Carliz De La Cruz Hernández says she recorded the catchphrase "Bad Bunny baby" on her phone in 2015, before he became famous and before they split up.
Saturday, March 25, 2023
Bad Bunny - Not Your Recording - Bad Bunny
Journalist Plugs in Unknown USB Drive Mailed to Him
...it exploded in his face
Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos. more
In case you missed our memo...
USB Memory Security Recommendations
- Block ports with a mechanical port block lock.
- Place security tape over that.
- Create a “no USB sticks unless pre-approved” rule.
- Warn employees that a gift USB stick could be a Trojan Horse gift.
- Warn employees that one easy espionage tactic involves leaving a few USB sticks scattered in the company parking lot. The opposition knows that someone will pick one up and plug it in. The infection begins the second they plug it in.
- Don’t let visitors stick you. Extend the “no USB sticks unless pre-approved” rule to them as well. Their sticks may be infected.
Trending… IBM Takes The USB Memory Security Lead
“IBM has allegedly issued a worldwide ban against the the use of removable drives, including Flash, USB, and SD cards, to transfer data.
This new policy is being instituted to prevent confidential and sensitive information from being leaked due to misplaced or unsecured storage devices.
According to a report by The Register, IBM’s global chief Information security officer Shamla Naidoo issued an advisory stating that the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).” This advisory further stated that this policy is already in effect for some departments, but will be further enforced throughout the entire company.” more
Spy Headlines this Week
• Facing spying claims, Mexico recorded phone call of prominent activist more
• The Spy Law That Big Tech Wants to Limit more
• Your refrigerator could be spying on you! Senate committee clamps down on smart devices more
• Greek intelligence allegedly uses Predator spyware to wiretap Facebook Security Manager more
• Senate Bill Would Be Big Step to Combatting Harmful Workplace Surveillance Practices more
• Archbishop admits spying on other Vatican officials more
• Everett school superintendent sues city for racial discrimination; charges mayor bugged her office more
• Spying, cocaine, money-laundering, historic losses: The sordid tale of the fall of Credit Suisse more
• Fox News producer was forced to spy on Maria Bartiromo, who execs called 'crazy,' more
• ESPIONAGE BOOK RECOMMENDATIONS FROM A FORMER CIA SPY more
Friday, March 17, 2023
Getting Clocked Can Disable Your Wi-Fi Cameras
This cheap "watch" is used by hackers and thieves to disable Wi-Fi cameras, and other things connected to Wi-Fi access points. (It has some legitimate uses, too.)
Watch Functions
- Deauther Attack: Disconnect 2.4G WiFi
- Deauther Beacon: Create fake networks
- Deauther Probe: Confuse Wi-Fi trackers
- Packet Monitor: Display Wi-Fi traffic
- Kicks devices off a WiFi network- Spam beacon frames
- Spam probe requests
Additional background information about deauthentication attacks via Atlas VPN...
- Deauther Attack: Disconnect 2.4G WiFi
- Deauther Beacon: Create fake networks
- Deauther Probe: Confuse Wi-Fi trackers
- Packet Monitor: Display Wi-Fi traffic
- Kicks devices off a WiFi network- Spam beacon frames
- Spam probe requests
Additional background information about deauthentication attacks via Atlas VPN...
How Hackers Disable WiFi Cameras
A deauth or deauthentication attack (DoS) disrupts connections between users and Wi-Fi access points. The attackers force devices to lose access and then reconnect to a network they control. Then, perpetrators can track connections, capture login details, or trick users into installing rogue programs... this attack does not need unique skills or elaborate equipment. Deauth attacks could also knock devices offline, like home security software.
How it it Used?
• Forcing hidden cameras to go offline. Over the years, frequent disputes forced Airbnb to forbid the use of cameras in rented apartments or rooms. Yet, more cunning homeowners can conceal cameras from their guests.
• Hotels that push paid Wi-Fi. There have been incidents when hotels employed deauthentication attacks to promote their Wi-Fi services. In fact, the Federal Communications Commission (FCC) issued documents stating that blocking or interfering with Wi-Fi hotspots is illegal. One of the first offenders was the Marriott hotel, with financial motives for disrupting visitors’ access points. However, charging perpetrators with deauthentication attacks is a rare sight. Usually, victims might blame the interruptions on unstable Wi-Fi.
