Thursday, April 6, 2023

A New Wave of Lawsuits - Wiretapping Litigation for Website Analytics

2022 saw a new wave of class action lawsuits targeting companies that use technology to track consumers’ interfaces on their websites...

Plaintiffs often ground their claims in the electronic interception provisions of federal and state wiretapping laws. Under the Federal Wiretap Act of 1968, a person is prohibited from “intentionally intercept[ing] … any … electronic communication.” 18 U.S.C. § 2511(1)(a) (2022). The FWA and many state statutes define “interception” as “acquiring the contents of that electronic communication.” Id. § 2510(4). “Content” is defined as “any information concerning the substance, purport[] or meaning of that communication.” Id. § 2510(8). 

Under the FWA, a court may require a defendant to pay $10,000 per violation. Id. § 2520(c)(2). Fines under similar state laws range from $1,000 to $50,000 per violation, depending on the state. more

The Most Insane Story In Gaming Makes For A Fantastic Biopic

Tetris (Movie) Review:


Of the many events that have happened across the gaming industry, the story of Tetris is one of the most interesting. This simple puzzle game made in Russia had entire companies funding men to infiltrate the USSR to try and get their rights from their Ministry of Technology. Communist personnel played these capitalists off each other, with politics and corporate rivalry thrown in for good measure...

You wouldn’t think watching a bunch of business meetings would be that interesting but they’re the most exciting part of the movie. ELORG invited all three men to meet them at the same time but kept separate from each other. They move back and forth in a mixture of business and interrogations as different layers of corporate espionage and corrupt under-the-table dealings are peeled back. more

Enjoy the weekend!

Tinker, Tailor, Soldier, Spy - This Time it's The Tailor

A San Francisco tailor was arrested for filming coworkers with a camera disguised as a clock in the dressing room of a clothing cleaner where they all worked.


Andrew Hong, 31, was booked Saturday night on suspicion of invasion of privacy. But the months-long investigation continues as San Francisco Police Department’s Special Victims Unit asks others to come forward with information about the case.

...a woman came to the Northern Station to report a hidden camera at a Divisadero Street clothing cleaner...

She told officers she found it in the dressing room and that it appeared to be the kind of camera used for home surveillance, police said. more

Why More Businesses Are Not Conducting Periodic TSCM Inspections

IT & Security Pros Pressured to Keep Quiet About Data Breaches

Organizations globally are under tremendous pressure to address evolving threats like ransomware, zero-day vulnerabilities, and espionage, and they face challenges in extending security coverage across multiple environments and dealing with an ongoing skills shortage, according to Bitdefender.

Alarmingly, more than 42% of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential.

43% of IT/security professionals surveyed said extending capabilities across multiple environments (on-premises, cloud, and hybrid) is the greatest challenge they face which tied with complexity of security solutions also at 43%.

Not having the security skill set to drive full value came in as a strong second at 36%. more

This is an old phenomenon. We call it The Ostrich Effect.

Thursday, March 30, 2023

Liz Hurley Left 'Mortified' After Media Bugged Devices, Court Heard

A PRIVATE investigator hired by a national newspaper bugged Ledbury celebrity, Liz Hurley’s home, a high court hearing has heard. 

Ms Hurley is among celebrities like Elton John and Prince Harry who have taken action against Associated Newspapers the publisher of the Daily Mail and Mail on Sunday newspapers over years of alleged phone tapping and privacy breaches...

David Sherborne, who was representing Ms Hurley said in the written submission that she was left feeling “shocked and mortified” by the alleged targeting. He said a private investigator, acting on behalf of the Mail on Sunday, hacked their phones, tapped landlines, placed “a sticky window mini-microphone on the exterior of her home window” and bugged Mr (Hugh) Grant’s car to obtain “private communications with Mr Grant, her financial details, her travel arrangements and medicals during her pregnancy and birth of her son”. more

High profile individuals commonly have their homes, vehicles and aircraft swept for bugs.

Arizona Bill to Make Drone Spying a Crime Moves Forward

AZ - State lawmakers are moving to ensure people don’t get too nosy with their new drones.

In a party-line vote on Wednesday, members of the House Commerce Committee approved legislation that would make it a criminal offense to intentionally photograph, tape or otherwise observe someone else in a private place where that person has a “reasonable expectation of privacy.”

The only thing is that there hasn’t been a consensus as to when exactly someone crosses that line. more

Prosecutors: Veteran Deputy was Listening in on Jury Deliberations

NY - An Ontario County Sheriff’s Office veteran, Adam Broadwell, pleaded not guilty on Monday to felony charges of eavesdropping, possession of an eavesdropping device, and official misconduct. 

