Thursday, June 17, 2021

Security Director Alert: Millions of Connected Cameras Open to Eavesdropping

A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.  


Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency (CISA).

The bug (CVE-2021-32934, with a CVSS v3 base score of 9.1) has been introduced via a supply-chain component from ThroughTek that’s used by several original equipment manufacturers (OEMs) of security cameras – along with makers of IoT devices like baby- and pet-monitoring cameras, and robotic and battery devices. 

The potential issues stemming from unauthorized viewing of feeds from these devices are myriad.

For critical infrastructure operators and enterprises:

  • video-feed interceptions could reveal sensitive business data,
  • production/competitive secrets,
  • information on floorplans for use in physical attacks,
  • and employee information.

And for home users, the privacy implications are obvious. more

Tuesday, June 15, 2021

A Month of Spycam News

IN - A former Indiana police officer awaiting sentencing for recording young girls in a bathroom died by suicide Monday. more

Ireland - Devout Christian busted for filming men and boys using toilet and setting up secret cameras in B&B more

FL - A Florida youth pastor who was previously accused of hiding a camera in a church bathroom has now been charged with possession of child pornography. more

Canada - A Cold Lake high school teacher was charged by RCMP with making child pornography and voyeurism. Assumption teacher James Neil Morrison allegedly installed a camera in a student changeroom and recorded inappropriate imagery of a 16-year-old. more

FL - Robert Sampson, 52, of Gulf Breeze, Florida, pled guilty today to charges of Video Voyeurism and Disorderly Conduct. Sampson surreptitiously videoed eight fellow Department of Veterans Affairs (VA) employees using a hidden recording device that he placed in a restroom at the Veterans Affairs Joint Ambulatory Care Center in Pensacola, Florida, on multiple occasions. more

PA - A Pennsylvania florist has been accused of hiding a small camera in a flower arrangement so that he could spy on a woman. According to local reports, this was learned after a relative of the victim found nude images downloaded on the florist’s computer. more

Japan - Police in Tokyo have arrested a 33-year-old elementary school teacher on suspicion of violating the child pornography law and forcible obstruction of business after he allegedly installed a spy camera inside the girl’s toilet. more

UK - A man has been charged with voyeurism offences involving 107 alleged victims over a period of six years. David Glover, 47, of Edelweiss View in Tallington, is accused of installing camera equipment to observe women doing a private act, without their consent, for his own sexual gratification. more

FL - A bartender in Islamorada was arrested after reportedly placing a video camera that captured photos of a woman in a bathroom... The device was disguised as a USB charging adapter, according to deputies. more

Canada - A former maintenance worker at Royal Oaks Country Club who hid a cellphone in a restroom to secretly record a woman using the toilet was sentenced Monday to 30 days on a work crew. more 

CT - A city man accused of recording guests in his Glenbrook condo while they used the bathroom has pleaded guilty to multiple counts of voyeurism. more 

SC - Riviere is named as a defendant in three separate lawsuits in state court that accuse the management of some Aiken short-term rental properties of secretly recording women who paid to stay there. more 

US - A man has claimed he caught his girlfriend of six years cheating on him by using a hidden spy camera secreted away inside a USB plug that he left in their apartment. The anonymous man, from the US, went viral on TikTok earlier this week after he revealed he had bought a plug-in USB brick, which contained secret spyware... The video, which has been hashtagged #CheatersGettingCaught, has been viewed over 2.5million times and amassed over 432,000 likes. more 

LA - Monroe man arrested on four counts of video voyeurism... The victim then stated she found a video of herself getting in and out of the shower at his residence. Fairly stated that he ordered a clock with a hidden camera on Ebay to record the inside of his house. more

CO - Denver Firefighter Paid $100K over Station Bedroom Spycam. The settlement comes after a former lieutenant was convicted last year in connection with setting up a hidden camera and recording a female firefighter changing clothes. more

S. Korea - There has been a public outcry over a recent case in which a male teacher allegedly installed hidden cameras in a restroom for female teachers at the high school where he works. more

New Zealand - A man who repeatedly planted a spy camera in an Auckland gym's changing rooms to film people naked was promoted to chief executive of Crown entity International Accreditation New Zealand (IANZ) after the offending took place. more 

TN - A former high school nurse has been arrested on child pornography charges for photographing over 40 girl students undressing in the bathroom... The seized photos were all captured through a hidden camera placed in a school bathroom. more  

Japan - A staff member at a social welfare facility in the prefecture resigned after he was accused of illicit filming inside a bathroom, the facility revealed on Monday. The camera, which was hidden inside a pen... “I did it for thrills,” the staff member said in admitting to the allegations. more


UK - Judge James Burbidge QC, sentencing, described how the defendant had hidden a spy camera in an air freshener and had used it to take more than 10,500 photographs. more

You don't have to become a victim. Learn how to detect spy cameras.

