Iran - After surrendering to serve his five-year term in prison, the younger brother of Iran’s president, Hossein Fereydoun claimed in a statement October 16 that the judge had convicted him based on eavesdropping on the presidential office.
A close advisor to Hassan Rouhani, Fereydoun did not name the body or persons responsible for the eavesdropping. Nevertheless, it is public knowledge that the Islamic Revolution Guards Corps Intelligence Organization had been behind the lawsuit against him. more
Thursday, October 17, 2019
Holy Crap: IT Folks Fear the Internet Connected Toilet
IT security professionals are nervous people.
This seems clear from a new survey perpetrated on the part of the hardware security company nCipher...
The surveyors asked 1,800 IT security professionals in 14 countries about vital elements...
Thirty-six percent confessed they were afraid they'd be spied upon by an internet-connected device. The same number feared they'd have money stolen.
Twenty-four percent fear personal embarrassment as unholy information about them would be leaked.
I, though, feel a particular empathy for the 21% who are afraid that pranksters will hack their connected toilets. more
This seems clear from a new survey perpetrated on the part of the hardware security company nCipher...
The surveyors asked 1,800 IT security professionals in 14 countries about vital elements...
Thirty-six percent confessed they were afraid they'd be spied upon by an internet-connected device. The same number feared they'd have money stolen.
Twenty-four percent fear personal embarrassment as unholy information about them would be leaked.
I, though, feel a particular empathy for the 21% who are afraid that pranksters will hack their connected toilets. more
Friday, October 11, 2019
Spy Camera Detectors – Do they work? How do they work?
Covert cameras have been around since the 1800’s. Interestingly, as soon as photography developed, people wanted to surreptitiously take photos. From voyeurs to private eyes, a spycam was the gadget to have.
In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.
Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.
With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.
In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.
Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.
With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.
Planting Spy Chips in Routers - Proof of Concept
More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks...
But even as the facts of that story remain unconfirmed...
Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment... more
But even as the facts of that story remain unconfirmed...
Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment... more
5 Cheap Things to Beef Up Your Security
by Rob Kleeger, Digital4nx Group
by Rob Kleeger, Digital4nx Group
Here are a few simple things to prevent and keep most of your private information as safe as possible from hacks or negligence.
- Invest in a Password Manager: If you are like me, most people can’t remember the login details for the dozens of online services they use, so many people end up using the same password — or some variation of one — everywhere. If you are one of those people, this means that if just one site on which you use your password gets hacked, someone could gain access to all your accounts.
- Use a virtual private network (VPN) service: When connected to any internet-connected device, it helps to keep most of your browsing private from your internet service provider; it reduces some online tracking; and it secures your connections when you use public Wi-Fi.
- Turn on MFA (2FA) on everything: Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because knowing the victim's password alone is not enough to pass the authentication check. Two-factor authentication doesn’t guarantee security, and it is vulnerable to hacking attacks like phishing attempts that spoof a login page.
- Backup: Have a backup plan. All too often, SMB leadership says they backup, but the backup is saved on the server, which if gets encrypted, serves no purpose...neither does attaching a NAS to the same network. Have a cloud-based or offline based backup plan. Confirm backups run regularly and periodically test those backups to do a full restore.
- Don't forget about the paper: In many ways, people are so focused on cybersecurity, they forget about the basics. Use a cross-cutting paper shredder. Wirecutter recommends the AmazonBasics 15-Sheet Cross-Cut Shredder for most people, though serious privacy mavens should step up to the AmazonBasics 12-Sheet High-Security Micro-Cut Shredder, which runs a little slower but produces confetti half the size of a cross-cut shredder’s pieces.
Thursday, October 10, 2019
LaFollette Councilwoman Indicted - 34 counts of Wiretapping and Electronic Surveillance
TN - A LaFollette city councilwoman was indicted Thursday on wiretapping and official misconduct charges after a nearly eight-month investigation by the Tennessee Bureau of Investigation...
