I didn't expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me. more
Wednesday, March 17, 2021
A Hacker Got All My Texts for $16
Wednesday, March 10, 2021
Information Security as a Service (ISaaS) - The Future of Information Security
We are watching a death of a thousand cuts, but it can be stopped. This paper examines how to do it... more
Security startup Verkada hack exposes 150,000 security cameras...
... in Tesla factories, jails, and more.
Verkada, a Silicon Valley security startup that provides cloud-based security camera services, has suffered a major security breach. Hackers gained access to over 150,000 of the company’s cameras, including cameras in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, jails, schools, police stations, and Verkada’s own offices, Bloomberg reports.According to Tillie Kottmann, one of the members of the international hacker collective that breached the system, the hack was meant to show how commonplace the company’s security cameras are and how easily they’re able to be hacked. In addition to the live feeds, the group also claimed to have had access to the full video archive of all of Verkada’s customers... more
Monday, March 8, 2021
Privacy and the Clubhouse App
Clubhouse might be the hottest app that's not even publicly available yet, but privacy issues are already being discussed online. Some of the people who are particularly upset? Those who say they have profiles without even having used the app before...
Clubhouse reportedly requests access to your phone's contacts, under the pretense that you can connect with other users of the social network. But people are claiming that Clubhouse takes information from your contact list and builds "shadow profiles" of people who have never signed up...
If you allow Clubhouse to use your contact list, the app then reportedly has access to your contacts' names, phone numbers and how many friends they have on Clubhouse. But that's not all. Privacy advocates note Clubhouse records voice chats of the virtual rooms, which also doesn't sit well with some current users of the app.
Clubhouse's Community Guidelines states: "Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live." more
More privacy considerations...
• Clubhouse app technology runs on the platform of Agora.io, an audio tech startup in Shanghai, China.
• Voice recordings may be paired with personal account details, and transferred into a government dossier for future voice identification surveillance purposes.
• What is said using the app may not be very private given hackers, lurkers and government interests. Not a good way to communicate confidentially.
“I refuse to join any club that would have me as a member” ― Groucho Marx
TSCM Detection Evaluation of the AudioWow Wireless Microphone
Certain features pointed in that direction…
- Nano sized.
- Records directly to a smartphone.
- Up to 50 foot range. Good enough for some operations.
- Bluetooth transmission. Low probability of intercept.
- Professional quality sound.
- Equalization capabilities.
- Noise reduction capabilities.
- Audio to text transcription… in 120 different languages!
Could it be useful as a spy device?
Could a TSCM bug sweep detect it?
We tested and found... more
Saturday, March 6, 2021
Spy Tech - Molar Mic - No more finger to ear and mouth to sleeve.
Next time you pass someone on the street who appears to be talking to themselves, they may literally have voices inside their head…and be a highly trained soldier on a dangerous mission.
The Pentagon has inked a roughly $10 million contract with a California company to provide secure communication gear that’s essentially invisible.
Dubbed the Molar Mic, it’s a small device that clips to your back teeth. The device is both microphone and “speaker,” allowing the wearer to transmit without any conspicuous external microphone and receive with no visible headset or earpiece.
Incoming sound is transmitted through the wearer’s bone matter in the jaw and skull to the auditory nerves; outgoing sound is sent to a radio transmitter on the neck, and sent to another radio unit that can be concealed on the operator. From there, the signal can be sent anywhere. more
Wednesday, March 3, 2021
How the Cincinnati FBI Cracked the Chinese Spy Case at GE Aviation
It took the spies only a few months to get him to accept their offer: A $3,500 fee paid in U.S. currency, and free travel, lodging and meals for a one-hour presentation in China. more
GE Aviation takes their information security seriously. Applause. Most companies aren't doing all they can. Too few employ Technical Surveillance Countermeasures (TSCM) / counterespionage consultants, for example. The result... They don't know what they are missing, in more ways than one.
Friday, February 26, 2021
What Work From Home is Doing to Corporate Security
The ECR Report reveals numerous misconduct and morale issues resulting from loosening professional standards, widespread frustration, and mounting stress.
