Tuesday, April 14, 2020

500,000 Hacked Zoom Accounts Given Away - Free On The Dark Web

New users have flocked to the Zoom video conferencing platform as businesses, schools, and other organizations look for ways to meet safely during the Coronavirus pandemic. Unfortunately many of those brand new accounts appear to have been secured with old passwords.

The cyber risk assessment experts at Cyble recently discovered a hacker selling stolen Zoom credentials at dirt-cheap prices — and in some cases giving them away for free.

Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company’s clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys. Cyble reached out and confirmed that the credentials were indeed valid.

Password re-use remains a huge security issue for the general public.
Fatigued users feel like they can’t remember yet another password so they set up new accounts using an old stand-by.

The problem is that by now all of those old stand-by passwords have been filed away in databases by criminal hackers. They’re actively using them to break into accounts using brute force attacks.
Usernames, email addresses, and passwords have been exposed by the billions over the past several years. Creating a new account on Zoom — or any service, for that matter — is simply not a good idea.

Hackers will come knocking. It’s not a question of if. It’s a question of when. more
Spybuster Tip # 053 - Upgrade all your passwords.
Spybuster Tip # 054 - Don't worry about having to remember all your passwords. Use a password vault.

Monday, April 13, 2020

FREE - The Murray Associates "Spycam Detection Training Course"

I've created a special Covid coupon so anyone can take our Spycam Detection in Workplace Expectation of Privacy Areas, absolutely FREE. (Normally $24.99)

The coupon code is our main website address: COUNTERESPIONAGE.COM


This is a one-hour, self-paced video course, with Certificate-of-Completion. More details about the course at spycamdetection.training or Udemy.

Or, jump straight to the start with this coupon encoded link:
https://www.udemy.com/course/spycam-detection/?couponCode=COUNTERESPIONAGE.COM

Feel free to pass along this limited time offer on to anyone you know: co-workers, friends, and family—anyone who does not want to be a victim of video voyeurs.
(Expires 04/16/2020 06:04 AM PDT (GMT -7))

How Not to be Seen - Evading CCTV Surveillance

It's theoretically possible to become invisible to cameras. But can it catch on? 



Right now, you're more than likely spending the vast majority of your time at home. Someday, however, we will all be able to leave the house once again and emerge, blinking, into society to work, travel, eat, play, and congregate in all of humanity's many bustling crowds.

The world, when we eventually enter it again, is waiting for us with millions of digital eyes—cameras, everywhere, owned by governments and private entities alike. Pretty much every state out there has some entity collecting license plate data from millions of cars—parked or on the road—every day. Meanwhile all kinds of cameras—from police to airlines, retailers, and your neighbors' doorbells—are watching you every time you step outside, and unscrupulous parties are offering facial recognition services with any footage they get their hands on.

In short, it's not great out there if you're a person who cares about privacy, and it's likely to keep getting worse. In the long run, pressure on state and federal regulators to enact and enforce laws that can limit the collection and use of such data is likely to be the most efficient way to effect change. But in the shorter term, individuals have a conundrum before them: can you go out and exist in the world without being seen?

Bottom line as of now...
All of the digital simulations run on the cloak worked with 100-percent effectiveness, he added. But in the real world, "the reliability degrades." The tech has room for improvement.

"How good can they get? Right now I think we're still at the prototype stage," he told Ars. "You can produce these things that, when you wear them in some situations, they work. It's just not reliable enough that I would tell people, you know, you can put this on and reliably evade surveillance." more

Thursday, April 9, 2020

Allen Garfield, Character Actor in ‘The Conversation,’ Dies at 80


Allen Garfield, a stocky character actor who lent an intense naturalism to celebrated 1970s films such as “The Conversation” and “Nashville,” died April 7 in Los Angeles. He was 80.

His sister, Lois Goorwitz, said the cause was complications from covid-19. Mr. Garfield had been a resident at the Motion Picture Television Fund Home, the industry retirement facility in Los Angeles where several staffers and some residents have tested positive for the coronavirus.

Mr. Garfield grew up in New Jersey and first set out as a boxer and a sportswriter. While covering sports for the Newark Star-Ledger, he studied acting at night and was eventually accepted by the Actors Studio workshop and studied under Lee Strasberg. more

State-Backed Hackers Using Virus to Increase Spying

State-backed hackers are seizing on the coronavirus pandemic to lead cyber espionage. 

In a rare joint assessment released on Wednesday, Britain’s National Cyber Security Centre — a branch of signals intelligence agency GCHQ — and the US’ Cybersecurity and Infrastructure Security Agency — part of the Department of Homeland Security — highlighted the “growing use” of Covid-19 in state-sponsored cyber attacks.

The frequency and severity of these initiatives is likely to “increase over the coming weeks and months”, the NCSC said. more

By monitoring network activity one can document and quantify this type of spying activity. Other spying methods—bugging, and physical intrusions—are covert, thus undetected. Makes sense these would be on the rise as well. Maybe more so. Something to think about while your offices are empty and vulnerable. ~Kevin

Attorney Warns Business Against Relaxing Security Standards

via Seyfarth Shaw LLP - Jeremy A. Cohen

And, of course, there are bad actors taking advantage of the current situation.

Relaxed security make systems and information far more susceptible to hacking and other data breaches, which often carry mandatory reporting obligations and hefty penalties, and invariably lead to class action lawsuits, not to mention privacy concerns.

