Tuesday, February 23, 2021

New iOS 14.5 Security Feature Will Stop Hackers in Their Tracks

...it looks like Apple is making some pretty big sweeping steps in iOS 14.5 to lock the whole system down even further.


In fact, Apple has already been taking steps to harden iOS 14 against one of the most common exploits — iMessage vulnerabilities — thanks to a very cool new technology dubbed ‘Blastdoor’. However, it looks like Blastdoor was only the beginning, with iOS 14.5 adding some new defences against “zero-click” attacks in general...

As the name implies, a “zero-click attack” is a method by which hackers can take advantage of security vulnerabilities to get into your iPhone or iPad without requiring any interaction on your part. more

 

Monday, February 22, 2021

Hot Microphone Strikes Again – School Board Resigns

The president and three members of a school board in Northern California have resigned after they were heard making disparaging comments about parents in the school district during a virtual board meeting last Wednesday. 

Members of the Oakley Union Elementary School District (OUESD) Board of Trustees apparently believed they were speaking privately in the moments before the meeting started, CNN affiliate KPIX reported, when in fact, community members had already logged on to watch. 

In a recording of the meeting posted anonymously to YouTube, the superintendent and board members are heard discussing the agenda for the meeting before then-board member Kim Beede says, "Are we alone?" more  sing-a-long

Friday, February 19, 2021

This Week in Spy News

Electronics shops in Hong Kong have seen a sharp increase in demand for cheap burner phones as the Chinese-ruled city’s government eases coronavirus restrictions but pushes the use of a Covid-19 contact-tracing app which has raised privacy concerns. more 

Congressman Murphy reintroduces legislation to crack down on foreign spying at universities... According to the Intellectual Property Commission, they estimate foreign groups steal $300 billion in American intellectual property annually, and the Commission says China is responsible for 70% of that theft or $210 billion annually. more

Critical Flaw in Agora SDK Lets Hackers Eavesdrop on Live Video Calls...
Agora works with MeetMe to integrate its live video streaming features with the popular dating app and online therapy platform Talkspace to facilitate online mental health therapy sessions. more

SolarWinds attack hit 100 companies and took months of planning, says White House...
Anne Neuberger, deputy national security advisor for Cyber and Emerging Technology at the White House, said in a press briefing that nine government agencies were breached while many of the 100 private sector US organizations that were breached were technology companies. more

WARNING: Web Tracking Might Expose Businesses to Wiretapping Lawsuits...
Imagine this. A consumer goes to your website to buy your goods or services. Your website works great, thanks in part to a small bit of code your company licenses that allows you to track a consumer’s experience on your website, commonly called “session replay” software....A few weeks later you’re being served with a class action lawsuit alleging violations of the Federal Wiretap Act and/or analogous State statutes... more


Top 9 Surveillance Videos of the Week: Naked Man Breaks Into House With Baseball Bat...

Other top surveillance videos of the week include the “world’s worst Door Dash driver,” an armed dog theft and more. 

(Man identified as Guy Dixon. You can't make this up.)

'Spy pixels in emails have become endemic'...
Emails pixels can be used to log:
• if and when an email is opened
• how many times it is opened
• what device or devices are involved
• the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on. more

Former Union Spy & Freedom Crusader, Harriet Tubman Inducted Into Hall of Fame...
One hundred and fifty years after her work as a Union spy, Harriet Tubman is being inducted into the U.S. Military Intelligence Corps Hall of Fame, 
The Washington Post reports. more

James Bond Theory: 007's True Mission Is to Distract From OTHER Spies...
For those wondering how such a non-secretive spy became so prominent, a recent Reddit theory looks to provide an answer — and it's pretty convincing. James Bond isn't meant to be a successful agent; he is a distraction that allows other truly secret MI6 operatives to complete their missions. more

Electronic Eavesdropping Detection – The Other Corporate Covid Deep Clean...
Corporate espionage has never been easier. Workplaces—unpopulated for months— became easy targets for corporate spies and foreign government types. The pandemic created a golden opportunity to Deep Plant their electronic surveillance devices...The reality is, organizations just don’t know if employees will be returning to hot-wired offices. more





Wednesday, February 17, 2021

Spymaster’s Prism by Jack Devine (book)

In Spymaster’s Prism the legendary former spymaster Jack Devine details the unending struggle with Russia and its intelligence agencies as it works against our national security. 

