Wednesday, January 15, 2020

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

...All of the electronics at the embassy—some 10 tons of equipment—was securely shipped back to the United States. Every piece was disassembled and X-rayed.

After tens of thousands of fruitless X-rays, a technician noticed a small coil of wire inside the on/off switch of an IBM Selectric typewriter. Gandy believed that this coil was acting as a step-down transformer to supply lower-voltage power to something within the typewriter. Eventually he uncovered a series of modifications that had been concealed so expertly that they had previously defied detection.

A solid aluminum bar, part of the structural support of the typewriter, had been replaced with one that looked identical but was hollow. Inside the cavity was a circuit board and six magnetometers. The magnetometers sensed movements of tiny magnets that had been embedded in the transposers that moved the typing “golf ball” into position for striking a given letter. more

Monday, January 13, 2020

Security Tip #792: Be Gone Phishing

via Krebs on Security
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."

"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more

Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.

Death by Spycam

The wedding hall was booked and home furnishings all bought... but the bride — one of thousands of women to fall victim to an epidemic of high-tech voyeurism in South Korea — is not here.

Lee Yu-jung took her own life after a colleague secretly filmed her in the changing room of the hospital where they both worked, the country’s first reported spy-cam death.

Footage of Lee was found among a bigger video cache of women, all illegally snatched in the country’s spy-cam epidemic, often with cheap devices as small as a key ring. more

Spybuster Tip #632: Fortify Your Two-factor Authentication

Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead.

 The most popular authenticator apps are Google Authenticator and Authy, but password managers 1Password and LastPass offer the service as well, if that helps you streamline. If you're heavy into Microsoft's ecosystem, you might want Microsoft Authenticator. While they all differ somewhat in features, the core functionality is the same no matter which one you use. more

Tuesday, January 7, 2020

The Art of Investigation (book)

https://amzn.to/2tF8RQ4
The Art of Investigation examines the qualities required to be a professional, thorough, and effective investigator. As the title suggests, it delves into more than the steps and procedures involved in managing an investigation, it also covers the "soft skills" necessary to effectively direct investigations and intuit along the way.

The editors and contributing authors* are the best in their field, and bring a wealth of real-world knowledge and experience to the subject. There are several publications available on the nuts-and-bolts of the process and stages of an investigation. That ground has been covered. However, little has been published on the investigative skills required, the traits necessary, and the qualities endemic to an inquisitive mind that can be cultivated to improve an investigator’s professional skill-set.

Each chapter discusses the applicability of the traits to the contributor’s own work and experience as an investigator. more
*Robert Rahn (Lt. Ret.) is one of the excellent contributors.
ISBN-13: 978-1138353787
ISBN-10: 1138353787

FutureWatch: The Demise of the Common Spies

Not so long ago, Secret Agent Man could globe-hop with impunity (sing-a-long) and hide with undercover diplomatic immunity. Now, he may as well wear the Scarlet Letter "A", for Agent.

WTF happened? Quite a bit...

9/11, for one. It's not so easy to fly under the radar these days.

In 2014, U.S. spies were exposed when the Office of Personnel Management was hacked. About 22 million fingerprints, security clearance background information, and personnel records allegedly fell into Chinese hands. In 2015 it happened again.

One can be fairly sure this isn't just a problem for U.S. spies. Other countries get hacked, too. You just don't hear about it.

If all this wasn't bad enough, a spy's best friend turned on him in the 2000's. Technology.

Video cameras are planted everywhere, and facial recognition is becoming more accurate every day. It is being used at airports, in buildings, and with in conjunction with city surveillance cameras. This list will grow, of course.

The latest advancement is analysis of video streams using artificial intelligence logarithms.  Suspicious movements, packages left unattended, predictions of future movements and crimes are analyzed by mindless machines 24/7, waiting to trigger an alert.

On the communications side spyware is a concern. Smartphone and GPS tracking don't help spies hide either.

It has been reported that some countries are compiling real-time databases which incorporate the above-mentioned speed bumps with: taxis, hotel, train, airline, credit card, customs and immigration information. As soon as one enters the country, they know where you are—minute by minute. And, if one takes too long going between locations, or a dual timeline appears (being in different places at the same time), a security alert is generated.

Couple all this with countries sharing information, e.g. EU, being a spy who needs to make in-person contacts becomes nearly impossible.

Think staying out of view is a good spy strategy? For now, perhaps. However, progress is being made by constructing a person's face by the sound of their voice.

