Friday, September 3, 2021

Security Director Alert: Wireless Key-Logger Hides in USB-C to Lightning Cable


A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.


Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables...

“We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” he added...

...the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.  more

These spy cables come in various configurations, including standard USB charging cables. They look exactly like authentic cables. An electronic test can identify a malicious spy cable easily. In fact, you can do it yourself. Click here for instructions.

Wednesday, September 1, 2021

Last Month in Spycam News

FL - Pembroke Pines Police said Thursday that the owner of Master Franco’s Taekwondo Academy on Pines Boulevard is facing additional video voyeurism charges. Robert Franco, 64 was already facing charges for placing nanny cameras in the bathroom of his Pembroke Pines facility. more

UK - A vile sexual deviant who snooped on a woman as she got changed at a swimming pool was found to possess 30 more videos of people getting changed - including children... unaware victim was getting changed...when she noticed a towel from the cubicle next to her along with a hidden mobile phone. more

WY - A Casper man (Douglas Michael Dickey) facing accusations that he recorded multiple videos of people using the restroom at a restaurant where he used to work has changed his plea in the case... “Dickey’s face [was] also observed when he started the recording of the video,” detectives write in the affidavit. “Setting up his cell phone by placing it next to the toilet and covering the cell phone from his victims. The videos also showed Dickey wearing his [uniform] and his employee name tag. Each of the videos ended with Dickey looking into the cell phone as he recovered the phone and ended the recording.” more

FL - Former Gulf Breeze Mayor Edward “Ed” Merrill Gray III has been sentenced to five years in state prison for secretly recording teen boys in his shower. more 

FL - A 34-year-old Port Orange man is charged with 25 counts of Video Voyeurism for secretly videotaping his child's nanny in his home... A digital clock in that bathroom struck the nanny as "weird." She explained that the clock "faced directly towards the shower and a blank wall. more

UK - Louise was nearly six months' pregnant when she spotted something suspicious after having had a massage - a digital clock wired up to a laptop computer. Immediately afterwards Louise - not her real name - searched online for "digital clock, hidden camera". The first result confirmed her worst fears. more

UK - A GREATER Manchester Police employee has today been sentenced for voyeurism in the workplace after secretly filming colleagues on the toilet. more

NY - According to arrest records from Seneca Police...Andrew Ballenger Johns, age 26 of West Union, was booked into jail on a charge of voyeurism... Judge Susan Harris alleged that Johns “knowingly video recorded the victim, a 26-year old female, without her knowledge or consent while she was in a place that she had reasonable expectation of privacy…and that he did position a cell phone set to record inside a bathroom of a residence.” more

N. Ireland - A Belfast-based private tutor is to stand trial over allegations that he secretly recorded a group of schoolgirls, a judge ordered today. more

UK - Cheshire pervert secretly filmed women and young girls on the toilet in pubs...A search at the scene and his home address...revealed 20 video clips of adults being filmed without their knowledge: 16 of which featured men and women using the toilets at Creamfields - where Smith was working and had set up a covert camera... more

LA - Michael Jackson was convicted of video voyeurism and sentenced to 80 years in prison after he was convicted as a habitual offender from a July 2016 arrest. Jackson got caught at a fast-food restaurant sticking a camera under a bathroom stall to film females. The registered sex offender had multiple other convictions on his record. more

Mauritius - The Mauritius Football Association and local police are investigating a complaint of voyeurism after a female FA employee found a mobile phone in video recording mode in the women's toilets at the FA headquarters. ...the device hidden in a blue basket above the toilet water tank. more

China - The China Cyberspace Administration (CAC) announced on Monday that dozens of people were arrested and 25,000 illegally hacked webcams were seized as part of a crackdown on illegal voyeurism in Asian countries. In a statement, Cyber ​​Security Watchdog announced the detention of 59 suspects allegedly using camera cracking software to illegally control webcams, eavesdrop on individuals and commit illegal acts. more

UK - For months voyeur Christopher Adam Robinson, 35, secretly put his mobile phone in the shop’s changing room where it could film others without them knowing, said Howard Shaw, prosecuting... Robinson said he needed to “set up” the changing room and went briefly into it before letting people use it. As they tried the clothes on, they spotted the phone half hidden behind curtains and realised they were being filmed. more

