Saturday, November 8, 2008

SpyCam Story #492 - Camp Dumbstaffer

Canada - A camp employee who claimed he was only trying to scare a female co-worker when he hid a video camera in her shower stall will be sentenced in January.

The 19-year-old Fergus-area man pleaded guilty yesterday to voyeurism and breaching an undertaking by contacting the victim. The man cannot be named to protect the identity of his 17-year-old victim.

Court heard OPP were called to a camp in Wellington County Aug. 5 where a female employee reported being videotaped in the shower.

Police learned the girl was showering when she discovered the video camera on a shelf, hidden among some toiletries but pointed directly into the stall.

Officers discovered three videos on the camera. The first two depicted the suspect aiming the camera to ensure it was aimed correctly, while the third showed the victim nude in the shower.

The suspect was arrested for voyeurism and released by police on an undertaking, including a condition that he not contact the victim.

Nine hours later, he sent the victim a message through the Facebook networking website.

In that message, he wrote that the camera was there as "a prank" and said his intention was to scare someone and get their reaction on video. (more)

Corporate Spy Suit Ends

Von Roll USA Inc. said Friday it has settled its lawsuit against four former employees it had accused of corporate espionage.

In a U.S. District Court filing last December, the Swiss-based company claimed the employees, including former Chief Executive Jack Craig, were using stolen information to set up a rival company, Craig Wire Products LLC.

The suit even claimed that the employees — the others were Brett Portwood, Brad Archambeau and Linda Belcher — remotely accessed confidential information on Von Roll computers in its plant in Rotterdam.

Belcher and Archambeau are former managers at Von Roll's Rotterdam plant, court papers say.

On Friday, Von Roll in a written statement said "all claims and counterclaims in the case have now been settled and the lawsuit will be discontinued in its entirety." (more)

Friday, November 7, 2008

Cops Tap Business Phones and Sell Info

India - A senior official in the Home department said an officer in the Special Task Force (STF) and an (an officer) in-charge of the Special Operation Group (SOG) in Varanasi have helped several contractors to grab lucrative business in Lucknow, Noida and Varanasi by prying on the conversations of their rivals through this system (legal wiretap equipment used against criminals).

These cops eavesdropped on tender details discussed by the rivals and alerted their contracted friends so that they could bid less.

The official said the fraud came to light after the harassed contractors approached the Home department and demanded to know how information was being leaked. Sources said they became suspicious after they lost several bids, the latest being one for a private mobile company. (more)

SpyCam Story #491 - SpyPen

Marlin SpyPen 4GB
• Super Spy 4GB Digital Video Camera Pen
• Charged via any USB port; No need for an additional power supply

• Colour video recorder lets you clearly see the subject

• Super sensitive microphone can record in the range of up to 15 square meters

• Playback recorded video on your PC in AVI format


"Become the super spy you've dreamed of with the Marlin SpyPen. Using one of the smallest digital video recorders in the world and a super sensitive microphone, the Marlin SpyPen can capture video and sound and play it back on your PC with amazing clarity.

Makes a great hidden camera or spy cam; you can hide the pen in a hidden location or even your shirt top pocket to capture the moments you otherwise would not see. (Recommended for legal uses only)"
But, of course.
$78.22 (more)

Why do I mention it?
So you will know what you are up against.

Wi-Fi Alert - WPA Encryption is Cracking

Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption and read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes...

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack. (more)
They will.

Why the NFL Spies on Its Players

The National Football League's unprecedented new effort to protect its image by cracking down on loutish behavior is making some of the league's 1,952 players a little nervous.

This sweeping new personal-conduct policy, which was announced before the 2007 season, allows the NFL to quickly and summarily fine and suspend players; not just for committing crimes, but for any act that's deemed harmful to the NFL's "integrity and reputation." To guard against these unpredictable suspensions (there have been 10 so far), NFL teams are hiring former police officers and FBI agents as security chiefs, ordering up extensive background checks,
installing video-surveillance systems in locker rooms, chasing down rumors and sometimes forbidding players from talking to the press. (more)

Thursday, November 6, 2008

SpyCam Story #490 - IP Eyes on the Mains

Imagine...
(from the manufacturer's web site)
"...an easy-to-install, easy-to-use Internet camera surveillance solution that allows you to monitor [video and audio] any room in your house from anywhere over the Internet.