Devine tells this story through the unique perspective of a seasoned CIA professional who served more than three decades, some at the highest levels of the agency. He uses his gimlet-eyed view to walk us through the fascinating spy cases and covert action activities of Russia, not only through the Cold War past but up to and including its interference in the Trump era. Devine also looks over the horizon to see what lies ahead in this struggle and provides prescriptions for the future.

Based on personal experience and exhaustive research, Devine builds a vivid and complex mosaic that illustrates how Russia’s intelligence activities have continued uninterrupted throughout modern history, using fundamentally identical policies and techniques to undermine our democracy. He shows in stark terms how intelligence has been modernized and weaponized through the power of the cyber world.

Devine presents his analysis using clear-eyed vision and a repertoire of better-than-fiction spy stories, giving us an objective, riveting, and candid take on U.S.-Russia relations. He offers key lessons from our intelligence successes and failures over the past seventy-five years that will help us determine how to address our current strategic shortfall, emerge ahead of the Russians, and be prepared for what’s to come from any adversary. more
  • Hardcover : 304 pages
  • ISBN-10 : 1640123784
  • ISBN-13 : 978-1640123786
  • Item Weight : 1.74 pounds
  • Dimensions : 5.98 x 9.02 inches
  • Publisher : Potomac Books (March 1, 2021)
  • Language: : English
 

Monday, February 15, 2021

Pretty Good Phone Privacy - Protects Both User Identity and Location

Abstract

To receive service in today’s cellular architecture phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations as operators sell and leak identity and location data of hundreds of millions of mobile users. 

In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators. 

We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified back end stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency trade-offs in a simulation of a large metropolitan region. We show how PGPP maintains today’s control overheads while significantly improving user identity and location privacy. more

BONUS... "It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers." a good summary explanation

Thursday, February 11, 2021

There Are Spying Eyes Everywhere...

 ...and Now They Share a Brain.

Security cameras. License plate readers. Smartphone trackers. Drones. We’re being watched 24/7. What happens when all those data streams fuse into one?

...it’s a mistake to focus our dread on each of these tools individually. In many places across the world, they’re all inputs for a system that, with each new plug-in, reaches a little closer to omniscience.

That idea—of an ever-expanding, all-knowing surveillance platform—used to be a technologist’s fantasy, like the hoverbike or the jetpack. To understand how this particular hoverbike will finally be built, I began by calling up the people who designed the prototype. more

Is Russia Targeting CIA Spies with Secret Weapons?

Marc Polymeropoulos woke up in his hotel room with his head spinning and ears ringing. "I felt like I was going to vomit. I couldn't stand up. I was falling over," he recalls. "I have been shot at numerous times and this was the most terrifying experience in my life."

Polymeropoulos had spent years in Iraq, Syria and Afghanistan as a senior officer of the CIA fighting America's war on terrorism. But that night in Moscow he believes he was targeted by a secret, microwave weapon. more

Spyware in Wallpaper, Restaurant and Games Apps

Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents, according to a leading cyber-security company.

The efforts were directed against individuals in Iran and 12 other countries, including the UK and US, Check Point said.

It said the two groups involved were using new techniques to install spyware on targets' PCs and mobile devices.

And this was then being used to steal call recordings and media files.

One of the groups, known as Domestic Kitten or APT-50, is accused of tricking people into downloading malicious software on to mobile phones by a variety of means including:

  • repackaging an existing version of an authentic video game found on the Google Play store
  • mimicking an app for a restaurant in Tehran
  • offering a fake mobile-security app
  • providing a compromised app that publishes articles from a local news agency
  • supplying an infected wallpaper app containing pro-Islamic State imagery
  • masquerading as an Android application store to download further software more

Snatched from a Beach to Train North Korea's Spies

15 November 1977, Niigata, Japan: It was after sunset on a crisp November evening when Megumi Yokota left her last badminton practice. Sharp winds chilled the fishing port of Niigata, and the grey sea rumbled at its brink.

The lights of home were seven minutes' walk away.

Megumi, 13, with her book-bag and badminton racquet, said goodbye to two friends 800ft from her parents' front door. But she never reached it...

Out on the Sea of Japan a boat manned by North Korean agents was speeding towards the Korean Peninsula with a terrified schoolgirl locked in the hold...

