Saturday, March 31, 2012

Privacy Alert: The Stalking App

Another day, another creepy mobile app. Here is one that allows you to find women in your area. It definitely wins the prize for too creepy.

Girls Around Me uses Foursquare, the location-based mobile service, to determine your location. It then scans for women in the area who have recently checked-in on the service. Once you identify a woman you’d like to talk to, one that inevitably has no idea you’re snooping on her, you can connect to her through Facebook, see her full name, profile photos and send her a message.

P.S. When you sign up for the Girls Around Me application, you are asked to log in to Facebook, giving the service your personal information, too. (more)

FutureWatch: The Creepy Guys Around Me app.

No, wait... This just in...
In direct response to our story from earlier today about Girls Around Me, an iOS app by Russian-based app developer i-Free that tracks and gives personal information about women without their knowledge, Foursquare has released a statement announcing that they have officially killed Girls Around Me’s access to their public API. (more)

Friday, March 30, 2012

Eavesdropper Reveries - Laser Keyboards

My new iPhone has a laser keyboard...
In my dreams :)
But until then, there is always this...


Somewhere, someone (other than me) is musing about how to eavesdrop on this technology.

The Bluetooth connection?
Optical intercept?
Keystroke logging spyware?
Or, maybe an accelerometer embedded in the table to decipher the finger tapping sounds?

Am I allowed to have this much fun at work?

Thursday, March 29, 2012

New CCTV Scans 36 Million Faces for a Match... in one second!

There were several news stories late last week about a new surveillance system by Hitachi Kokusai Electric that the company claims is able to capture a person's face and, in one second, scan some 36 million facial images stored in its database to see whether it can find a match. According to this story at Digital Trends:

"Now, here's my plan..."
"Hitachi’s software is able to recognize a face with up to 30 degrees of deviation turned vertically and horizontally away from the camera, and requires faces to fill at least 40 pixels by 40 pixels for accurate recognition. Any image, whether captured on a mobile phone, handheld camera, or a video still, can be uploaded and searched against its database for matches." 

The company states in a video posted at DigInfoTV that it thinks the system is "suitable for customers that have a relatively large-scale surveillance system, such as railways, power companies, law enforcement, and large stores."

Over time, I suspect that the technology will be reduced in price to be "suitable" for just about anyone with a surveillance system. (more)

Business Espionage: "If we can't hack your voicemail, we'll hack your business."

Australia - Revelations that a secret unit within Rupert Murdoch’s News Corp promoted high-tech piracy that damaged pay TV rivals will increase fears of corporate espionage in boardrooms across Australia and around the world. A four-year investigation by The Australian Financial Review has revealed a global trail of corporate dirty tricks by a group of former policemen and intelligence officers within News Corp that devastated competitors. (more)

Australia - Senior Australian officials have expressed concern over allegations that News Corporation engaged in hacking and piracy in order to damage its commercial television competitors. The allegations suggested that the firm owned by Rupert Murdoch had set up a unit to sabotage rivals. The Australian Financial Review said this was done by making pirate copies of competitors' smart cards. (more)

So You Want to be a Private Investigator - Top 25 Schools

Deciding on a professional private investigation training program can be tricky. Unlike many professions, a degree in investigations is not a requirement to enter into this field. Competing against individuals with extensive backgrounds in law enforcement, security and investigations can be a daunting task, but many industry veterans certainly believe hitting the classroom can help jump-start a career in investigations. Here is a list of the Top 25 educational institutions which can help you achieve your goal... (more)

"Come out with your hands up," this is the Hackers, and we have you surrounded.

The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," FBI executive assistant director Shawn Henry said.

Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said. (more)

FutureWatch Idea: Opto-isolate high-value information from the Internet, like opto-isolators do for electronic measurement equipment.

Privacy - If you are not outraged yet, wait for the strip search.

The assault on personal privacy has ramped up significantly in the past few years. From warrantless GPS tracking to ISP packet inspection, it seems that everyone wants to get in on the booming business of clandestine snooping -- even blatant prying, if you consider reports of employers demanding Facebook passwords prior to making hiring decisions.

What happened? Did the rules change? What is it about digital information that's convinced some people this is OK? Maybe the right to privacy we were told so much about has simply become old-fashioned, a barrier to progress. In search of an answer, I tried a little thought experiment. Follow me, if you will, on a journey to a place in the space-time continuum I call the Land Before the Internet... (more) 

This story, "Your privacy is a sci-fi fantasy," was originally published at InfoWorld.com.

