Friday, October 16, 2020

Facebook "Bug" Bugged iPhone Camera - Bugged Instagram'er Sues

Facebook has got itself in trouble again as the California-based tech giant has been allegedly sued for spying on Instagram users using the camera on the phone, Bloomberg reported.

According to the lawsuit, which has come following reports from July, the photo-sharing application had been accessing the camera on the iPhone to spy on users even when they weren’t activated.

Facebook has denied the claim and blamed a bug saying that it’s correcting the problem. more

Woman Allegedly Hacked Ex’s Alexa to Scare off New Girlfriend

Double Feature!
An IoT Cautionary Tale...
A Crazy Ex Tale...

A jilted London woman allegedly hacked into her ex-boyfriend’s Amazon Alexa device and used it to scare off his new girlfriend, a report said.

Philippa Copleston-Warren, 45, was accused in a London court of using the virtual assistant to flash the lights inside her former boyfriend’s house on and off and tell his new sweetie to scram after he ended their relationship of two years, The Sun reported.

The defendant spoke through the Alexa account to tell the complainant’s friend in the property to leave and to take her stuff,” prosecutor Misba Majid told Westminster Magistrates’ Court, according to the newspaper.

This so distressed the girlfriend, it caused her to cry and she left.

Copleston-Warren (inset), a management consultant, controlled the device from London, about 130 miles from her businessman ex-beau’s house in Lincolnshire, the paper reported.

She is also accused of hacking her ex’s Facebook account and uploading nude pictures of him. more

Spybuster Tip # 721: Learn how to adjust ALL the features of your digital assistant. This could have been prevented.

In Other News... Japan to Release Radioactive Water Into Sea

Japan is to release treated radioactive water from the destroyed Fukushima nuclear plant into the sea, media reports say.

It follows years of debate over how to dispose of the liquid, which includes water used to cool the power station hit by a massive tsunami in 2011.

Environmental and fishing groups oppose the idea but many scientists say the risk it would pose is low. more

What could possibly go wrong?

Enjoy the weekend, with a good flick.

Monday, October 12, 2020

New Malware Toolset Used for Industrial Espionage

Malware authors are using an advanced toolset for industrial espionage, warned researchers at cybersecurity firm Kaspersky.

...the tool uses “a variety of techniques to evade detection, including hosting its communications with the control server on public cloud services and hiding the main malicious module using steganography.”

...files are disguised to trick employers into downloading them. They contain names related to employees’ contact lists, technical documentation, and medical analysis results to trick employees as part of a common spear-phishing technique...

MontysThree is designed to specifically target Microsoft and Adobe Acrobat documents, Kaspersky said. The malware can enable attackers to capture screenshots and gather information about the victim’s network settings, hostname, etc. more

Espionage Alert: Children's Smartwatch is a Trojan Horse

A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.

The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches...

The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location, taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot. 

Sand also found that 19 of the apps that come pre-installed on the watch are developed by Qihoo 360, a security company and app maker located in China. more  (q.v. our 2017 post  & etc.)

Sunday, October 11, 2020

Bugged Turtle Eggs – Good Surveillance Tech

The Wire Inspired a Fake Turtle Egg That Spies on Poachers 

Scientists 3D-printed sea turtle eggs and stuffed transmitters inside. When poachers pulled them out of nests, the devices tracked their every move.


In the HBO series The Wire, Baltimore cops Herc and Carver devise an unorthodox way to listen in on a drug dealer named Frog, right on the street: They shove a tiny, $1,250 microphone into a tennis ball, which they then place in a gutter. 

Listening in from a building across the street, they watch as Frog picks up the ball and absentmindedly tosses it between his hands, sending thuds and an electric screech into Herc’s headphones. Quickly over it, Frog chucks the ball over their building. Carver rushes after it, only to watch a semi truck crush their very expensive tennis ball.

The Baltimore PD’s failure, though, may still be biologists’ gain. Drawing both from the imaginary surveillance tennis ball and a story arc from Breaking Bad, in which the Drug Enforcement Agency uses GPS to track methylamine barrels, real life researchers have developed the InvestEGGator: a fake sea turtle egg filled with a transmitter in place of an embryo, a clever new way to track where poachers are selling the real deal. more

Friday, October 9, 2020

The FBI Hotel Wi-Fi Security Checklist


The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework.
FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. 

