Sunday, September 20, 2020

How to Detect Malicious USB Cables

A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions...

The worst malicious cables take control of a user’s cell phone, laptop, or desktop...

We purchased and tested several malicious USB cables. From what was learned during these tests our technical staff developed several new inspection protocols.

 more

Can’t identify the bugged cable?
No worries. You can’t tell just by looking, even we can’t.

That’s why we put a small black mark on it.
It is Cable 3.

Saturday, September 19, 2020

Apple's iOS 14 Now Alerts You To Eavesdropping & Spycam'ing

Any time an app access your microphone, a little amber dot will appear in the status bar, over by where the Wi-Fi and cellular connection symbols are. 

When an app access the camera, a green dot will appear. 


These are fairly universally understood as “recording” lights and they will clearly point out when an app you’re using is accessing the camera or microphone at times it shouldn’t.

Just since the release of the iOS 14 beta, the lights have already revealed sketchy behavior in several apps that have gone on to promise updates to fix the “bugs.” (good word to use)

This and six other new privacy features can be found here... more

Flashback - July 1988 - Eavesdropping in America

 July 1988 - Eavesdropping in America

A podcast before there were podcasts. Ted was way ahead of his time.



Wednesday, September 16, 2020

Two FREE Security Book Offers for Potential Clients

Free books are a great way to get to know who you are dealing with, before you decide to deal with them!

---

While international travel has come to a screeching halt due to COVID-19, the threat of economic and industrial espionage continues to proliferate. 

In fact, due to the global pandemic, intellectual property (IP) and business intelligence (BI) is more valuable than ever to foreign governments and business competitors, looking to gain an economic advantage in the marketplace. 

Among Enemies: Counter-Espionage for the Business Traveler, by Luke Bencie, is a valuable textbook. It should be read by, "corporate executives, defense contractors, lawyers, academics, military personnel, diplomats and virtually anyone else who travels with important information, how to protect their themselves and their interests."

It has a 4.4 out of 5 star rating on Amazon, and 25 excellent reviews. You may purchase a copy there. Visit Luke's website (smiconsultancy.com/) first. If his services can help your organization, request a complimentary copy.

---

This informative bundle should also be on every security director's desk...

Is My Cell Phone Bugged?: Everything You Need to Know to Keep Your Mobile Conversations Private (Coincidentally, This book also has a 4.4 out of 5 star rating on Amazon, and 25 excellent reviews.)

The Security Director's Guide to Discussing TSCM with Management

Both are available to Murray Associates potential clients. Complimentary. No obligation. No follow-up sales call unless you request it.

Visit counterespionage.com to learn how to detect and deter electronic surveillance and corporate espionage. Click here to request you complimentary bundle.

Accurate knowledge is the first step in protecting your privacy and valuable information. Contact us through our websites, today.  (offer expires 10/31/2020)

Security Director Alert - Information Technology, Government, Healthcare, Financial, Insurance, and Media Sectors

via counterespionage-news.com

Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are aware of a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States.

The threat actor conducts mass scanning and uses tools, such as Nmap, to identify open ports. Once the open ports are identified, the threat actor exploits CVEs related to VPN infrastructure to gain initial access to a targeted network.

After gaining initial access to a targeted network, the threat actor obtains administrator-level credentials and installs web shells allowing further entrenchment. After establishing a foothold, the threat actor’s goals appear to be maintaining persistence and ex-filtrating data. This threat actor has been observed selling access to compromised network infrastructure in an online hacker forum. more


Monday, September 14, 2020

Make Google Street View Myopic When it Looks at Your Home

Google Street View offers up a window to the world in all its bizarre, intimate, and often raw glory. That window just so happens to peek into your home, as well. What that peek reveals may be more than you've bargained for — think views into bedroom windows, potential fodder for stalkers, and more.

Thankfully, there is something you can do about it. Specifically, you can ask Google to permanently blur your house out — leaving only a smeared suggestion of a building in its place. The entire process is surprisingly easy...