Tuesday, March 27, 2012

The 'Open Mike' Devours Another Unsuspecting Victim

Unaware that a microphone was recording him, President Obama asked outgoing Russian President Dmitry Medvedev Monday for breathing room until after Mr. Obama’s re-election campaign to negotiate on missile defense. ...“This is my last election,” Mr. Obama said. “After my election, I have more flexibility.” (more)

Friday, March 23, 2012

TSCM Training & Counterespionage Education Around the World

AUSTRALIA
Dever Clark + Associates
Eavesdropping Detection and Prevention Workshop (2 days) 

Eavesdropping detection and prevention, also known as ‘debugging’, ‘audio countermeasures’, ‘technical surveillance countermeasures’ (TSCM), or even ‘sweeps’, is the term used to describe the recognition, evaluation and minimisation of the threat from covert (and often illegal) electronic surveillance. This two-day non-technical workshop consists of no nonsense, practical advice on information security and eavesdropping prevention and is presented in terms, which can be understood by people without training in electronics. ... The workshop includes practical demonstrations and illustrations of common vulnerabilities. (more) (course brochure) Contact: Michael Dever, BSc (Security) CPP PSP

SOUTH AFRICA
Eavesdropping Detections Solutions®
Basic Course in Electronic Eavesdropping Countermeasures
We are presenting a basic course in electronic eavesdropping countermeasures. The course is scheduled to take place from 02 – 13 July 2012 – Protea Waterfront Hotel, Centurion, Gauteng. Final date for registration is 25 June 2012. The course in electronic eavesdropping countermeasures, presented since 1998, is suitable for the individual who has no or little previous experience in technical surveillance countermeasures. The 80-hour course is presented over ten (10) working days. (more) Contact: Steve Whitehead

CBIA is hosting a three day international conference on business counterintelligence from 17 – 19 September 2012 at the Kwa Maritane Bush Lodge, Pilansberg (What a venue!). The brochure and registration form attached. One of the key aims of the conference is to involve and to provide business executives, decision-makers, managers and business unit leaders with the insight to understand business counterintelligence and how it differs from other streams of information management practices. This is a vital conference for those responsible for the protection of information in their organisations. The conference sessions are highly informative, powerful and offers a wealth of opportunities for learning.  (more) (brochure) Contact: Steve Whitehead

CANADA
Technical Security Branch (TSB) of Professional Development TSCM Group Inc.
Canadian Technical Security Conference (CTSC)
- April 23-25, 2012
The annual Canadian Technical Security Conference (CTSC) event (Cornwall, Ontario) is a three (3) day professional development and networking opportunity with a local, regional, national and international following of professional technical operators, TSCM specific and test & measurement based equipment manufacturers and service providers. Our annual CTSC conference event is an absolute must attend event for local, regional and international technical security professionals from the private sector, corporate security industry, financial sector, oil, gas and mining sector, government, law enforcement and military organizations and agencies. (more) Contact: Paul D Turner, TSS TSI

USA
Research Electronics International (REI)
(Algood, TN)
TSCM courses are designed to teach the basic procedural concepts of conducting a countersurveillance investigation. Courses currently offered provide training on REI equipment as well as general sweep procedures. Classes are held in our unique training rooms that simulate suspect environments. Students use these project rooms to exercise their knowledge of the use of detection equipment. REI has 5 full-time, highly qualified instructors with many years of cumulative experience in the surveillance field. (more) (brochure) Contact: Mark S. Uker, Director of Training
 
Jarvis Intelligence Solutions (Tulsa, OK)
Technical Security Countermeasures

This 40 hour course of instruction is designed to provide the student with the basic skills and knowledge to conduct technical security countermeasures sweeps and surveys. Students will learn various types of equipment that can be utilized to implement electronic espionage operations and how to effectively identify, locate and neutralize these attacks. (more) Contact: Ray Jarvis, Director

There are are several more schools and providers. These are just the ones I know personally, and which have some good programs coming up soon. ~Kevin


Too young to vote?
Try one of these!

The International Spy Museum in Washington, DC is always running interesting spy-related activities for kids. Check out their Spy School Summer Camp.

Can't get there? 
Try this, on-line...
Are You Ready to Become A Super Spy?

Thursday, March 22, 2012

FutureWatch: Wireless Bugging Not Based on the Electro-Magnetic Spectrum for Transmission

Neutrinos have been in the news recently, and although it appears that they probably do not travel faster than light, they still hold court as three of the strangest of the known subatomic particles. Undeterred by these arcane particles, Fermilab scientists have succeeded in communicating with neutrino pulses through 240 meters of rock at a rate of 0.1 bits per second.

