Monday, February 15, 2021

Pretty Good Phone Privacy - Protects Both User Identity and Location

Abstract

To receive service in today’s cellular architecture phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations as operators sell and leak identity and location data of hundreds of millions of mobile users. 

In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators. 

We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified back end stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency trade-offs in a simulation of a large metropolitan region. We show how PGPP maintains today’s control overheads while significantly improving user identity and location privacy. more

BONUS... "It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers." a good summary explanation

Thursday, February 11, 2021

There Are Spying Eyes Everywhere...

 ...and Now They Share a Brain.

Security cameras. License plate readers. Smartphone trackers. Drones. We’re being watched 24/7. What happens when all those data streams fuse into one?

...it’s a mistake to focus our dread on each of these tools individually. In many places across the world, they’re all inputs for a system that, with each new plug-in, reaches a little closer to omniscience.

That idea—of an ever-expanding, all-knowing surveillance platform—used to be a technologist’s fantasy, like the hoverbike or the jetpack. To understand how this particular hoverbike will finally be built, I began by calling up the people who designed the prototype. more

Is Russia Targeting CIA Spies with Secret Weapons?

Marc Polymeropoulos woke up in his hotel room with his head spinning and ears ringing. "I felt like I was going to vomit. I couldn't stand up. I was falling over," he recalls. "I have been shot at numerous times and this was the most terrifying experience in my life."

Polymeropoulos had spent years in Iraq, Syria and Afghanistan as a senior officer of the CIA fighting America's war on terrorism. But that night in Moscow he believes he was targeted by a secret, microwave weapon. more

Spyware in Wallpaper, Restaurant and Games Apps

Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents, according to a leading cyber-security company.

The efforts were directed against individuals in Iran and 12 other countries, including the UK and US, Check Point said.

It said the two groups involved were using new techniques to install spyware on targets' PCs and mobile devices.

And this was then being used to steal call recordings and media files.

One of the groups, known as Domestic Kitten or APT-50, is accused of tricking people into downloading malicious software on to mobile phones by a variety of means including:

  • repackaging an existing version of an authentic video game found on the Google Play store
  • mimicking an app for a restaurant in Tehran
  • offering a fake mobile-security app
  • providing a compromised app that publishes articles from a local news agency
  • supplying an infected wallpaper app containing pro-Islamic State imagery
  • masquerading as an Android application store to download further software more

Snatched from a Beach to Train North Korea's Spies

15 November 1977, Niigata, Japan: It was after sunset on a crisp November evening when Megumi Yokota left her last badminton practice. Sharp winds chilled the fishing port of Niigata, and the grey sea rumbled at its brink.

The lights of home were seven minutes' walk away.

Megumi, 13, with her book-bag and badminton racquet, said goodbye to two friends 800ft from her parents' front door. But she never reached it...

Out on the Sea of Japan a boat manned by North Korean agents was speeding towards the Korean Peninsula with a terrified schoolgirl locked in the hold...

The country's future leader Kim Jong-il, then head of its intelligence services, wanted to expand his spy programme. Kidnapped foreigners weren't just useful as teachers. They could be spies themselves, or Pyongyang could steal their identities for false passports. They could marry other foreigners (something forbidden to North Koreans), and their children, too, could serve the regime. more

Courthouse TSCM Surveillance Sweep Yields...

At the Jackson County Commission meeting... Interim Chairman Jason Venable gave an update on the counter-surveillance sweep that was done at the courthouse after allegations of covert surveillance surfaced. 

Venable held a four-page report as he gave the results.
Venable stated, “Based on the examinations, the writer is of the opinion that no video evidence or active covert video/audio/collection evidence was identified in the area examined during the time of these examinations.

According to Venable, the person who performed the sweep is from a company in Birmingham and is the same person hired for the Bench and Bar, who swept the entire upstairs of the courthouse, such as offices, judge’s chambers, courtrooms, etc., along with the bottom floors. According to EMA Director, Paul Smith, the sweeps lasted until almost midnight. Each department head was present and directed to ensure every possible area was covered. more

People need InfoSec tips. People want TikTok-style Sea Shanties...

So Rachel Tobac of Social Proof Security gave the people what they want:
a TikTok-style sea shanty about infosec. more sing-a-long



Monday, February 1, 2021

Russian Hack Changes Court Rules on Handling Sensitive Information

Trial lawyer Robert Fisher is handling one of America’s most prominent counterintelligence cases... Under new court rules, he’ll have to print out any highly sensitive documents and hand-deliver them to the courthouse.