Here's what you do:

1. Go to Google Maps and enter your home address

2. Enter into Street View mode by dragging the small yellow human-shaped icon, found in the bottom-right corner of the screen, onto the map in front of your house

3. With your house in view, click "Report a problem" in the bottom-right corner of the screen

4. Center the red box on your home, and select "My home" in the "Request blurring" field

5. Write in the provided field why you want the image blurred (for example, you may be concerned about safety issues)

6. Enter in your email address, and click "Submit"

And, when you're done with that, do the same thing on Bing Maps (the process is surprisingly similar). more

Saturday, September 12, 2020

Centerfold's Drowning Prompts Police to Probe Possible Spying Mission

A Playboy model from Russia drowned during a photo shoot in proximity of a major European NATO base prompting police to investigate whether it was a cover for a secret spying mission, according to reports.

The naked body of Galina Fedorova, 35, was discovered by coast guards after she and her photographer swam in the Mediterranean Sea off Sardinia, officials told Agence France-Presse (AFP).

Police then interrogated Yev Taranovs, a 42-year-old British photographer.

His cameras and a drone used during their shoot were confiscated, according to the UK newspaper The Sun.

There is interest in the drone footage as this happened very close to a NATO firing range,” a police source told the paper of one of Italy’s largest military bases on the Teulada coastline. “We have to make sure the assignment was not a cover for a spying mission.” more

Could the "spying mission" explanation be a cover for examining the drone footage?

Australia's IoT Code, or "No worries, mate, she'll be right."

The Australian government has introduced a new code of practice to encourage manufacturers to make IoT devices more secure. 

The code provides guidance on secure passwords, the need for security patches, the protection and deletion of consumers' personal data and the reporting of vulnerabilities, among other things.

 The problem is the code is voluntary. Experiences elsewhere, such as the United Kingdom, suggest a voluntary code will be insufficient to deliver the protections consumers need.

Indeed it might even increase risks, by lulling consumers into a false sense of security about the safety of the devices they buy. more

Judge Rules for Plaintiffs Spy Camera Case

PA - Two State College-area residents have won part of their federal suit against a Massachusetts man accused of placing spy cameras in the apartment they shared...

Crust, Edelstein and Knutrud, all former Penn State students, knew each other for about two years before August 2017 when they began sharing an apartment on West Aaron Drive in Ferguson Twp.

As a Christmas gift that year, Knutrud gave them a DVD player that he installed at the foot of their bed.


Edelstein became suspicious because Knutrud would take the player to his upstairs bedroom at times.

Crust and she disconnected it but they claim Knutrud plugged it back in and aimed it at their bed.

They also accused him of installing devices capable of capturing and storing audio, video and still images throughout the apartment including the bathroom.

Brann’s opinion states Knutrud captured Crust and Edelstein in various state of undress and while engaging in sex acts.

He also is accused of accessing and storing 27 nude or partially nude photograph of her she had stored on her Apple iCloud account.

(And now, The Darwin Award) The recording equipment on one occasion captured Knutrud in the bedroom sniffing Edelstein’s undergarments, Brann noted. more

Electronic Surveillance Countermeasures (TSCM) are in More Budgets These Days

Murray Associates TSCM
CA - Modesto has allocated as much as $700,000 over the next two years for law firms and private investigators...

Modesto issued what is called a Request for Proposals to seek law firms and investigators for this work. 

The request asked for such services as “surveillance, investigative research, interviews, background investigations, undercover investigations, people locates, Internet & E-mail tracing, computer examinations as well as electronic surveillance countermeasures,” according to the RFP. more


Read more here: https://www.modbee.com/news/local/article245640555.html#storylink=cpy

Make sure they are not in your business.
Conduct periodic TSCM inspections.


Read more here: https://www.modbee.com/news/local/article245640555.html#storylink=cpy

Wednesday, September 9, 2020

China Looks To Build Espionage Hub In Iran Under 25-Year Deal


The next phase of the 25-year deal between China and Iran will focus on a large-scale roll-out of electronic espionage and warfare capabilities
focused around the port of Chabahar and extending for a nearly 5,000 kilometer (3,000 mile) radius, and the concomitant build-out of mass surveillance and monitoring of the Iranian population, in line with the standard operating procedure across China, senior sources close to the Iranian government told OilPrice.com last week. 

