Vishing — Phone Call Attacks and Scams

via Jen Fox, SANS OUCH Newsletter...
While some of today’s cyber criminals do use advanced technologies, many simply use the phone to trick their victims...

The greatest defense you have against a phone call attack is yourself. Keep these things in mind:

• Anytime anyone calls you and creates a tremendous sense of urgency or pressure, be extremely suspicious. They are attempting to rush you into making a mistake. Even if the phone call seems OK at first, if it starts to feel strange, you can stop and say “no” at any time.

• Be especially wary of callers who insist that you purchase gift cards or prepaid debit cards.

• Never trust Caller ID. Bad guys will often spoof the number, so it looks like it is coming from a legitimate organization or has the same area code as your phone number.

• Never allow a caller to take temporary control of your computer or trick you into downloading software. This is how they can infect your computer.

• Unless you placed the call, never give the other party information that they should already have. For example, if the bank called you, they shouldn’t be asking for your account number.

• If you believe a phone call is an attack, simply hang up. If you want to confirm that the phone call was legitimate, go to the organization’s website (such as your bank) and call the customer support phone number directly yourself. That way, you really know you are talking to the real organization.

• If a phone call is coming from someone you do not personally know, let the call go directly to voicemail. This way you can review unknown calls on your own time. Even better, on many phones you can enable this by default with the “Do Not Disturb” feature. more
  

Apple Airtags - You're It

A new report today says that AirTag stalking is “frighteningly easy” thanks to a number of weaknesses in Apple’s privacy protections...

...three days is a very long time to be tracked without your knowledge if you are an Android user. Additionally, for a stranger stalker, they would be able to track you to your home address or another location you frequently visit, before you are alerted – in other words, after the damage is done...

...An AirTag starts a three-day countdown clock on its alarm as soon as it’s out of the range of the iPhone it’s paired with. Since many victims live with their abusers, the alert countdown could be reset each night when the owner of the AirTag comes back into its range...

...There’s an option in the Find My app to turn off all of these “item safety alerts” — and adjusting it doesn’t require entering your PIN or password. People in abusive situations don’t always have total control over their phones...

...The only protection for Android users is the audible alert after three days, and it’s already been shown that the speaker can be disabled... more

Some Eavesdropping Okay in All Party Consent State (PA)

Recently, in Commonwealth v. Mason, J-44-2020 No. 69 MAP 2019 (March 25, 2021), the Pennsylvania Supreme Court held that audio interceptions, made in the bedroom of toddler-aged victims of a nanny’s physical and verbal abuse, when such interceptions were captured by a camera hidden in a bedroom of the house by the father (and house owner) of the toddler-aged victims, did not violate the rights of the defendant (the nanny) under the Wiretapping and Electronic Surveillance Act (Wiretap Act), 18 Pa.C.S. Sections 5701-5782, and so were admissible. The Supreme Court drew a proper and logical conclusion from the facts and the law and, hopefully, brought us closer to a reasonable look at the issue... more

Coca-Cola Chemist Guilty of Stealing Trade Secrets, Espionage

While Coca-Cola’s namesake syrup for its flagship soft drink is one of the most well-known trade secrets in food manufacturing, the beverage giant’s other secrets apparently are a little more vulnerable.

On April 22, the U.S. Department of Justice said that a federal jury in Tennessee convicted a Michigan woman of conspiracy to steal trade secrets, economic espionage and wire fraud regarding Coke’s formulas for its BPA-free coatings inside its beverage cans. She was originally indicted in February 2019, with a superseding indictment charged in August of last year.

According to court documents and evidence presented during her 12-day trial, 59-year-old Dr. Xiaorong You, who goes by Shannon You, stole the valuable formulation material while working for the company in Atlanta and at Eastman Chemical Company in Kingsport, Tennessee. The stolen BPA trade secrets belonged to major chemical and coating makers that include Akzo-Nobel, BASF, Dow Chemical, PPG and others, and cost nearly 120 million dollars to develop. more

MI6 is Hiring "Q" Anonymously

Can you turn a wristwatch into an explosive, or perhaps you are able to design some X-ray glasses to see who is carrying a concealed weapon?

