"Organizations' ham-fisted operational changes due to the novel
Coronavirus will create a field day for practitioners of
espionage--industrial and otherwise."
(Sent to me by a knowledgeable source.)
Saturday, March 21, 2020
Surveillance App Reworked for Coronavirus Alerts
Health officials in Britain are building an app that would alert the
people who have come in contact with someone known to have the
coronavirus. The project aims to adapt China’s tracking efforts for
countries wary of government surveillance.
The project is an urgent effort by the British authorities to translate a surveillance tool deployed to fight China’s outbreak into something more palatable in Western democracies. The app is being developed for use in Britain, but could be adapted for other countries, particularly those with similarly centralized health systems, officials said.
The catch... Unlike the smartphone-tracking system used by the Chinese government, the British project would rely entirely on voluntary participation and would bank on people sharing information out of a sense of civic duty. more
The project is an urgent effort by the British authorities to translate a surveillance tool deployed to fight China’s outbreak into something more palatable in Western democracies. The app is being developed for use in Britain, but could be adapted for other countries, particularly those with similarly centralized health systems, officials said.
The catch... Unlike the smartphone-tracking system used by the Chinese government, the British project would rely entirely on voluntary participation and would bank on people sharing information out of a sense of civic duty. more
Friday, March 20, 2020
Will Working from Home Increase Business Espionage Opportunities
I received a question today about inductive coupling; gleaning computer data leaked on to power lines (aka, mains) from keyboards, screens, etc. The person mentioned this was possible if the residences shared the same power transformer.
"So, does the increase in work-from-home offices these days increase the business espionage threat?"
Interesting question. Got me thinking.
I replied...
You're correct about sharing a transformer. Information can be induced onto the mains and intercepted on that side of the circuit. Several floors in an apartment building and usually 3-4 homes in a residential neighborhood can share one transformer.
But, let's think this through...
Back before we all became computerized the mains lines were relatively noise-free. Carrier-current bugs and wireless intercoms worked quite well for transmitting audio. These days, the noise level is a digital cacophony, created by everyone who shares the circuit.
The very low signal level a keyboard might contribute would be difficult to hear. Segregating the signal from other digital noise would also be a challenge. With diligence and the right instrumentation deciphering this digital data is doable. It would not be a nosy neighbor doing this. If you got that far, you're probably a government and the home worker has a bigger than average problem.
Realistically speaking...
A fairly static group of mains users also reduces risk. Your neighbors aren't deep cover spies who have waited years for the chance you might be forced to work from home. Moving into a neighborhood or apartment building with spying intentions is possible, but not easy to do on a moments notice. There are easier ways to obtain even more information, with a lot less work, and greater chance of success.
Worry about these things...
The weak links in a home office are: the computer, wireless keyboards, Wi-Fi, and internet modems. Current versions of wireless keyboards use Bluetooth (30 foot range) with some pretty good security features. As for date leaking onto the mains... Most smart people use a UPS battery backup with filtering for their computers, so no problem there. For anyone without a UPS getting one is a very worthwhile recommendation for multiple reasons.
Threats the average home office faces...
Imagine this...
Your company needs to have a technical security consultant on retainer—because there is more to know.
"So, does the increase in work-from-home offices these days increase the business espionage threat?"
Interesting question. Got me thinking.
I replied...
You're correct about sharing a transformer. Information can be induced onto the mains and intercepted on that side of the circuit. Several floors in an apartment building and usually 3-4 homes in a residential neighborhood can share one transformer.
But, let's think this through...
Back before we all became computerized the mains lines were relatively noise-free. Carrier-current bugs and wireless intercoms worked quite well for transmitting audio. These days, the noise level is a digital cacophony, created by everyone who shares the circuit.
The very low signal level a keyboard might contribute would be difficult to hear. Segregating the signal from other digital noise would also be a challenge. With diligence and the right instrumentation deciphering this digital data is doable. It would not be a nosy neighbor doing this. If you got that far, you're probably a government and the home worker has a bigger than average problem.
Realistically speaking...