The country's future leader Kim Jong-il, then head of its intelligence services, wanted to expand his spy programme. Kidnapped foreigners weren't just useful as teachers. They could be spies themselves, or Pyongyang could steal their identities for false passports. They could marry other foreigners (something forbidden to North Koreans), and their children, too, could serve the regime. more

Courthouse TSCM Surveillance Sweep Yields...

At the Jackson County Commission meeting... Interim Chairman Jason Venable gave an update on the counter-surveillance sweep that was done at the courthouse after allegations of covert surveillance surfaced. 

Venable held a four-page report as he gave the results.
Venable stated, “Based on the examinations, the writer is of the opinion that no video evidence or active covert video/audio/collection evidence was identified in the area examined during the time of these examinations.

According to Venable, the person who performed the sweep is from a company in Birmingham and is the same person hired for the Bench and Bar, who swept the entire upstairs of the courthouse, such as offices, judge’s chambers, courtrooms, etc., along with the bottom floors. According to EMA Director, Paul Smith, the sweeps lasted until almost midnight. Each department head was present and directed to ensure every possible area was covered. more

People need InfoSec tips. People want TikTok-style Sea Shanties...

So Rachel Tobac of Social Proof Security gave the people what they want:
a TikTok-style sea shanty about infosec. more sing-a-long



Monday, February 1, 2021

Russian Hack Changes Court Rules on Handling Sensitive Information

Trial lawyer Robert Fisher is handling one of America’s most prominent counterintelligence cases... Under new court rules, he’ll have to print out any highly sensitive documents and hand-deliver them to the courthouse.

Until recently, even the most secretive material — about wiretaps, witnesses and national security concerns – could be filed electronically. But that changed after the massive Russian hacking campaign that breached the U.S. court system’s electronic case files and those of scores of other federal agencies and private companies.

The new rules for filing sensitive documents are one of the clearest ways the hack has affected the court system. But the full impact remains unknown. Hackers probably gained access to the vast trove of confidential information hidden in sealed documents, including trade secrets, espionage targets, whistleblower reports and arrest warrants. It could take years to learn what information was obtained and what hackers are doing with it. more

And The Darwin Award for Spying Goes To...

VA - The Stafford County Sheriff's office has charged a "Peeping Tom" who was allegedly spying on women in a locker room at Onelife Fitness on Garrisonville Road in Stafford, Virginia.

The alleged peeper, identified as 41-year-old Brian Anthony Joe of Woodbridge, was charged after falling through a ceiling in the women's locker room at the gym and landing on a woman below. He was then cornered by patrons at the gym until law enforcement arrived. more



PI News: Famous Private Eye Jack Palladino Gravely Injured in Robbery / RIP

Jack Palladino, the (San Francisco) private investigator who worked on high-profile cases ranging from the Jonestown mass suicides to celebrity and political scandals, has been placed on life support after suffering a head injury during an attempted robbery.

Palladino, 70, had just stepped outside his San Francisco home on Thursday to try out his new camera when a car pulled up and a man jumped out to grab it from him, police and the detective's stepson Nick Chapman told the San Francisco Chronicle.

As the suspect grabbed the camera, Palladino fell and hit his head on the pavement, causing a traumatic head injury. Chapman said Palladino was not expected to survive after undergoing surgery to stop the massive bleeding.

Palladino was wrapping up one final case before joining his wife and work partner, Sandra Sutherland, in retirement.  more

UPDATE: Jack died February, 1 2021. more

Tuesday, January 26, 2021

Jackson County (AL) Conducts "Professional Search" for Surveillance Cameras

AL - The Jackson County Commissioners Office moved ahead with a professional search of the courthouse, and a number of other county buildings in Scottsboro, after the discovery of a surveillance camera that may have been used to inappropriately watch a female employee. The Alabama Law Enforcement Agency (ALEA) is currently investigating those allegations...


District 3 Commissioner AJ Buckner told News 19 that so far, they have found no evidence that any other cameras are where they should not be, but they would like to go through a security sweep process to be sure.

No word from officials on whether Tuesday’s sweep turned up any inappropriately placed surveillance cameras. The investigation by ALEA is ongoing. more

This is an uncommon case of smart due diligence. Congratulations JCCO. If you would like to learn how to perform your own search, click here.