Wednesday, November 1, 2023

Shady Things You Can Do With a Flipper Zero

Since it’s evil week at Lifehacker, let’s take a look at a gadget that can be used for mild evil: the Flipper Zero. Despite its toy-like looks, this pocket-friendly multitool can be used for all kinds of hacking and penetration testing. 

It gives anyone, even newbs, an easy-to-understand way to interact with the invisible waves that surround us, whether they’re RFID, NFC, Bluetooth, wifi, or radio. It’s a like a hacker Swiss army knife that you can buy for less than $200.

You can use a Flipper Zero to control your TV, cheat your Nintendo, replace your work ID, open your hotel room door, and more. I’m sure you could see where the “evil” part could comes in. But on the other hand, it’s just a tool, and its ability to commit crimes is... more
Flipper Zero – Corporate Security Threat

Wednesday, October 18, 2023

Utah Lawyer Charged with Voyeurism...

...after employees find video of bathroom camera...

A lawyer in Vernal has been charged with stalking and voyeurism after
claims he installed a camera in a bathroom in his law office
... Investigators in Uintah County first responded to a report from Judd’s employees who said they discovered printed pornography photos and a memory cards in a folder in office personnel files, according to court documents. Documents state an employee viewed the files on one of the SD cards and found a video of Judd placing a camera inside an employee bathroom ceiling vent.


There were also recordings of women employed by Judd using the bathroom. When the recordings were recovered, employees examined the vent in the video but found the camera had been removed, according to documents...

The same employee said that one duty she performed at work was to order items for Judd on an Amazon account they both had access to. “The account history showed that several small spy cameras had been ordered beginning February 2021, and continuing through that year,” documents state. more

Is This a Bug?

This question comes from Reddit, where someone answered correctly.

We have a collection of many other "Is This a Bug?" photos and explanations.

Also, what to do if you think you found a bug.

World Spy News Roundup

PA - A Pittsburgh police commander previously placed on leave while officials investigated allegations he spied on colleagues has retired. Matthew Lackner, who had previously overseen the police bureau’s Zone 2 station in the Hill District, retired Tuesday, according to spokeswoman Cara Cruz. Mr. Lackner was placed on paid administrative leave earlier this month. A police source familiar with the incident said the commander was accused of putting a body-worn camera in an officer’s patrol vehicle to spy on the officer. more

Australia
- Robot vacuums don’t just collect dust — they can also collect data of their surroundings, sending it back to external servers, experts at The Australian Information Security Association (AISA) warned on Tuesday. more

China - China restricts foreign travel by bankers, state workers to curb spying... According to two analysts who spoke to the media, the moves reflect President Xi Jinping’s attention to national security in the midst of tense relations with the West. more

CA - The Five Eyes countries' intelligence chiefs came together on Tuesday to accuse China of intellectual property theft and using artificial intelligence for hacking and spying against the nations, in a rare joint statement by the allies. more

TX - It seems everything truly is bigger here in Texas, including the drama of partner snooping and infidelity! Recent data has exposed Texas as one of the leading states where the lines between privacy and suspicion are blurrier than ever. Relationship and sex expert Beth Darling joins the factor to talk about the data. more

USA - Ethical hacker helps prevent a potential espionage disaster for CIA. A glitch on X, formerly known as Twitter, could have opened a can of worms for the Central Intelligence Agency (CIA) had an ethical hacker on the microblogging website not sprung to action. more

Donald Trump is suing a private investigations firm over "shocking and scandalous" claims that he engaged in "perverted sexual acts" in Russia. The former US president is taking legal action against Orbis Business Intelligence, a London-based company co-founded by ex-British spy Christopher Steele, over a dossier containing rumours about him that caused a storm before his 2017 presidential inauguration. more

Survey - 53% of employees in the Middle East, Turkiye, and Africa region fear spying from drones... Corporate spies and hackers use drones to get trade secrets, confidential information, and other sensitive data from corporations and data centers. A drone can carry a device for hacking into corporate networks – for instance, a smartphone, a compact computer (e.g., Raspberry Pi), or a signal interceptor (e.g., Wi-Fi Pineapple [1]), and hackers use these devices to access corporate data and disrupt communications. All wireless communication (Wi-Fi, Bluetooth, RFID, etc.) is vulnerable to drone attacks. more