US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. 

Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework. more

Thursday, October 8, 2020

Mystery Deepens Around Unmanned Spy Boat Washed Up In Scotland

Last week a small unmanned vessel washed up on the rocky Scottish Isle of Tiree, about a hundred miles from the U.K.’s nuclear submarine base at Faslane.  

It was identified as a Wave Glider, a type made by U.S. company Liquid Robotics, which is capable of traveling thousands of miles and is used by both the U.S. Navy and Britain’s Royal Navy as well as other government agencies and scientific researchers. 

The local Coast Guard have been unable to trace the owner so far, but the craft’s configuration suggests it was on a secret mission...

...the mystery remains over who was operating it, what it was doing — and why they are keeping quiet. more

UPDATE:

What is a Wave Glider and how do they work? 

Wave Gliders are unmanned surveillance boats built by the American company Liquid Robotics.

They are used by the British and American navies to monitor the movement of submarines in hostile territories.

The boats tow sensors under water to detect vessels entering or operating in a targeted area and send messages to shore-based operators via satellite.

During a mission to patrol the waters around the Pitcairn Islands, the Wave Glider successfully intercepted and collected data on three vessels whose AIS signatures were unavailable.

A new Wave Glider was released in 2019.

Dave Allen, Chief Executive Officer, Liquid Robotics said at the time: 'Over the years our customers’ missions have grown in complexity and scale, operating in one of the most challenging environments on Earth – the ocean. 

'In response we’ve continued to raise the bar for unmanned surface vehicles. 

'We’ve poured 12 years of lessons learned into this newest Wave Glider to ensure we can meet and exceed our customers’ mission demands.' more

 

Former Police Officer Jailed for Threats to Release Compromising Images

Australia - A former Portuguese police officer who installed covert cameras in his ex-partner's home and threatened to share compromising photos of her has been sentenced to four years in jail in a Brisbane court...

Prosecutor Alexandra Baker said the man, who had been a police officer in Portugal for 12 years, installed cameras covertly in his ex-partner's home and monitored her through spyware on her phone.

Ms Baker said the cameras made more than 4,500 recordings, including some of the woman in states of undress, and Marques Malagueta had threatened to release sensitive images...

The court heard Marques Malagueta was likely to be deported. more

In Other News...

Electric shocks to the tongue can quiet chronic ringing ears...

Tinnitus—a constant ringing or buzzing in the ears that affects about 15% of people—is difficult to understand and even harder to treat. Now, scientists have shown shocking the tongue—combined with a carefully designed sound program—can reduce symptoms of the disorder, not just while patients are being treated, but up to 1 year later.

It’s “really important” work, says Christopher Cederroth, a neurobiologist at the University of Nottingham, University Park, who was not involved with the study. The finding, he says, joins other research that has shown “bimodal” stimulation—which uses sound alongside some kind of gentle electrical shock—can help the brain discipline misbehaving neurons. more

Wednesday, October 7, 2020

Physical Security's 15 Greatest Hits

When it come to corporate espionage, many tricks are available for getting around your security measures. We can alert you to them. Our counter espionage survey can identify the weak spots in your organization’s physical and information security efforts and make recommendations to remediate them. 

The following video demonstrates bypass techniques from physical security professionals Brent White at WeHackPeople.com, and Deviant Ollam, and Rob Pingor of RedTeam Alliance.

  

Physical security is important to any business or government organization. Even though an organization has taken all the security measures possible, corporate spies know how to bypass many of them.

The first line of defense for any secure building or office is the door. Many of these are controlled by card-key access controlled locks. Exiting is often automated using an IR or infrared door lock release sensor. Unfortunately, many common security measures are simple for spies to circumvent. more

Apple T2 Security Chip Has Unfixable Flaw

Intel Macs that use Apple's T2 Security Chip are vulnerable to an exploit that could allow a hacker to circumvent disk encryption, firmware passwords and the whole T2 security verification chain, according to team of software jailbreakers.... 

