Saturday, December 31, 2016

Security Director Alert - Russian Cyber Activity, GRIZZLY STEPPE

The Department of Homeland Security (DHS) has released a Joint Analysis Report (JAR) that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. 

This activity by Russian civilian and military intelligence services (RIS) is part of an ongoing campaign of cyber-enabled operations directed at the U.S. Government and private sector entities.

DHS recommends that network administrators review the Security Publication for more information and implement the recommendations provided.

Thursday, December 29, 2016

Home Invasion? Domestic Violence? Shout "Alexa" (before "help") for Documentation

Can amazon echo be used against you in a court of law? Have you ever wondered if “Alexa” is really spying on you?

Homicide investigators in Arkansas want Amazon to hand over a potential suspect’s “echo” transcripts. Brad Young of Harris-Dowell and Fisher Law Firm says Amazon has so far refused two requests.


“Amazon’s position is, is that the echo only records 60 seconds of information and then writes over if for the next 60 seconds,” Young says. “So, their position is that it would only have 60 seconds of information.”

However, when you ask your Echo a question, it is saved by Amazon as well as by Apple when you query Siri. Young says his legal personal opinion is that there is an expectation of privacy for things that are said – not queried.

“….when you ask Echo ‘Find what’s the best way to dispose of a dead body’ if that were the question, that information is saved,” Young says. “That information is available if it is a query posed to a device.”

Companies say it’s encrypted and no one can access it. Young says this has become a completely new “legal territory.” more additional info

Seriously, Alexa could become an omnipresent digital ear-witness. ~Kevin  

Secretary Arrested for Eavesdropping — Now Her Boss Suddenly Leaves

NY - Several town councilors confirm Supervisor Manny Falcone announced a sudden leave of absence at a meeting Wednesday evening...

Councilors say Falcone oversaw the duties performed by his former secretary Ellen Colelli. Colelli was arrested weeks ago, accused of eavesdropping. The felony charge brought by State Police accuses Colelli of listening to town employees by using video surveillance equipment that was installed inside the Geddes town office building...  Falcone has not been charged with a crime. more

Flying Tom's Last Peep

UAE - A 28-year-old man died after falling from a high rise building in Sharjah, in the United Arab Emirates, 
while spying on ladies living in the opposite building. The witness told police that the deceased fell due to imbalance while standing and looking into the rooms of the ladies.

Sharjah Police said that they received a call about the incident at the operation room and soon arrived at the site. The man was found dead in a pool of blood. He was rushed to Al Kuwaiti Hospital and then to forensic laboratory. more

Warsaw Waiter Wiretapping

Poland – A Polish court has sentenced a businessman and two waiters convicted in the illegal wiretapping of top Polish politicians in Warsaw restaurants to prison terms.

The court set a prison sentence of 2½ years to Marek Falenta, the businessman convicted of masterminding the wiretapping, and lesser sentences to two waiters involved. A third waiter must pay a fine.

The release of those tapes sparked a political scandal in 2014 that contributed to the loss of power last year of Civic Platform, the centrist party that governed Poland for eight years. more

Extra credit: Service Included: Four-Star Secrets of an Eavesdropping Waiter

Mobile Security: The InfoWorld Deep Dive

As iPhones, iPads, and Android devices become increasingly standard business equipment, IT organizations struggle on how to manage and secure them, and the data that runs through them.

Click to enlarge.
This guide, available in both PDF and ePub editions, explains the security capabilities inherent to each major mobile platform and where using third-party tools make sense -- and where they don't.

It also walks you through the factors to consider in terms of risk for your corporate data, and outlines a rational way to protect that data without getting tied up in knots.  more

Click to enlarge.

Wednesday, December 21, 2016

Android Phones (700 Million) Have Spying Firmware Pre-installed

The term “mobile phone security” is something of a joke these days, with the number of exploits, bugs, and breaches that are endlessly assaulting us and putting our personal information at risk. So, when security outfit Kryptowire sounded the alarm on Chinese company Adups for using its pre-installed apps to spy on Android users with Blu smartphones, it wasn’t exactly a shock.

Now, however, the impact of Adups alleged spying is growing in magnitude, and it’s dragging other Android device manufacturers into the quagmire.

Adups is a company that facilitates over-the-air updates for mobile devices, so its firmware is pre-installed on lots of devices. However, the firmware does much more than it claims, and has the ability to snoop in areas that it shouldn’t, and without the user ever knowing. That information can then be collected by Adups for whatever purposes it desires.