A fairly static group of mains users also reduces risk. Your neighbors aren't deep cover spies who have waited years for the chance you might be forced to work from home. Moving into a neighborhood or apartment building with spying intentions is possible, but not easy to do on a moments notice. There are easier ways to obtain even more information, with a lot less work, and greater chance of success.
Worry about these things...
The weak links in a home office are: the computer, wireless keyboards, Wi-Fi, and internet modems. Current versions of wireless keyboards use Bluetooth (30 foot range) with some pretty good security features. As for date leaking onto the mains... Most smart people use a UPS battery backup with filtering for their computers, so no problem there. For anyone without a UPS getting one is a very worthwhile recommendation for multiple reasons.
Threats the average home office faces...
- shared cable internet,
- Wi-Fi signal hacking,
- spyware viruses (data, audio and video compromise),
- Wi-Fi connected printer intercepts,
- information phishing scams,
- and none of the usual enterprise type protections.
Imagine this...
- Step #1: The spy purchases a USB Rubber Ducky (to crack into the computer) and an o.mg cable (to crack into the smartphone). Total cost: <$200.00.
- Step #2: Spy plops these into an old Amazon box and mails it to "the mark."
- Step #3: Mark goes, "Wow, cool. I didn't order this. Amazon must have screwed up. Not worth sending back. I'll keep it."
- Step #4: Mark plugs this windfall into his computer and phone.
- Step #5: Gotcha!
Your company needs to have a technical security consultant on retainer—because there is more to know.
Thursday, March 19, 2020
Face Masks v. Facial Recognition - China has it Covered
Hanwang, the facial-recognition company that has placed 2 million of its cameras at entrance gates across the world, started preparing for the coronavirus in early January.
Huang Lei, the company’s chief technical officer, said that even before the new virus was widely known about, he had begun to get requests...to update its software to recognize nurses wearing masks...
The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails. more
Huang Lei, the company’s chief technical officer, said that even before the new virus was widely known about, he had begun to get requests...to update its software to recognize nurses wearing masks...
The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails. more
The Best Way to Sumggle a Filing Cabinet of Secrets
An American citizen will spend the next four or so years behind bars in the US for smuggling corporate secrets out of the states to his spymasters in China.
A federal district judge this week sentenced Xuehua Edward Peng, 56, of Hayward, California, after he admitted handing over the trade secrets to Beijing. Peng earlier confessed that SD cards loaded with information stolen from an unspecified US company were left for him to collect at hotels by a contact only known as Ed.
Peng would also hide tens of thousands of dollars in hotel rooms for Ed to collect as payment. Lawyers said Peng spent years trafficking confidential info. more
Flashback to 2009 when we made a point about this vulnerability...
A federal district judge this week sentenced Xuehua Edward Peng, 56, of Hayward, California, after he admitted handing over the trade secrets to Beijing. Peng earlier confessed that SD cards loaded with information stolen from an unspecified US company were left for him to collect at hotels by a contact only known as Ed.
Peng would also hide tens of thousands of dollars in hotel rooms for Ed to collect as payment. Lawyers said Peng spent years trafficking confidential info. more
Flashback to 2009 when we made a point about this vulnerability...
Tuesday, February 25, 2020
Schools Using Kids' Phones to Track and Surveil Them
At least 10 schools across the US have installed radio frequency scanners, which pick up on the Wi-Fi and Bluetooth signals from students' phones and track them with accuracy down to about one meter, or just over three feet, said Nadir Ali, CEO of indoor data tracking company Inpixon.
His company has been in talks with other school districts, and a few schools in the Middle East are also considering the product... more
Bathroom Spycam'er Gives GoPro A Whole New Meaning
A New Jersey teen's recent routine visit to a bookstore turned into a horrible nightmare when someone filmed her while she was inside a bathroom stall, according to prosecutors.
Juan Mejia, 44, of Paterson was arrested on Wednesday at the Barnes & Noble bookstore in Clifton after he secretly videotaped two separate women who were using the bathroom stalls, according to the Passaic County Prosecutor's Office.
The incident happened when her teen daughter said she had to use the bathroom. So, Delaney said, she went upstairs to help her own mother find a book.