Although only capable of sending one alphanumeric character every minute, this is still an experimental tour de force that demonstrates the feasibility of using neutrino beams to provide a low-rate communications link independent of any electromagnetic radiation

FutureWatch: However, given the limited range, low data rate, and extreme technologies required to achieve this demonstration, significant improvements in neutrino beams and detectors will be required for “practical” applications of neutrino communications. (more)

How to Avoid Malicious Web Apps

Rule number one is simple: If you have any doubt, don't click. 

This single rule would help people avoid most Web app malware, but it seems to be hard to drill into users' heads.  –Tim Keanini, CTO of nCircle (more)

New Cell Phone Encryption Product - TrustCall

Here is a new twist on encrypting cell phone calls. TrustCall – Secure Phone Software

Both phones need to have an SDmicro card slot. The encryption is on the card, so it can be moved from phone to phone if desired. 

The beauty of this system is that the user doesn't have to do anything but place the call as normal. Calls takes slightly longer to connect, however. (review)

The product and company are new. As of this date, their web site is still under construction, but details can be seen here.

From the company... "TrustCall is a discreet, affordable, easy-to-install mobile security software solution for Android, BlackBerry® and iPhone in 2012. To activate, users simply choose a contact in their address book, select the “Place Secure Call” option and press send. TrustCall authenticates all user identities prior to establishing the call and maintains a secure phone connection from beginning to end. Enterprises can quickly deploy, manage and use TrustCall without advanced training or custom handsets.
 
Because our mobile phone security solution is portable, it can be easily removed and configured for multiple phones if needed. TrustCall can be deployed inside a client’s network or in a hosted environment while providing a platform to manage, activate and terminate secure communications in near real-time.

TrustChips are designed to operate on-demand, and only when needed, battery life is maximized. With these solutions, users enjoy all the benefits of a standard off-the-shelf smartphone as well as having seamless voice protection wherever and whenever a sensitive call needs to be made.

These TrustChip Secured applications are optimized for 3G and Wi-Fi networks. Multiple platforms are supported. (more)

Wednesday, March 21, 2012

A Cunning Plan to Protect Us from Business Espionage

(Not from the Daily Show or Black Adder.)
We are being bombarded with news stories and court trials tornadoing around Chinese spies. They’re everywhere. Collecting everything. They have become such a fixture in and around our hapless businesses that it only seems right to offer them health insurance, a pension plan, cookies and milk.

But wait. Let’s think this through. 

Aren’t these the folks who had the secrets of silk stolen from them by Justinian I? Humm, could this be why great neckties are made in Italy, not China? Even their espionage death penalty law couldn’t protect them. Boom! Economic espionage devastated their economy.

I also recall a dude from the UK, Robert Fortune, sort of an early 007. He was sent to steal the secrets of tea production from... Have you guessed yet? China! That caper is now know as The Great British Tea Heist. Boom! Economic espionage devastated their economy yet again. Oh, and what about the Chinese secret of making porcelain? A French Catholic priest stole that one. BOOM!! I could go on and on. Gunpowder, paper, etc. Bing! Bam! BOOM! Feeling sorry for China yet? Don’t. They are making up for it, right now. The disk drive that just started whirring in your computer... it might be them.

And, don’t think this is just some cosmic yin and yang, great mandella, or as we say here in Jersey, “What goes around, comes around.” No, that explanation is too simplistic, not to mention fatalistic. There is more to this industrial espionage business. The circle is bigger. This is history repeating itself, over and over and over.

Remember when England needed rubber? Where did they have to go to get it? I hear you say, “Brazil.” Correct! But they didn’t like being held captive by one source. So, what did they do? Right again. In 1876, they stole some rubber tree seeds from Brazil and cultivated their own trees. [insert Monty Python foot-stomping fart sound]! Brazil’s very promising economy, with car and bicycle tires just around the corner, is squashed. 

Click to enlarge.
Remember America’s meteoric rise to the top of the International charts? Guess what propelled that one... intellectual property thefts committed by Samuel Slater and Francis Cabot Lowell. They brought the secrets of cotton and wool production to our shores from England. Instant industrial revolution for us. Zip! The economic loose thread on Britain's sweater got “yanked”.

I feel their pain. It’s happening to us right now.