Both of these elements dovetail into Beijing’s strategic vision for Iran as a fully-functioning client state of China by the end of the 25-year period.

By that time, Iran will be an irreplaceable geographical and geopolitical foundation stone in Beijing’s ‘One Belt, One Road’ project, as well as providing a large pool of young, well-educated, relatively cheap labor for Chinese industry. 

The mass surveillance, monitoring, and control systems to cover Iran’s population is to begin its full roll-out as from the second week of November...

The plan is for nearly 10 million extra CCTV [closed-circuit television] cameras to be placed in Iran’s seven most populous cities, to begin with, plus another five million or so pinhole surveillance cameras to be placed at the same time in another 21 cities, with all of these being directly linked in to China’s main state surveillance and monitoring systems,” said an Iran source. “This will enable the full integration of Iran into the next generation of China’s algorithmic surveillance system that allows for the targeting of behavior down to the level of the individual by combining these inputs with already-stored local, national, and regional records on each citizen, together with their virtual data footprints,” he said. more

 

Law Enforcement's Love Hate Relationship with Video Doorbells

Ring Doorbell Helps Kalamazoo Police Find Home Invasion Suspects more

FBI Worried That Ring Doorbells Are Spying on Police more

Drive-by Shooting Caught on Ring Doorbell Camera in Detroit more 

Video Doorbell Devices Poses Risk to Law Enforcement more

Amazon Ring Police Partnerships Rise Nationwide more

Report: U.S. Could Counter Un-Democratic Uses of Surveillance Tech

The U.S. government should take a more active role in responding to the use of surveillance technology by authoritarian and repressive nations such as China, according to a new report.

The Center for New American Security published a report Thursday outlining steps the U.S. government should take to ensure surveillance technologies do not become abusive. The report suggests federal agencies, including the State Department and the Defense Advanced Research Projects Agency, should research and fund the development of technology solutions that would preserve users’ data privacy. more

Thursday, September 3, 2020

A Brief History of Chinese-American Espionage Entanglements

FBI Photo
Since the establishment of the People's Republic of China in 1949, intelligence services in both Beijing and Washington have vied to uncover secrets in one another's countries, and to safeguard their own secrets, in pursuit of military, economic, and technological advantage. 

Many bona fide spies on both sides have been caught; many innocents have been unfairly implicated. What follows is a brief history of key events in this conflict.

1950 - Qian Xuesen, co-founder of the Jet Propulsion Laboratory and professor at Caltech, is stripped of his security clearance for alleged connection to the communist party. Qian, who had questioned Nazi rocket scientists on behalf of the U.S government after World War II and worked on the Manhattan project, resigns from Caltech and asks to leave the US for China, at which point he is held under house arrest for five years. 

In 1955 the US deports him and Qian is greeted as a hero in China and goes on to become the father of Chinese rocketry, helping jumpstart China’s space and missile programs. No substantive evidence has ever been released that he was a Chinese spy. Deporting Qian was “the stupidest thing the country ever did” according to Dan Kimball, Undersecretary of the Navy at the time of Qian’s arrest. more

Tuesday, September 1, 2020

Employer Best Practices For Monitoring Remote Devices

It is generally known that individuals have reduced privacy rights for work-related activity than they have in their personal lives, and that these reduced privacy rights extend to devices owned or provided by their company.

As just one example, consider the federal Electronic Communications Privacy Act, or ECPA, which permits employers to: 

(1) monitor employees' oral and electronic communications to the extent that they relate to a legitimate business purpose;
(2) monitor any communications for which the employee has provided consent; and
(3) access emails that are stored by the employer.

All of these exceptions decrease an individual's privacy rights and reasonable expectation of privacy in work-related matters. However, is "exceptions" the correct word? Exceptions to what? Does this reference a specific privacy law or privacy rights in general? 

(The short version.) Ultimately then, the best practice for employees is to keep work and personal devices and communications entirely separate even in COVID-19 times. more