Finland - Dead man's estate and firm fined €5m in shipyard espionage case. A man who worked for the Meyer Turku shipyard copied files from the shipyard and a shipping company onto a hard drive and transferred them to his own consulting firm – but then died while the investigation was underway. more

VA - It could be years before Appian, a software company, sees a dollar of the $2 billion judgment it was awarded last year in a corporate espionage case against rival Pegasystems. more

INParents Attack Little League Umpire after children say he was taking photos of them in bathroom. A Little League umpire is facing charges for allegedly taking photos of children in the bathroom... Deputies in Warrick County said they were called to an area baseball field because of reports that parents were fighting an umpire. Authorities said the parents told them the brawl started because their children came running out of the bathroom screaming that Custer had taken photos of them. more

Yet Another USB Cautionary Tale

Duped with a malicious USB...

Mr Burgess (ASIO Director General Mike Burgess) referenced an unnamed Australian company that found global success making a product "similar to a motion detector" before their sales suddenly dropped.

"A little while later, their product started being returned to the factory because they were broken," he said.

"When they opened their branded products, they discovered they weren't their branded products, because the components were inferior, they were exact knock-offs."

The problem was eventually traced to an international conference, where someone had offered to share information with one of the company's employees by plugging a USB into their laptop.

"That USB downloaded malware onto that laptop, which later on, when they were connected back to their corporate network, was used to steal their intellectual property," he said.

"That intellectual property was passed from the intelligence services to state-owned enterprise that mass-produced the goods and sold them on the market that undercut them." more

More USB Security Information...

 • USB – Hacked Charging Cables

• USB – Malicious Spy Cable Detector Instructions

• USB – General Memory Stick Warning

• USB – Malicious Cables

• USB – NSA Type Cable Bug – $6.74

Extra USB Spy News - Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky said in its APT trends report for Q3 2023. more

Monday, October 16, 2023

The CARVER Mindset: How to Think Like a Spy - FREE

Luke Bencie (Mr. Carver Mindset), is a really smart guy. His book, Among Enemies: Counter-Espionage for the Business Traveler which first introduced me to him is excellent. Check out his other books, too. His Monday morning emails are always inspiring. I look forward to receiving them. Great way to start the week. The sign-up is at the bottom of this page.

I attended Carvercon 2022 at the University of South Florida and was impressed by the entire event. You can see this year’s event on-line, at no charge…

CARVERCON 2023 is coming November 1st (Day of the Dead). 
This year's theme is The CARVER Mindset: How to Think Like a Spy 

Friday, October 13, 2023

Smartphone Security: Delete These Apps

Smartphone owners have been urged to remove certain apps that could be spying on their activity.

Some of the most popular apps you love and have come to rely on could be posing more of a danger than they're worth. Here's what you need to know. ...some of those apps that you love and have come to rely on could actually be putting you at risk... We’ve (Reader's Digest) collected information about some of the worst offenders so that you can make an educated decision about which apps you trust with your privacy and which ones need to go...

CamScanner
Ana Bera is a cybersecurity expert with Safe at Last. She identified CamScanner, an app meant to imitate a scanner with your phone, as one of the apps consumers should be concerned about. “Cybersecurity experts have found a malicious component installed in the app that acts as a Trojan Downloader and keeps collecting infected files,” she explains. “This kind of app can seriously damage your phone and should be de-installed instantly. Luckily, once you remove it from your phone, it is highly unlikely that it will continue harming you.”

Weather apps
“Check your weather app,” says Shayne Sherman, CEO of TechLoris. “There have been several different weather apps out there that have been laced with Trojans or other malwares.” While the most benign of these claims to take your information purely for weather accuracy, he calls that questionable. “Watch your local forecast instead, and if you have Good Weather, delete it now,” he advises. “That one is especially dangerous.”

Facebook
Look, we all love our social networking apps. But cybersecurity expert Raffi Jafari, cofounder and creative director of Caveni Digital Solutions, says, “If you are looking for apps to delete to protect your information, the absolute worst culprit is Facebook. The sheer scale of their data collection is staggering, and it is often more intrusive than companies like Google. If you had to pick one app to remove to protect your data, it would be Facebook.”