The history of mystery list continues with Lieven Bauwens, a Belgian, stealing the British spinning mule; Thomas Whitty stealing weaving secrets; John Lombe stealing silk machine designs; atomic bomb secrets going everywhere. Even English muffin baking secrets aren't safe. (“...there are but seven executives who know the exact formula that causes the English muffins to develop their nooks and crannies,” and one guy tried to make off with it.)

What we have learned.
• Anyone with exclusive information will attract business spies.
• Industrial spying changes the fortunes of countries and the courses of history.
• Espionage laws with stiff legal penalties do not deter spies.
• History repeats itself.

What we haven’t learned.
• How to stop business espionage.

Competitive advantages are national treasures. Losing a competitive advantage doesn’t just hurt the business which owns it. In the long run, it hurts entire countries and its citizens. The economic damage lasts for centuries. 

Viewed in this light, the obligation becomes clear. The keeper of a competitive advantage has a moral and social obligation to protect the asset.

So, why don’t businesses do a better job of protecting their intellectual property? 
• No direct ownership of the protection responsibility.
• Short-sighted greed. Security costs a little money. (Very little in the long run.)
• Reliance on espionage laws which are based solely on punishing the spies... if they are caught. If they are not caught the damage still occurs; no one is held accountable.

And now for my cunning plan...
Treat intellectual assets, business secrets, high-level business discussions, communications and critical strategies with the same respect we afford military secrets. They are just as vital, and arguably, more so. Label these gems of information for what they are... National Interest Assets.

Round out the espionage laws. 
History has proved the one-sided, punish-the-spy model does not work – even when the penalty is DEATH! 

Impose a legal responsibility to proactively protect National Interest Assets. Hold the corporate caretakers of our economic future accountable for protecting their valuables. Create standards of protection. Provide penalties for inadequate or negligent protection. Enforce compliance before the theft occurs. Hey, we do it with medical and financial records.

In short, make proactive counterespionage protection an economically attractive, moral and legal responsibility. 

If you agree, please pass this article on to your legislators. I’ll be doing the same here. The end result will benefit everyone.

Be seeing you,
Kevin

When Social Notworking May Really Mean Not Working

Employers ask job seekers for Facebook passwords
When Justin Bassett interviewed for a new job, he expected the usual questions about experience and references. So he was astonished when the interviewer asked for something else: his Facebook username and password.

Bassett, a New York City statistician, had just finished answering a few character questions when the interviewer turned to her computer to search for his Facebook page. But she couldn't see his private profile. She turned back and asked him to hand over his login information.

Bassett refused and withdrew his application, saying he didn't want to work for a company that would seek such personal information. But as the job market steadily improves, other job candidates are confronting the same question from prospective employers, and some of them cannot afford to say no. (more)

LAUSD Can Now Spy on Teachers' Online Activity, Punish Them for Facebook Comments

Los Angeles Unified School District headquarters tells teachers -- and any other adult associated with the district -- that they'd better keep their social-media persona in check.

Actually, the new policy was put in place almost two months ago. But until the news wire mentioned it in an article today, it seems to have passed quietly under the radar. (more)

Tuesday, March 20, 2012

FutureWatch: Your Next TV May Watch You

via the HD Guru...
Artist's conception. Not really Samsung.
Samsung’s 2012 top-of-the-line plasmas and LED HDTVs offer new features never before available within a television including a built-in, internally wired HD camera, twin microphones, face tracking and speech recognition.  

While these features give you unprecedented control over an HDTV, the devices themselves, more similar than ever to a personal computer, may allow hackers or even Samsung to see and hear you and your family, and collect extremely personal data.

And unlike other TVs, which have cameras and microphones as add-on accessories connected by a single, easily removable USB cable, you can’t just unplug these sensors.

Privacy concerns
We began to wonder exactly what data Samsung collects from its new “eyes and ears” and how it and other companies intend use it, which raises the following questions:

* Can Samsung or Samsung-authorized companies watch you watching your Samsung TV? 
* Do the televisions send a user ID or the TV’s serial number to the Samsung cloud whenever it has an Internet connection? 
* Does Samsung cross reference a user ID or facial scan to your warranty registration information, such as name, address etc.? 
* Can a person or company listen to you, at will, via the microphone and Internet connection? 
* Does Samsung’s cloud store all this information? How secure is this extremely personal data? 
* Can a hacker intercept this data or view you via the built in camera? 
* Can a third-party app program do any of the above? 
* Exactly what information does the TV send to Samsung or other parties? 
* Does Samsung intend to sell data collected by its Smart TV owners, such as who, what and when one is viewing? (more)