenberg Presidential Conference Center.

Earlier this year, Olson released a book, To Catch a Spy: The Art of Counterintelligence, which he said is rooted in his three decades in the arena of counterintelligence. It offers “a wake-up call,” in Olson’s words, for the American public about why counterintelligence matters, and why America must protect its trade and national security secrets.

Olson said 50 countries are known to be spying against the U.S. currently. “The worst culprit, by far, is China — followed by Russia, Cuba and Iran,” he said.

“In my 31-year career in the CIA, I saw evil face-to-face more often than I care to remember,” Olson said. “People I knew and trusted — people I considered friends — betrayed us, and their treachery was close to me. It was personal, and indescribably painful. The damage that these traitors did to our country was devastating.more

Q: "You'll be using this Aston Martin DB5."

James Bond: Ejector seat? You must be joking.

Q: I never joke about my work 007.

If Goldfinger’s henchman Oddjob is coming after you, Aston Martin has just the car you need. It will cost a lot, though.


Ten months ago Aston Martin announced it would build a limited number of 1964 Aston Martin DB5s, just like the one Sean Connery, as James Bond, first drove in the movie “Goldfinger.” Twenty-five of these cars will be sold at a price of £2.75 million, or about $3.5 million. Each car will include a host of dangerous-sounding options, just like the one in the movie, Aston Martin said.

Aston Martin has finally announced what some of those gadgets will be. The cars will have, among other things, rotating license plates that can show three different tags and replica machine guns that poke out from behind the turn signals. Other clever features will include a “smoke screen” device to hide the car from pursuers and... more

Cautionary Tale: Why Scheduled Bug Sweeps (TSCM) Protect You

Consider this recent event...

NY - In the annals of jaw-dropping East Hampton political miscalculation, the bugging of the town trustees office is a new low. 

As indicated by an edited version now circulating, someone or multiple conspirators were able to make illegal secret recordings of conversations beginning in the early fall or perhaps earlier.

The technology and those responsible have not been discovered, but from the way the recordings and an associated partial transcript were organized there is a sense that it was aimed at particular trustees and not the nine-person board as a whole. more

Regularly scheduled TSCM inspections for electronic eavesdropping devices work. Here's why... 
  • Intelligence collection is a leisurely process. 
  • The bugging itself is harmless. 
  • The harm happens after the information is collected, and is then used against you. 
TSCM inspections catch bugs during the intelligence collection phase, before your information can be used against you. ~Kevin

Typical GSM bug. Easily planted. Call it from anywhere to listen in.

Tuesday, May 14, 2019

Spying - That's WhatsApp

WhatsApp users are being urged to update their apps, after it emerged that hackers are exploiting a software flaw to wiretap people's phones.

The flaw reportedly allows attackers to install malicious code, known as "spyware", on iPhones and Android phones by ringing up the target device. ​

The code can be transmitted even if the user does not answer the phone and a log of the call often disappears, the Financial Times reported. more

Not sure if WhatsApp is spying on your Android phone? Check here.

This Week in Spycam News

FL - After pleading guilty to charges related to video voyeruism, a former University of North Florida student has been sentenced to six years in prison, according to Duval County court records... Additional charges were filed after police said they learned Martinez had hidden a video camera in the men’s room at the Thomas G. Carpenter Library. more

UT - An electrician convicted of recording a naked teenager while she was in her bedroom of a house he was hired to work on was sentenced to 60 days in jail... The girl told police after she got out of the shower, she noticed a black iPhone being pushed up through a vent in her wall. She said the phone was pointed in her direction; records additionally stated. more

China Airbnb “Superhost” fined S$100 for hiding bedroom spycam in router discovered by alert female guest. The camera had been built into a router. more


SC - A Bishop England High School employee who worked as the school’s sports information director has been charged with two counts of voyeurism for allegedly videotaping student athletes in a locker room... Scofield informed police that he filmed the video in February “by setting up his phone in between the blinds of his office window, which looked into the boys’ locker room.” more

SpyCamDetection.Training

Police Can't Take Suspect's Garbage Without a Warrant, in Oregon

The Oregon Supreme Court on Thursday disagreed with more than 50 years of state case law by ruling that Oregonians retain a privacy interest in the garbage they leave on the curb for pick-up. That means police can’t search the garbage without a warrant even after a truck hauls it away...

The majority opinion noted that even the U.S. Supreme Court has said Americans don’t have a reasonable expectation of privacy “in trash left for collection in an area accessible to the public.” But the U.S. Supreme Court also said individual states are free to impose “more stringent constraints on police” based on their own constitutions.

Thursday’s ruling applies to curbside refuse collected from private homes. It doesn’t appear to apply to trash thrown in public garbage cans in public places. more

Friday, May 10, 2019

The Heidi A. Bug Caper, or... The Church Lady Tapes

NY - A 50-year-old Auburn woman faces a felony charge for eavesdropping on her coworker, according to the Auburn Police Department.