Until recently, even the most secretive material — about wiretaps, witnesses and national security concerns – could be filed electronically. But that changed after the massive Russian hacking campaign that breached the U.S. court system’s electronic case files and those of scores of other federal agencies and private companies.

The new rules for filing sensitive documents are one of the clearest ways the hack has affected the court system. But the full impact remains unknown. Hackers probably gained access to the vast trove of confidential information hidden in sealed documents, including trade secrets, espionage targets, whistleblower reports and arrest warrants. It could take years to learn what information was obtained and what hackers are doing with it. more

And The Darwin Award for Spying Goes To...

VA - The Stafford County Sheriff's office has charged a "Peeping Tom" who was allegedly spying on women in a locker room at Onelife Fitness on Garrisonville Road in Stafford, Virginia.

The alleged peeper, identified as 41-year-old Brian Anthony Joe of Woodbridge, was charged after falling through a ceiling in the women's locker room at the gym and landing on a woman below. He was then cornered by patrons at the gym until law enforcement arrived. more



PI News: Famous Private Eye Jack Palladino Gravely Injured in Robbery / RIP

Jack Palladino, the (San Francisco) private investigator who worked on high-profile cases ranging from the Jonestown mass suicides to celebrity and political scandals, has been placed on life support after suffering a head injury during an attempted robbery.

Palladino, 70, had just stepped outside his San Francisco home on Thursday to try out his new camera when a car pulled up and a man jumped out to grab it from him, police and the detective's stepson Nick Chapman told the San Francisco Chronicle.

As the suspect grabbed the camera, Palladino fell and hit his head on the pavement, causing a traumatic head injury. Chapman said Palladino was not expected to survive after undergoing surgery to stop the massive bleeding.

Palladino was wrapping up one final case before joining his wife and work partner, Sandra Sutherland, in retirement.  more

UPDATE: Jack died February, 1 2021. more

Tuesday, January 26, 2021

Jackson County (AL) Conducts "Professional Search" for Surveillance Cameras

AL - The Jackson County Commissioners Office moved ahead with a professional search of the courthouse, and a number of other county buildings in Scottsboro, after the discovery of a surveillance camera that may have been used to inappropriately watch a female employee. The Alabama Law Enforcement Agency (ALEA) is currently investigating those allegations...


District 3 Commissioner AJ Buckner told News 19 that so far, they have found no evidence that any other cameras are where they should not be, but they would like to go through a security sweep process to be sure.

No word from officials on whether Tuesday’s sweep turned up any inappropriately placed surveillance cameras. The investigation by ALEA is ongoing. more

This is an uncommon case of smart due diligence. Congratulations JCCO. If you would like to learn how to perform your own search, click here.

Monday, January 25, 2021

Excellent Article: Last Call for Gumshoes

San Francisco is missing its private investigators.
This engaging article by explains...

Something’s gone missing from the shadowy streets of San Francisco, a precious, revealing relic already mostly vanished long before the thieving suction of COVID-19. A piece of it is still with us, though who knows whether even that will survive.

Few have noticed its disappearance, which is a tragedy because it is a deliciously naughty, rich vein of life; the city and its rough-edged, romantic culture will suffer without it.

So, what is this about? What happened? There are clues... more

Conversation Piece: Harry Caul was a composite of Hal Lipset and Leo Jones.

A Blue Blaze Irregular reports...
One famous San Francisco treat missing from the article is Leo Jones. His company was named Fargo. His body wires were commonly referred to as Fargos by police, mostly west coast. Body wires on the east coast and federally were referred to as Kels. Leo was an originator of many items were mostly 39,xx mhz and other low bands. He also had a countermeasures gear company named Sabre.

Extra Credit...

Leo Hugh Jones was born in Sioux City, Iowa in 1926 and moved with his family at a young age to Stockton, California. He attended the University of Santa Clara for 3 years then took a job selling air conditioners in 1948. Jones continued his education with extension and night classes from the University of California at Berkeley and the University of San Francisco until 1949. He never completed the requirements for a degree, instead starting up the Fargo Company in 1950 at age 24. In 1957, Jones married Helen R. Kenny. Leo Jones was an avid boat enthusiast, often inviting law enforcement and political dignitaries on his boating excursions. He was also a relentless perfectionist, as was evident in his correspondence. He was closely involved in the shaping of eavesdropping laws; engaging in a letter writing campaign, making arguments to political and law enforcement leaders and providing expert testimony to congressional committees. more

Double Extra Credit...

