Thursday, August 20, 2020

Hackers Can Now Clone Your Keys Just by Listening to Them (wtf?!?!)

Every time you unlock your front door, your key whispers a small, but audible, secret. Hackers finally learned how to listen. 

Researchers at the National University of Singapore published a paper earlier this year detailing how, using only a smartphone microphone and a program they designed, a hacker can clone your key. 

What's more, if a thief was able to install malware on your smartphone, smartwatch, or smart doorbell to record the audio from afar, they wouldn't even need to be physically nearby to pull off the attack. 

The key (ahem) to the attack, dubbed SpiKey, is the sound made by the lock pins as they move over a typical key's ridges. more

Wednesday, August 19, 2020

Why Corporations Need a TSCM Consultant On-Board

Nowadays more than ever, corporate espionage and hacking and stealing of IP has become a business discipline – with the threat not only coming from Asia. Desperation of many businesses due to dire economic outlooks, isolationism of nations and the new security gaps have amplified the willingness to obtain competitor information.

Take car manufacturers. These companies typically go through great lengths to get hold of their competitors’ newly released models to test and often dismantle them to get more information on the parts used and build process. This is mostly seen as legal. 

Daimler, for example, used a cover entity to rent and test Deutsche Post DHL’s own electric van Streetscooter. Deutsch Post discovered what Daimler was doing through the van’s location data as it had made numerous laps around Daimler’s test track. The company later accused Daimler of industrial espionage. Daimler argued, however, that it was just “Mystery shopping”.

The impact of the pandemic

The sudden shift to remote work has massively amplified the problem of protecting proprietary information. As companies had to implement remote access technologies fast (or upgrade existing infrastructures) to ensure business continuity, they often fell back on improvisation. This led to the frequent neglect of even the most basic security and compliance protocols. more

An educated and credentialed Technical Surveillance Countermeasures (TSCM) specialist can help solve your security concerns, some of which you didn't even know existed!

Spycam News: X-Youth Basketball Coach Sentenced to 20 Years

 PA - In June 2016, James Hardcastle, 42, transported three minor boys, ages 15, 16 and 16, as their coach to Wildwood, New Jersey to participate in a basketball tournament, and shared a motel room with them in which there was no shower curtain.  

The defendant installed a USB drive containing a hidden camera in a power outlet in the bathroom and surreptitiously filmed each of the minors taking showers.  

Previously, in June and July 2015, the defendant also attempted to videotape two minors in a bathroom using a hidden camera while the minors were visiting his home in Bensalem. more

The camera looked something like this...

These spy cameras come in all different shapes, sizes and disguise enclosures. Learning how to spot them is easy, and may save you or someone you care about from being a victim. more

Privacy Alert - Scammers Pretending to be COVID-19 Contact Tracers

Be aware of scammers pretending to be COVID-19 contact tracers.
Legitimate contact tracers will never ask for your Medicare Number or financial information. If someone calls and asks for personal information, like your Medicare Number, hang up and report it to 1-800-MEDICARE. medicare.gov & more

Verizon Launches Hyper-Precise GPS Location Technology

Verizon launched its Hyper Precise Location using Real Time Kinematics (RTK), a location technology that provides location accuracy within 1-2 centimeters, on the Verizon network. 

Verizon has built and deployed RTK reference stations nationwide to provide pinpoint level accuracy to RTK compatible internet of things (IoT) devices. RTK will also support emerging technologies that depend on high level location accuracy such as delivery drones and customer-approved location data for first responders during emergencies...Additionally, the rollout of hyper-precise location services paired with Verizon’s 5G Ultra Wideband (UWB) network and 5G Edge, will pave the way for more autonomous technologies. more

Saturday, August 15, 2020

Corporate Espionage in the News

RedCurl is its name.
Corporate espionage is its game.

Security researchers today published findings on a new APT group they claim has been stealing data from organizations around the world as far back as 2018. Since then, RedCurl has targeted at least 14 private companies in 26 attacks designed to steal documents containing commercial secrets and employees' personal information.

Its targets span a range of industries and locations. The group has targeted organizations in construction, finance, consulting, retail, banking, insurance, law, and travel...

There is no indication who might have hired RedCurl, where they might be based, or who is behind these attacks, he adds. The group is fairly new, and researchers hope to learn more over time.

"Corporate espionage is not something that we're used to on the cyberscene," Mirkasymov says. Researchers believe the frequency of these attacks indicates it's likely to become more widespread in the future. more

----------

Three corporate espionage reasons why VW was not a good career choice...

March 14th - Former VW employee says he was fired after questioning deletion of documents. more

June 16th - Former VW employee sought by U.S. arrested in Croatia... more 

August 14th - Former VW employee under investigation for corporate espionage found dead in burned-out car...was investigated by the police on suspicion of violating business secrets. more

----------

The U.S. National Security Agency and Federal Bureau of Investigation today issued a joint cybersecurity advisory warning on a previously undisclosed form of Russian malware...although the objectives of Drovorub were not detailed in the report, they could range from industrial espionage to election interference. more

----------

Once again, LinkedIn is the battleground for nation state espionage operations. Every counterintelligence and insider threat professional should be paying attention...The goal of the social engineer is to entice the target to at least take a gander at the job offering being discussed and click the attachment which is provided. This attachment carries the payload of malware designed to compromise the device and network of the target. Once the device is compromised and the group has access to the content, their espionage goals are achieved. more

----------

...and Corporate Espionage can also be entertaining...

