This story broke in the Security Scrapbook on March 24th. Unfortunately, the full BBC video could not be viewed outside of the UK at that time. A part of it is now available on YouTube.
This BBC report examines the "molka" phenomenon in South Korea: the proliferation of hidden wireless cameras in toilets and hotel rooms, and the culture of blackmail and revenge porn around it. "How many spycams can Stacey Dooley find in a love motel bedroom?"
Every time you unlock your front door, your key whispers a small, but audible, secret. Hackers finally learned how to listen.
Researchers at the National University of Singapore published a paper earlier this year detailing how, using only a smartphone microphone and a program they designed, a hacker can clone your key.
What's more, if a thief was able to install malware on your smartphone, smartwatch, or smart doorbell to record the audio from afar, they wouldn't even need to be physically nearby to pull off the attack.
The key (ahem) to the attack, dubbed SpiKey, is the sound made by the lock pins as they move over a typical key's ridges. more
Nowadays more than ever, corporate espionage and hacking and stealing of IP has become a business discipline – with the threat not only coming from Asia. Desperation of many businesses due to dire economic outlooks, isolationism of nations and the new security gaps have amplified the willingness to obtain competitor information.
Take car manufacturers. These companies typically go through great lengths to get hold of their competitors’ newly released models to test and often dismantle them to get more information on the parts used and build process. This is mostly seen as legal.
Daimler, for example, used a cover entity to rent and test Deutsche Post DHL’s own electric van Streetscooter. Deutsch Post discovered what Daimler was doing through the van’s location data as it had made numerous laps around Daimler’s test track. The company later accused Daimler of industrial espionage. Daimler argued, however, that it was just “Mystery shopping”.
An educated and credentialed Technical Surveillance Countermeasures (TSCM) specialist can help solve your security concerns, some of which you didn't even know existed!
PA - In June 2016, James Hardcastle, 42, transported three minor boys, ages 15, 16 and 16, as their coach to Wildwood, New Jersey to participate in a basketball tournament, and shared a motel room with them in which there was no shower curtain.
The defendant installed a USB drive containing a hidden camera in a power outlet in the bathroom and surreptitiously filmed each of the minors taking showers.
Previously, in June and July 2015, the defendant also attempted to videotape two minors in a bathroom using a hidden camera while the minors were visiting his home in Bensalem. more
The camera looked something like this...
Be
aware of scammers pretending to be COVID-19 contact tracers.
Legitimate contact tracers will never ask for your Medicare Number or financial information. If someone calls
and asks for personal information, like your Medicare Number, hang up and report it to 1-800-MEDICARE. medicare.gov & more
Verizon launched its Hyper Precise Location using Real Time Kinematics (RTK), a location technology that provides location accuracy within 1-2 centimeters, on the Verizon network.
Verizon has built and deployed RTK reference stations nationwide to provide pinpoint level accuracy to RTK compatible internet of things (IoT) devices. RTK will also support emerging technologies that depend on high level location accuracy such as delivery drones and customer-approved location data for first responders during emergencies...
Additionally, the rollout of hyper-precise location services paired with Verizon’s 5G Ultra Wideband (UWB) network and 5G Edge, will pave the way for more autonomous technologies. more
RedCurl is its name.
Corporate espionage is its game.
Security researchers today published findings on a new APT group they claim has been stealing data from organizations around the world as far back as 2018. Since then, RedCurl has targeted at least 14 private companies in 26 attacks designed to steal documents containing commercial secrets and employees' personal information.
Its targets span a range of industries and locations. The group has targeted organizations in construction, finance, consulting, retail, banking, insurance, law, and travel...
There is no indication who might have hired RedCurl, where they might be based, or who is behind these attacks, he adds. The group is fairly new, and researchers hope to learn more over time.
"Corporate espionage is not something that we're used to on the cyberscene," Mirkasymov says. Researchers believe the frequency of these attacks indicates it's likely to become more widespread in the future. more
----------
Three corporate espionage reasons why VW was not a good career choice...