Leo Jones: Pioneer in Electronic Surveillance
by Ralph Simpson, History San Jose, February 2012

Introduction
Leo Hugh Jones (8/17/1926 – 2/10/2002) was an early pioneer in the development of electronic surveillance and countermeasures devices. In 1950, he founded a company called Fargo to design and manufacture these high-tech specialty devices. Fargo was based in San Francisco and sold its products exclusively to law enforcement organizations around the world. more

Sad Update (1/30/21)...
Jack Palladino, the (San Francisco) private investigator who worked on high-profile cases ranging from the Jonestown mass suicides to celebrity and political scandals, has been placed on life support after suffering a head injury during an attempted robbery.

Palladino, 70, had just stepped outside his San Francisco home on Thursday to try out his new camera when a car pulled up and a man jumped out to grab it from him, police and the detective's stepson Nick Chapman told the San Francisco Chronicle.

As the suspect grabbed the camera, Palladino fell and hit his head on the pavement, causing a traumatic head injury. Chapman said Palladino was not expected to survive after undergoing surgery to stop the massive bleeding.

Palladino was wrapping up one final case before joining his wife and work partner, Sandra Sutherland, in retirement.  more

Saturday, January 23, 2021

Secret Recordings Reveal Sister's Sad Schadenfreude Shortcoming

 via The New York Times...

My sister revealed that she often records phone conversations that she has with our father without his knowledge. She says she does it because he is so “funny,” i.e., eccentric, but I get the impression that she is laughing more at him than with him. 
I find his conversations less humorous than distressing, since he is often, at the best of times, in a state of heightened psychological dysregulation and anxiety, and the pandemic has just made things worse. 
Because of my sister’s behavior, my niece has grown up thinking there’s nothing wrong or unethical with recording conversations without the other person’s knowledge or consent and has herself started to do this.
When I found out what my sister was doing, I was uneasy and told her that it was illegal to record someone without their consent. Her rapid retort was, “It’s not in New York,” where she lives, as if that made it OK. more

Another TSCM Fail - Spycam in Girl's Changing Room - No Follow-Up

Here we go again and again. For the third time in two months a spy camera is discovered and the ball is dropped. In the last case—after assuring everyone they searched and the room was now safe—a second spycam was found two weeks later, in the same room!

In this case, the police declared, "There is no current evidence to suggest that other restrooms or private areas in the multi-tenant facility were compromised." 

No mention of a competent Technical Surveillance Countermeasures (TSCM) sweep to back up this lame claim.

TN - An investigation into a camera set up in a girls' changing facility has revealed 60 victims as of Thursday afternoon, police in Tennessee said. 

The GoPro camera — which was found hidden in a girls' changing and restroom at Premier Athletics which offers training in cheerleading, dance and gymnastics — was reviewed by police after it was found last week. Sixty females, mostly minors, were recorded on the camera, police said...

Working with facility management, detectives have identified 47 of the 60 victims and are in the process of notifying their parents. Detectives are working to identify the remaining 13 victims.The girls' changing and restroom at the center of this investigation is located inside the Premier Athletics suite. There is no current evidence to suggest that other restrooms or private areas in the multi-tenant facility were compromised, police said. more

A good investigator will tell you... "If you find one bug or spycam there is a possibility there are others. Keep searching."

A good attorney might tell Premier Athletics... "You now have foreseeability. Conduct and document regular inspections of your expectation-of-privacy areas.

Professional Recommendation — Premier Athletics, and similar businesses, need to create an in-house TSCM inspection program. It's cheap, it's easy, it's great for public relations, and it's especially good for staying out of court. Everything you need to know to get started is here.



Friday, January 22, 2021

Home Alarm Tech Backdoored Security Cameras to Spy on Customers

A home security technician has admitted he repeatedly broke into cameras he installed and viewed customers engaging in sex and other intimate acts.

Telesforo Aviles, a 35-year-old former employee of home and small office security company ADT, said that over a five-year period, he accessed the cameras of roughly 200 customer accounts on more than 9,600 occasions—all without the permission or knowledge of customers. He said he took note of homes with women he found attractive and then viewed their cameras for sexual gratification. He said he watched nude women and couples as they had sex.

Aviles made the admissions Thursday in US District Court for the District of Northern Texas, where he pleaded guilty to one count of computer fraud and one count of invasive visual recording. He faces a maximum of five years in prison. more