Tuesday, September 21, 2021

Spy Tip 592 - How to Eavesdrop More Effectively

Dr Anthony Youn explained that there is a way you can listen into a chat that wasn’t meant for you.

He explained: “Try listening with your right ear and not your left – your right ear is connected to the left side of your brain which processes speech and language.”

His posts on body hacks have gone viral and include a range of tricks and trips.

He also revealed how you can get rid of hiccups. more

BAT S#!T Crazy - Corporate Espionage Gone Wild

In the past week, a spate of reports, including from the BBC and the University of Bath, has detailed how British American Tobacco (BAT) ran a spy ring in SA.

Of course, none of this is new – we’ve been writing about it for aeons now. But because so much time has lapsed since this story initially broke in SA, perhaps a recap is in order.

Years ago, BAT took off the gloves in a bid to claw back market share from competitors who emerged selling the same product, but cheaper. 

BAT’S strategy was simple: disrupt its competitors to the point of making it impossible for them to operate. 

To do this, BAT relied on a security firm — Forensic Security Services (FSS) — to co-ordinate activities, under the guiding hand of British American Tobacco SA’s (BAT SA’s) anti-illicit trade head. But it also used a series of in-place “agents” at its competitors’ businesses even as it co-opted law enforcement agencies and deployed a shared agent with the State Security Agency (SSA): triple agent and honey trap Belinda Walter.

All of this was monitored from BAT’s global headquarters, Globe House in London.

One former employee explained it as follows: “Our primary work description was to spy on competitors and disrupt business operations on behalf of BAT SA, [which] was fully aware that FSS was obtaining information illegally, and these (sic) included obtaining recorded conversations.”  more

BlackBerry Updates SecuSUITE to Secure Phone Calls from Eavesdropping

BlackBerry has announced that its SecuSUITE for Government offering now provides certified end-to-end encryption of all group phone calls and instant messages for governments and enterprises alike.

As a result of the global pandemic, millions of employees are working from home, with many teams turning to group calling methods to ensure business continuity. However, enterprises and government officials around the world are increasingly being targeted by coordinated eavesdropping attacks. SecuSUITE protects these individuals against identity spoofing, metadata harvesting and communications interceptions, which can compromise sensitive discussions and major operations. more  infographic

Peyton Manning - Patriots Locker-Room Bugging Accusation

The New England Patriots’ cheating scandals didn’t stop at Spygate and Deflategate, according to Peyton Manning.

Manning said that he knew the Patriots bugged the visiting locker room at Gillette Stadium with hot mics to eavesdrop on conversations between opposing players.

“Every time I played against New England, I used to talk to my receivers in the showers,” Manning said during ESPN’s “Monday Night Football Manning-cast in Week 2’s matchup between the Green Bay Packers and Detroit Lions.“Don’t talk about a play next to my locker because I know it’s bugged. I know it’s got a hot mic in there... more

Tuesday, September 14, 2021

I've been hacked! Now what?

Check these links for some instant advice and assistance...

https://www.justice.gov/criminal-ccips/reporting-computer-internet-related-or-intellectual-property-crime

https://www.consumer.ftc.gov/articles/how-recover-your-hacked-email-or-social-media-account

https://www.kaspersky.com/resource-center/threats/what-to-do-if-your-email-account-has-been-hacked

https://www.cnet.com/tech/services-and-software/when-you-get-hacked-figuring-out-who-to-call-for-help-can-be-a-puzzle/

https://www.popularmechanics.com/technology/security/a34284848/steps-to-take-if-you-have-been-hacked/

https://support.google.com/accounts/answer/6294825?hl=en

https://www.csoonline.com/article/3617849/15-signs-youve-been-hacked-and-how-to-fight-back.html

FTC Shuts Down Smartphone Spyware App Company

The Federal Trade Commission (“FTC”) reached a settlement with stalkerware app company Support King, LLC d/b/a SpyFone.com and its CEO (collectively “SpyFone”) to resolve allegations that it secretly harvested and shared smartphone owners’ physical location data and information about their phone use and other online activities, and that it exposed smartphones to hacker attacks in violation of the FTC Act.

The complaint alleged that SpyFone’s apps provided real-time access to the data of smartphone owners through a hidden device hack that allowed others, including stalkers and domestic abusers, to track the smartphones on which the apps were installed. In addition, SpyFone’s lax security measures, including storing sensitive information without encryption, exposed consumers to hackers and other cyber threats, including through a 2018 breach of SpyFone’s servers in which the personal information of 2,200 consumers was accessed and stolen.

Under the terms of the proposed consent order, SpyFone will disable its stalkerware apps and destroy all personal information collected through these apps. more

Alert: Apple iOS 14.8 Security Update Spikes Spyware Flaw

 Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. 

The fix, earlier reported by The New York Times, stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. more

Monday, September 13, 2021

Urban Drone Detection is Due to Become Easier Thanks to 5G

The Department of Homeland Security (DHS) Small Business Innovation Research (SBIR) Program awarded $750,000 to Texas-based small business Cobalt Solutions Inc. to develop a detection and tracking sensor system that can identify nefarious small unmanned aerial vehicles (UAV) in an urban environment...

Cobalt’s technology increases the number of exploitable drone signatures for detection and tracking,” said Dr. Jeff Randorf, DHS S&T engineering advisor and SBIR topic manager. “As more 5G mmWave transceivers are deployed in city centers, the ability to detect and track drones in complex urban geometries becomes easier, while not contributing to an already crowded radio frequency spectrum.” more

Friday, September 10, 2021

Top 10 5G Security Concerns

5G security is inherently prone to security vulnerabilities. Previous-generation networks relied on centralized hardware-based functions that provided security choke points that were relatively easy to monitor. Endpoints in distributed software-defined (SD) networks like 5G are more difficult to keep an eye on.