WhatsApp
“This is a call to action for users who may be living under a rock and unaware of the vulnerabilities that were disclosed earlier this year,” says Michael Covington, VP of Product for mobile security leader Wandera. “The vulnerabilities with WhatsApp—both iOS and Android versions—allowed attackers to target users by simply sending a specially crafted message to their phone number. Once successfully exploited, the attackers would be granted access to the same things WhatsApp had access to, including the microphone, the camera, the contact list, and more.”

Instagram
Whatsapp and Instagram are both owned by Facebook, which is part of what makes them all a risk. Dave Salisbury, director of the University of Dayton Center for Cybersecurity and Data Intelligence, says that Instagram “requests several permissions that include but are not limited to modifying and reading contacts and the contents of your storage, locating your phone, reading your call log, modifying system settings, and having full network access.” Plus Nine More

Stores Silently Deploying Facial Recognition to Spy on Shoppers

Major retailers in the US are already using facial recognition cameras to spy on shoppers
, a campaigning group has warned...

Cameras are being used not just to catch persistent shoplifters, but also to monitor shoppers and analyze their emotions, so that stores can deliver personalized adverts on screens inside the store, George warned...

‘But it’s also being used for marketing purposes, they are gathering information on shoppers and seeing what they are buying and not buying - and using AI tools to analyse the emotions of shoppers and see what sort of ads to direct at them.’ more

Intense Competition Leads to Attempted Corporate Espionage

via Lexology - from the Troutman Papper law firm.
Side Note: Troutman Pepper has formed a Corporate Espionage Response Team to help clients combat the increasing incidence of corporate espionage.

Arthur AI, a New York-based AI company, received a request for a Zoom demonstration of its technology from a startup called OneOneThree. The head of technology at OneOneThree, Yan Fung, expressed interest in purchasing Arthur AI’s technology. But there were some immediate red flags.

First, prior to the Zoom meeting, Arthur AI employees recognized that OneOneThree had no website. The Timesarticle says that Fung told Arthur AI at the time that OneOneThree was in “stealth mode,” which is why it had no website. Then, when Arthur AI asked Fung to sign a nondisclosure agreement (NDA), he reportedly asked Arthur AI to “hold off on the NDA,” and Arthur AI agreed.

Despite these issues, a Zoom meeting was arranged to demo the technology. Fung said Karina Patel, OneOneThree’s “main engineer,” would dial in to the meeting. However, during the Zoom meeting, an attendee logged in under the name of Aparna Dhinakaran, which an Arthur AI employee immediately recognized as a founder of Arize AI, a rival startup. When recognized, the attendee quickly logged off. Arthur AI later deduced that Fung was, in fact, an employee of Arize AI named Dat Ngo, and OneOneThree was an inactive company of his.

After the call concluded, one of Arthur AI’s employees messaged Ngo via LinkedIn direct messaging. Ngo responded by trying to recruit the Arthur AI employee, according to the Times article. more

Lessons Learned:
  • Require NDAs Every Time.
  • Perform Proper Due Diligence and Act Consistently With Your Findings. 
  • Only Use Secure Communication Channels and Restrict Recording.
  • Train Employees on Spotting and Responding to Potential Threats.
  • Conduct a Prompt and Careful Investigation Into Suspected Activity.

Apple AirTag: Police Official Accused of Stalking

CA - A high-ranking Los Angeles Police Department official has been demoted and is facing the possibility of termination after being accused of stalking a fellow officer with whom he was romantically involved...

The female officer who accused Labrada of stalking contacted Ontario police after she discovered an AirTag — a small tracking device that can be attached to personal items — among her possessions, according to two sources familiar with the case.

A group of officers from a since-disbanded San Fernando Valley gang unit is under investigation for, among other misconduct, allegedly using the devices to track suspects without court authorization...

Ontario police had been investigating the stalking allegations, but the San Bernardino County district attorney’s office said Wednesday it did not have enough evidence to pursue charges against Labrada. more

Monday, October 9, 2023

China Is Becoming a No-Go Zone for Executives

Foreign executives are scared to go to China. 
Their main concern: They might not be allowed to leave. 