Shortly after getting upstairs, Delaney said, her phone "started going off like crazy."
It was her daughter "texting me that someone in the stall next to her was filming her with a GoPro, that she was scared, and to please find someone and help her," Delaney wrote.
Barnes & Noble issued a statement, saying the company was "disturbed" to learn of the incident... more
"Disturbed" is not the right response. Every business offering toilet, shower and/or changing facilities needs this.
Juan Mejia, 44, of Paterson was arrested on Wednesday at the Barnes & Noble bookstore in Clifton after he secretly videotaped two separate women who were using the bathroom stalls, according to the Passaic County Prosecutor's Office.
The incident happened when her teen daughter said she had to use the bathroom. So, Delaney said, she went upstairs to help her own mother find a book.
Shortly after getting upstairs, Delaney said, her phone "started going off like crazy."
It was her daughter "texting me that someone in the stall next to her was filming her with a GoPro, that she was scared, and to please find someone and help her," Delaney wrote.
Barnes & Noble issued a statement, saying the company was "disturbed" to learn of the incident... more"Disturbed" is not the right response. Every business offering toilet, shower and/or changing facilities needs this.
Thursday, February 20, 2020
Ultrasonic Bracelet Claims to Jam Eavesdropping Microphones
Spying isn’t the same as it was in the old days. Today, an inconspicuous smart speaker could be recording every word you say in your own home. That threat of invaded privacy will only continue to grow as more microphone-enabled devices are released in the years to come.
to combat it. They created a bracelet that uses ultrasonic signals to jam nearby microphones. Though it isn’t something that most people would need to use on a daily basis it could represent a picture of what jewelry will need to be in the future—both stylish and functional.
The experimental version is quite clunky, looking more like a piece of audio equipment than jewelry. However, that design has a purpose. The bracelet’s array of 24 speakers emit imperceptible ultrasonic signals. To nearby microphones, these signals come across as loud static that effectively drowns out any speech in the vicinity. more
This eavesdropping countermeasure has been around forever. We experimented with it back in the 80's. It's effectiveness can be very iffy, its downsides serious. Read more about it here.
Chief Bugged: Former City Council Candidate Arrested at Meeting
CA - Former City Council candidate James Clinton Davies sentenced to three years probation in eavesdropping case.
The charge stemmed from illegally recording a private conversation he had with Tehachapi Police Chief Kent Kroeger after being invited into the chief's office, and not announcing he was recording or requesting permission to record. more
Frank Anderson, Former Spy Who Supplied Afghan Insurgents, Dies at 78
Frank Anderson, an American spymaster who oversaw the Central Intelligence Agency’s covert mission to funnel weapons and other support to Afghan insurgents fighting their Soviet occupiers in the 1980s, died on Jan. 27 in Sarasota, Fla. He was 78.The cause was a stroke, his wife, Donna Eby Anderson, said. Mr. Anderson lived in Sarasota and had been in hospice care.
During his nearly 27 years with the C.I.A., Mr. Anderson became the ranking American clandestine officer in the Arab world.
He served as Beirut station chief; was promoted to chief of the Near East and South Asia division of the agency’s Directorate of Operations, its covert branch; and directed the agency’s technical services division, a role similar to that of James Bond’s “Q.” more
Soviet Spy Radio - Discovered Buried in Germany
Archaeologists digging for the remains of a Roman villa near the German city of Cologne have found a sophisticated Soviet spy radio that was buried there shortly before the fall of the Iron Curtain.
The spy radio (USSR spy radio set - Swift Mark IIIR-394KM, codenamed Strizh) was buried inside a large metal box that was hermetically sealed with a rubber ring and metal screws.
Although the radio's batteries had run down after almost 30 years in the ground, the box hissed with inrushing air when it was opened.
"Everything in the box was carefully encased in wrapping paper — it is a factory-fresh radio," said archaeologist Erich Classen from the Rhineland Regional Association (LVR). more
Collectors and Hams: Time to break out your metal detectors. ~Kevin
Although the radio's batteries had run down after almost 30 years in the ground, the box hissed with inrushing air when it was opened.