While 5G addresses security issues in previous-generation wireless networks, for example with enhanced encryption, anti-tracking, anti-spoofing and network slicing features, security holes cybercriminals could potentially exploit have been identified. Some of the security vulnerabilities detected early on were linked to previous-generation networks loopholes. These included ones that allowed attackers to expose a user's location, downgrade their service to a less secure legacy that was more easily attacked, run up costly wireless bills and track users’ activities. more

Thursday, September 9, 2021

Spy Tech - Facebook and Rayban (Possibly Raybanned in some locales)

The first thing you'll notice about Facebook’s new camera glasses is that they are not called Facebook Glasses — they are called Ray-Ban Stories. This is because they are made in partnership with Ray-Ban (a cool company that no one hates), and Facebook has had a rough couple of years in the public eye. And “Stories” because, you know, Instagram stories and Facebook stories and also Snapchat "story,"

...the real danger here isn’t to your data — it’s the fact that you’re walking around wearing barely perceptible spy glasses, taking videos and photos of anyone you want, likely without them noticing...

If the idea of camera sunglasses seems familiar, perhaps that’s because it sounds like Snapchat Spectacles, which launched in 2016. In what I can only imagine is a loving tribute, Facebook has named its camera sunglasses “Stories” after the other signature product that Facebook/Instagram lifted from Snapchat. more

Tech stuff: "Dual 5MP camera gives your content new depth and dimension. Takes high resolution photos (2592x1944 pixels) and quality video (1184x1184 pixels at 30 frames per second)."

Not as dorky as past creepy-peepies, these glasses may not be recognized as spy glasses at first glance. (Maybe a Buddy Holly or Maurice Moss meets Zuck mash-up instead.) In fact, "Facebook says it's a violation of the Terms of Service to cover up the light that comes on when you're recording." Right, like that's gonna work. Additionally, "Facebook is discussing building facial recognition into its upcoming smart glasses product..." What could possibly go wrong? more

FutureWatch: Laser Through a Keyhole Can Expose Everything in a Room (somewhat)

If you're worried about privacy, it might be time to cover up your front door's peephole.

Being able to see inside a closed room was a skill once reserved for super heroes. But researchers at the Stanford Computational Imaging Lab have expanded on a technique called non-line-of-sight imaging so that just a single point of laser light entering a room can be used to see what physical objects might be inside...

It’s an incredibly clever technique, and one day it could be a very useful technology for devices like autonomous cars that would potentially be able to spot potential hazards hidden around corners long before they’re visible to passengers in a vehicle, improving safety and obstacle avoidance...

The research could one day provide a way for police or the military to assess the risks of entering a room before actually breaking down the door and storming their way inside, using nothing but a small crack in the wall or a gap around a window or doorway.  more

‘Havana Syndrome ’ and the Mystery of the Microwaves

Doctors, scientists, intelligence agents and government officials have all been trying to find out what causes "Havana syndrome" - a mysterious illness that has struck American diplomats and spies. Some call it an act of war, others wonder if it is some new and secret form of surveillance - and some people believe it could even be all in the mind. So who or what is responsible?

It often started with a sound, one that people struggled to describe. "Buzzing", "grinding metal", "piercing squeals", was the best they could manage.   

...Havana syndrome first emerged in Cuba in 2016. The first cases were CIA officers, which meant they were kept secret. But, eventually, word got out and anxiety spread...

Uncovering the truth has now become a top US national security priority - one that an official has described as the most difficult intelligence challenge they have ever faced.  more  history

Wednesday, September 8, 2021

Martian Helicopter - Coincidence or Espionage? You Decide.


China’s National Space Science Center is working on an aerial drone that bears a striking resemblance to NASA’ Ingenuity helicopter, currently on Mars.
It’s got four outstretched wiry legs, two rotors stacked atop each other, and a simplified fuselage. It’s China’s take on NASA’s wildly successful aerial drone.

A press release from China’s National Space Science Center suggests the vehicle, called the “Mars cruise drone,” has passed acceptance and will presumably advance to the next stage of development. Eventually, the Chinese aerial drone could make it to Mars, where it will patrol the landscape and further China’s exploration of the Red Planet. To that end, the Mars cruise drone will be equipped with a spectrometer for performing aerial surveys and for studying the Martian geology. more

Espionage - It Still Happens and it Still Matters

The Director General of Mi5 noted in his annual threat update hostile states seeking to spy on certain governments is as old as the hills. Nevertheless, it still happens, and it still matters. Hostile States utilising someone on the ‘inside’ to acquire privileged information makes their job so much easier.  Recently we have seen media coverage of a security officer at the British Embassy in Berlin arrested on suspicion of acting on behalf of a foreign intelligence agency.    

This blog serves as a reminder that traditional spycraft does exist and importantly provides you with some high-level protective security principles that your organisation should consider.  more


 

Friday, September 3, 2021

Security Director Alert: Wireless Key-Logger Hides in USB-C to Lightning Cable


A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.


Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables...

“We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” he added...

...the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.  more

These spy cables come in various configurations, including standard USB charging cables. They look exactly like authentic cables. An electronic test can identify a malicious spy cable easily. In fact, you can do it yourself. Click here for instructions.