Beijing’s tough treatment of foreign companies this year, and its use of exit bans targeting bankers and executives, has intensified concerns about business travel to mainland China. Some companies are canceling or postponing trips. Others are maintaining travel plans but adding new safeguards, including telling staff they can enter the country in groups but not alone.

“There is a very significant cautionary attitude toward travel to China,” said Tammy Krings, chief executive of ATG Travel Worldwide, which works with large employers around the world. “I would advise mission-critical travel only.” Krings said she has seen a roughly 25% increase in cancellations or delays of business trips to China by U.S. companies in recent weeks. more

Where The Spies Are

There are about 80 Russian spies in Switzerland,
which is about one-fifth of the total number of Russian agents in Europe. Source: Neue Zürcher Zeitung, citing the Swiss Federal Intelligence Service, as reported by European Pravda

Details: European states have been actively countering the Russian intelligence network, expelling employees of Russian embassies since the beginning of Russia's full-scale invasion of Ukraine in February 2022.

However, Switzerland did not resort to such a step due to the long tradition of neutrality. The estimates of the intelligence service, shared with members of parliament in September, indicate that there are currently about 80 Russian agents in the country.

A representative of the Swiss Department of Foreign Affairs in an interview with NZZ emphasized that the country's government "does not impose any sanctions in the form of expelling diplomats", adding that communication channels with Russia should be preserved. more

Fine... Feathered Drones Now

Boffins create drone that flies exactly like a bird to blend in on spying missions. 

This drone flies exactly like a bird so it blends in on spying missions. The wing-flapping robot mimics the natural flight of its feathered counterparts. The Icelandic company behind it, said it could be for military or private use. Silent Flyer UAV went on display during the DroneX expo at East London’s ExCel centre. It is designed by Icelandic company Flygildi.

Earlier this year we revealed creepily realistic drones made from dead birds were being developed by scientists. more

How New Corporate Espionage Techniques Are Born, or... Their Next App Attack

In a university somewhere (guess where) students are working on this...

"Introduction: Snooping keystrokes (a.k.a., keystroke inference attacks) seriously threaten information security and privacy. 

By launching such an attack, an adversary has an opportunity to steal sensitive information such as accounts, passwords, credit card numbers, SSNs, and conidential (sic) documents[1, 15, 29, 30] from the victims when they are typing on a keyboard. 

Smartphone-based snooping [15, 18, 24] further eases the launching when an adversary could intentionally leave his own smartphone near the victim’s keyboard. 

Furthermore, an attacker could spread a malicious mobile app (e.g., in app markets) that pretends to be a normal audio playing and recording application but stealthily collects user’s keystroke data over the Internet. He may afect (sic) a large volume of smartphones and enable large-scale keystroke inference attacks as shown in Fig. 1..." more

Wednesday, October 4, 2023

If Ants Can be Tricked, What Chance do Corporations Have?

A cautionary tale for corporations that think they are espionage-proof.

In a study in the journal Science, researchers report that blue butterfly caterpillars infiltrate red ant colonies and grub food by mimicking the raspy sound of the ant queen.

It’s good to be the Queen. You get fed and cared for and generally treated like royalty. But if you’re a blue butterfly caterpillar, you can get the same benefits by just pretending to be queen. Because these crafty caterpillars trick ants into feeding them—by mimicking the sound of their queen.

Ants are social creatures whose colonies contain a queen ant, and hordes of worker ants who feed the queen and take care of all her young. Blue butterfly caterpillars have come up with clever ways to exploit that system. These parasitic caterpillars take up residence in the nests of red ants. And they mooch free meals in part by waggling their heads to beg for food like all the other ant grubs. 

But that’s not all. Scientists using sophisticated recording equipment were able to listen to the caterpillars chatter. And found that the interlopers imitated the sounds of an adult queen. more
  • Your company is filled with hard-working, innocent, social creatures.
  • Anyone bent on corporate espionage knows they just have to blend in.
  • They will listen to your sounds.
  • They will exploit your system.
  • They will imitate loyalty.
  • They will eat your lunch.
  • Fight back.