The future of spying (no, it won't go away) will be radically different out of necessity. One can only guess how, but I understand they are working very hard on mind-reading.

Be seeing you.

Surveillance is Hot at CES 2020

At CES show, devices that see, hear, track people are promoted. Privacy concerns? Not so much.

From the face scanner that will check in some attendees to the cameras-everywhere array of digital products, the CES gadget show is all-in on surveillance technology...

All these talking speakers, doorbell cameras and fitness trackers come with the promise of making life easier or more fun, but they're also potentially powerful spying tools.

And the skeptics who raise privacy and security concerns can be easily drowned out in the flashy spectacle of gee-whiz technology. more

Monday, January 6, 2020

Information Security and Cryptography Seminar

Information Security and Cryptography
Fundamentals and Applications
June 8-10, 2020 in Zurich, Switzerland
Lecturers: Prof. David Basin and Prof. Ueli Maurer

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience.

A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2020.html. Early registration is until February 28th.

The seminar takes place in Zurich Switzerland. The lectures and all course material are in English. more

Thursday, January 2, 2020

U.S. Securities & Exchange Commission Issues Guidance on IP and Tech Risks


...Among the risks faced by companies is the risk of theft of technology, data and intellectual property through a direct intrusion by private parties or foreign actors, including those affiliated with or controlled by state actors.


While not exclusive, examples of situations in which technology, data or intellectual property may be stolen or compromised through direct intrusion include cyber intrusions into a company’s computer systems and physical theft through corporate espionage, including with the assistance of insiders... more

Your Smart TV is Spying on You — How to stop it...

Those smart TVs that sold for unheard of low prices over the holidays come with a catch. The price is super low, but the manufacturers get to monitor what you're watching and report back to third parties, for a fee.

 Or, in some cases, companies like Amazon (with its Fire TV branded sets from Toshiba and Insignia) and TCL, with its branded Roku sets, look to throw those same personalized, targeted ads at you that you get when visiting Facebook and Google.

It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!

2020 Quote of the Year - First Contender

“The biggest thing (coming in 2020) is connected everything,” said Carolina Milanesi, a technology analyst for the research firm Creative Strategies. “Anything in the home — we’ll have more cameras, more mics, more sensors.” *
 ----
via The New York Times...
The 2010s made one thing clear: Tech is everywhere in life... In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments. more

* Thus, a need for more TSCM; the yin to espionage yang.


Wednesday, January 1, 2020

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

Every engineer has stories of bugs that they discovered through clever detective work. But such exploits are seldom of interest to other engineers, let alone the general public.

Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.

It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more

Tuesday, December 31, 2019

Get Ready for a Wild Security Ride in 2020

Drones are considered mainstream business tools and are used from surveillance and delivery to agriculture and mining.

In 2020, we will see hackers trying to find out what drones know, said Lavi Lazarovitz, group research manager at Cyberark. This information can be vital for intelligence gathering, government control, corporate espionage, and more. It also means CDOs need to consider a security framework when introducing devices like drones from the onset. (and other issues) more

Now Santa's Toys Know if You Are Naughty or Nice

Christmas is over, which means there may be a few extra toys for children in the house.

Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.


...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more

This Month in Spycam News

UK - A school caretaker who installed a hidden camera in a toilet used by female teachers was sentenced to prison after the device recorded him committing the crime... When investigators searched Stupples' house, they discovered 76 videos and nearly 150,000 photos recorded from 50 separate instances of people using the toilet... Even as Stupples initially denied installing the hidden camera, his defense soon fell apart after prosecutors told the court how the accused was "very clearly visible" in one of the videos that showed him installing the device. more

US - Charges are expected to be filed Friday against a one-time registered sex offender suspected of mounting a small video camera inside a grocery store bathroom in Cathedral City. more

US - A Georgia army officer with high-ranking clearance has been arrested on charges of distribution of child pornography after an FBI agent caught him sharing nude pictures of a teenage relative captured via a spy camera. more

CA - A 56-year-old Owen Sound man is facing voyeurism charges after police allege he had been secretly filming a resident for months. Detectives with the Owen Sound Police uncovered a video camera that had been hidden in a fake heating vent in the washroom of an apartment... Police say the man worked maintenance for the building in which the incident occurred and allege the camera was installed in anticipation of a new tenant moving into the unit earlier this year. more

UK - A "deviant" voyeur secretly filmed a woman trying on a dress in a supermarket changing room - but was caught when her nine-year-old daughter saw what was happening. more