Accordingly,  companies should think twice before loosening these security standards. By all accounts, the current COVID-19 crisis will be relatively short-lived (whether that means weeks or months is, of course, unknown), but as the saying goes, once a secret is known, it cannot be unknown.

And when this is all said and done, while courts will likely give some leeway as a result of the emergency situation, if basic safeguards were disregarded, courts may have a hard time concluding that a company undertook reasonable efforts to safeguard its information, as is required in all jurisdictions to merit trade secret protection. more

Wednesday, April 8, 2020

Interesting Article in Food Safety Magazine

In addition to nation-state industrial espionage, companies face a wide range of threats. 

“Hacktivists” launch attacks for ideological, political, or religious reasons, or simply for the challenge.

Criminal organizations attack for profit, trying to extract payment from the victim.

In addition, companies sometimes become victims even if they are not the intended target, such as the notpetya attack, which targeted a software company but had much broader impact, including the food and agriculture industry.

It is important to know that nation states and criminal organizations both do target corporations, and this article will provide solutions on how companies can better protect themselves. more

Spy Satellites Shelter in Place, or “Don’t Stop Me Now" Stopped

The rapid spread of COVID-19 around the globe has delayed the launch of three US intelligence payloads from New Zealand until at least April 23, launch provider Rocket Lab confirmed April 6.

Rocket Lab announced that they were pausing the scheduled March 30 launch of three National Reconnaissance Office payloads following the New Zealand government’s March 23 announcement that the country would enter Alert Level 4. This forced most businesses to close and the government ordered people to stay at home...

Dubbed “Don’t Stop Me Now," the March 30 launch would have been the second NRO mission launch from Rocket Lab’s New Zealand facility. more

The Spy - Pre-Release Trailer

The trailer for an upcoming WWII-set action-drama titled The Spy has been released online through Signature Entertainment. The film will be released on digital in June. more

Tuesday, April 7, 2020

Spy-Hunter Killed in Lebanon

A prominent Hezbollah commander, Muhammad Ali Yunis, was killed by unknown gunmen on Sunday morning in southern Lebanon, Iranian and Lebanese media reported.

The Iranian semi-official Fars news agency reported that the slain commander was “responsible for tracking spies and collaborators.” more

Taiwan Joins Canada & More in Banning Zoom

Taiwan's cabinet has told government agencies to stop using Zoom Video Communications Inc.'s video conferencing app, the latest blow to the company as it battles criticism of its booming platform over privacy and security. more

Malaysia - The National Security Council (NSC) has warned that hackers could be listening to their conversations amid increasing use of video conferencing applications during the movement control order (MCO) period. more

New York City's education department is directing teachers and staff to “move away from using Zoom as soon as possible” for virtual instruction purposes due to cybersecurity concerns, department spokesperson Danielle Filson said on Saturday. more 

Google has banned Zoom from its staffers' devices. Google told its employees last week that it would block Zoom from working on their Google-provided computers and smartphones. This move comes after Taiwan tolds government employees not to use Zoom. Earlier, New York schools told its teachers to "gradually transition" from Zoom to another video-conferencing service. more

Rare World War II Footage Released - British Spy Center

A silent film shows MI6 staff members at a site linked to the code-breaking facility Bletchley Park during World War II.

Like a home movie reel, the silent footage shows young people at candid moments: playing soccer and cricket, sunbathing, smiling and making faces at the camera...

But they were not ordinary office colleagues: They were off-duty secret British communications staffers, linked to code-breakers who decrypted German ciphers and helped the Allies win World War II.

The newly revealed footage features staff members of the MI6 Section VIII — the British spy agency’s communications staff — filmed at a site associated with the famous code-breaking facility Bletchley Park. more

New iPad Pro Prevents Eavesdropping or Spying

Apple beefs up iPad Pro security by disabling the microphone when the case is closed, a feature which was previously reserved for the Mac.

Apple introduced a feature with the 2018 MacBook lineup, allowing the microphone to be disabled whenever the display lid was closed. This measure was put in place to prevent eavesdropping, preventing malicious apps to tap into the microphone to gather extra data about you.

Fast forward to 2020 and the feature has come to the new iPad Pro lineup. The way it works is pretty simple - just close the lid of the case on the iPad Pro, which has to be MFi compliant, and the microphone is physically disconnected to prevent any sort of eavesdropping or malicious code from running if iPadOS is compromised in some way. more

Friday, April 3, 2020

Facebook Tried to Buy Controversial Tool to Spy on iPhone Users, Court Filing Reveals

Over the last few years, Facebook has had a slew of privacy and security blunders and more details about one of them have come to light through a new court filing as the social media company is suing the spyware company NSO Group. It turns out Facebook tried to buy controversial government spyware to monitor iPhone and iPad users.

Reported by Motherboard, when Facebook was starting to build its spyware cloaked in a VPN product, Onavo Protect for iOS and Android, the social media company reached out to the controversial company NSO Group that creates spyware for government agencies...

Apple made Facebook remove Onavo Protect from the App Store in August of 2018.

Then in 2019 Facebook repackaged it as a “Research app” and tried to pay teens to sideload it on their devices.

The Research app was shut down as well and Facebook finally shutdown Onavo completely in February 2019. more

Zoom’s Encryption Is “Not Suited for Secrets” and Has Surprising Links To China, Researchers Discover

Meetings on Zoom, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto.

The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.
Zoom could not be reached for comment. more


4/15/2020 UPDATE - More top companies ban Zoom following security fears. more