Prominent findings include the prevalence of illegal misconduct, such as employees willingly breaking security policies, corporate theft, and espionage, as well as harmful behavior like racism, sexual harassment, and bullying...
Key Findings
Illegal Misconduct: Pornography, Drugs, And Espionage - the report cites instances of employees who:
● Intentionally broke the company's security policy (19 percent)
● Witnessed employees stealing corporate information (16 percent in U.S., 8 percent overall)
● Know an employee who willingly introduced a security threat to sabotage their company (16 percent)
● Know actual employees arrested for suspected corporate or international espionage (11 percent)
more
.....Word on The Street.....
Goldman Sachs: Bank boss rejects work from home as the 'new normal'
“I do think for a business like ours, which is an innovative,
collaborative apprenticeship culture, this is not ideal for us. And it’s
not a new normal. It’s an aberration that we’re going to correct as
soon as possible,” he told a conference on Wednesday. more
.....What Smart Corporations Will Be Doing Soon.....
Electronic
Eavesdropping Detection – The Other Corporate Covid Deep Clean
"The reality is, organizations just don’t know if
employees will be returning to hot-wired offices."
.....UPDATE 3/10/2021.....
A Quarter of American Workers Are Already Back at the Office
Employers are hoping FOMO gets you to come in, too.
Tuesday, February 23, 2021
The Most Secure and Anonymous Communication Tools Available
via David Koff, Tech Talk - The Technology Newsletter for Everyone...
What I’m about to share with you here is… kind of fringe. Like, “Edward Snowden” fringe.
Hopefully, that got your attention.
For some years now, the hacker, privacy, and journalism communities have all been debating, discussing, and using the tools I’m about to share with you in this installment. These tools are used not only to lock down your security and anonymity on the known internet, but also to access the portions of the internet that are normally hidden — “The Dark Web.”
Despite their usefulness, I haven’t really seen information about these
tools shared with the general public in a straightforward,
easy-to-understand way. I think it’s worth changing that; while most of
us don’t need the same high-privacy, high-security tools that confidential informants, journalists, and whistleblowers use, we should all know about these tools in case the time comes when we actually need them. more
New iOS 14.5 Security Feature Will Stop Hackers in Their Tracks
In fact, Apple has already been taking steps to harden iOS 14 against one of the most common exploits — iMessage vulnerabilities — thanks to a very cool new technology dubbed ‘Blastdoor’. However, it looks like Blastdoor was only the beginning, with iOS 14.5 adding some new defences against “zero-click” attacks in general...
As the name implies, a “zero-click attack” is a method by which
hackers can take advantage of security vulnerabilities to get into your
iPhone or iPad without requiring any interaction on your part. more
Monday, February 22, 2021
Hot Microphone Strikes Again – School Board Resigns
The president and three members of a school board in Northern California have resigned after they were heard making disparaging comments about parents in the school district during a virtual board meeting last Wednesday.
Members of the Oakley Union Elementary School District (OUESD) Board of Trustees apparently believed they were speaking privately in the moments before the meeting started, CNN affiliate KPIX reported, when in fact, community members had already logged on to watch.
In a recording of the meeting posted anonymously to YouTube, the superintendent and board members are heard discussing the agenda for the meeting before then-board member Kim Beede says, "Are we alone?" more sing-a-long
Friday, February 19, 2021
This Week in Spy News
Electronics shops in Hong Kong have seen a sharp increase in demand for cheap burner phones as the Chinese-ruled city’s government eases coronavirus restrictions but pushes the use of a Covid-19 contact-tracing app which has raised privacy concerns. more
Congressman Murphy reintroduces legislation to crack down on foreign spying at universities... According to the Intellectual Property Commission, they estimate foreign groups steal $300 billion in American intellectual property annually, and the Commission says China is responsible for 70% of that theft or $210 billion annually. more
Critical Flaw in Agora SDK Lets Hackers Eavesdrop on Live Video Calls...