Heidi A. Church is accused of hiding a recording device under a coworker’s desk and recording conversations that she was not a party to, said Auburn police Captain James Moore.

Moore said someone found the recording device under the desk and the 41-year-old man who was the victim of the eavesdropping contacted police. more

Lucky find.
Smart businesses don't depend on luck. They check.

From Those Wonderful Emperors of Espionage...

A popular GPS tracker used as a panic alarm for elderly people and to monitor children's whereabouts can be hacked to spy on users, researchers have warned.

The white-label location tracker, manufactured in China, is rebranded and sold by multiple UK companies - including Pebbell 2 by HoIP Telecom , OwnFone Footprint , and SureSafeGo.

"There were no signs from the device when this was activated or when you called in, turning this device issued to vulnerable people into a remote listening bug,” said Fidus.

"This issue teamed with the location tracking abilities of the device allows you to conceive some pretty scary potential use cases."

The researchers also found it was possible to remotely reset the GPS tracker without needing a PIN, and kill signal to the device altogether, rendering it effectively useless.

Fidus estimates that there are at least 10,000 of these devices in use in the UK, and thousands more around the world.

The team has informed several of the device makers about the flaws, but there is no way to fix the vulnerabilities without recalling every device. more

Smokin' - New Camera Can See 28 Miles - Through Smog

A new camera can photograph you from 45 kilometers away...

Developed in China, the lidar-based system can cut through city smog to resolve human-sized features at vast distances...

Zheng-Ping Li and colleagues from the University of Science and Technology of China in Shanghai show how to photograph subjects up to 45 km (28 miles) away in a smog-plagued urban environment.

Their technique uses single-photon detectors combined with a unique computational imaging algorithm that achieves super-high-resolution images by knitting together the sparsest of data points...
Click to enlarge.
The results speak for themselves. 

The team set up the new camera on the 20th floor of a building on Chongming Island in Shanghai and pointed it at the Pudong Civil Aviation Building across the river, some 45 km away...

The entire device is about the size of a large shoebox and so is relatively portable. more

Beware of New Devices in Expectation of Privacy Areas

UK - A camera hidden inside an alarm clock was used to spy on a naked student in a shower...

Maintenance man Nicholas Burford installed the secret recording device in the bathroom of a house in South Devon and deliberately aimed its lens at the shower unit.

He recorded the 20-year-old woman at least twice, but was caught because his hidden camera malfunctioned and started making a buzzing noise. more

Learn how to spot spycams.

Even Popcorn Has Trade Secrets

Caramel Crisp LLC, the owner of Garrett Popcorn Shops (“Garrett”), the renowned Chicago-based purveyor of deliciously flavored popcorn, recently filed suit in federal court in Chicago against its former director of research and development, Aisha Putnam, alleging that she misappropriated the company’s trade secrets, including its recipes for Garret’s famous popcorn...

Garrett alleges that when she learned about the termination, Putnam began downloading “virtually all of [Garrett’s] trade secrets and confidential information in her possession to a personal USB drive, which she took home.”...

This case offers two helpful reminders to employers that seek to protect their valuable trade secrets.  

First, in determining whether something qualifies as a “trade secret,” one factor considered by courts are the reasonableness of the efforts to maintain the confidentiality of the trade secrets...

Second, whenever an employee with access to trade secrets leaves their employment (either voluntarily or involuntarily), employers should consider whether to conduct a forensic review of their computers and other storage devices to determine whether the employee took any confidential information on his or her way out the door. more

Friday, May 3, 2019

"Smart" Doorlocks Let Landlords and Third Parties Spy on You

Latch is a leading vendor of internet-of-things "smart" doorlocks that are in increasing use in rental housing (the company claims 10% of all new multiunit construction incorporates their product); they allow entry by keycode, keycard, and Bluetooth.

Latch's privacy policy is the usual IoT dumpster fire, allowing the company to harvest a vast amount of information from you and also share that information with a wide array of third parties, including (sometimes) your landlord.

Almost every method of unlocking your Latch requires an app in the loop (even PINs that you use with a numeric keyboard are delivered by app) and the app gathers huge amounts of information on you. Moreover, landlords can choose to configure Latch locks to require the app. more


California Weighs Limiting Smart Speaker 'Eavesdropping'

California is weighing whether to ban smart speakers from storing customer voice recordings by default. 

The Anti-Eavesdropping Act moving through California's state legislature would require all smart speaker vendors, including Amazon and Google, to get explicit written consent from customers before voice queries are stored.

The same legislation also seeks to ban smart speaker vendors from sharing voice-recording data with a third party, unless the customer has opted into it. more