March 14th - Former VW employee says he was fired after questioning deletion of documents. more
June 16th - Former VW employee sought by U.S. arrested in Croatia... more
August 14th - Former VW employee under investigation for corporate espionage found dead in burned-out car...was investigated by the police on suspicion of violating business secrets. more
----------
The U.S. National Security Agency and Federal Bureau of Investigation today issued a joint cybersecurity advisory warning on a previously undisclosed form of Russian malware...although the objectives of Drovorub were not detailed in the report, they could range from industrial espionage to election interference. more
----------
Once again, LinkedIn is the battleground for nation state espionage operations. Every counterintelligence and insider threat professional should be paying attention...The goal of the social engineer is to entice the target to at least take a gander at the job offering being discussed and click the attachment which is provided. This attachment carries the payload of malware designed to compromise the device and network of the target. Once the device is compromised and the group has access to the content, their espionage goals are achieved. more
----------
...and Corporate Espionage can also be entertaining...
Russian SIMs. Encrypted SIMs. White SIMs.
Beyond spoofing phone numbers, some SIMs let a caller manipulate their voice in real-time, adding a baritone or shrill cloak to their phone calls that is often unintentionally funny. Other cards have the more worthwhile benefit of being worldwide, unlimited data SIMs that criminals source anonymously from suppliers without having to give up identifying information and by paying in Bitcoin.
The SIM cards themselves aren't inherently illegal, but criminals certainly make a noticeable chunk of the companies' customer bases. The NCA told Motherboard it has seized so-called Russian SIMs from suspects during investigations. more
A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls.
Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower)...
Researchers say that the equipment to pull off a ReVoLTE attack costs around $7,000. While the price might seem steep, it is certainly in the price range of other 3G/4G mobile interception gear, usually employed by law enforcement or criminal gangs...
A scientific paper detailing the ReVoLTE attack is also available for download as PDF from here and here. The paper is titled "Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE." more
According to William Blackstone's Commentaries on the Laws of England (1769), 'eavesdroppers, or such as listen under walls or windows, or the eaves of a house, to hearken after discourse, and thereupon to frame slanderous and mischievous tales, are a common nuisance and presentable at the court-leet'.
Today, however, eavesdropping is not only legal, it's ubiquitous – unavoidable. What was once a minor public-order offence has become one of the key political and legal problems of our time, as the Snowden revelations made clear.
Eavesdropping addresses the capture and control of our sonic world by state and corporate interests, alongside strategies of resistance. For editors James Parker (Melbourne Law School) and Joel Stern (Liquid Architecture), eavesdropping isn't necessarily malicious.
We cannot help but hear too much, more than we mean to. Eavesdropping is a condition of social life. And the question is not whether to eavesdrop, therefore, but how. buy or free (pdf)
 |
| Vol. 2 (Af-x.10): plate between pages 302 & 303 |
The illustration depicts a piazza-listening device.
The voices from the piazza are taken by the horn up through the mouth of the statue in the room on the piano nobile above, allowing both espionage and the appearance of a miraculous event. more
The modern eavesdropping equivalent is the ventilation plenum. Acoustical ducting is something most people don't consider when concerned about eavesdropping. We do.
MD - A woman is facing felony wiretapping charges on allegations she secretly recorded board meetings at the Four Quarters Interfaith Sanctuary.
Rosanna
E. Tufts, 61, of Cockeysville, was charged with 11 counts of
interception, disclosure or use of wire, electronic or oral
communication. more
"The threat model in corporate espionage is absolutely one of theft of property. It’s a lot easier to steal somebody’s laptop than to hack it." ~ toxik
“This data collection threatens to allow the Chinese Communist Party
access to Americans’ personal and proprietary information — potentially
allowing China to track the locations of Federal employees and
contractors, build dossiers of personal information for blackmail, and
conduct corporate espionage,” the TikTok order reads. more
Essentially what this means is that if they were able to perform an
interception, adversaries could eavesdrop on vast sections of the globe. more