Broadwell is accused of listening in on a jury deliberation by using a device specifically designed for eavesdropping.

According to Assistant District Attorney Kelly Wolford, the jury was deliberating a felony case when Broadwell listened in on the conversation. The eavesdropping charges brought against Broadwell relate to his use of a device to enhance the sound of people talking in his area. 

However, Broadwell’s defense attorney, Clark Zimmermann, argued that the device used was a Bluetooth earbud set linked to an Android phone, which does not match the definition of an eavesdropping device. more

Our previous reports on Bluetooth earbud eavesdropping.

Inaudible Ultrasound Attack Can Control Phones and Smart Speakers

American university researchers have developed a novel attack called "Near-Ultrasound Inaudible Trojan" (NUIT) that can launch silent attacks against devices powered by voice assistants, like smartphones, smart speakers, and other IoTs.

The team demonstrated NUIT attacks against modern voice assistants found inside millions of devices, including Apple's Siri, Google's Assistant, Microsoft's Cortana, and Amazon's Alexa, showing the ability to send malicious commands to those devices.

The main principle that makes NUIT effective and dangerous is that microphones in smart devices can respond to near-ultrasound waves that the human ear cannot, thus performing the attack with minimal risk of exposure while still using conventional speaker technology. more

“Is this a bug?” (updated)

“Is this a bug?” is a question we are often asked.


Usually the answer is, “I understand why you are asking is this a bug. Some bugs do look similar to this. But, here is what you actually found.”

Real electronic eavesdropping devices are getting smaller. So are lots of other little electronic bits which are part of our everyday lives. Distinguishing between the two can be tricky. If the object you found makes you think, is this a bug, keep reading. You stand a good chance of finding your answer here.

Weekend Project - Two-Tube Spy Transmitter

From the look around his shack Helge Fykse (LA6NCA) really has a thing for old technology. The typewriter, the rotary phones, the boat-anchor receiver — they all contribute to the retro feel of the space, as well as the circuit he’s working on... The tiny transmitter is built into a small metal box, which is stuffed with the resistors, capacitors, and homebrew inductors needed to complete the circuit... Almost every component used has a vintage look... But does it work? Of course it does! more

Saturday, March 25, 2023

Bad Bunny - Not Your Recording - Bad Bunny

Pop superstar Bad Bunny is being sued for $40m (£33m) by his ex-girlfriend, who says he used a recording of her in two songs without permission.

Carliz De La Cruz Hernández says she recorded the catchphrase "Bad Bunny baby" on her phone in 2015, before he became famous and before they split up.

The line has appeared on the Puerto Rican singer and rapper's 2017 single Pa Ti and the 2022 song Dos Mil 16. Bad Bunny was the most-streamed artist on Spotify for the past three years. more

Journalist Plugs in Unknown USB Drive Mailed to Him

...it exploded in his face

Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos. more

In case you missed our memo...

USB Memory Security Recommendations

  • Block ports with a mechanical port block lock.
  • Place security tape over that.
  • Create a “no USB sticks unless pre-approved” rule.
  • Warn employees that a gift USB stick could be a Trojan Horse gift.
  • Warn employees that one easy espionage tactic involves leaving a few USB sticks scattered in the company parking lot. The opposition knows that someone will pick one up and plug it in. The infection begins the second they plug it in.
  • Don’t let visitors stick you. Extend the “no USB sticks unless pre-approved” rule to them as well. Their sticks may be infected.

Trending… IBM Takes The USB Memory Security Lead

USB Memory Security - Thumbs Down“IBM has allegedly issued a worldwide ban against the the use of removable drives, including Flash, USB, and SD cards, to transfer data.

This new policy is being instituted to prevent confidential and sensitive information from being leaked due to misplaced or unsecured storage devices.

According to a report by The Register, IBM’s global chief Information security officer Shamla Naidoo issued an advisory stating that the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).” This advisory further stated that this policy is already in effect for some departments, but will be further enforced throughout the entire company.” more

Spy Headlines this Week

• TikTok CEO on ByteDance: "I Don't Think That Spying is the Right Way to Describe It." more

Facing spying claims, Mexico recorded phone call of prominent activist more

The Spy Law That Big Tech Wants to Limit more

Your refrigerator could be spying on you! Senate committee clamps down on smart devices more

• Greek intelligence allegedly uses Predator spyware to wiretap Facebook Security Manager more

• Senate Bill Would Be Big Step to Combatting Harmful Workplace Surveillance Practices more

• Archbishop admits spying on other Vatican officials more

• Everett school superintendent sues city for racial discrimination; charges mayor bugged her office more

• CIA's CTO and deputy director explain the future of high-tech spying more

Spying, cocaine, money-laundering, historic losses: The sordid tale of the fall of Credit Suisse more

Cell phone spying growing strong: How to know if you’ve been a victim of ‘stalkerware’ more

• Fox News producer was forced to spy on Maria Bartiromo, who execs called 'crazy,' more

• ESPIONAGE BOOK RECOMMENDATIONS FROM A FORMER CIA SPY more

Friday, March 17, 2023

Getting Clocked Can Disable Your Wi-Fi Cameras

This cheap "watch" is used by hackers and thieves to disable Wi-Fi cameras, and other things connected to Wi-Fi access points. (It has some legitimate uses, too.)