...uses Powerline networking, which connects the Internet camera and your router using your house’s electrical wiring, eliminating the need to run networking cables across your home.


Furthermore, the Internet camera uses a single cable to both receive power and connect to the Powerline adapter, allowing you to place the camera anywhere in your home. ...zero-configuration setup gets you up and running in no time..."


KEY FEATURES

• View and manage your camera remotely over the Internet
• Camera functions without PC turned on

• Records motion-triggered snapshots – saved to a secure server

• Receive instant e-mail notifications of motion-triggered events

• Share access to your camera with friends and family

(What could possibly go wrong here?!?!)
• 0.5 lux CMOS sensor can capture video in low-light environments

Built-in microphone lets you hear what’s happening
*
* This could turn illegal (US law) the instant the consenting party leaves in the area. Note: In some states, all parties being heard must consent, even people who are not within view of the camera.
• Adjustable stand – place and position your camera anywhere
• Uses auto-provisioning for zero-configuration network setup

• PowerLine networking – place camera by any power outlet

• Camera powered & networked through a single cable
• Easily expand network – Internet Surveillance Camera Expansion Kit
Only $289.99 (more)

Our Point of View
Privacy nightmare. A repackageable, off-the-shelf, audio / video, surveillance system that sends digital signals (encrypted) over existing power lines, to a remote Internet connection (conceivably Wi-Fi'ed out), and then on to anywhere in the world, 24/7/365, for less than $300.00. Geeez... who you gonna call?

Spybusters Tip # 385 - FREE Encrypted Memory Sticks. Roll Your Own!

Step 1 - Go to your junk drawer.
Grab one of your regular old USB memory sticks.


Step 2 - Go to
TrueCrypt.org.
Grab their FREE encryption software.


Step 3 - Read the Beginner's Tutorial. Load & Lock.


Ta-daaaa!
Instant FREE encrypted memory stick!!!

(clap, clap, clap)

Thank you.

Kevin
P.S. You can also roll Free Mac/Windows XP/Vista/2000/Linus sticks the same way.
Additional Spybusters Tips.

Wednesday, November 5, 2008

Hidden Camera in Office Sparks Investigation

CT - Contract talks between an ambulance company and its medics were jolted last week when union negotiators said they found a small surveillance camera hidden in a smoke detector in a conference room at American Medical Response's regional office in West Hartford.

The discovery of the camera, which was plugged into an outlet that was concealed by ceiling tiles, led the union - the National Emergency Medical Services Association - to file a federal unfair-labor-practice complaint. West Hartford police are also investigating. (
more)

Parton Zero, Google ...well, google

The FCC approved rules that would allow high-tech companies and others to use vacant TV airwaves for unlicensed use. Microsoft Corp., Google and other companies have lobbied heavily for access to the airwaves, which they say can be used to provide low-cost wireless Internet service that is more powerful than current Wi-Fi signals.

Broadcasters and wireless microphone users fought against the use of those airwaves, citing interference concerns. However, the FCC unanimously decided to set rules on how those airwaves can be used. The airwaves will come available in mid-February, when the U.S. transitions to digital-only television broadcasts. (more)

Tuesday, November 4, 2008

Dolly Parton Bugs Out Over Wireless Microphones

The issue comes to a head on Election Day, when the Federal Communications Commission votes on a proposal to make a disputed chunk of radio spectrum available for public use. Google, Microsoft, Hewlett-Packard and other technology companies say the spectrum could be used by a whole new array of Internet-connected wireless gadgets...

But a coalition of old-guard media — from television networks to Broadway producers — is objecting to the proposal, saying it needs a closer look. The opponents argue that signals sent over those frequencies could interfere with broadcasts and wireless microphones at live productions...

If the spectrum is set free, Ms. Parton says, chaos could reign on Broadway — in the form of static and other interference.