Campbell County District Attorney Jared Effler requested the TBI investigate after a recording device was found in the LaFollette City Hall Conference Room. Investigators later determined that Thompson was responsible for placing the device in the conference room.
On October 2nd, the Campbell County Grand Jury returned indictments charging Thompson with 34 counts of Wiretapping and Electronic Surveillance and two counts of Official Misconduct. more
Campbell County District Attorney Jared Effler requested the TBI investigate after a recording device was found in the LaFollette City Hall Conference Room. Investigators later determined that Thompson was responsible for placing the device in the conference room.
On October 2nd, the Campbell County Grand Jury returned indictments charging Thompson with 34 counts of Wiretapping and Electronic Surveillance and two counts of Official Misconduct. more
Julian Assange’s Hideout May Have Been Bugged
A Spanish security firm that worked for the Ecuadorean embassy in London is being investigated on suspicion it spied on WikiLeaks founder Julian Assange for US secret services.
Spain’s National Court says it is investigating whether David Morales and his Undercover Global SL security agency invaded Assange’s privacy and that of his lawyers by installing hidden microphones and other devices in the embassy.
It said the information gathered appeared to have been passed on to Ecuadorean and US bodies. more
UPDATE - Director of Spanish security company that spied on Julian Assange arrested.
Spain’s National Court says it is investigating whether David Morales and his Undercover Global SL security agency invaded Assange’s privacy and that of his lawyers by installing hidden microphones and other devices in the embassy.
It said the information gathered appeared to have been passed on to Ecuadorean and US bodies. more
UPDATE - Director of Spanish security company that spied on Julian Assange arrested.
Cop Dropped for Electronic Eavesdropping - Nothing Further to Report
CA - The Roseville Police Department arrested an officer of Folsom’s police
force Wednesday on suspicion of stalking, electronic eavesdropping and
illegally using monitoring equipment...
The Roseville Police Department said it would not be releasing any further information regarding the investigation. more
Read more here: https://www.sacbee.com/news/local/crime/article235979622.html#storylink=cpy
The Roseville Police Department said it would not be releasing any further information regarding the investigation. more
Read more here: https://www.sacbee.com/news/local/crime/article235979622.html#storylink=cpy
Don't Get Struck by Lightning by Borrowing a Cable
Bad news: A hacker has created a rogue Lightning cable that lets bad guys take over your computer. Worse news: Now it’s being mass-produced.
... from now on, asking a stranger to borrow a Lightning cable, or accepting an offer by a stranger to give you one, is the last thing you’ll want to do if you’re scrupulous about protecting your data.
That’s because a hacker has created the first Lightning cable that, when plugged into your Mac or PC, will allow someone to remotely take over your computer.
Worse, this hacked Lightning cable, called the O.MG Cable, isn’t a bespoke one-off. It’s being mass-produced in factories so anyone can buy and use them to target your data. more
... from now on, asking a stranger to borrow a Lightning cable, or accepting an offer by a stranger to give you one, is the last thing you’ll want to do if you’re scrupulous about protecting your data.
That’s because a hacker has created the first Lightning cable that, when plugged into your Mac or PC, will allow someone to remotely take over your computer.
Worse, this hacked Lightning cable, called the O.MG Cable, isn’t a bespoke one-off. It’s being mass-produced in factories so anyone can buy and use them to target your data. more
Japan Ninja Student - Writes Essay in Invisible Ink - Gets A+
Japanese student of ninja history who handed in a blank paper was given top marks - after her professor realised the essay was written in invisible ink.
Eimi Haga followed the ninja technique of "aburidashi", spending hours soaking and crushing soybeans to make the ink.
The words appeared when her professor heated the paper over his gas stove.
"It is something I learned through a book when I was little," Ms Haga told the BBC. more
Eimi Haga followed the ninja technique of "aburidashi", spending hours soaking and crushing soybeans to make the ink.
The words appeared when her professor heated the paper over his gas stove.