Trustlook, another digital security firm, dug deeper on what devices utilize Adups and could be used by the Chinese company to scrape your private information, and the list is absolutely massive. Trustlook says that over 700 million Android smartphones have Adups firmware installed that puts the user at risk of having text messages, call histories, and device information collected without their knowledge or consent. more

Recorder Found Hidden in the End of a Flashlight

via John Van de Luijtgaarden

"I was just asked to confirm a finding... Got a message with a bad picture of a round black "thingie" inside the end part of a Mag-Lite.

I immediately recognized this one as the EDIC type 16 recorder (B30 model). It is now to wait for the exact type and how much it has been recording. It's memory capacity can run up to a 300 hours sadly the battery cannot.



A great hiding place for a naughty tool in a strategic place !! The Security main office / control room... Keeping you informed"

Last Minute Holiday Gifts for Your Favorite PI

Ho, ho, ho.

more more button video

Monday, December 19, 2016

Reality Spyware Documentary - Find My Phone

What happens to a smartphone after it's stolen? That was the question that a film student in Amsterdam had in mind when he produced a short documentary about a smartphone thief and their stolen goods. On the surface, it might not sound like the most avant-garde idea out there. But here's what made it interesting: the student procured material for his documentary by spying on the thief using a bugged smartphone.

The student, a certain Anthony van der Meer, intentionally had a phone of his stolen – one that he loaded with software called "Cerberus."

As The Next Web reported, the software gave him access to the device location, its features, and its contents – all of which he could retrieve when he wanted. The software also allowed him to make use of the phone's camera and microphone so he could spy on the thief.


For 2 weeks, that's exactly what der Meer did. He spied on the thief, tracking his moves, which resulted in the documentary posted above called Find My Phone – almost the namesake of the Apple app "Find My iPhone" used to find one's phone or disable it after being stolen. more

Excellent work, Anthony! ~Kevin

Vintage "Spy" Ads

  

Spying Feeds the Monkeys ...in real life

Do Not Feed The Monkeys: Voyeuristic Spying Game Launches In 2017

from the press release...
“We all have a natural tendency to wonder about other people’s lives. Sometimes the best stories are kept secret … all in the name of privacy. It begs the question: Why miss out on life’s best experiences because they’re not your own? We’re trying our hand at an answer with Do Not Feed the Monkeys. Hope you enjoy the ride!” more

There's a New Law in Town - Wiretapper Bounty Hunter

The Seventh Circuit revived wiretap claims against a woman who used an email-autoforwarding program to show that the husband she was divorcing had cheated on her.

In a concurring opinion, U.S. Circuit Judge Richard Posner questioned the usefulness of allowing litigants to use the wiretapping law as a means of concealing misconduct.

“I don’t understand why law should promote dishonesty and deception by protecting an undeserved, a rightly tarnished, reputation,” Posner wrote.

Posner also found it relevant that adultery is illegal in Illinois, where the Epsteins are divorcing.

We might compare Mrs. Epstein to a bounty hunter — a private person who promotes a governmental interest,” he wrote. “She has uncovered criminal conduct hurtful to herself, and deserves compensation, such as a more generous settlement in her divorce proceeding.” more

Security Scrapbook Tip # 519 - Avast Ye Porch Pirates

Shipping companies like FedEx and UPS expect to deliver a record number of packages this holiday season...
Law enforcement officials are concerned that a record number of thieves could be following the trucks and attempting to steal the packages from porches before customers get home...

Hoping to stop "porch pirates" from taking packages, Seattle entrepreneur Michael Grabham invented a Frisbee-sized device called The Package Guard.
When delivery drivers place parcels on top of the $69 device, customers receive an alert via text message, email, or through an app. If a thief tries to remove the packages from the pressure-sensitive pad, a piercing alarm sounds.

The device can also be set up to send electronic alerts to neighbors if a theft is underway, according to the company’s website. more

Thursday, December 8, 2016

TSCM Team Finds "Plug Bug" Eavesdropping Device

Japan - An eavesdropping device was found in a waiting room for conservative members of the Mito Municipal Assembly, local city government officials and other sources told the Mainichi Shimbun on Dec. 7.

Example of a "Plug Bug"
Ibaraki Prefectural Police seized the device and are investigating the case which they suspect could constitute trespassing into the building and violation of the Radio Act.

According to Mito Government officials, it was tipped off about the bug on Dec. 6.

Specialized workers hired by the local government began searching for the device from the evening of Dec. 7 and found it in a waiting room for three assembly members from "Suiseikai" -- a conservative parliamentary group -- on the first floor of the temporary two-story prefabricated assembly building. The bug plugs into an electric outlet. more

The example shown operates like a cell phone, but looks (and also operates) as a USB charger. It is powered 24/7, and may be called from a cell phone anywhere in the world. BTW, it can  also automatically call the eavesdropper when it detects sound. Available on eBay for $14.79. 

Don't you think its time to have your offices and conference rooms checked? ~Kevin