"Everything in the box was carefully encased in wrapping paper — it is a factory-fresh radio," said archaeologist Erich Classen from the Rhineland Regional Association (LVR). more
Collectors and Hams: Time to break out your metal detectors. ~Kevin
Friday, February 14, 2020
Spy Fail: Alleged Huawei Spy Caught Disguised as 'Weihua' Employee
That's apparently all one Huawei employee spy did to disguise himself during a late-night attempt to steal technology from a U.S. competitor.
Needless to say, it wasn't exactly successful.
This hilarious new detail emerged as part of the United States government's indictment of the Chinese firm on charges of racketeering and conspiracy to steal trade secrets. The indictment lays out how the company sought to steal the intellectual property of six different U.S. tech companies — though not every attempt was particularly sophisticated. more
Thursday, February 13, 2020
AI News: The Farm Bots Are Here... finally
IL - In a research field off Highway 54 last
autumn, corn stalks shimmered in rows 40-feet deep. Girish Chowdhary, an
agricultural engineer at the University of Illinois at
Urbana-Champaign, bent to place a small white robot at the edge of a row
marked 103.
The robot, named TerraSentia, resembled a souped up version
of a lawn mower, with all-terrain wheels and a high-resolution camera
on each side.
In much the same way
that self-driving cars “see” their surroundings, TerraSentia navigates a
field by sending out thousands of laser pulses to scan its environment.
A few clicks on a tablet were all that were needed to orient the robot
at the start of the row before it took off, squeaking slightly as it
drove over ruts in the field. more
Farm Bots from 48 years ago,
in your weekend movie,
Wednesday, February 12, 2020
Wireless Tech to Steal Luxury Cars in Seconds
As they both walked through a dimly lit parking garage, one of the
pair of men peered at a black, laptop-sized device inside his messenger
bag. Using buttons on its outer case, he flicked through various
options on the device's bright LED screen before landing on his choice....
"EvanConnect," one of the men in the video who goes by a pseudonym online, embodies a bridge between digital and physical crime. These devices he sells for thousands of dollars let other people break into and steal high end vehicles. He claims to have had clients in the U.S., UK, Australia, and a number of South American and European countries.
"Honestly I can tell you that I have not stolen a car with technology," Evan told Motherboard. "It's very easy to do but the way I see it: why would I get my hands dirty when I can make money just selling the tools to other people." more
"EvanConnect," one of the men in the video who goes by a pseudonym online, embodies a bridge between digital and physical crime. These devices he sells for thousands of dollars let other people break into and steal high end vehicles. He claims to have had clients in the U.S., UK, Australia, and a number of South American and European countries.
"Honestly I can tell you that I have not stolen a car with technology," Evan told Motherboard. "It's very easy to do but the way I see it: why would I get my hands dirty when I can make money just selling the tools to other people." more
How to Delete Your Personal Information From People-Finder Sites
While some sites might have a link for removing personal information, the actual process could be convoluted.
Spokeo is, perhaps, the simplest. You just find your profile page on the site, go to spokeo.com/optout, and then type (or paste) the link along with your email address so you can confirm.
Others are not as straightforward. At Whitepages, you have to paste the URL to your profile at whitepages.com/suppression_requests, and then type the reason you want to opt-out. After that, you have to provide your phone number—yes, you have to give a data broker your phone number. You then receive a call from a robot, which gives you a verification code you have to type on the website to complete the process.
The ultimate indignity? 411.info actually charges a fee if you want it to remove your info. more
Spokeo is, perhaps, the simplest. You just find your profile page on the site, go to spokeo.com/optout, and then type (or paste) the link along with your email address so you can confirm.
Others are not as straightforward. At Whitepages, you have to paste the URL to your profile at whitepages.com/suppression_requests, and then type the reason you want to opt-out. After that, you have to provide your phone number—yes, you have to give a data broker your phone number. You then receive a call from a robot, which gives you a verification code you have to type on the website to complete the process.
The ultimate indignity? 411.info actually charges a fee if you want it to remove your info. more
Subscribe to:
Posts (Atom)