"It is something I learned through a book when I was little," Ms Haga told the BBC. more
Tuesday, October 8, 2019
A Blue Blaze Irregular Asks About RFID Money Detectors
Hi Kevin,
I would love it if you did a report on the RFID in currency and the "detectors" that are used to identify the exact amount of cash in a car, suitcase, etc.
For example, a husband and wife were driving with $14,000 cash to buy a car when an automobile from Homeland Security pulled alongside them for a minute to scan their car. When they realized the car had $14,000 in it, they informed the local law enforcement which then proceeded to pull the car over to confiscate the money. Or the sheriff in Northern California who uses a similar "detector" to pull over people who are bringing cash to Nor Cal to buy cannabis during harvest season. From what I've read, wrapping anything that has the RFID in it with aluminum foil or a Faraday cage-like material is enough to block any signals. I think your readers would find this very interesting.
Thanks Kevin I appreciate it.
FutureWatch: I looked into it and found some interesting articles. It appears the U.S. Treasury department is looking into it. They currently have a Request for Information (RFI) out to develop this technology. Answers due by January, 24, 2020.
Technical papers on this technology include...
Banknote Validation through an Embedded RFID Chip and an NFC-Enabled Smartphone
A Comparison Survey Study on RFID Based Anti-Counterfeiting Systems
RFID banknotes
Apparently, this technology has been explored since at least 2001. I couldn't find that it has been implemented anywhere... yet. It appears it may be coming, however.
Our BBI is correct. RFID readers can be easily blocked by Faraday Cage techniques.
All this reminds me weapons of war; evolutionary stair-step escalation through the ages.
Double FutureWatch: RFID tracking of currency may become a moot point if governments leap-frog into cryptocurrencies.
For example, a husband and wife were driving with $14,000 cash to buy a car when an automobile from Homeland Security pulled alongside them for a minute to scan their car. When they realized the car had $14,000 in it, they informed the local law enforcement which then proceeded to pull the car over to confiscate the money. Or the sheriff in Northern California who uses a similar "detector" to pull over people who are bringing cash to Nor Cal to buy cannabis during harvest season. From what I've read, wrapping anything that has the RFID in it with aluminum foil or a Faraday cage-like material is enough to block any signals. I think your readers would find this very interesting.
Thanks Kevin I appreciate it.
FutureWatch: I looked into it and found some interesting articles. It appears the U.S. Treasury department is looking into it. They currently have a Request for Information (RFI) out to develop this technology. Answers due by January, 24, 2020.
Technical papers on this technology include...
Banknote Validation through an Embedded RFID Chip and an NFC-Enabled Smartphone
A Comparison Survey Study on RFID Based Anti-Counterfeiting Systems
RFID banknotes
Apparently, this technology has been explored since at least 2001. I couldn't find that it has been implemented anywhere... yet. It appears it may be coming, however.
Our BBI is correct. RFID readers can be easily blocked by Faraday Cage techniques.
All this reminds me weapons of war; evolutionary stair-step escalation through the ages.
Double FutureWatch: RFID tracking of currency may become a moot point if governments leap-frog into cryptocurrencies.
Monday, October 7, 2019
Signal Users - Time to Patch
A security flaw in the privacy-focused encrypted messaging service
Signal could enable a threat actor to listen to the audio stream
recorded by the Android device of another Signal user, without their
knowledge...
The attack does not work with Signal video calls.
The issue was discovered last month by a researcher with Google Project Zero. Signal has already released a patch. more
The attack does not work with Signal video calls.
The issue was discovered last month by a researcher with Google Project Zero. Signal has already released a patch. more
GPS Cyberstalking of Girlfriend Brings Indictment for Alleged Mobster
20 supposed wiseguys charged because one was possessive...
Joseph Amato's attempt to surveil his girlfriend by attaching a hidden GPS device to her car led authorities to surveil the alleged mobster, and ultimately to his indictment by a grand jury...
"In November 2016, a GPS tracking device was found on an MTA bus in Staten Island during a routine maintenance inspection: it had been hidden in an oil pan," the government's detention memo states. "In fact, Joseph Amato had purchased the device to place a girlfriend, identified herein as Jane Doe, under close surveillance and used the tracking device in an attempt to maintain control over her."...
