Monday, August 5, 2019

A Brief History of Surveillance in America


For the last several years, Brian Hochman has been studying electronic surveillance—both the technological developments that have made eavesdropping possible and the cultural and political realities that have made it a part of American life for more than 150 years...

How far back do we have to go to find the origins of wiretapping?
It starts long before the telephone. The earliest statute prohibiting wiretapping was written in California in 1862, just after the Pacific Telegraph Company reached the West Coast, and the first person convicted was a stock broker named D.C. Williams in 1864. His scheme was ingenious: He listened in on corporate telegraph lines and sold the information he overheard to stock traders...

It’s only in the 1920s that ordinary Americans start to take notice of wiretapping and it's not really until the 1950s that it's seen as a national problem...

The House Intelligence Committee looked into illegal wiretapping in 1975 as part of its investigation of risks of U.S. intelligence operations. Michael Hershman (holding a 'plug bug') explaining surveillance and counter-surveillance technology. (AP Photo/Charles Gorry)
FutureWatch...
Historians are not in the business of prognostication, but the one thing that I can say with some certainty is that electronic surveillance and dataveillance are going to scale. They will be more global and more instantaneous. I can say with much more certainty that that public attention to these issues will wax and wane. more

Millions Of Chinese-Made Cameras Can Be Hacked To Spy On Users

Despite more awareness of the risks associated with Chinese surveillance equipment, the news this week that cameras from the world's second-largest manufacturer of such devices can be used to secretly listen in to users still comes as a shock.

Put simply, the newly disclosed backdoor vulnerability means that millions of cameras have been carrying the potential to be used as eavesdropping devices—even when the audio on the camera is disabled.

"Essentially," warned Jacob Baines, the researcher who first disclosed the vulnerability with cameras used by both consumers and enterprises, "if this thing is connected directly to the internet, it’s anyone’s listening device."...

Baines initially shared this latest issue with Dahua OEM Armcrest two months ago, reporting that he could "remotely listen" to a tested camera "over HTTP without authentication." The vulnerability can be seen in action in a video shared by Baines on YouTube. more

Tuesday, July 23, 2019

The ‘Golden Age of SIGINT’ May Be Over

The US government cannot control the skyrocketing use of encrypted communications that allow adversaries, terrorists, criminals — and ordinary folks who care deeply about privacy, including journalists — to block eavesdropping by national security agencies, says a new study funded by DARPA and the Center for Advanced Studies on Terrorism (CAST).

The ‘golden age of SIGINT’ may be over, particularly within the next five or ten years,” the study, “Going Dark: Implications of an Encrypted World,” finds. The traditional methods of collecting signals intelligence and eavesdropping on communications used by the Intelligence Community (IC) will no longer be effective. “End-to-end encryption of all communications and data, differential privacy, and secure communications for all users are likely to be the new reality,” the study says. more

Android Smartphone Alert: Spearphone Eavesdropping

A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses. 

A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android devices’ on-board accelerometers (motion sensors) to infer speech from the devices’ speakers.

An acronym for “Speech privacy exploit via accelerometer-sensed reverberations from smartphone loudspeakers,” Spearphone was pioneered by an academic team from the University of Alabama at Birmingham and Rutgers University.

They discovered that essentially, any audio content that comes through the speakers when used in speakerphone mode can be picked up by certain accelerometers in the form of sound-wave reverberations. And because accelerometers are always on and don’t require permissions to provide their data to apps, a rogue app or malicious website can simply listen to the reverberations in real time, recording them or livestreaming them back to an adversary, who can analyze and infer private data from them. more

Apple Watch Walkie-Talkie is Fixed

The latest release fixes a security flaw in the Walkie-Talkie app that could potentially allow users to listen in on others’ conversations. Apple disabled the app until it could fix the problem, which watchOS 5.3 apparently does. more


Spycam Report from China

Sales of spy cameras are rampant at Shenzhen’s gadget paradise, Huaqiangbei, according to a report by state broadcaster CCTV. The report, secretly filmed (ironically) by CCTV reporters, found vendors selling secret cameras disguised as pens, lighters and alarm clocks, among a number of other things. This is in spite of the fact that it's illegal in China to sell “espionage equipment” that can be used for secretly monitoring and photographing people.


In one case, the CCTV reporter bought a fake power socket with a camera hidden in one of the holes and double-sided tape on the back to allow for mounting on a wall. It included an SD card socket and a charging port at the bottom...

In another example from the report, one shop demonstrated a different power socket that hides the camera in a small hole in the bottom-right corner. The video can also be watched in real time from a smartphone app.

In recent months, a series of events that show just how easy it is to secretly film people in hotels has unnerved people in China. The apparent prevalence of the practice has raised concerns about people’s privacy and safety...

In another case, a couple found a hidden camera in the TV in their hotel room in the city of Zhengzhou. Police later determined one person had installed hidden cameras in at least five rooms. Then they detained a manager at the hotel when he claimed more than 80% of the hotels in the city have hidden cameras. more

Google: Wi-Spy Case Cashed Out

Google is poised to pay a modest $13 million to end a 2010 privacy lawsuit that was once called the biggest U.S. wiretap case ever and threatened the internet giant with billions of dollars in damages.
The settlement would close the books on a scandal that was touched off by vehicles used by Google for its Street View mapping project. Cars and trucks scooped up emails, passwords and other personal information from unencrypted household Wi-Fi networks belonging to tens of millions of people all over the world. more

Monday, July 22, 2019

From the What Goes Around Files: Russia's FSB Hacked

Russia's Secret Intelligence Agency Hacked: 'Largest Data Breach In Its History'
 
Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSB—Russia's Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world.

