Tuesday, May 31, 2016

10 types of spy cameras that could be watching you right now - No. 6 is a surprise

Camera technology has advanced a lot the past few years. They keep getting smaller and smaller, making it possible to conceal them any which way.

Spy cam manufacturers have been creative in producing some of the most cleverly disguised (and tiny) camera/DVR systems, complete with HD video, motion detection, large storage card support and remote controls...

1. USB flash drive spy cameras
These cameras look like your regular USB storage sticks, but think again. They have a hidden camera inside! It’s not unusual these days for someone to be carrying USB sticks around so spotting them can be a bit challenging.

So how can you tell? The camera lens for these USB stick cameras is usually located on the posterior end of the stick, opposite the USB plug. With this form factor, this spy cam will blend seamlessly in an office or classroom.

See all 10 here.

Concerns for Energy Espionage Climb

The FBI is warning U.S. energy companies that the oil industry's downturn is increasing their vulnerability to theft of technological secrets.
 

Companies that long have faced the prospect of economic espionage must now be prepared for the possibility that workers who have been laid off could be targeted by foreign entities and competitors wanting to steal intellectual property. 

"FBI investigations indicate economic espionage and trade secret theft against U.S. oil and natural gas companies and institutes are on the rise," according to an unclassified briefing report prepared for the energy industry.

Agents shared the report recently with about 150 energy sector executives, managers and others who gathered behind closed doors at the FBI building... more

How Business Espionage Really Works (Hint, it ain't just computers.)

The Dirty Dozen
  1. Trespassing on the property of a competitor.
  2. Secretly observing the activities or properties of others.
  3. Using electronic eavesdropping equipment.
  4. Learning trade secrets by hiring people who work for a competitor.
  5. Hiring a spy to get specific information from an other company.
  6. Planting an undercover operative on someone else’s payroll.
  7. Stealing documents or property (includes electronic documents).
  8. Conducting phone negotiations for a license, franchise, or distributorship in order to gain inside information.
  9. Gaining information by staging a phony market research study or similar interview project.
  10. Bribing. Most forms of bribery are unethical, including those disguised as “gifts”.
  11. Blackmailing.
  12. Extorting. 
From: Best Practice Guidelines in Business Espionage Controls & Countermeasures
  

Trump Campaign Manager Asked if Trump Offices Are Being Bugged - Bizarre Response

Donald Trump’s controversial campaign manager, Corey Lewandowski, appeared on “Fox News Sunday” this week to answer questions about the Republican front-runner’s strategy as the primary season winds down...

...with seconds remaining in the interview, host Chris Wallace asked a question that produced a response no one likely anticipated.

Wallace asked Lewandowski to comment on reports that some Trump associates are suspicious that the campaign’s Trump Tower offices are being bugged. At first the campaign manager ignored the question, but Wallace pressed further.

“Is there any bugging going on at the Trump Tower?” Wallace asked, with 10 seconds remaining in the interview.

“I think that’s a lot of speculation,” Lewandowski began. “I don’t think that’s the case at all — I think we’re very happy with the way that our offices are set up.”

It’s not quite clear what Lewandowski was trying to suggest, and given that there was no time for a follow-up question, the bizarre response was left alone. more

Friday, May 27, 2016

The Friendly Maintenance Man's Spycam

Apartment maintenance man Jerry Rowe was a nice, friendly guy who carried around treats for residents' dogs. Residents of the Steeplechase Apartments were surprised Thursday when word spread that Rowe, 65, had been arrested and charged with hiding a camera in the bathrooms of five female tenants. 

...The investigation into Rowe started Wednesday when a woman saw a camera in a vent in the ceiling of her bathroom.  The Friendly Maintenance Man's

She called the Warren Co. Sheriff's Office and deputies said they found images of Rowe placing the camera in the vent on the camera. Lt. John Faine said five women were captured by the camera...

Faine said he believes Rowe had one camera that he moved from one apartment to another. However, he cannot rule out that there may be other cameras at this point in the investigation. more

Thursday, May 26, 2016

DIY Tip: How to Check Your Wi-Fi for Spies

If you would like to see who (or what) is tapped into your wireless network, you can take a peek with router utilities and mobile apps...

Depending on your interest in technical fiddling, you can see what other devices are connected to your network in several ways. For one, you could log into your wireless router’s administrative page and check its DCHP Client Table (sometimes called the DHCP Client List or Attached Devices, as some router companies use different terms) to see the roster of computers, smartphones, tablets and other gear currently connected to the wireless router...

If that sort of thing seems like way too much work, you can also get a program or app that scans your network for connected devices. Your router maker may have its own app, like Netgear’s Genie, Linkys Connect or Apple’s AirPort Utility for iOS.

You can also find software from other developers that is designed to reveal the devices connected to your wireless network. NirSoft Wireless Network Watcher. Who’s on my WiFi for Windows and the Fing network scanner for Android and iOS are among the options. more

Russian Election Monitor Sets Trap To Test NTV For Wiretapping

In March 2012, Michael McFaul, then the U.S. ambassador to Russia, famously accused journalists from the state-controlled network NTV of hacking his phone or e-mails to access his schedule after they approached him as he arrived at a private meeting with an opposition activist.

Four years later, those same journalists have been purportedly tripped up in a sting operation by an embattled Russian election-monitoring group seeking to prove that security services are wiretapping its phones and leaking details of its meetings with foreign diplomats to the Kremlin-loyal network.

Golos, an independent election monitor that has documented widespread violations at Russian ballot boxes in recent years, says it has concluded that NTV journalists are surreptitiously obtaining information about its employees’ movements from Russian law enforcement or intelligence agencies.

