Thursday, May 26, 2022

New Countermeasure Against Unwanted Wireless Surveillance

Smart devices are supposed to make our everyday lives easier. At the same time, however, they are a gateway for passive eavesdropping. 

To prevent possible surveillance of the movement profile within one’s home, researchers from the Max Planck Institute for Security and Privacy, the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and the Cologne University of Applied Sciences have developed a novel system for protecting privacy in wireless communication.

Almost all Internet-of-Things devices, such as voice assistants, locks and cameras, rely on wireless connections based on high-frequency radio signals... passive eavesdroppers can still exploit sensitive information from intercepted radio frequency signals... Attackers can perceive such effects from a distance and, by applying simple statistical methods, conclude, for example, that a person is currently moving in the monitored room... this method known as “adversarial wireless sensing”...

With their approach, the researchers are the first in the world to propose IRS as a practical countermeasure against passive wireless eavesdropping attacks. more

Why Casinos Are Spying on Their Ultra-Rich Clients

An integral part of how the casino lavishes services on its members is by monitoring their movements on the premises — with the help of facial-recognition cameras in recent years.

Of the 400 cameras in the building, 10 are linked to a face-scanning system. Whenever a member enters the building or one of its private gambling rooms, staff get pinged on their phones.

Clients, for their part, accept this Orwellian scrutiny as necessary to enhance their experience. “It’s the expectation,” says Ryan Best, the surveillance and security manager at the casino who set up its facial-recognition system up in 2018. 

Several luxury hotels in nearby Mayfair have recently introduced similar systems to alert everyone to arriving VIPs, he says. more

Researchers Developing Anti-Eavesdropping Quantum Network

While quantum computers offer many novel possibilities, they also pose a threat to internet security since these supercomputers make common encryption methods vulnerable. Based on the so-called quantum key distribution, researchers at TU Darmstadt have developed a new, tap-proof communication network.

The new system is used to exchange symmetric keys between parties in order to encrypt messages so that they cannot be read by third parties. In cooperation with Deutsche Telekom, the researchers led by physics professor Thomas Walther succeeded in operating a quantum network that is scalable in terms of the number of users and at the same time robust without the need for trusted nodes. 

In the future, such systems could protect critical infrastructure from the growing danger of cyberattacks. In addition, tap-proof connections could be installed between different government sites in larger cities. more

Monday, May 16, 2022

Series: Types of Industrial Espionage


Industrial espionage refers to various activities performed to gain an unfair competitive advantage, rather than for national security purposes.
As we discussed in a previous article, the ways in which industrial espionage can affect a company are numerous and include theft of trade secrets and disruption to operation.

Section 1832 of the Economic Espionage Act of 1996 (the “Act”) criminalizes the theft of trade secrets “intended for use in interstate or foreign commerce, to the economic benefit of anyone other than the owner.” The trade secret owner is required to take “reasonable measures” to keep the information secret. 

For individuals, convictions in violation of 18 U.S.C. § 1832 can result in a prison sentence of up to 10 years or a monetary penalty, or both. For organizations, the fine may be “not more than the greater of $5,000,000 or 3 times the value of the stolen trade secret . . . including expenses for research and design and other costs of reproducing the trade secret.” Section 1832 requires that the products be “produced for” or “placed in” interstate or foreign commerce. more

One excellent reasonable measure is the Technical Surveillance Countermeasures (TSCM) inspection, conducted periodically. 

Sunday, May 15, 2022

Ex-Coca-Cola Chemist Sentenced for Stealing $120 Million Trade Secret

A Chinese chemical engineer was sentenced to 14 years in prison for stealing trade secrets on drink can coatings to establish a Chinese company backed by the Chinese government.

Xiaorong “Shannon” You, 59, was sentenced on Monday by a federal judge in Greeneville, Tennessee, on the charges of conspiracy to commit trade secret theft, conspiracy to commit economic espionage, possession of stolen trade secrets, economic espionage and wire fraud. In addition, she is ordered to pay a $200,000 fine and serve three years of supervised release.

“Stealing technology isn’t just a crime against a company,” Acting Assistant Director Bradley S. Benavides of the FBI’s Counterintelligence Division said in a release. “It’s a crime against American workers whose jobs and livelihoods are impacted.” more

U.S. Spy Chief Reiterates ‘Overclassification’ Concerns

U.S. Director of National Intelligence Avril Haines told senators Tuesday that the overclassification of data is a national security concern—a sentiment the nation’s top spy previously voiced in a January memo.

“Overclassification is a national security problem,” said Haines, testifying before the Senate Armed Services Committee alongside Defense Intelligence Agency Director Scott Berrier.

“This is a challenge as you ideate from a democratic perspective but also a challenge from the national security perspective,” Haines continued in an exchange with Sen. Elizabeth Warren, D-Mass. “It’s a very challenging issue.” more

Chinese CCTV Cameras on British Streets Contain Hidden Microphones

Chinese-made surveillance cameras in Britain are made by companies linked to human rights atrocities and can pick up sound with hidden microphones, with this capability able to be activated remotely, according to the British government’s “snooping tsar”. more

We're shocked... that Brit techs didn't clip the microphones out before installing them.

Things Often Mistaken for Eavesdropping Bugs

“Is this a bug?” is a question we are often asked.


Usually the answer is, “I understand why you are asking is this a bug. Some bugs do look similar to this. But, here is what you actually found.”

