Friday, March 19, 2021

Spy Tech: Listening May be the Key to Cloning Your Key Says Spikey

Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raises suspicion. 

In this paper, we propose SpiKey, a novel attack that significantly lowers the bar for an attacker as opposed to the lock-picking attack, by requiring only the use of a smartphone microphone to infer the shape of victim’s key, namely bittings (or cut depths) which form the secret of a key. 

When a victim inserts his/her key into the lock, the emitted sound is captured by the attacker’s microphone. SpiKey leverages the time difference between audible clicks to ultimately infer the bitting information, i.e., shape of the physical key.

As a proof-of-concept, we provide a simulation, based on real-world recordings, and demonstrate a significant reduction in search space from a pool of more than 330 thousand keys to three candidate keys for the most frequent case. more

Wednesday, March 17, 2021

Ion Mihai Pacepa, Key Cold War Defector, Dies at 92

A general in the Romanian intelligence service, he later revealed the corruption and cruelty behind his country’s Communist regime. He died of Covid-19.

Lt. Gen. Ion Mihai Pacepa, a senior Romanian intelligence official and an adviser to his country’s president, Nicolae Ceaucescu, arrived in Bonn, West Germany, one day in June 1978 on a diplomatic mission. Mr. Ceaucescu had given him a message for the German chancellor — and orders to devise a plan to assassinate an American journalist who covered Romania.

An engineer who specialized in industrial espionage, Mr. Pacepa had no interest in murder. And so, he entered the U.S. Embassy and announced his intention to defect. When he landed at Andrews Air Force Base a few days later, he became one of the highest-ranking officials to flee the Soviet bloc during the Cold War.

Mr. Ceaucescu offered a $2 million reward for his death, and reportedly hired Ilich Ramírez Sánchez, a Venezuelan terrorist known as Carlos the Jackal, to find him. more

Poor Due Diligence Can Carry a Costly Bite

A failure to properly consider cyber security in M&A due diligence could be a ticking time bomb for companies, with undiscovered breaches leading to reputational damage and multimillion-dollar fines.

The warning from consulting giant Accenture comes as cyber security firm McAfee unveils an espionage campaign linked to a Chinese hacking group it said is targeting telcos in the US, Europe and south-east Asia. more

Cyber is only one M&A due diligence technical precaution to undertake.

Secret Recordings & a High Stakes Divorce

UK - A judge is overseeing a private divorce court hearing featuring a member of one of Britain's most famous business families and his estranged wife.

Sir Frederick Barclay, 86, and Lady Hiroko Barclay, 78, are both expected to give evidence at the virtual trial in the Family Division of the High Court...

The nephews - all sons of his twin brother David - allegedly made over 94 hours of secret recordings as part of what his lawyers have described as 'commercial espionage on a vast scale'. more | Some of the bugging video.

In Recent Spy News...

Spies may have been among those forced to work remotely by the coronavirus pandemic, say researchers from the Finnish Security and Intelligence Service Supo... According to Supo researcher Veli-Pekka Kivimäki, the number of online espionage targets has risen in part because of the increase in the number of people working remotely. more

The U.S. intelligence community concluded with “high confidence” that China didn’t attempt to change the outcome of the 2020 election, an assessment that contradicts repeated assertions by former President Donald Trump and his allies. more

Email-management provider Mimecast has confirmed that a network intrusion used to spy on its customers was conducted by the same advanced hackers responsible for the SolarWinds supply chain attack. more

Privacy-focussed search engine DuckDuckGo (DDG) called out Google for spying on users after the latter updated privacy labels on Apple’s App Store to show the type of data it collects from users. more

Iran has charged a French tourist with spying and “spreading propaganda against the system,” his lawyer said Monday, the latest in a series of cases against foreigners at a time of heightened tensions between Iran and the West. more

A 22-year-old Army personnel has been arrested on charges of spying and leaking confidential information to Pakistani agents. Akash Mehria, who hails from Sikar, was allegedly honey-trapped and was supplying information to woman Pakistani agents. more

Podcast studio Wondery has released the first audio trailer for Spy Affair, a new six-part miniseries. The show, which premieres March 30th on Apple Podcasts, investigates the true story of Russian gun advocate Maria Butina, who was convicted in 2018 of conspiring to act as a foreign agent within the United States. more