• Susceptible smart devices. Criminals could push connected devices offline for several reasons. One danger is that attackers might disable security systems. Thus, such interruption halts monitoring of the home, office, or another area. In worst-case scenarios, such deauth attacks could facilitate burglars entering buildings. Another example comes from a vulnerability in Ring Video Doorbell Pro (now fixed). The exploited flaw means using a Wi-FI deauthentication attack to force the device to re-enter the configuration mode. Then, eavesdroppers can capture Wi-Fi credentials orchestrated to travel in an unencrypted HTTP.
• Forcing users to join evil twins. Spoofed deauthentication frames force targeted devices to drop their connection. It could be a way to break the legitimate connection and trick users into joining fake hotspots. Deauth attacks could flood the access point so that devices cannot join for a period of time.
Our Tips: How to Make Sure They Don't Disable Your WiFi Cameras
Tip 1. Don't go wireless, use Cat6a shielded cable.
Tip 2. Use Power over Ethernet (PoE). Make sure it is properly grounded.
Tip 3. Make sure the power supply to the network is backed-up (UPS). Power failures do happen.
Tip 4. Hide the cables to deter sabotage.
Tip 5. If you absolutely, positively need a wireless video solution consider using a 4G cellular camera, or a dedicated video link.
WiFi Camera Attack Prevention
The prevention of deauthentication attacks does not offer many options. But there are effective strategies for mitigating their impact. Ensure that your network applies WPA2 encryption. If you use a pre-shared key, it must be complex and lengthy to withstand threats like brute-force attacks. Another improvement might be 802.11w, which validates deauthentication frames and discards spoofed ones. Older hardware and IoT might not support it, raising issues for some Wi-Fi clients.
Furthermore, remember you have minimal control over free public Wi-Fi and its security.
A VPN can assist if deauthentication attacks force clients to connect to evil twins. Atlas VPN creates a secure path between users and access points. Encrypted traffic will prevent attackers from capturing any meaningful communications or data. more
A deauth or deauthentication attack (DoS) disrupts connections between users and Wi-Fi access points. The attackers force devices to lose access and then reconnect to a network they control. Then, perpetrators can track connections, capture login details, or trick users into installing rogue programs... this attack does not need unique skills or elaborate equipment. Deauth attacks could also knock devices offline, like home security software.
How it it Used?
• Hotels that push paid Wi-Fi. There have been incidents when hotels employed deauthentication attacks to promote their Wi-Fi services. In fact, the Federal Communications Commission (FCC) issued documents stating that blocking or interfering with Wi-Fi hotspots is illegal. One of the first offenders was the Marriott hotel, with financial motives for disrupting visitors’ access points. However, charging perpetrators with deauthentication attacks is a rare sight. Usually, victims might blame the interruptions on unstable Wi-Fi.
• Susceptible smart devices. Criminals could push connected devices offline for several reasons. One danger is that attackers might disable security systems. Thus, such interruption halts monitoring of the home, office, or another area. In worst-case scenarios, such deauth attacks could facilitate burglars entering buildings. Another example comes from a vulnerability in Ring Video Doorbell Pro (now fixed). The exploited flaw means using a Wi-FI deauthentication attack to force the device to re-enter the configuration mode. Then, eavesdroppers can capture Wi-Fi credentials orchestrated to travel in an unencrypted HTTP.
• Forcing users to join evil twins. Spoofed deauthentication frames force targeted devices to drop their connection. It could be a way to break the legitimate connection and trick users into joining fake hotspots. Deauth attacks could flood the access point so that devices cannot join for a period of time.
Our Tips: How to Make Sure They Don't Disable Your WiFi Cameras
Tip 1. Don't go wireless, use Cat6a shielded cable.
Tip 2. Use Power over Ethernet (PoE). Make sure it is properly grounded.
Tip 3. Make sure the power supply to the network is backed-up (UPS). Power failures do happen.
Tip 4. Hide the cables to deter sabotage.
Tip 5. If you absolutely, positively need a wireless video solution consider using a 4G cellular camera, or a dedicated video link.
WiFi Camera Attack Prevention
The prevention of deauthentication attacks does not offer many options. But there are effective strategies for mitigating their impact. Ensure that your network applies WPA2 encryption. If you use a pre-shared key, it must be complex and lengthy to withstand threats like brute-force attacks. Another improvement might be 802.11w, which validates deauthentication frames and discards spoofed ones. Older hardware and IoT might not support it, raising issues for some Wi-Fi clients.