Real electronic eavesdropping devices are getting smaller. So are lots of other little electronic bits which are part of our everyday lives. Distinguishing between the two can be tricky. 

If the object you found makes you think, is this a bug, keep reading. You stand a good chance of finding your answer here...  more

Saturday, May 7, 2022

The Colorful Side of Eavesdropping & Wiretaps

Russian fighters have been sharing tips with one another about how to deliberately damage their own equipment
and hamper Russian President Vladimir Putin’s war plans in Ukraine, according to recordings of alleged Russian troops’ phone calls that the Security Service of Ukraine (SBU) intercepted...

In one regiment, one Russian soldier allegedly said they’ve been pouring sand into the tanks’ fuel systems to clog them up.

“I don't follow stupid orders, I simply refuse,” one fighter can be heard telling a comrade. “The motherf*cker sent me to tanks, motherf*cking piece of shit. I f*cked it up and that's it.”

When the fellow Russian soldier on the other end of the line heard the unit wasn’t punished for the insubordination, he indicated he might repeat the tactic later in his own unit...

Inspired by the Russians’ intercepted phone calls, Ukraine’s government encouraged other Russian troops to disobey orders and refuse to attack, echoing earlier calls to surrender and abandon the war path. more

KeyTap3 Exploit Knows What You Type Keyboard Eavesdropping

A new KeyTap3 exploit might explain how some websites are able to track and offer recommendations for an item you just searched for.
 

Programmer Georgi Gerganov doesn’t use any Bluetooth, WiFi, or RF-based methods to eavesdrop on your keyboards, but rather a normal microphone. That’s right, it essentially captures audio of you typing before using that information to generate a cluster map of clicks with similar sounds.

It then analyzes those clusters and utilizes statistical information about the frequency of the letter n-grams in the supposed language of the text. 

The algorithm realizes that some of these letter combinations are used more frequently in certain languages, like English, and then begins guessing. 

Try it out here if you have a clicky mechanical keyboard. This exploit would most likely not fare well against Samsung’s SelfieType, an AI-powered keyboard. more

Air Force Officer Spycam'ed Kids in Family Member’s Bathroom

An Air Force officer is going to prison after federal prosecutors say he used a hidden spy camera to record children using the bathroom and bathing at his family member’s home, according to the U.S. Attorney’s Office for the District of Maryland...

In October 2020, the Onondaga County Sheriff’s Office in New York was notified by an adult woman, who has not been named, that Ort put a round, “black spy camera in (her) bedroom while visiting (her) home,” the news release said. Ort visited this adult’s home in Syracuse to visit her family, according to the plea agreement. 

This woman found the hidden camera with an SD card, and after reviewing the card, she “discovered a video of a minor female using the bathroom... Then, Ort was seen “entering the bathroom and adjusting the camera.” more

Your Password-less Future

Apple, Google, and Microsoft announce support for passwordless sign-in...


In celebration of 2022 Word Password Day, Apple, Google and Microsoft announced plans to expand support for a sign-in standard from the FIDO alliance and the World Wide Web Consortium (W3C) that aims to eliminate passwords altogether.

The passwordless sign-in involves the use of a FIDO credential called passkey, which is stored on a phone. When signing into a website, users would need to have their phone nearby, as they will have to unlock it for access.

“Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” Google explains. more

Sunday, April 24, 2022

New Algorithm to Shield Conversations from Eavesdropping AI

The thought that our gadgets are spying on us isn't a pleasant one, which is why a group of Columbia University researchers have created what they call "neural voice camouflage." 

This technology won't necessarily stop a human listener from understanding someone if they're snooping (you can give recordings a listen and view the source code at the link above). Rather, this is a system designed to stop devices equipped with microphones from transmitting automatically transcribed recordings. It's quiet – just above a whisper – but can generate sound specifically modeled to obscure speech in real time so that conversations can't be transcribed by software and acted upon or the text sent back to some remote server for processing...

According to Vondrick, the algorithm his team developed can stop a microphone-equipped AI model from interpreting speech 80 percent of the time, all without having to hear a whole recording, or knowing anything about the gadget doing the listening. more

Man Accused of Hiding Cameras at Gym... again

A Shelby Township man accused two years ago of hiding cameras to spy on people at a tanning salon is at it again, Wayne County prosecutors allege.

Brian Michael Maciborski, 40, allegedly placed a camera in the ceiling grate of a gym's tanning bed area to record a 24-year-old Westland woman on Feb. 23, according to the Wayne County Prosecutor's Office. more

9 Potential Signs of Corporate Espionage

If you suspect that your business has been a target of corporate espionage, it’s essential to take action immediately — from doing an in-house investigation to hiring a private professional. If you see any of the below signs, don’t ignore them, but also take care not to make any unfounded accusations or statements. Keep your thoughts closely held and get the evidence first.

(summary - full text here)
1. Unexplained or sudden changes in practices
2. Changes in business relationships
3. Unusual computer activity
4. Becoming defensive or secretive about work
5. Equipment or files go missing
6. Unexplained drops in sales or profits
7. Employees quitting suddenly
8. Accessing computer files without permission
9. Corporate secrets leaked to the press

Spybuster Tip #823 – Investigative Steps 

1. Hire a competent professional corporate counterespionage consultant

2. Have them conduct a Technical Surveillance Countermeasures (TSCM) bug sweep. You need to eliminate the possibility of electronic surveillance before you start accusing people.

3. Follow your consultant's advice about how to proceed. The investigative process will be customized from this point on.