China to soon try 2 Canadians on spying charges... A Communist Party newspaper says China will soon begin trials for two Canadians arrested in apparent retaliation for Canada's detention of a senior executive for Chinese communications giant Huawei Technologies. more

How to Hire a Genuine Hacker For Cell Phone Spying Easily... Would you like to hire a genuine hacker for cell phone spying anonymously? All we know that finding real professional hackers on the internet is as difficult as finding water in the desert. We have come to highlight some of the special aspects of cell phone hacking to alleviate your suffering. more

In post-war Armenia, spy mania running amok... Two spy scandals involving well-regarded organizations speak to Armenians’ loss of faith in the international community, as well as the opposition’s interest in taking advantage of that mistrust. Our weekly Post-war Report. more

Google Jumps into Your Nest with its Own New Nest

Google has launched a new ‘Nest Hub’ home assistant that tracks its owners’ sleep.

It comes in a range of colors, and can be ordered today. Like the existing Nest Hub, it can show photos and videos from Google’s owner services like YouTube and Google Photos, integrates with other services such as Netflix, and can be used to control the home.

But its standout feature is its new sleep tracking technology. To use it, the Nest Hub is supposed to be placed on a bedside table, so that it can monitor its owners as they sleep

It can not only track the amount of sleep, and how deep it is, but also other things that might disturb that sleep – as well as other people sharing the bed – such as coughing and snoring. more

Interesting points...
• Google says the recorded audio and raw Soli data stays on the device and does not get sent to Google, though extrapolated sleep event data is sent to the company’s servers.
• Sleep Sensing (Google’s name for sleep tracking) is completely opt-in and can be disabled at any time.
• This will be a paid feature.
For some people this will be helpful and worth it. For others, it is AI creepy creep.
Hackers, on your mark! ...

A Hacker Got All My Texts for $16

A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

I didn't expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me. more

Wednesday, March 10, 2021

Information Security as a Service (ISaaS) - The Future of Information Security

Information Security as a Service (ISaaS) - The Future of Information Security
Free-world businesses know they have a problem. They are bleeding their life-blood. Manufacturing was phlebotomized first. Bleeding now is their intellectual property and confidential information. What happens when these are gone?

We are watching a death of a thousand cuts, but it can be stopped. This paper examines how to do it... more

Security startup Verkada hack exposes 150,000 security cameras...

 ... in Tesla factories, jails, and more.

Verkada, a Silicon Valley security startup that provides cloud-based security camera services, has suffered a major security breach. Hackers gained access to over 150,000 of the company’s cameras, including cameras in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, jails, schools, police stations, and Verkada’s own offices, Bloomberg reports.

According to Tillie Kottmann, one of the members of the international hacker collective that breached the system, the hack was meant to show how commonplace the company’s security cameras are and how easily they’re able to be hacked. In addition to the live feeds, the group also claimed to have had access to the full video archive of all of Verkada’s customers... more

Monday, March 8, 2021

Privacy and the Clubhouse App

Clubhouse might be the hottest app that's not even publicly available yet, but privacy issues are already being discussed online. Some of the people who are particularly upset? Those who say they have profiles without even having used the app before...

Clubhouse reportedly requests access to your phone's contacts, under the pretense that you can connect with other users of the social network. But people are claiming that Clubhouse takes information from your contact list and builds "shadow profiles" of people who have never signed up...

If you allow Clubhouse to use your contact list, the app then reportedly has access to your contacts' names, phone numbers and how many friends they have on Clubhouse. But that's not all. Privacy advocates note Clubhouse records voice chats of the virtual rooms, which also doesn't sit well with some current users of the app.

Clubhouse's Community Guidelines states: "Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live." more

More privacy considerations...
Clubhouse app technology runs on the platform of Agora.io, an audio tech startup in Shanghai, China.

• Voice recordings may be paired with personal account details, and transferred into a government dossier for future voice identification surveillance purposes.
• What is said using the app may not be very private given hackers, lurkers and government interests. Not a good way to communicate confidentially.

“I refuse to join any club that would have me as a member” Groucho Marx

 

TSCM Detection Evaluation of the AudioWow Wireless Microphone

AudioWow advertising is enticing, a Wireless Audio Studio Microphone in a Matchbox Size.

