Tuesday, September 29, 2020

International Association of Professional Security Consultants (IAPSC) NEWS - Opt In

The bi-monthly IAPSC News (emailed) is full of the latest security news, webinar offerings, and product updates.  

It comes to you in one easy to read email. Nothing you need to know will slip by you. 

Best of all, it is FREE. No obligation. Cancel any time. Just click here to opt-in. 


Saturday, September 26, 2020

Extortionography: Executives Recorded Bragging of Cozy Government Relationships

Top executives hoping to blast open North America's largest gold and copper mine were secretly recorded describing in detail their cozy influence over US lawmakers and regulators. 

They also revealed their intentions to go far beyond what they were saying on applications for federal permits to work near the headwaters of Bristol Bay, Alaska -- one of the last great wild salmon habitats left on Earth.

"I mean we can talk to the chief of staff of the White House any time we want, but you want to be careful with all this because it's all recorded," said Ron Thiessen, CEO of Northern Dynasty Minerals, of official communications to the White House, as he himself was recorded unknowingly. "You don't want to be seen to be trying to exercise undue influence." more

What is Extortionography? You need to know. 

Friday, September 25, 2020

Ring's New Drone Camera - George Saw This Coming

Amazon’s Ring surveillance platform announced a new line of products, including a drone with a camera designed to fly around your home, that would expand its surveillance network beyond the Ring doorbell camera...

The Always Home Cam and a new line of Ring security cameras for cars are set to launch next year: the Car Cam, Car Alarm, and Car Connect platform... 

The biggest concern, however, is about where surveillance footage will end up...

Ring claims the surveillance drone will be autonomous but that users can direct paths for it, have it occupy specific parts of your home, and have it respond to alerts from the Ring surveillance network...

Last year, hackers broke into multiple Ring cameras thanks to a particularly porous security system.  more

Ventitillation

NJ - Additional charges have been filed against an HVAC technician from West Deptford for allegedly spying on students in a school bathroom. Gregory Mahley is now facing 20 additional counts for spying on students at Cape May County Technical High School in 2013 and 2014.

Earlier this month, Mahley was charged for secretly recording girls in the bathroom at Glen Landing Middle School in Gloucester County.

Mahley allegedly positioned mirrors in stalls to create a view from an overhead air conditioning vent. more

Wednesday, September 23, 2020

If there's something strange In your neighborhood, who you gonna call?

For 18 months, residents of a village in Wales have been mystified as to why their broadband internet crashed every morning... Then local engineer Michael Jones called in assistance...

 (Note: For a faster tracker, call a TSCM'er.)

Engineers used a device called a spectrum analyzer and walked up and down the village "in the torrential rain" at 6 a.m. to see if they could locate an electrical noise, Jones said in a statement. 

"The source of the 'electrical noise' was traced to a property in the village. It turned out that at 7 a.m. every morning the occupant would switch on their old TV which would in-turn knock out broadband for the entire village." more | sing-a-long | TSCM'er

TSCM Nerd Corner News

  • U.S. Army scientists at the CCDC Army Research Laboratory (ARL) have developed a first-of-its kind antenna that could change how ground vehicles and airborne systems communicate, transmit and receive radio frequency signals. The Army used a manufacturing process based on a special class of engineered materials known as metaferrites to make an ultra-thin wideband antenna. The antenna conforms to curved surfaces, making it ideal to integrate into unmanned aircraft systems, rotary wing aircrafts and ground vehicles. more

  • Of ever-increasing concern for operating a tactical communications network is the possibility that a sophisticated adversary may detect friendly transmissions. Army researchers developed an analysis framework that enables the rigorous study of the detectability of ultraviolet communication systems... In particular, ultraviolet communication has unique propagation characteristics that not only allow for a novel non-line-of-sight optical link, but also imply that the transmissions may be harder for an adversary to detect. more

  • Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication more

  • Groundbreaking new material 'could allow artificial intelligence to merge with the human brain' more

Tuesday, September 22, 2020

iRobot Picked the Wrong Person to Roomba With!

One of our Blue Blaze irregulars alerted us to some slick social engineering.

He recently purchased an iRobot Roomba 960 Robot Vacuum Cleaner. He writes...

"What is "odd" is that when we first bought the thing we didn't have any screens requiring registration. Then about two weeks later the entire user interface changed that required registration. 

These two screens were strategically placed among "required information" even though this information was not mandatory. If you weren't paying attention you'd fill this out. Clever!"

I had a look at their Privacy Policy. Dig deep enough and you find this...

Some of our Robots are equipped with smart technology which allows the Robots to transmit data wirelessly to the Service...

• When you register your Robot with the online App, we collect information about the Robot, such as a Robot name (how cute) and device number, and information about the Robot and/or App usage (reveals when might you not be home), such as battery life and health.

• Certain Robot models are equipped to collect information about the environment in which the Robot is deployed. For example, the Robot collects information about the level of dirt detection and the Wi-Fi signal strength in each location and information about its movement throughout the environment to create a location ‘map’ of the Robot’s domain and the existence and type of objects (chair, desk, fridge etc.) or obstacles encountered.

 

Security Issues

  1. Do you really want a map of your home and belongings sent who-knows-where?
  2. Do you really want someone to know all your router information and password which connects to one of their apps on the internal side of your firewall?
  3. What happens when their database gets hacked?

I am guessing you don't. I'm also guessing you didn't know this was going on in the Internet-of-Things.

Ah, for the good old Jetson days when robots only talked to themselves.


Sunday, September 20, 2020

How to Detect Malicious USB Cables

A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions...

The worst malicious cables take control of a user’s cell phone, laptop, or desktop...