...after Jane Doe discovered the GPS tracker on her car and removed it. The detention memo suggests she placed it on an MTA bus to thwart Amato's surveillance. more
Joseph Amato's attempt to surveil his girlfriend by attaching a hidden GPS device to her car led authorities to surveil the alleged mobster, and ultimately to his indictment by a grand jury...
"In November 2016, a GPS tracking device was found on an MTA bus in Staten Island during a routine maintenance inspection: it had been hidden in an oil pan," the government's detention memo states. "In fact, Joseph Amato had purchased the device to place a girlfriend, identified herein as Jane Doe, under close surveillance and used the tracking device in an attempt to maintain control over her."...
...after Jane Doe discovered the GPS tracker on her car and removed it. The detention memo suggests she placed it on an MTA bus to thwart Amato's surveillance. more
Labels:
amateur,
counterespionage,
GPS,
humor,
lawsuit,
surveillance
Women Snooping on Boyfriends Help Topple Dictator Instead
It all started in 2015 with a frantic message from a woman in Sudan who was having cold feet ten days before her wedding. The woman had a nagging feeling her husband-to-be was cheating on her, and she was desperate to find out the truth before she went through with the marriage.
She decided to reach out to her friend Rania Omer, who had won a lottery visa to become a U.S. citizen five years earlier.
Now Omer was 24 and studying at a college in Nebraska, but she still fancied herself an anti-matchmaker among her close-knit community back home in Khartoum. The friend wanted Omer’s help. Would she mind posting a photo of the potential husband to Facebook to see if other women could dig up information on him?
A few hours later, Omer had her answer: one commenter posted to say she was his wife. more
She decided to reach out to her friend Rania Omer, who had won a lottery visa to become a U.S. citizen five years earlier.
Now Omer was 24 and studying at a college in Nebraska, but she still fancied herself an anti-matchmaker among her close-knit community back home in Khartoum. The friend wanted Omer’s help. Would she mind posting a photo of the potential husband to Facebook to see if other women could dig up information on him?
A few hours later, Omer had her answer: one commenter posted to say she was his wife. more
Friday, October 4, 2019
Dissinformation as a Service (DaaS)
While disinformation campaigns are often associated with governments, new research indicates there is a robust, easy-to-navigate market for anyone looking to buy their own propaganda arms.
It is “alarmingly simple and inexpensive” to launch a sophisticated disinformation campaign, analysts from threat-intelligence company Recorded Future concluded after studying the issue. “Disinformation services are highly customizable in scope, costing anywhere from several hundreds of dollars to hundreds of thousands of dollars, or more depending on the client’s needs.”...
“If the ease of this experience is any indication, we predict that disinformation-as-a-service will soon spread from a nation-state tool to one increasingly used by individuals and organizations,” the Recorded Future analysts said. more
As Technical Information Security Consultants, this caught our attention.
The best disinformation always adds in some correct information. The sum is verisimilitude, the ring of truth.
So, where will the best correct information come from? Inside, of course.
Another very good reason to conduct regularly scheduled Technical Information Security surveys at your organization.
It is “alarmingly simple and inexpensive” to launch a sophisticated disinformation campaign, analysts from threat-intelligence company Recorded Future concluded after studying the issue. “Disinformation services are highly customizable in scope, costing anywhere from several hundreds of dollars to hundreds of thousands of dollars, or more depending on the client’s needs.”...
“If the ease of this experience is any indication, we predict that disinformation-as-a-service will soon spread from a nation-state tool to one increasingly used by individuals and organizations,” the Recorded Future analysts said. more
As Technical Information Security Consultants, this caught our attention.
The best disinformation always adds in some correct information. The sum is verisimilitude, the ring of truth.
So, where will the best correct information come from? Inside, of course.
Another very good reason to conduct regularly scheduled Technical Information Security surveys at your organization.
Subscribe to:
Posts (Atom)