Watch Functions

- Deauther Attack: Disconnect 2.4G WiFi
- Deauther Beacon: Create fake networks
- Deauther Probe: Confuse Wi-Fi trackers
- Packet Monitor: Display Wi-Fi traffic
- Kicks devices off a WiFi network- Spam beacon frames
- Spam probe requests

Additional background information about deauthentication attacks via Atlas VPN...
How Hackers Disable WiFi Cameras
A deauth or deauthentication attack (DoS) disrupts connections between users and Wi-Fi access points. The attackers force devices to lose access and then reconnect to a network they control. Then, perpetrators can track connections, capture login details, or trick users into installing rogue programs... this attack does not need unique skills or elaborate equipment. Deauth attacks could also knock devices offline, like home security software.

How it it Used?
• Forcing hidden cameras to go offline. Over the years, frequent disputes forced Airbnb to forbid the use of cameras in rented apartments or rooms. Yet, more cunning homeowners can conceal cameras from their guests.
• Hotels that push paid Wi-Fi. There have been incidents when hotels employed deauthentication attacks to promote their Wi-Fi services. In fact, the Federal Communications Commission (FCC) issued documents stating that blocking or interfering with Wi-Fi hotspots is illegal. One of the first offenders was the Marriott hotel, with financial motives for disrupting visitors’ access points. However, charging perpetrators with deauthentication attacks is a rare sight. Usually, victims might blame the interruptions on unstable Wi-Fi.
• Susceptible smart devices. Criminals could push connected devices offline for several reasons. One danger is that attackers might disable security systems. Thus, such interruption halts monitoring of the home, office, or another area. In worst-case scenarios, such deauth attacks could facilitate burglars entering buildings. Another example comes from a vulnerability in Ring Video Doorbell Pro (now fixed). The exploited flaw means using a Wi-FI deauthentication attack to force the device to re-enter the configuration mode. Then, eavesdroppers can capture Wi-Fi credentials orchestrated to travel in an unencrypted HTTP.
• Forcing users to join evil twins. Spoofed deauthentication frames force targeted devices to drop their connection. It could be a way to break the legitimate connection and trick users into joining fake hotspots. Deauth attacks could flood the access point so that devices cannot join for a period of time.

Our Tips: How to Make Sure They Don't Disable Your WiFi Cameras
Tip 1. Don't go wireless, use Cat6a shielded cable.
Tip 2. Use Power over Ethernet (PoE). Make sure it is properly grounded.
Tip 3. Make sure the power supply to the network is backed-up (UPS). Power failures do happen.
Tip 4. Hide the cables to deter sabotage.
Tip 5. If you absolutely, positively need a wireless video solution consider using a 4G cellular camera, or a dedicated video link.

WiFi Camera Attack Prevention
The prevention of deauthentication attacks does not offer many options. But there are effective strategies for mitigating their impact. Ensure that your network applies WPA2 encryption. If you use a pre-shared key, it must be complex and lengthy to withstand threats like brute-force attacks. Another improvement might be 802.11w, which validates deauthentication frames and discards spoofed ones. Older hardware and IoT might not support it, raising issues for some Wi-Fi clients.

Furthermore, remember you have minimal control over free public Wi-Fi and its security.

A VPN can assist if deauthentication attacks force clients to connect to evil twins. Atlas VPN creates a secure path between users and access points. Encrypted traffic will prevent attackers from capturing any meaningful communications or data. more

Wednesday, March 15, 2023

Researchers Shrink Camera to the Size of a Salt Grain

Researchers at Princeton University and the University of Washington have developed an ultracompact camera the size of a coarse grain of salt. The system relies on a technology called a metasurface, which is studded with 1.6 million cylindrical posts and can be produced much like a computer chip. Image courtesy of the researchers.
Micro-sized cameras have great potential to spot problems in the human body and enable sensing for super-small robots, but past approaches captured fuzzy, distorted images with limited fields of view.

Now, researchers at Princeton University and the University of Washington have overcome these obstacles with an ultracompact camera the size of a coarse grain of salt. The new system can produce crisp, full-color images on par with a conventional compound camera lens 500,000 times larger in volume... more