We purchased and tested several malicious USB cables. From what was learned during these tests our technical staff developed several new inspection protocols.

 more

Can’t identify the bugged cable?
No worries. You can’t tell just by looking, even we can’t.

That’s why we put a small black mark on it.
It is Cable 3.

Saturday, September 19, 2020

Apple's iOS 14 Now Alerts You To Eavesdropping & Spycam'ing

Any time an app access your microphone, a little amber dot will appear in the status bar, over by where the Wi-Fi and cellular connection symbols are. 

When an app access the camera, a green dot will appear. 


These are fairly universally understood as “recording” lights and they will clearly point out when an app you’re using is accessing the camera or microphone at times it shouldn’t.

Just since the release of the iOS 14 beta, the lights have already revealed sketchy behavior in several apps that have gone on to promise updates to fix the “bugs.” (good word to use)

This and six other new privacy features can be found here... more

Flashback - July 1988 - Eavesdropping in America

 July 1988 - Eavesdropping in America

A podcast before there were podcasts. Ted was way ahead of his time.



Wednesday, September 16, 2020

Two FREE Security Book Offers for Potential Clients

Free books are a great way to get to know who you are dealing with, before you decide to deal with them!

---

While international travel has come to a screeching halt due to COVID-19, the threat of economic and industrial espionage continues to proliferate. 

In fact, due to the global pandemic, intellectual property (IP) and business intelligence (BI) is more valuable than ever to foreign governments and business competitors, looking to gain an economic advantage in the marketplace. 

Among Enemies: Counter-Espionage for the Business Traveler, by Luke Bencie, is a valuable textbook. It should be read by, "corporate executives, defense contractors, lawyers, academics, military personnel, diplomats and virtually anyone else who travels with important information, how to protect their themselves and their interests."

It has a 4.4 out of 5 star rating on Amazon, and 25 excellent reviews. You may purchase a copy there. Visit Luke's website (smiconsultancy.com/) first. If his services can help your organization, request a complimentary copy.

---

This informative bundle should also be on every security director's desk...

Is My Cell Phone Bugged?: Everything You Need to Know to Keep Your Mobile Conversations Private (Coincidentally, This book also has a 4.4 out of 5 star rating on Amazon, and 25 excellent reviews.)

The Security Director's Guide to Discussing TSCM with Management

Both are available to Murray Associates potential clients. Complimentary. No obligation. No follow-up sales call unless you request it.

Visit counterespionage.com to learn how to detect and deter electronic surveillance and corporate espionage. Click here to request you complimentary bundle.

Accurate knowledge is the first step in protecting your privacy and valuable information. Contact us through our websites, today.  (offer expires 10/31/2020)

Security Director Alert - Information Technology, Government, Healthcare, Financial, Insurance, and Media Sectors

via counterespionage-news.com

Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are aware of a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States.

The threat actor conducts mass scanning and uses tools, such as Nmap, to identify open ports. Once the open ports are identified, the threat actor exploits CVEs related to VPN infrastructure to gain initial access to a targeted network.

After gaining initial access to a targeted network, the threat actor obtains administrator-level credentials and installs web shells allowing further entrenchment. After establishing a foothold, the threat actor’s goals appear to be maintaining persistence and ex-filtrating data. This threat actor has been observed selling access to compromised network infrastructure in an online hacker forum. more


Monday, September 14, 2020

Make Google Street View Myopic When it Looks at Your Home

Google Street View offers up a window to the world in all its bizarre, intimate, and often raw glory. That window just so happens to peek into your home, as well. What that peek reveals may be more than you've bargained for — think views into bedroom windows, potential fodder for stalkers, and more.

Thankfully, there is something you can do about it. Specifically, you can ask Google to permanently blur your house out — leaving only a smeared suggestion of a building in its place. The entire process is surprisingly easy...

Here's what you do:

1. Go to Google Maps and enter your home address

2. Enter into Street View mode by dragging the small yellow human-shaped icon, found in the bottom-right corner of the screen, onto the map in front of your house

3. With your house in view, click "Report a problem" in the bottom-right corner of the screen

4. Center the red box on your home, and select "My home" in the "Request blurring" field

5. Write in the provided field why you want the image blurred (for example, you may be concerned about safety issues)

6. Enter in your email address, and click "Submit"

And, when you're done with that, do the same thing on Bing Maps (the process is surprisingly similar). more

Saturday, September 12, 2020

Centerfold's Drowning Prompts Police to Probe Possible Spying Mission

A Playboy model from Russia drowned during a photo shoot in proximity of a major European NATO base prompting police to investigate whether it was a cover for a secret spying mission, according to reports.

The naked body of Galina Fedorova, 35, was discovered by coast guards after she and her photographer swam in the Mediterranean Sea off Sardinia, officials told Agence France-Presse (AFP).

Police then interrogated Yev Taranovs, a 42-year-old British photographer.

His cameras and a drone used during their shoot were confiscated, according to the UK newspaper The Sun.

There is interest in the drone footage as this happened very close to a NATO firing range,” a police source told the paper of one of Italy’s largest military bases on the Teulada coastline. “We have to make sure the assignment was not a cover for a spying mission.” more

Could the "spying mission" explanation be a cover for examining the drone footage?

Australia's IoT Code, or "No worries, mate, she'll be right."

The Australian government has introduced a new code of practice to encourage manufacturers to make IoT devices more secure. 

The code provides guidance on secure passwords, the need for security patches, the protection and deletion of consumers' personal data and the reporting of vulnerabilities, among other things.

 The problem is the code is voluntary. Experiences elsewhere, such as the United Kingdom, suggest a voluntary code will be insufficient to deliver the protections consumers need.

Indeed it might even increase risks, by lulling consumers into a false sense of security about the safety of the devices they buy. more