Furthermore, remember you have minimal control over free public Wi-Fi and its security.
A VPN can assist if deauthentication attacks force clients to connect to evil twins. Atlas VPN creates a secure path between users and access points. Encrypted traffic will prevent attackers from capturing any meaningful communications or data. more
Wednesday, March 15, 2023
Researchers Shrink Camera to the Size of a Salt Grain
Researchers at Princeton University and the University of Washington have developed an ultracompact camera the size of a coarse grain of salt. The system relies on a technology called a metasurface, which is studded with 1.6 million cylindrical posts and can be produced much like a computer chip. Image courtesy of the researchers.
Micro-sized cameras have great potential to spot problems in the human body and enable sensing for super-small robots, but past approaches captured fuzzy, distorted images with limited fields of view.
Now, researchers at Princeton University and the University of Washington have overcome these obstacles with an ultracompact camera the size of a coarse grain of salt. The new system can produce crisp, full-color images on par with a conventional compound camera lens 500,000 times larger in volume... more
Spy History: Evolution of Aerial Spying Over the Past 200 Years
The Pentagon said it was there gathering intelligence. China said it was doing civilian research. Regardless, it was nothing new.
Governments have been spying on each other for hundreds of years...Here's how surveillance from the sky has developed over the years...
The first record of aerial surveillance happened toward the end of the 18th century. During the Revolutionary War, the French successfully used hot air balloons to monitor combat during the Battle of Fleurus against Britain, Germany, and Holland. more
From Phone Bugging to Kidnapping...
‘UHNWs often have unique security concerns due to their wealth and high profile’, says David Webb, Managing Director at Valkyrie, a specialist security consultancy firm. ‘These issues are not just specific to them but can also involve their families and close friends...
In addition to the investigation we conducted a TSCM sweep (Technical Surveillance Counter Measures aka bug search), cyber review and device compromise check, as it was believed the blackmailer had access to the clients systems and possibly had planted eavesdropping devices in his house and office – which ultimately proved true.’ more
KamiKakaBot: Corporate Espionage & Eavesdropping Tool
Dark Pink's main goals were to conduct corporate espionage, steal documents, capture sound from microphones of infected devices, and exfiltrate messaging data, according to research by cybersecurity firm Group-IB. more
UK: No More Mr. Nice Guy, Spy
The day's headlines
• UK intelligence ramps up efforts to counter Russian spies
• MI5 to establish new security agency to counter Chinese hacking, espionage
According to the report, a new department of national security will be established within MI-5. Its goal will be to advise companies, research organizations, and universities that may be victims of industrial espionage. In addition, private and public entities will be able to contact the new body for advice on how to interact with partners from China and or how to safely use Chinese-made equipment...
According to the report, a new department of national security will be established within MI-5. Its goal will be to advise companies, research organizations, and universities that may be victims of industrial espionage. In addition, private and public entities will be able to contact the new body for advice on how to interact with partners from China and or how to safely use Chinese-made equipment...
London is also preparing to announce a $24 million increase in BBC funding to counter Chinese and Russian disinformation in vulnerable countries. In addition, funding for a Chinese language training program for UK diplomats will be doubled. more
Spy Coffee and You're In
FL - A 31-year-old man was arrested and accused of placing a hidden camera inside the men’s bathroom at the “We Spy Coffee & More” shop in Tarpon Springs, according to authorities.
On Monday, the Tarpon Springs Police Department said a customer was using the men’s restroom at the “We Spy Coffee & More” shop, located at 505 Dodecanese Blvd., when they noticed they were being recorded by a camera placed underneath the sink.
“it was an iPhone that was propped underneath the sink and it was upside down. He picked the phone up and he looked at it and he saw that it was actually actively making a video recording,” said Detective John Melton.
On Monday, the Tarpon Springs Police Department said a customer was using the men’s restroom at the “We Spy Coffee & More” shop, located at 505 Dodecanese Blvd., when they noticed they were being recorded by a camera placed underneath the sink.
“it was an iPhone that was propped underneath the sink and it was upside down. He picked the phone up and he looked at it and he saw that it was actually actively making a video recording,” said Detective John Melton.
The victim confronted 31-year-old Spyridon Voulgarakis, who is an employee of the store. Authorities said Voulgarakis later admitted to hiding the camera and recording other men using the restroom. more
Friday, March 10, 2023
From Those Wonderful Folks Who Brought You Spy Balloons & Trojan Horse Cranes...