Concerns Increase As Business Espionage Escallates

Business espionage has become more common in recent times due to the growth of outsourcing. Outsourcing work reduces the amount of direct contact between workers and employers, yet increases the potential for conflict and theft. An increase in business Espionage is therefore of major concern...

Companies must take steps to protect their intellectual property from employees who may be tempted to use this information to gain an unfair advantage ... The longer Espionage goes on the more the company will pay for it in terms of lost revenue. more

***

Companies—large and small—need to be aware of espionage threats. If that seems a bit overboard, consider the dramatic increase in the number of incidents related to geopolitical cybercrime. 

"Many authoritarian governments are doing everything they can, including using their spy services, to build successful businesses and grow their economies," explained Bill Priestap and Holden Triplett, co-founders of Trenchcoat Advisors, and adjunct professors at Georgetown University's Walsh School of Foreign Service, in their Lawfare Institute article: The Espionage Threat to U.S. Businesses. "These nation-states are consciously building national champions to dominate industries to extend their national power—not just domestically but also worldwide." 

Priestap and Triplett advise the weapon of choice is espionage, since an average business owner would never suspect that kind of interest. "Intelligence and the art of spying are no longer constrained to the government sphere," mention Priestap and Triplett. "The assets that competitor states are now seeking to obtain from the United States are not possessed by the government—they are possessed by companies." more

Yet Another Spycam in a Smoke Detector Story

Rob Riggle’s divorce from his wife, Tiffany, after 21 years of marriage has taken a dramatic, new turn after the actor accused her of hacking his Apple account, taking $28,000 from his home office, and spying on him with a hidden camera... 

The actor says he began to grow suspicious that he was being watched after he noticed that his estranged wife somehow knew about private conversations he’d had in his home office either with or about his girlfriend and assistant...

In response the actor decided in April to have his home swept for devices that might be spying on him, claiming to have found a camera hidden in one of his smoke detectors. He says the camera had a memory card with more than 10,000 videos stored on it. He believes the camera was installed in August 2020 and had likely been watching him ever since. The actor claims that one of those videos shows Tiffany standing on a ladder installing the spy camera...

Riggle has been granted a temporary restraining order against his ex, and another hearing is set for July regarding his request to have all of the footage obtained from the hidden camera analyzed by a forensic expert. more

Imagination Becomes a Reality... somewhat.

≈1990 - Murray Associates... "Picture this. You’re the Chief of R&D at a mid-sized snack food company. You have just discussed a new project with your staff of fifteen. Top secret. Your company is preparing a new cookie. Encapsulated chocolate bits make noises when bitten. From loud pops to whistles to burps, depending on speed of the bite. Your kids loved the idea. But this is only half the secret. In addition to being Sonic, it’s: Natural, Oven-baked, Oil-free, Kalorie-free, and Yogurt-enriched. The staff affectionately names your pet project ‘SNOOKY the Cookie.’ Top management is excited. Sales potential is incredible if you get to the marketplace first." from, Corporate Espionage - The Missing Business School Courses

2021 - Hostess Brands, LLC is introducing a new texture-rich item for consumers looking to indulge their sweet tooth with the launch of its creamiest and crunchiest snack yet, Hostess Cr!spy Minis™. Available in two irresistible flavors, Cookies & Crème and Strawberries & Crème, the incredibly poppable Cr!spy Minis come in a resealable, stand-up pouch for optimal freshness. more

Ikea Fined $1.3 Million Over Spying

A French court ordered home furnishings giant Ikea to pay some 1.1 million euros ($1.3 million) in fines and damages Tuesday over a campaign to spy on union representatives, employees and some unhappy customers in France.