On the plus side, however, it also means the vulnerability isn't persistent, so it requires a "hardware insert or other attached component such as a malicious USB-C cable" to work. more 

Malicious USB cables are the latest, and arguably the most insidious, threats on the corporate information security landscape. Every USB cable on premises, and those being used elsewhere by employees, needs to be vetted for authenticity. Security directors are enlisting the aid of technical counterespionage consultants to perform this task.

Tuesday, October 6, 2020

The Story of the Murray Associates Logo

“Does the logo have a meaning, or is it just a nice design?”

The logo does indeed have meaning. It was inspired by my college textbook. I saw the dots as information in motion, and the rings as protection.

Logo Report CMYK 300dpi

  • Blue dots are information.
  • The red ring is protection.
  • The gray ring represents the many unknown forces trying to steal the information.

Simple… and not inspired by a department store, shooting targets, or a brand of cigarette. Just my design inspired by a book which taught me a lot.

Another reason the shape is appealing is that circles represent comfort, safety, warmth—exactly how I want to make our clients feel.

The logo seems counter-intuitive for a security firm. It goes against the norm… swords, shields, lightning bolts, birds of prey; symbols seen in most security logos. People forget, strong and harsh symbols are used by governments. They are meant to inspire warriors and intimidate enemies. Clients are not enemies.

Murray Associates TSCM

The way we use the logo behind the company name is also intentionally symbolic, in a subliminal way. It’s the “rising sun” look; used to invoke that upbeat feeling you get when your problems are solved… sing-a-long ~Kevin D. Murray

Monday, October 5, 2020

Dumb Cyber Attack – Hacker Receives Our Darwin Award

...the hacker responsible for this attack on a luxury goods company which happened back in 2018 but has just been revealed by Max Heinemeyer...

The luxury goods business had installed ten fingerprint scanners so as to restrict access to warehouses in an effort to reduce risk. "Unbeknown to them," Heinemeyer continues, "an attacker began exploiting vulnerabilities in one of the scanners. In perhaps the weirdest hacker move yet, they started deleting authorized fingerprints and uploading their own in the hope of gaining physical access."

The AI brain picked this up because one scanner was behaving differently than the others, meaning the security team became aware of the attack within minutes. And, of course, had some pretty conclusive evidence to provide to law enforcement. more

Friday, October 2, 2020

Best Business Espionage Article of the Year (A corporate executive must read.)

The Espionage Threat to U.S. Businesses

By Bill Priestap, Holden Triplett

Many authoritarian governments are doing everything they can, including using their spy services, to build successful businesses and grow their economies. Indeed, even some nonauthoritarian governments are taking this approach. The reason for this is simple: A large number of nation-states view privately owned companies within their jurisdictions as extensions of their governments. They support and protect the companies as if those entities were integrated parts of government...

(Main Points)

  • U.S. companies must understand that in many cases they are no longer simply competing with corporate rivals. They are competing with the nation-states supporting their corporate rivals—nation-states with enormous resources and capabilities and with very little restraint on what they will do to succeed.

  • U.S. businesses are decidedly not supported by U.S. government spy agencies. For this reason, they are often competing on an uneven playing field.
     
  • Exacerbating the problem is the fact that businesses and investors are woefully unprepared for this new environment.

  • Intelligence and the art of spying are no longer constrained to the government sphere. While spy tools and tactics are more readily available, what is truly driving this proliferation is the intelligence realm’s shift in focus from government to businesses.

  • In addition, most companies are focused too myopically on strong cybersecurity as a panacea for spying. Of course, cybersecurity is extremely important, but it protects only one vector by which a nation-state could spy on and subsequently loot a company.
     
  • If businesses want to protect their assets, then developing an understanding of spies and their activities should become standard practice for business leaders and investors today.
     
  • Spy services may also target a business via its partners and vendors, so it is equally important to shield those entities from potential attack or attempted exploitation.
     
  • Understanding and mitigating the activities of spies must become standard practice for business leaders. And if investors don’t see companies doing this, they should hold onto their money—tightly. more