Months before a Chinese spy balloon drifted across Alaska and Canada, the Canadian military discovered and retrieved Chinese spy buoys in the Arctic, a region of long interest to Beijing. The Chinese buoys were monitoring U.S. submarines and the melting of ice sheets. Retired Canadian Armed Forces (CAF) Lieutenant-General Michael Day said the buoys would likely have been used to monitor U.S. nuclear submarine traffic in the Arctic, and for mapping seabeds and ice thickness. more
How to Spot a Chinese Spy on Social Media
National security experts say foreign adversaries are using popular job sites like LinkedIn and Indeed to recruit spies and extract trade secrets from U.S. workers...
There are a few things to look out for if you think you’re being targeted on social media.
Both experts said it’s best to follow the old adage: if the offer sounds too good to be true, then it probably is. more
- Urgency: Be cautious of anyone who connects on social media and makes it seem like they need information quickly.
- Do your research: Be skeptical of anyone who claims to be part of a company or think tank where there is little or no information available on the organization.
- Probing questions: Be wary of social media accounts that connect and follow up with a lot of questions pertaining to industry specifics.
Both experts said it’s best to follow the old adage: if the offer sounds too good to be true, then it probably is. more
Odd-Ball Spy News
Fifth of Government Workers Don't Care if Employer is Hacked
SafeHouse Chicago, Spy-Themed Restaurant and Bar, Abruptly Closes
After six years of catering to secret agents and curious spies across Chicago, a spy-themed establishment has closed its doors. SafeHouse Chicago, a restaurant and bar featuring all things espionage-related, announced its abrupt closure online Monday, saying the business has "completed its last mission in Chicago." "We want to thank all of the spies who visited our Windy City headquarters and for your loyalty and support. It has been an absolute pleasure to welcome and serve spies from around the globe," SafeHouse said, in part, in a message posted on its website. more
(Probably true for all businesses.)
Ivanti, the security vendor polled 800 public sector workers worldwide to compile its new Government Cybersecurity Status Report. It found a “not my job” attitude is exposing governments to excessive cyber-risk. Just a third (34%) of workers recognized that their actions impact their organization’s security posture. Nearly two-fifths (36%) said they haven’t reported phishing emails in the past, while a fifth (21%) said they don’t even care if the organization is hacked. more (This may help.)Extra Credit: Seven years ago this month... Survey revealed 1 in 5 employees would sell their passwords.
Sweaters That Fool Facial Recognition
Famed Manhattan Showroom Loses Peephole Camera Appeal
Manhattan appeals court on Thursday revived the brunt of a lawsuit against the renowned New York Design Center over a video camera... Cast your mind back to 2014... A camera hidden in the wall of a ladies' room at the New York Design Center secretly documented customers and employees for a month, a new lawsuit alleges. According to court documents obtained by the Post, the camera was found behind a broken wall tile on the sixth floor bathroom in April; the custodian who discovered it said it was trained on one of the stalls. more
Who Is Anthony Pellicano?
Infamous Hollywood private investigator Anthony Pellicano is the subject of a new documentary Sin Eater: The Crimes of Anthony Pellicano. The two-part special debuts on March 10 at 10 p.m. on FX and will stream on Hulu. Pellicano...gained a reputation as a fixer who could dig up dirt on his clients’ enemies to make them go away. But Pellicano’s ruthless methods were eventually his undoing, as he served extensive prison time for weapons charges as well as racketeering, wiretapping, and other crimes. more & as previously reported here.
Chinese Rocket that Delivered Military Spy Satellites Breaks Up Over Texas
The second stage of a Chinese rocket that delivered a trio of military surveillance satellites in June disintegrated over Texas on Wednesday, USNI News has learned. The four-ton component of a Chang Zheng 2D ‘Long March’ rocket punched through the atmosphere on Wednesday over Texas at 17,000 miles per hour and disintegrated, two defense officials confirmed to USNI News on Thursday... The debris field is over the least populated counties in the state, according to the Texas Demographic Center. more
The 10 Best Spy Movies That Aren't James Bond
When it comes to pure action-packed entertainment, few genres serve up as many thrills as spy movies. Spy films have been a mainstay of cinema all the way back to the medium's earliest days, like 1914's silent film The German Spy Peril. The genre kicked into high gear during the Cold War... more
Protect your facial biometric data with knit wear? As absurd as that sounds, designer Rachele Didero, of the Italian startup Cap_able, has patented textiles that do just that. The patterns trick facial-recognition cameras into thinking it's not looking at a person. The pieces in the Manifesto Collection which include sweaters, pants, a dress, and a shirt, start at ~$300.