If so, perhaps you should apply to be the next "Q" at Britain's MI6 foreign spy service.

The head of Britain's Secret Intelligence Service said on Thursday (April 29) that the spy agency was hunting for a new tech chief, "Director General Q", known to all James Bond movie fans simply as "Q".

"We're looking for a new 'Q'. If you want to serve your country by helping MI6 to develop the operational technology of the future, please take a look," Mr Richard Moore wrote on Twitter...

The ad warned that the successful candidate would "not be publicly avowed", while there was no mention of any ability to design watches with lasers or bagpipes that turn into flamethrowers. more

Too Smart for Their Own Good, Smart TVs

A recent revelation regarding privacy violations by Skyworth TV has rattled smart TV users in China...the app that does the job is called Gozen Data, which is pre-installed on the TV’s Android system and which would scan the devices, sending back data from hostname, Mac, ip addresses, network delay times, and even nearby WiFi SSID names to a database called gz-data.com.

The website traces back to Dozen, a big data company. At time of this article’s publication, the official website of Gozen has gone into repair, but other open resources show that this company has long established partnerships with not only Skyworth, but also a series of smart TV manufacturers as well, including Sanyo, TCL, Toshiba and Philips. The firm collects data by implanting system development kits in the system layer, and is able to draw a massive amount of information... more

Guess Who Had Lower Pandemic Numbers

via John Jay College...

The COVID-19 pandemic is one of the reasons that national security investigations of possible terrorists and those working for foreign agents fell sharply last year, says a new government report. 

Far fewer targets underwent secret surveillance, according to NPR. The Foreign Intelligence Surveillance Act empowers the FBI to monitor the communications inside the United States of people suspected of being agents of a foreign power. more

Drone Spying Claims 'Tiger King' star Jeff Lowe

'Tiger King' star Jeff Lowe claims Carol Baskin, husband Howard were spying on his property with drones. Howard Baskin denied snooping on the 'Tiger King' star in a statement to Fox News.

The owner of the Greater Wynnewood Exotic Animal Park in Oklahoma alleged to TMZ on Tuesday that he called local police to report some activity at his plot in Thackerville after his son supposedly spotted a drone flying high above the property.

The "Tiger King" star further claims that when he went to confront a film crew that appeared to be filming, Baskin and Howard bolted and Lowe ended up in a scuffle with one of his neighbors, who was allegedly with the film crew.

Lowe’s neighbors – a couple – ran away when confronted but the neighbors' son allegedly got in a tussle with Lowe, the gossip site reported Lowe told them of the incident on Tuesday. more

 

Animal Surveillance Tech - Bird Buddy

You want a Bird Buddy? It’s a smart bird feeder that notifies you via an app when a feathered friend has approached the vicinity.

The in-built camera turns on, records and takes pictures of the wee thing as it pecks away at the bird seed. And you can get your kicks as you watch it and take pictures on your phone.

The team behind the Bird Buddy says it captures their photos and organizes them in a “beautiful collection that is easy to view and share." more

Note: This is a crowd-funded project.
$7,132,542 USD by 30,767 backers
$5,092,995 USD by 22,921 backers on Jan 14, 2021 with another platform

China Steps up Monitoring of Foreigners in Anti-Spying Push

Chinese social groups, enterprises and public entities will have increased responsibility to combat foreign espionage under new regulations issued by the country’s ministry of state security.

The regulations, which were released and took effect on Monday, come amid deepening hostilities between China and some western governments, including over the detention of foreigners accused of national security crimes.

According to state media, state security will work with other government departments to “adjust” the list of groups susceptible to foreign espionage and to develop measures to safeguard against it, including Chinese Communist Party and state organs, social groups, enterprises and public institutions. more

This Blast from the Past Kickstarter Funded Fast: "The Prisoner" Action Figures

 In 1967 the cult classic TV series, THE PRISONER, came bursting onto the screen. The series, about an unnamed British intelligence agent who awakes to find himself trapped in an idyllic seaside village, was not only an instant hit with viewers at the time, it went on to be watched and re-watched obsessively by fans, quickly gaining cult status. 