How 'American Ronin' Explores Superhumans and Corporate Espionage
As the conflict between global corporations heats up, one man decides to strike back against the unseen forces that quietly rule the modern world, using an entirely unanticipated weapon — his own mind. That’s the idea at the center of American Ronin...The series is the first collaboration between writer Peter Milligan (Shade the Changing Man, Hellblazer, X-Force) and artist ACO (Midnighter, Nick Fury), with the two playing off each other’s strengths to create a story that’s part-corporate espionage, part-superhuman thriller and unlike anything else on the stands at the moment. more

Thursday, August 13, 2020

White Sims from the Dark Side

Russian SIMs. Encrypted SIMs. White SIMs. 

These cards go by different names in the criminal underground, and vary widely in quality and features...

Beyond spoofing phone numbers, some SIMs let a caller manipulate their voice in real-time, adding a baritone or shrill cloak to their phone calls that is often unintentionally funny. Other cards have the more worthwhile benefit of being worldwide, unlimited data SIMs that criminals source anonymously from suppliers without having to give up identifying information and by paying in Bitcoin.

The SIM cards themselves aren't inherently illegal, but criminals certainly make a noticeable chunk of the companies' customer bases. The NCA told Motherboard it has seized so-called Russian SIMs from suspects during investigations. more

Wednesday, August 12, 2020

Attack Can Decrypt 4G (LTE) Calls to Eavesdrop on Conversations

A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls.

 Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower)...

Researchers say that the equipment to pull off a ReVoLTE attack costs around $7,000. While the price might seem steep, it is certainly in the price range of other 3G/4G mobile interception gear, usually employed by law enforcement or criminal gangs...

A scientific paper detailing the ReVoLTE attack is also available for download as PDF from here and here. The paper is titled "Call Me Maybe: Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE." more

Saturday, August 8, 2020

Eavesdropping: A Reader (book)

The earliest references to eavesdropping are found in law books. 

According to William Blackstone's Commentaries on the Laws of England (1769), 'eavesdroppers, or such as listen under walls or windows, or the eaves of a house, to hearken after discourse, and thereupon to frame slanderous and mischievous tales, are a common nuisance and presentable at the court-leet'. 

Today, however, eavesdropping is not only legal, it's ubiquitous – unavoidable. What was once a minor public-order offence has become one of the key political and legal problems of our time, as the Snowden revelations made clear.

Eavesdropping addresses the capture and control of our sonic world by state and corporate interests, alongside strategies of resistance. For editors James Parker (Melbourne Law School) and Joel Stern (Liquid Architecture), eavesdropping isn't necessarily malicious. 

We cannot help but hear too much, more than we mean to. Eavesdropping is a condition of social life. And the question is not whether to eavesdrop, therefore, but how. buy or free (pdf)

Friday, August 7, 2020

1650 Kircher Musurgia Listening Devices

The book Musurgia Universalis is famous and has been since it appeared in 1650. 
kircher musurgia listening device
Vol. 2 (Af-x.10): plate between pages 302 & 303

The illustration depicts a piazza-listening device.

The voices from the piazza are taken by the horn up through the mouth of the statue in the room on the piano nobile above, allowing both espionage and the appearance of a miraculous event. more

The modern eavesdropping equivalent is the ventilation plenum. Acoustical ducting is something most people don't consider when concerned about eavesdropping. We do.

Woman Charged with Wiretapping at Church

MD - A woman is facing felony wiretapping charges on allegations she secretly recorded board meetings at the Four Quarters Interfaith Sanctuary.

Rosanna E. Tufts, 61, of Cockeysville, was charged with 11 counts of interception, disclosure or use of wire, electronic or oral communication. more

Corporate Espionage Quote of the Week

"The threat model in corporate espionage is absolutely one of theft of property. It’s a lot easier to steal somebody’s laptop than to hack it." ~ toxik

National Security Concerns — Executive Orders Against TikTok

President Trump issued two executive orders late Thursday against China-based TikTok and messaging app WeChat, citing national security concerns in a sweeping order that could prevent the companies from doing most business in the United States....

“This data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information — potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage,” the TikTok order reads. more

Satellite Comms Globally Open to $300 Eavesdropping Hack

Satellite internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. And all they need is $300 worth of off-the-shelf equipment to pull it off...

Essentially what this means is that if they were able to perform an interception, adversaries could eavesdrop on vast sections of the globe. more

Thursday, August 6, 2020

Stay Safe - Stay Feeling Good

This fun statement can be taken several ways...
• Anti Covid-19
I'm not feeling very social right now!
• A warning to spies that you are protected against electronic surveillance. 
Available here.

Want to know more about protecting your privacy?
Visit us at https://counterespionage.com