FL - A girl’s discovery of hidden cameras in a Pembroke Pines martial arts studio’s restroom led to the arrest of the 64-year-old head instructor, Pembroke Pines police announced Saturday... a student noticed two cameras “discretely placed within picture frames on a shelf located in the academy’s restroom.” more

UK - Doctor Metwally also pleaded guilty to two offences of voyeurism which took place between 2013 and 2014 after he covertly filmed two patients who were in a state of undress whilst attending medical appointments. more

NY - Philip Close, the former owner of the Close School of Music, was sentenced Tuesday to 50 years in prison for child pornography, according to federal officials... He admitted to hiding spy cameras to secretly record students, parents and teachers in the building... Close also put hidden cameras in the music school’s only bathroom, one under the toilet and one in front of the toilet. These cameras were used to record young girls using the bathroom. more

Canada - A trial has been scheduled for Moose Jaw businesswoman Kyra Klassen, who is facing two charges of voyeurism...Klassen is facing allegations that she secretly photographed two nude women last year and posted the images to an online chat group without their permission. more

TN - Police said a man has been charged with three counts of video voyeurism after they found a phone under a bathroom sink in a Middlesboro hospital, with a motion-activated app that police said would take live footage. more

Japan - Tokyo Metropolitan Police have arrested a 42-year-old man over the alleged sale on the internet of illicit footage of female sex workers...allegedly sold footage of several sex workers on the pay-to-view site... (He had) mounted a hidden camera on the frame of his glasses to take tosatsu (voyeur) footage during encounters with them... Upon his arrest (he) admitted to the allegations. “I thought that if I made money, I could visit more sex shops,” the suspect told police. more

These stories are presented to raise awareness.

Spycam Facts:

  • Only the failed video voyeurs make the news.
  • Most spycam attacks go undetected.
  • A few are discovered... almost all by accident.
  • Only a few of these are reported to the police.
  • Only a few of these cases are solved.
  • Only few of these make it to my desk.
  • I only share just a few of them with you.
Any organization with expectation of privacy areas needs this to protect their employees, visitors and customers... and themselves, from forseeability law suits.

Tuesday, August 31, 2021

A Spy, a Botanist, and a Strawberry

The year was 1712. An engineer in the French Army Intelligence Corps named Amédée-François Frézier was sent by King Louis XIV on a reconnaissance mission to Chile. Between covert visits to Chilean military fortifications where he posed as a tourist in order to gain access, Frézier was also charged with documenting the local flora and fauna. One day he came upon a familiar sight: a berry that looked similar to one he knew from Europe, but significantly larger...

Frézier packed up some of these plants and took them back to France where they were planted among other species. The crossing of Fragaria chilenosis with another species from the new world, Fragaria virginiana, resulted in a hybrid that would eventually become the strawberry we know today... Eventually the hybrid made its way back across the Atlantic and took hold in North and South America.

Did you happen to notice our French spy's name, Frézier? That might sound familiar because the French word for strawberry is fraise. An ancestor of Frézier’s was knighted and bestowed the name by the king of France in the year 916 after offering his highness a gift of ripe strawberries. Seems it was Amédée’s destiny to become intertwined with this noble berry. more

Monday, August 30, 2021

Weird Files: Somewhat Covert Microphone is a Blast & Bugged Bugs

The GREEN12 is a cardioid directional, small diaphragm electret condenser microphone that is a great choice for users that are looking for a slim profile, high-quality microphone which is perfect for most professional, semi-professional, and home-recording applications. 

Its cardioid capsule and machined vents allow for high off-axis rejection and a focused recording, great for stringed acoustic instruments. 

The GREEN12 is handmade from an actual discharged 12Ga shell. more

---

The first Asian giant hornet nest of 2021 was found Thursday morning, Aug. 19, in a rural area east of Blaine, about one-quarter mile from where a resident reported a sighting of a live Asian giant hornet on Wednesday, Aug. 11.

The state agriculture staff netted, tagged with a tracker and released three of hornets Aug. 11, to Tuesday, Aug. 17, according to a news release from the Washington State Department of Agriculture. One of the so-called “murder hornets” slipped out of the tracking device, another hornet was never located and one eventually led the team to the nest. more


Read more here: https://www.bellinghamherald.com/news/local/article253621598.html#storylink=cp

Friday, August 27, 2021

Controversial Tool That Lets Kids Spy on Their Parents

A new tool that may give one or two parents -- and many, many kids -- pause for thought.