While there have been several collectables released over the decades, THE PRISONER has never received a line of OFFICIALLY LICENSED ACTION FIGURES… and Wandering Planet Toys is working with our licensing partners at ITV Studios to bring to life 4-inch RETRO STYLE ACTION FIGURES that celebrate Patrick McGoohan’s brilliant series. 

But we need the crowdfunding support of PRISONER and ACTION FIGURE fans to make these figures a reality! 

Want to get information about these figures? Good, because by hook or by crook you will! 

Feeling like a prisoner?
Need a vacation?
I can personally recommend this... Portmeirion Village | Holiday Resort North Wales  Portmeirion is an enchanting Italianate style village on the coast of North Wales, ideal for a day out or weekend break for families, couples and more.

PI Alert: Samsung is Crippling Your Latest Surveillance Trick

Samsung has announced that customers will soon be able to scan for unknown Galaxy SmartTags trackers using Samsung’s SmartThings Find service. The feature, called Unknown Tag Search, will be coming to the SmartThings app starting next week. 

Users will be able to scan the nearby area for any SmartTags that don’t belong to them but that are moving along with them. This feature could be a big win for safety, providing an easy way to make sure that nobody’s tracking you with a tiny SmartTag that they slipped in your backpack, purse, coat pocket, etc. It’s a nice feature if you’re concerned about the privacy or security implications of Tile-like tracking devices. more

TSCM History - 17 Years Ago Today - Sergio (Sarge) Borquez

via Rick Hoffmann...

   I am sorry to report the passing of Sergio (Sarge) Borquez at
approximately 4:30 a.m. on April 20, 2004.  Sarge died of heart failure.

   For those who did not have the pleasure of knowing him, Sarge was one of
the early TSCM professionals.  He joined the Drug Enforcement Agency
shortly after separating from the U.S. Army where he served with the 101st
Airborne (if I recall correctly) during the Korean Conflict.  While with
the DEA he studied technical surveillance and became a specialist.  At one
time Sarge was in charge of providing technical surveillance in the 7
western states.  He was also responsible for installing the DEA's very
first wiretap.  There is a photo of Sarge climbing a telephone pole to
reach the ready access boot to install the tap.  It is a terrific picture.

   Sarge was a humble man who did not discuss his exploits with many
people.  I am privileged to have known him, and to have benefited by his
instruction.  He will be missed  by all who knew him. 

Killer Eavesdropped on Couple for a Year Before Crossbow Killing

UK - Senior Coroner Prof Paul Marks previously heard how Mr Gilmer had told a 999 call handler, after he had been shot, that Lawrence had been listening to the couple's conversations for a year. Mr Gibbs said Lawrence was "a loner with no immediate friends". more 

A loner installed a listening device to eavesdrop on neighbours and altered crossbow darts to make them more lethal before launching a “carefully planned, premeditated” attack, which killed a council worker and seriously injured his pregnant girlfriend...Before shooting Ms Sugden in the head, he told her he’d been listening to them for a year - which was later apparently confirmed by the police's discovery of a listening device with a microphone fixed to his living room wall. more

They found a listening device with a microphone next to his book case which he had used to eavesdrop on the couple's conversations through the wall, Hull Coroner's Court heard...Coroner will call for ban on crossbow sales... more

Chinese Hackers Selling Footage From Home Security Cams for $3

Chinese hackers have stolen videos from tens of thousands of security cameras in private properties across the country and are selling the video clips online as “home video packages,” the Chinese outlet Henan Television reported.

The video footage showcases clips from cameras installed by homeowners for security reasons or others secretly installed by ill-intentioned people in hotels, fitting rooms and beauty salons.

The videos are priced based on how exciting they are and are sold via social media, according to an undercover investigative report aired by the television station on Monday. more  more

You don't have to be a victim. Learn how to spot spycams.