The data was passed to mainstream media outlets for publishing. FSB is Russia's primary security agency with parallels with the FBI and MI5, but its remit stretches beyond domestic intelligence to include electronic surveillance overseas and significant intelligence-gathering oversight. It is the primary successor agency to the infamous KGB, reporting directly to Russia's president. more

Tuesday, July 16, 2019

Information Security: Privacy Tips for Business Travelers

The Basics...
  • Beware of shoulder surfers. Get one of these.
  • Know when to shut your mouth. Don't give strangers any confidential information.
  • Use a Virtual Private Network (VPN).
  • Change any passwords you used while on your tip.
  • Keep your device with you to reduce info-suck opportunities.
  • Avoid using public charging stations (unless you have one of these).
  •  Read Murray Associates' Guide to Off-Site Meeting Information Security.

Security Director Tips: You Don't Have to be an IT Dude to Protect Your Company Online

The Top 6 things you can do to better than the IT department. (Go ahead. Take back some turf.)
  1. Establish a cyber incident response plan.
  2. Regularly rehearse the response plan using a range of different scenarios.
  3. Monitor and manage the risk posed from the supply chain.
  4. Ensure the company understands the terms of their insurance and what is covered.
  5. Understand what 'normal' looks like for the business, in terms of application usage, so the company can identify any unfamiliar patterns.
  6. Investing in regular training and raising their people's awareness of cyber security. more

Monday, July 15, 2019

Spanish App Works Like Spanish Fly... undercover

Spain’s data protection agency has fined the country’s soccer league, LaLiga, €250,000 (about $280,000) for allegedly violating EU data privacy and transparency laws. The app, which is used for keeping track of games and stats, was using the phone’s microphone and GPS to track bars illegally streaming soccer games...

Using a Shazam-like technology, the app would record audio to identify soccer games, and use the geolocation of the phone to locate which bars were streaming without licenses. more

Spot on ID, or... "The Tell-Tale Heart"

via MIT Technology Review 

A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. “I don’t want to say you could do it from space,” says Steward Remaly, of the Pentagon’s Combating Terrorism Technical Support Office, “but longer ranges should be possible.”... In the longer run, this technology could find many more uses, its developers believe... more

Like eavesdropping? 
(Spoiler Alert: Israeli scientists did this in 2009, and then improved it in 2014.) ~Kevin

Friday, July 12, 2019

FREE: "Top Secret: From Ciphers to Cyber Security" GCHQ Exhibit in London

Historic gadgets used by British spies will be revealed for the first time later this week, as one of the country's intelligence agencies steps out the shadows to mark its centenary -- and to educate people about the risks of cyber-attacks.

The Government Communications Headquarters (GCHQ) will hold an unprecedented exhibition at London's Science Museum, taking visitors through 100 years of secret conversations and eavesdropping...

A prototype of the Enigma cipher machine used by the Germans will be on display. But the standout exhibit at this new exhibition is the 5-UCO machine developed in 1943 to send decrypted German messages to officers in the field...

"Top Secret: From Ciphers to Cyber Security" opens to the public on Wednesday and runs until February 2020. more

FREE but must book ahead: Science Museum, Exhibition Road, South Kensington, London SW7 2DD  ~Kevin

Historical - A Covert Transmitter & A Mistake = Early Fake News

February 13, 1935 was probably the first case of a major news organization incorrectly reporting a courtroom verdict because of a radio communications fail - the birth of Fake News! 

Flemongton, NJ - The Associated Press (AP) thought it was being uniquely creative - and sneaky - during "The Trial of the Century" involving the kidnapping and murder of Charles Lindberg's young son. A reporter secreted in a miniature shortwave transmitter, concealed within a leather brief case. A receiver station above the courtroom stood ready to copy the agreed upon code, based on the verdict, and send the results to its newspaper feeds.

Little did they know that a competing news agency had the same idea, but used a different code. The AP operator received the New York Daily News code assuming it was from the AP mole. It immediately sent the story to hundreds of editors across the world.

One of the short-wave transmitters carried by a reporter into the courtroom at Flemington was concealed in a small leather brief-case...


Short Wave Craft described how to build a short-wave set in a brief-case in the June 1932 issue - three years earlier! With a slight change in the connections, this receiver is easily converted into a transmitter for code signals, such as those used at the Hauptmann trial.

Short waves played a most important role in the famous million-dollar Hauptmann trial. Two tiny short-wave transmitters were secretly carried by reporters into the courtroom and were used to signal the jury's verdict to other reporters outside the locked courtroom. more

Eavesdropping and TSCM Trends Track Each Other


Conclusion: As organizations and individuals realize that electronic eavesdropping is escalating, they search for Technical Surveillance Countermeasures (TSCM) services, aka bug sweeps.