The idea has been around for a while.
Cheaper alternate designs; some with next day delivery!
Famed Manhattan Showroom Loses Peephole Camera Appeal
Manhattan appeals court on Thursday revived the brunt of a lawsuit against the renowned New York Design Center over a video camera... Cast your mind back to 2014... A camera hidden in the wall of a ladies' room at the New York Design Center secretly documented customers and employees for a month, a new lawsuit alleges. According to court documents obtained by the Post, the camera was found behind a broken wall tile on the sixth floor bathroom in April; the custodian who discovered it said it was trained on one of the stalls. more
Who Is Anthony Pellicano?
Infamous Hollywood private investigator Anthony Pellicano is the subject of a new documentary Sin Eater: The Crimes of Anthony Pellicano. The two-part special debuts on March 10 at 10 p.m. on FX and will stream on Hulu. Pellicano...gained a reputation as a fixer who could dig up dirt on his clients’ enemies to make them go away. But Pellicano’s ruthless methods were eventually his undoing, as he served extensive prison time for weapons charges as well as racketeering, wiretapping, and other crimes. more & as previously reported here.
Chinese Rocket that Delivered Military Spy Satellites Breaks Up Over Texas
The second stage of a Chinese rocket that delivered a trio of military surveillance satellites in June disintegrated over Texas on Wednesday, USNI News has learned. The four-ton component of a Chang Zheng 2D ‘Long March’ rocket punched through the atmosphere on Wednesday over Texas at 17,000 miles per hour and disintegrated, two defense officials confirmed to USNI News on Thursday... The debris field is over the least populated counties in the state, according to the Texas Demographic Center. more
The 10 Best Spy Movies That Aren't James Bond
When it comes to pure action-packed entertainment, few genres serve up as many thrills as spy movies. Spy films have been a mainstay of cinema all the way back to the medium's earliest days, like 1914's silent film The German Spy Peril. The genre kicked into high gear during the Cold War... more
After six years of catering to secret agents and curious spies across Chicago, a spy-themed establishment has closed its doors. SafeHouse Chicago, a restaurant and bar featuring all things espionage-related, announced its abrupt closure online Monday, saying the business has "completed its last mission in Chicago." "We want to thank all of the spies who visited our Windy City headquarters and for your loyalty and support. It has been an absolute pleasure to welcome and serve spies from around the globe," SafeHouse said, in part, in a message posted on its website. more
Spybusters Tip #692: Head to Milwaukee. Best kept secret since 1966.
Monday, March 6, 2023
A New National Cybersecurity Strategy
The White House on Thursday unveiled a new National Cybersecurity Strategy to make cyberspace more secure for Americans. The new policy puts the onus on tech firms and large organizations to make their systems more secure, so that they are better able to resist the increasingly more sophisticated cybersecurity threats from around the world.
Explaining its stance, the Biden administration said that the "organizations that are most capable and best-positioned to reduce risks" should do more to ensure the online safety of American citizens rather than shifting the burden of cybersecurity to individuals, small businesses, and local governments. more
Legal Claim: Glimpse into World of Corporate Espionage
The claim, which has just been lodged in London’s high court, details allegations of covert surveillance by Kroll, and hacked communications and proposals for hi-tech attacks to intercept mobile phone data by other unknown operators.
Through its lawyers Kroll said that it had “acted entirely in accordance with all applicable laws and regulations”, that Earl’s claim was “misconceived” and that the company denied the claim in full. Jones Day did not respond to requests for comment.
Whether or not the legal claim against Jones Day or Kroll succeeds, the case, and emails disclosed in it, provide a rare glimpse into the murky world of corporate espionage and reputation management – and the lengths to which some companies will go to try to silence critics. more
Through its lawyers Kroll said that it had “acted entirely in accordance with all applicable laws and regulations”, that Earl’s claim was “misconceived” and that the company denied the claim in full. Jones Day did not respond to requests for comment.
Whether or not the legal claim against Jones Day or Kroll succeeds, the case, and emails disclosed in it, provide a rare glimpse into the murky world of corporate espionage and reputation management – and the lengths to which some companies will go to try to silence critics. more
Subscribe to:
Posts (Atom)