Two former Ikea France executives were convicted and fined over the scheme and given suspended prison sentences. Among the other 13 defendants in the high-profile trial, some were acquitted and others given suspended sentences.

Adel Amara, a former Ikea employee who helped expose the wrongdoing, called the ruling “a big step in defense of the citizen….It makes me glad that there is justice in France.” more  previous stories

Football Team Launches Retaliation Drone

As football rivalries go, the one between Chile and Argentina is up there among the fiercest. So it should come as no surprise that when Chile's national team saw a drone hovering above a training session, it suspected its rival of spying ahead of Thursday's World Cup qualifier.

The team sent up its own drone which swiftly brought down the "spy-cam".

But rather than being a devious Argentine device, the drone turned out to be from a Chilean energy company. more

Wednesday, June 2, 2021

New X-Ray Inspection and Analysis Service Detects Eavesdropping Devices Secreted in Everyday Objects

Click to enlarge.

Planting bugs, spy cameras, and other illegal surveillance devices is easy. Most come pre-disguised as fully functional everyday objects. They are being built into wall clocks, power strips, USB chargers, and even desktop calculators, for example.

Competent Technical Surveillance Countermeasures (TSCM) consultants have a variety of very effective ways to detect electronic surveillance devices. But, when the stakes are high enough—and the opposition is sophisticated enough—a Murray Associates TSCM X-ray deep clean is the logical option. This new service offers the most assurance that room objects are not bugged. 

------

Kevin D. Murray, Director, relates an interesting cautionary tale, “There are also times when a TSCM X-ray deep clean is just smart due diligence. The classic example of a lack of due diligence is the KGB bugging of American typewriters during the Cold War.”


Popular Mechanics
explains… “The Cold War spy drama that played out between the U.S. and the Soviet Union was the source of much ingenious spy technology. One of the most ingenious devices fielded by both sides was a typewriter designed to spy on the user, quietly transmitting its keystrokes to KGB listeners. The technology was an early form of keylogging but done entirely through hardware—not PC software.”

A total of 16 bugged typewriters were used at the U.S. Moscow embassy for over eight years before discovery. Had a TSCM X-ray inspection been conducted before the typewriters were installed, no secrets would have been lost.

Keep the KGB typewriters in mind when bringing in a new phone system, keyboards, mice or other office items. This is the ideal time to sneak a bug in, and for a TSCM X-ray deep clean.

------

Murray Associates TSCM can economically inspect all your new arrivals at one time, at your location, or ours. And, discretely security seal your items at no extra charge—before you start using them.

When should a TSCM X-ray inspection be conducted?

  • When the stakes are high.
  • When the opposition is formidable.
  • When the areas being inspected with regular TSCM methods are especially sensitive.
  • Whenever you bring new tech into the workplace en masse. New desk phones, new computer equipment, new gifts, for example.

How often should an a TSCM X-ray deep clean be conducted?

  • Once per year during the quarterly, proactive TSCM inspections. (Quarterly inspections are the norm for most businesses.)
  • Whenever there are active suspicions of illegal electronic surveillance.
  • Upon the discovery of a listening device or other suspicious object.


Counterespionage Tip: If one bug is discovered, keep searching. Professionals will plant multiple devices, with one being easy to find. Their strategy… to thwart further searching by inexperienced TSCM technicians.

Types of X-ray analysis services offered:

  • On-site, when we are conducting a Technical Surveillance Countermeasures (TSCM) inspection for you.
  • On-site, to inspect multiple new items entering your environment, such as new telephones, keyboards, computer mice, etc.
  • Objects may also be mailed to the Murray Associates TSCM lab for X-ray analysis. Contact them directly for details.
Full Press Release
 

Tuesday, May 25, 2021

Watergate-style Scandal Rocks Bulgaria Ahead of Election

Bulgaria's National Security and Technical Operations agencies eavesdropped on opposition politicians in the run-up to last month's parliamentary elections, caretaker Interior Minister Boyko Rashkov said on Friday.