Using this information, Golos alleges, the journalists are able to track the group’s itinerary and wait for them -- cameras and microphones in hand -- outside embassies and other Moscow venues where they meet foreign diplomats to discuss the country’s elections. more

The 2017 Intelligence Authorization Act

As part of its continuing push for ever greater surveillance powers, the FBI is hoping that a new bill, known as the 2017 Intelligence Authorization Act, will be enacted into law, as the proposed legislation makes it possible for the agency to read emails without a warrant. It’s already been given Senate Intelligence Committee approval and will next be considered by the Senate as a whole....

Essentially, the bill would extend current FBI powers authorized by the Patriot Act, which allows the government to force telecoms companies to hand over phone records on individuals suspected of terrorism and other crimes. Known as a National Security Letter, recipients are not allowed to speak about the FBI investigation either, essentially gagging the companies and individuals involved.

...If enacted, sending such a letter would not require a court order, nor require any oversight from external organizations whatsoever.

That’s the aspect of the bill that lone-Senate Intelligence Committee dissenter, Ron Wyden, highlighted as part of his no vote.

This bill takes a hatchet to important protections for Americans’ liberty,” he said (via CNet). “This bill would mean more government surveillance of Americans, less due process, and less independent oversight of U.S. intelligence agencies.” more

Britain's Foreign Secretary Denies Office Cat is a Spy

Britain's foreign secretary Philip Hammond was forced to issue a denial after his own Conservative party colleague claimed the "chief mouser" at the UK's Foreign Office could be a European Union (EU) spy.

Palmerston, a cat that was adopted by the Foreign and Commonwealth Office, had been recently announced as the "chief mouser" to help tackle the problem of mice in the building in central London.

However, as the debate around Britain's membership of the EU heats up in the lead up to the June 23 referendum, a member of the camp in favour of remaining in the economic bloc told the House of Commons yesterday that those in favour of Brexitmay fear Palmerston has not been fully vetted.

"There is a serious point here. Can I ask my right honourable friend whether Palmerston has been security cleared or not... can I ask him, has he been positively vetted by the security service and scanned for bugs by GCHQ? And can my right honourable Friend assure the House –and the more paranoid element in the Brexiters - that he isn't a long term mole working for the EU Commission," Tory MP Keith Simpson asked Hammond.

The foreign secretary chose to the address the bizarre query, claiming Palmerston's attendance record had been impeccable.

He told MPs: "He is definitely not a mole. I can categorically assure my honourable friend that Palmerston has been regularly vetted." more

Wednesday, May 25, 2016

Survey: Corporate Espionage Rated as a Top Risk - Assessments Become Common

A large number of companies feel the existing security standards, legal, regulatory and compliance frameworks in the industry were not adequate to support corporate security requirements, a survey by PwC India and American Society for Industrial Security (ASIS) said.

The survey revealed that cybercrime and corporate espionage have been rated as two of the most serious threats to organizations in the coming years.

More than half the respondents felt precautionary and preventive measures taken is still not adequate...

The survey also highlighted that about 73 per cent of the respondents felt that the number of security incidents had increased in the past two years and would continue over the next two years.

While five years back physical security assessment was rare and uncommon, today almost 46 per cent of the organizations surveyed conduct a physical security risk assessment once a year, whereas 17 per cent do it monthly. more

New Old News - Official Warning - Wall Wart Eavesdropping Device

(My clients received their warning on January 14, 2015. ~Kevin)

FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.

The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks.

To lower the chances the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices.

"If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information," FBI officials wrote in last month's advisory. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen." more

Facebook Has Ears and is Nosey Too

Facebook admits that it “uses your microphone to identify the things you’re listening to or watching, based on the music and TV matches we’re able to identify.”

However, some experts believe that Facebook is not being fully transparent. Once the microphone feature is enabled, Facebook can listen in to your private conversation, even when one is not actively engaging with the app.


The feature listens for particular buzz words, which enable the site to weave the content that appears on news feeds to suit users’ personal interests.

In an NBC report, the feature is tested by Kelli Burns, a professor of Mass Communication at the University of South Florida.

In the experiment, she says aloud with her microphone feature on, “I’m really interested in going on an African safari. I think it’d be wonderful to ride in one of those jeeps.”

When she checked her Facebook newsfeed just 60 seconds later, the first item to appear was a safari story. She then also noticed an advertisement for Jeep vehicles. more

Holiday Weekend Filmfest - Watch the 10 Best PI Movies (infographic)

A tip of the magnifying glass to Adam Visnic
a licensed private investigator. 
May your next case become a 
classic movie. 

(Enlarge)

Friday, May 20, 2016

"Alexa, can you be used by outsiders for eavesdropping?"

via Matt Novak
"Back in March, I filed a Freedom of Information request with the FBI asking if the agency had ever wiretapped an Amazon Echo. This week I got a response: “We can neither confirm nor deny...”
We live in a world awash in microphones. They’re in our smartphones, they’re in our computers, and they’re in our TVs. We used to expect that they were only listening when we asked them to listen. But increasingly we’ve invited our internet-connected gadgets to be “always listening.” There’s no better example of this than the Amazon Echo.

In many ways the Echo is a law enforcement dream." (...or any hacker, snoop or spy.) more more

Thursday, May 19, 2016

10 Ways Law Firms Can Make Life Difficult for Hackers

1. More (and better) employee training.
2. Keep backups disconnected from the network and the Internet.
3. Install all patches and updates.
4. Update software – especially when it is no longer supported.
5. Block executable files, compressed archives and unidentified users.
6. If you use cloud storage, make sure your firm controls the encryption key.
7. Make your cybersecurity program meet the needs of potential clients.
8. Have clear, effective restrictions on remote access and mobile devices.
9. Set systems to capture log data, for forensic purposes if a breach occurs.
10. Share threat information. more

These basic tips apply to all hacker-target businesses. ~Kevin