Agora works with MeetMe to integrate its
live video streaming features with the popular dating app and online
therapy platform Talkspace to facilitate online mental health therapy sessions. more
SolarWinds attack hit 100 companies and took months of planning, says White House...
Anne Neuberger, deputy national security advisor for Cyber and Emerging Technology at the White House, said in a press briefing
that nine government agencies were breached while many of the 100
private sector US organizations that were breached were technology
companies. more
WARNING: Web Tracking Might Expose Businesses to Wiretapping Lawsuits...
Imagine this. A consumer goes to your website to buy your goods or
services. Your website works great, thanks in part to a small bit of
code your company licenses that allows you to track a consumer’s
experience on your website, commonly called “session replay” software....A few weeks later you’re being served with a class action lawsuit
alleging violations of the Federal Wiretap Act and/or analogous State
statutes... more
Top 9 Surveillance Videos of the Week: Naked Man Breaks Into House With Baseball Bat...
Other top surveillance videos of the week include the “world’s worst Door Dash driver,” an armed dog theft and more.
'Spy pixels in emails have become endemic'...
Emails pixels can be used to log:
• if and when an email is opened
• how many times it is opened
• what device or devices are involved
• the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on. more
Former Union Spy & Freedom Crusader, Harriet Tubman Inducted Into Hall of Fame...
One hundred and fifty years after
her work as a Union spy, Harriet Tubman is being inducted into the U.S.
Military Intelligence Corps Hall of Fame, The Washington Post reports. more
James Bond Theory: 007's True Mission Is to Distract From OTHER Spies...
For those wondering how such a non-secretive spy became so prominent, a recent Reddit theory
looks to provide an answer — and it's pretty convincing. James Bond
isn't meant to be a successful agent; he is a distraction that allows
other truly secret MI6 operatives to complete their missions. more
Corporate espionage has never been easier. Workplaces—unpopulated for months— became easy targets for corporate spies and foreign government types. The pandemic created a golden opportunity to Deep Plant their electronic surveillance devices...The reality is, organizations just don’t know if employees will be returning to hot-wired offices. more
Wednesday, February 17, 2021
Spymaster’s Prism by Jack Devine (book)
In Spymaster’s Prism the legendary former spymaster Jack Devine details the unending struggle with Russia and its intelligence agencies as it works against our national security.
Devine tells this story through the unique perspective of a seasoned CIA professional who served more than three decades, some at the highest levels of the agency. He uses his gimlet-eyed view to walk us through the fascinating spy cases and covert action activities of Russia, not only through the Cold War past but up to and including its interference in the Trump era. Devine also looks over the horizon to see what lies ahead in this struggle and provides prescriptions for the future.
- Hardcover : 304 pages
- ISBN-10 : 1640123784
- ISBN-13 : 978-1640123786
- Item Weight : 1.74 pounds
- Dimensions : 5.98 x 9.02 inches
- Publisher : Potomac Books (March 1, 2021)
- Language: : English
Monday, February 15, 2021
Pretty Good Phone Privacy - Protects Both User Identity and Location
Abstract
To receive service in today’s cellular architecture phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations as operators sell and leak identity and location data of hundreds of millions of mobile users.In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators.
We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified back end stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency trade-offs in a simulation of a large metropolitan region. We show how PGPP maintains today’s control overheads while significantly improving user identity and location privacy. more
BONUS... "It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers." a good summary explanation
Thursday, February 11, 2021
There Are Spying Eyes Everywhere...
...and Now They Share a Brain.
Security cameras. License plate readers. Smartphone trackers. Drones. We’re being watched 24/7. What happens when all those data streams fuse into one?...it’s a mistake to focus our dread on each of these tools individually. In many places across the world, they’re all inputs for a system that, with each new plug-in, reaches a little closer to omniscience.
That idea—of an ever-expanding, all-knowing surveillance platform—used to be a technologist’s fantasy, like the hoverbike or the jetpack. To understand how this particular hoverbike will finally be built, I began by calling up the people who designed the prototype. more