Why it matters: Rashkov was echoing echoing claims from a leading opposition politician, who said 32 politicians from three parties had been wiretapped. All three parties are opponents of the long-term ruling party, GERB, and former prime minister Boyko Borissov, who dominated Bulgarian politics for the past decade. more

Mystery Solved: The Govt Manager and the Spy Cam

A porn-addicted Government manager who planted a spy camera in a gym bathroom has had his discharge without conviction and permanent name suppression overturned and can now be identified.

He is Phillip Barnes, the former chief executive of International Accreditation New Zealand - a Crown organisation at the fore of the national Covid-19 pandemic response.

And he has issued a lengthy apology for his offending. more

The Biggest Spies are Now Hiding in Your Car

Cars have undergone a major transformation in recent years.

Traditional models are slowly being replaced by new-age, technology-packed vehicles. Telematics and infotainment that provide convenience, entertainment and security are a driving force behind this revolution.

But they are also turning modern vehicles into one of the biggest threats to personal privacy...

An infotainment system is a collection of hardware and software in automobiles that provides vehicle status information, as well as audio or video entertainment...

In doing so, day after day, these systems generate torrents of data (around 25 gigabytes per hour), a portion of which is transmitted to the manufacturer as well as stored on your car’s storage device. The amount of data recorded is truly impressive and disconcerting, and includes various technical vehicle parameters, GPS location, favorite destinations, speed and so on. 

Once a user connects their smartphone to the console via USB (or wirelessly), the amount of data shared with the car increases even further. By pairing up with the device, the infotainment system downloads (and saves) even more data, adding to its database information that previously existed only on your smartphone. This includes your favorite music, apps, social media, emails, SMS history, voice data and more.

Used cars are even worse. Their data logs contain records of every phone ever connected to them, making them a veritable treasure trove for savvy hackers and government agencies alike. more

Study: Are Smartphones Really Eavesdropping on our Conversations?

It’s a common fear- are smartphones listening and using our private conversations to sell advertising? New research shows many believe this is true.

The study, from Tidio, asked over 1000 people (48.6% males, 49.8% females, and 1.6% declaring as non-binary) about their opinions and experiences, and the results are surprising. more

Tuesday, May 18, 2021

Seminar in Information Security & Cryptography

Zurich Switzerland, June 14−16, 2021
Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

We are very pleased to announce that the seminar in Information Security and Cryptography on June 14-16 in Zurich Switzerland will take place and we still have a few places free.

We are fortunate that the situation with COVID-19 has improved to the point where we may hold the seminar, under the provisions of the Swiss Federal Office of Public Health (BAG) and their regulations for hotels and restaurants. 

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects. The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography including blockchains and crypto currencies.

The lectures and all course material are in English. A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2021.html. There are hotel rooms at a special group rate (deadline 24th of May) Please ensure you are allowed to enter Switzerland as every country has different regulations.

FutureWatch: A New TSCM Detection Tool is in Development...

The developers just don't know it yet.
It's an Electronic Dog Nose (EDN).

New sensors developed by Otto Gregory at the University of Rhode Island, and chemical engineering doctoral student Peter Ricci, are so powerful that they can detect threats at the molecular level, whether it's explosive materials, particles from a potentially deadly virus or illegal drugs entering the country.

"This is potentially life-saving technology," said Gregory. "We have detected things at the part-per-quadrillion level. That's really single molecule detection."

Because Gregory's sensors are so small and so powerful, there is a wide range of applications. more

Kevin's analysis...
Specially trained dogs have been used to sniff out covert electronic items, like cell phones in prisons, for quite a while now. The secret to detection is the device's electronic circuit boards. They contain these compounds: triphenylphosphine oxide (TPPO) and hydroxycyclohexyl phenyl ketone (HPK). This second compound is also found on CDs, DVDs, Blu-Rays, the old tech floppy disks.

FutureWatch: Technical Surveillance Countermeasures (TSCM) professionals have many types of technologies at their disposal for detecting illegal electronic surveillance devices. To name a few... Non-Linear Junction Detection, Infrared Thermography, and Radio-frequency Spectrum Analysis. We are now well on our way to adding EDN to our kit.

Italy Appoints First Female Spy Chief

Prime Minister Mario Draghi announced his choice of Elisabetta Belloni as head of the Department of Information Security (DIS) on Wednesday.

The department oversees the country's foreign and domestic intelligence services and reports directly to the Italian government.

Ms Belloni, 63, has a long career of firsts. more