It's called Parent Track and it's the mindchild of environmentally caring soap brand Gelo.

The idea is that kids can install the Parent Track ad tracker onto their parents' devices. This will, well, guilt them into not buying environmentally questionable products and drive them to eco-positive awareness tools...

Not everyone will be positively moved by the message Gelo sends when a parent's device is signed up. 

It reads: "You just signed up this device, allowing us to follow your parents around the internet, reminding them to quit single-use plastics for good. By doing so, you set them on a more sustainable path and may very well have saved the planet. Our thanks just don't feel like enough."

Perhaps more parents buying Gelo products -- so that Gelo would make more money -- would feel like enough. more

Spies for Hire: New Breed of Hackers Blends Espionage and Entrepreneurship

China’s buzzy high-tech companies don’t usually recruit Cambodian speakers, so the job ads for three well-paid positions with those language skills stood out. The ad, seeking writers of research reports, was placed by an internet security start-up in China’s tropical island-province of Hainan.

That start-up was more than it seemed, according to American law enforcement. Hainan Xiandun Technology was part of a web of front companies controlled by China’s secretive state security ministry, according to a federal indictment...

The accusations appear to reflect an increasingly aggressive campaign by Chinese government hackers and a pronounced shift in their tactics: China’s premier spy agency is increasingly reaching beyond its own ranks to recruit from a vast pool of private-sector talent.

This new group of hackers has made China’s state cyberspying machine stronger, more sophisticated and — for its growing array of government and private-sector targets — more dangerously unpredictable. more

Thursday, August 26, 2021

Personal Security: Remove Your House from Apple Maps, Google Maps & Bing Maps

If you’d like to opt out of a property you own or rent appearing in one of these street-level views, you can use a reporting or request method in each service:

  • Apple: Apple requires that you email them “to request that a face, license plate, or your own house be censored.” The address is MapsImageCollection@apple.com.
  • Google: Visit maps.google.com and go to the address of concern. Expand the side panel on the left, then click the photo in the side panel to have it enlarge in your browser. Look for an info box in the upper left of the photo and click on the icon of the three vertical dots. In the pop-up that appears, click “Report a problem” and select what you would like to have blurred from the “Request blurring” list of options. You can also submit via the Google Maps app.
  • Microsoft: Visit Bing Maps, click “Report a privacy concern with this image” at the lower-left corner of the page, and select House (or another option) from “What kind of concern do you have?” You can describe in the text box below that you want to have your house blurred. more

Wednesday, August 25, 2021

Cyber Attacks Are Making Work-From-Home Expensive for Businesses

Working from home during the pandemic cost German companies some 53 billion euros ($62 billion) worth of damages from cyber attacks, according to estimates by the Cologne Institute for Economic Research.

Overall damages hit a record 224 billion euros last year, more than double the value reported in a 2019 survey. Increased remote work accounted for about a quarter of the increase, according to researcher Barbara Engels, whose calculations are based on a Bitkom survey. more



IoT News: Data from Over 116.5 million Smart Devices Go Here

From rooftop to basement and the bedrooms in between, much of the technology making consumer products smart comes from a little-known Chinese firm, Tuya Inc. of Hangzhou. More than 5,000 brands have incorporated Tuya’s technology in their products... Smart home thermostats. Smart home security cameras. Smart refrigerators. Smart TVs. Smart pet feeders. Smart breast pumps...

Tuya says as of 2020, its services cover more than 1,100 categories, such as healthcare, agriculture and apartment management, and are sold in more than 220 countries and regions globally in over 116.5 million smart devices... including Dutch multinational Philips, and TCL, the Chinese electronics company that makes Roku TV, according to the company. Global retailers Amazon, Target and Walmart sell consumer products that use Tuya’s technology.