“The potential direct negative impact on countless people may be immeasurable,” Ms. Parton wrote in a letter last month to the F.C.C., urging it not to release the frequencies. (more)

Bad news for eavesdroppers, too. Performer's wireless microphones have long been a source of information loss – from bug use, to monitoring corporate meetings, to just hanging around Broadway and boot-legging musicals for free! Tune in tomorrow to see if Google gets out-ogled. ~ Kevin (My bug out.)
(UPDATE)

Monday, November 3, 2008

"Pod Slurping", or...

...how to suck the brains out of a PC in 3 minutes or less – via sharp-ideas.net

The Scenario
An unauthorized visitor shows up after work hours disguised as a janitor and carrying an iPod (or similar portable storage device). He walks from computer to computer and "slurps" up all of the Microsoft Office files from each system. Within an hour he has acquired 20,000 files from over a dozen workstations. He returns home and uploads the files from his iPod to his PC. Using his handy desktop search program, he quickly finds the proprietary information that he was looking for.

Sound far fetched?

An experiment
I conducted an experiment to quantify approximately how long it takes to copy files from a PC to a removable storage device (iPod, thumbdrive, et cetera) if you have physical access. The quick answer: not very long.

I wrote a quick python application (slurp) to help automate the file copy process. Slurp searches for the "C:Documents and Settings" directory on local hard drives, recurses through all of the subdirectories, and copies all document files.

Using slurp.exe on my iPod, it took me 65 seconds to copy all document files (*.doc, *.xls, *.htm, *.url, *.xml, *.txt, etc.) off of my computer as a logged in user. Without a username and password I was able to use a boot CDROM to bypass the login password and copy the document files from my hard drive to my iPod in about 3 minutes 15 seconds. (more... including a free "pod slurping" program you can try yourself!) (much more)

"What's that slurping sound I hear?"

India - A Bangalore-based construction company lost a multi-core tender by a thin margin. Baffled company officials vowed there was no way the rival firm could have come so near to their bid...

Computer forensic tests revealed somebody had accessed the Universal Serial Bus (USB) port to download the tender documents. What surprised the company's top heads was that one of their employees had used his iPod to download the data.

The data was then passed to the rival company for a price and to evade detection, the file was promptly deleted from the iPod. Investigators, however, retrieved it using advanced data-recovery software. (more) (how "pod slurping" is done)

This "pod slurp" didn't have to happen. Computers with especially sensitive data should have their ports and drives locked down. Don't know how? Call me, or any of my Geek Chorus Colleagues. Any of us can save you from going through an iPod high-jack.

M
ore about "pod slurping"
, and an even scarier USB story. ~ Kevin

Dr. No, Goldfinger and Blofeld Are Now Real

via sciencedaily.com
Professor Richard J. Aldrich, Professor of International Security at University of Warwick, who has just been awarded a £447,000 grant from UK's Art and Humanities Research Council to examine 'Landscapes of Secrecy' says that the once improbable seeming villains in the Bond movies have become close to the real threats faced by modern security services.

"Remarkably, the Bond villains - including Dr. No, Goldfinger and Blofeld - have always been post-Cold War figures. Bond's enemies are in fact very close the real enemies of the last two decades - part master criminal - part arms smuggler - part terrorist - part warlord. They are always the miscreants of globalization, they endanger not only the security of single country, but the safety of the whole world. Like our modern enemies, they thrive on the gaps between sovereign states and thrive on secrecy." (more)

Food for thought. Corporate espionage attacks by freelance spies are now commonplace, too. If you sense problems in your company, or just have a few questions, give me a call. ~Kevin

Police Chief Accused of Tapping and Bugging

LA - Monroe Police Chief Ron Schleuter said Thursday he has not yet been served with a federal lawsuit filed against him by retired officer Paul Brown and officer Danny Pringle claiming the chief violated their privacy rights by using an illegal wiretap.

The lawsuit, filed Oct. 15, states that Schleuter "used electronic devices to surreptitiously intercept both the oral and wire communications to (the officers') co-employee ... at the Monroe Police Department." (more)