Certain features pointed in that direction…

  • Nano sized.
  • Records directly to a smartphone.
  • Up to 50 foot range. Good enough for some operations.
  • Bluetooth transmission. Low probability of intercept.
  • Professional quality sound.
  • Equalization capabilities.
  • Noise reduction capabilities.
  • Audio to text transcription… in 120 different languages!

Could it be useful as a spy device?
Could a TSCM bug sweep detect it?

We tested and found... more

Saturday, March 6, 2021

Spy Tech - Molar Mic - No more finger to ear and mouth to sleeve.

Next time you pass someone on the street who appears to be talking to themselves, they may literally have voices inside their head…and be a highly trained soldier on a dangerous mission. 

The Pentagon has inked a roughly $10 million contract with a California company to provide secure communication gear that’s essentially invisible.

Dubbed the Molar Mic, it’s a small device that clips to your back teeth. The device is both microphone and “speaker,” allowing the wearer to transmit without any conspicuous external microphone and receive with no visible headset or earpiece. 

Incoming sound is transmitted through the wearer’s bone matter in the jaw and skull to the auditory nerves; outgoing sound is sent to a radio transmitter on the neck, and sent to another radio unit that can be concealed on the operator. From there, the signal can be sent anywhere. more

Wednesday, March 3, 2021

How the Cincinnati FBI Cracked the Chinese Spy Case at GE Aviation

The GE Aviation engineer was deeply involved in the design and analysis of new commercial jet engines, a technology at the top of the shopping lists of Chinese intelligence operatives.

It took the spies only a few months to get him to accept their offer: A $3,500 fee paid in U.S. currency, and free travel, lodging and meals for a one-hour presentation in China. more

GE Aviation takes their information security seriously. Applause. Most companies aren't doing all they can. Too few employ Technical Surveillance Countermeasures (TSCM) / counterespionage consultants, for example. The result... They don't know what they are missing, in more ways than one.

Friday, February 26, 2021

What Work From Home is Doing to Corporate Security

Behavox, AI-based data operating platform used by firms to catch misconduct before it causes massive regulatory fines and company crises, has found a startling increase in corporate misbehavior and decline in employee morale as a result of working at home indefinitely...

The ECR Report reveals numerous misconduct and morale issues resulting from loosening professional standards, widespread frustration, and mounting stress. 

Prominent findings include the prevalence of illegal misconduct, such as employees willingly breaking security policies, corporate theft, and espionage, as well as harmful behavior like racism, sexual harassment, and bullying... 

Key Findings

Illegal Misconduct: Pornography, Drugs, And Espionage - the report cites instances of employees who:

Intentionally broke the company's security policy (19 percent)

● Witnessed employees stealing corporate information (16 percent in U.S., 8 percent overall)

● Know an employee who willingly introduced a security threat to sabotage their company (16 percent)

● Know actual employees arrested for suspected corporate or international espionage (11 percent)
more

.....Word on The Street.....

Goldman Sachs: Bank boss rejects work from home as the 'new normal'
“I do think for a business like ours, which is an innovative, collaborative apprenticeship culture, this is not ideal for us. And it’s not a new normal. It’s an aberration that we’re going to correct as soon as possible,” he told a conference on Wednesday. more

.....What Smart Corporations Will Be Doing Soon.....

Electronic Eavesdropping Detection – The Other Corporate Covid Deep Clean
"
The reality is, organizations just don’t know if employees will be returning to hot-wired offices."

.....UPDATE 3/10/2021.....  

A Quarter of American Workers Are Already Back at the Office
Employers are hoping FOMO gets you to come in, too.

Tuesday, February 23, 2021

The Most Secure and Anonymous Communication Tools Available

 via David Koff, Tech Talk - The Technology Newsletter for Everyone...

What I’m about to share with you here is… kind of fringe. Like, “Edward Snowden” fringe.

Hopefully, that got your attention.

For some years now, the hacker, privacy, and journalism communities have all been debating, discussing, and using the tools I’m about to share with you in this installment. These tools are used not only to lock down your security and anonymity on the known internet, but also to access the portions of the internet that are normally hidden — “The Dark Web.” 

Despite their usefulness, I haven’t really seen information about these tools shared with the general public in a straightforward, easy-to-understand way. I think it’s worth changing that; while most of us don’t need the same high-privacy, high-security tools that confidential informants, journalists, and whistleblowers use, we should all know about these tools in case the time comes when we actually need them. more