Some cybersecurity experts worry about the lack of protection for the consumer data collected by Tuya tech in household items and in products used in health care and hospitality. more

Fax Security Alert: One Picture Worth 1000 Hacks

Security researchers have found a way to remotely execute code on a fax machine by sending a specially crafted document to it. So… who cares about fax? Well apparently a lot of persons are still using it in many institutions, governments and industries, including the healthcare industry, legal, banking and commercial. Bureaucracy and old procedures tend to die hard.

"Our research set out to ask what would happen if an attacker, with merely a phone line at his disposal and equipped with nothing more than his target`s fax number, was able to attack an all-in-one printer by sending a malicious fax to it.

In fact, we found several critical vulnerabilities in all-in-one printers which allowed us to ‘faxploit’ the all-in-one printer and take complete control over it by sending a maliciously crafted fax." more

 

Friday, August 20, 2021

Wanted: Disgruntled Employees to Deploy Ransomware

 via krebsonsecurity.com
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

 
Image: Abnormal Security.

Crane Hassold, director of threat intelligence at Abnormal Security, described what happened after he adopted a fake persona and responded to the proposal in the screenshot above. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network.

This particular scammer was fairly chatty, and over the course of five days it emerged that Hassold’s correspondent was forced to change up his initial approach in planning to deploy the DemonWare ransomware strain, which is freely available on GitHub. more

Thursday, August 19, 2021

IoT Bug Impacts Millions of Devices - Allows Hackers to Spy on You

Security researchers have discovered a critical vulnerability affecting millions of IoT devices which could allow attackers to spy on you by tapping into real-time camera feeds.

The security issue impacts products from various manufacturers that provide video and surveillance solutions, as well as home automation IoT systems, which are all connected via ThroughTek’s Kalay IoT cloud platform.

American cybersecurity firm Mandiant revealed the CVE-2021-28372 bug after reporting it to the Cybersecurity and Infrastructure Security Agency (CISA).

Because the Kalay platform is used by devices from a large number of manufacturers, it is difficult to create a list with the affected brands. Mandiant were unable to determine how many devices are affected, but they warned that more than 83 million users are currently using Kalay. more

An adversary would be able to remotely compromise an IoT device by exploiting the flaw and could compromise device credentials, watch real-time video data, and listen to live audio. more

Russian Spy Ship Loitering Near Trans-Atlantic Internet Cables

The Russian Navy related ship Yantar has turned up off the Atlantic coast of Ireland. An Irish Defence Forces spokesperson said that the Irish Navy is aware of the ship.

The ship carries a range of deep-diving submersibles and sonar systems and has been suspected of operating on undersea cables before.

Yantar took up a stationary position between two undersea internet cables on Tuesday morning. According to AIS (automated identification system) positions collected by MarineTraffic.com, the ship moved into a position between the cables around 4am local time. She has remained there for most of Wednesday before resuming her journey southwest. more

Apple's Double Agent Spy Blows Cover Over Pay

An active member of the Apple jailbreak and leaking community reportedly served as a "double agent" and spied for the Cupertino tech giant's security team.

Andrey Shumeyko, who goes by handles JVHResearch and YRH04E, advertised leaked Apple apps, internal company documents, and stolen devices to a community that traded in such commodities. However, unbeknownst to others in the community, he also shared a wealth of details about its inner workings to Apple.

According to Motherboard, Shumeyko reportedly provided Apple with the personal information of people who sold stolen prototype devices and Apple employees who leaked information online...

Shumeyko said he is sharing his story because he felt like Apple took advantage of him and didn't compensate him for the information that he provided to the company's Global Security team. more

Your Own Personal License Plate Reader

via Theodore Claypoole, Womble Bond Dickinson (US) LLP 

Somewhere along the path between doorbell cameras and anti-tank weapons lies the newest home protection equipment – privately-owned license plate readers. A new company straight out of Y Combinator is offering machine-learning license plate capture technology for your home and office. Flock Safety, a start-up that describes itself in press releases as a crime-solving company, offers for sale TALON, a national network of automatic license plate readers. Anyone can own a node in this network.

Until recently, license plate readers had been the province of law enforcement... more

OK, how much?

The Flock Safety Falcon camera is $2,500 per camera per year, with a one-time $250 installation cost. This price includes everything — installation, maintenance, footage hosting, cellular service, and software updates. The Sparrow camera (a lighter and smaller version of our Falcon camera) costs slightly less with the same basic subscription model. more