Modern day sensors have become so small and sophisticated that gathering the data from a single point has become easy.
The difficult part involves figuring out what to do with the information. Lead researcher Gierad Laput... “The average user doesn’t care about a spectrogram of EMI emissions from their coffee maker,” he said. “They want to know when their coffee is brewed.”
Synthetic Sensors aren’t just limited to detecting one activity or device at a time. The suite of sensors allows it to detect a variety of inputs at once... more
Saturday, May 13, 2017
This Week in Spycam News - Cautionary Tales for our Times
• Fired former London teacher pleads to 16 charges for secret videos shot in staff changeroom at school. more
• “Roger” is a security guard. He’s vague on the exact details, but his jobs afford him access to several rooftops in the downtown area of an unnamed city. One of these roofs has a view of a high-rise hotel across the street. The building’s windows are so high up that guests tend to feel safe leaving the curtains open. So, Roger climbs out onto a ledge on the roof, trains his handheld high-zoom camera on the uncovered windows, and hits record. Then, if he happens to catch an unsuspecting woman, especially a naked one, he posts the video on the Internet. more
• Deputies in Chester charged a man with voyeurism Sunday after receiving a report that he hid a cell phone in a teen girl’s bedroom that took footage of her as she left the shower naked, police said. more
Read more here: http://www.heraldonline.com/news/local/crime/article149267889.html#storylink=cpy
• A Kingston man has been charged by the Ontario Provincial Police in Quinte West after a woman reported a camera taking her picture. She had been in the changing area of a Trenton business when she noticed a camera taking a picture of her. At that time the OPP charged the accused with one count of voyeurism. more
• A man is charged with video recording a 16-year-old girl without her knowledge while she was in the shower, according to the Pinellas County Sheriff’s Office. more
• An ex-finance director who hid spycams to secretly film almost 700 videos of colleagues has walked free from court. Mark Logan planted the cameras in digital clocks in a toilet at the Wheatley Group offices in Glasgow city centre. The shamed 48 year-old also carried out the crime while on business trips in Edinburgh and London. A sheriff heard how Logan could be seen in footage putting a device on the bedside table of one of his victims... The secret cameras had been hidden in a toilet. Logan was snared when bosses at Wheatley discovered three digital clocks which had recording equipment inside them. more
• Former Palm Beach Gardens High School's athletic director William Weed has turned in his resignation. Weed was arrested Monday after an investigation that started in February. A police report stated that he used a covert camera to obtain videos and images of a female juvenile. more
Businesses: Embarrassment, reputation damage and lawsuits are the end result of these incidents. Learn how to protect your employees, customers, visitors and yourself. more
• “Roger” is a security guard. He’s vague on the exact details, but his jobs afford him access to several rooftops in the downtown area of an unnamed city. One of these roofs has a view of a high-rise hotel across the street. The building’s windows are so high up that guests tend to feel safe leaving the curtains open. So, Roger climbs out onto a ledge on the roof, trains his handheld high-zoom camera on the uncovered windows, and hits record. Then, if he happens to catch an unsuspecting woman, especially a naked one, he posts the video on the Internet. more
• Deputies in Chester charged a man with voyeurism Sunday after receiving a report that he hid a cell phone in a teen girl’s bedroom that took footage of her as she left the shower naked, police said. more
Read more here: http://www.heraldonline.com/news/local/crime/article149267889.html#storylink=cpy
• A Kingston man has been charged by the Ontario Provincial Police in Quinte West after a woman reported a camera taking her picture. She had been in the changing area of a Trenton business when she noticed a camera taking a picture of her. At that time the OPP charged the accused with one count of voyeurism. more
• A man is charged with video recording a 16-year-old girl without her knowledge while she was in the shower, according to the Pinellas County Sheriff’s Office. more
• An ex-finance director who hid spycams to secretly film almost 700 videos of colleagues has walked free from court. Mark Logan planted the cameras in digital clocks in a toilet at the Wheatley Group offices in Glasgow city centre. The shamed 48 year-old also carried out the crime while on business trips in Edinburgh and London. A sheriff heard how Logan could be seen in footage putting a device on the bedside table of one of his victims... The secret cameras had been hidden in a toilet. Logan was snared when bosses at Wheatley discovered three digital clocks which had recording equipment inside them. more
• Former Palm Beach Gardens High School's athletic director William Weed has turned in his resignation. Weed was arrested Monday after an investigation that started in February. A police report stated that he used a covert camera to obtain videos and images of a female juvenile. more
Businesses: Embarrassment, reputation damage and lawsuits are the end result of these incidents. Learn how to protect your employees, customers, visitors and yourself. more
North Korean Spy News
• In a nation as bizarre as North Korea is, it comes as no surprise that their broadcasting of secret spy codes over the airwaves would be equally as bizarre.
While no official explanation for North Korea’s coded broadcasts has been solidified, many believe that the seemingly random numbers and phrases are codes understood by North Korean spies living under the radar in South Korea. more numbers stations
• North Korean prosecutors Friday demanded the extradition of those they say plotted to assassinate leader Kim Jong Un, including South Korea's outgoing spy chief and unnamed "masterminds" in the US Central Intelligence Agency.
The demand comes a week after the North sensationally alleged it uncovered a US-South Korean plot to kill Kim with biochemical, radioactive or poisonous substances during a major event, such as a military parade. more
While no official explanation for North Korea’s coded broadcasts has been solidified, many believe that the seemingly random numbers and phrases are codes understood by North Korean spies living under the radar in South Korea. more numbers stations
• North Korean prosecutors Friday demanded the extradition of those they say plotted to assassinate leader Kim Jong Un, including South Korea's outgoing spy chief and unnamed "masterminds" in the US Central Intelligence Agency.
The demand comes a week after the North sensationally alleged it uncovered a US-South Korean plot to kill Kim with biochemical, radioactive or poisonous substances during a major event, such as a military parade. more
Uber Spying - Waymo than you know says Google
Uber is being sued by Waymo, the business unit developing self-driving vehicles at Google's parent company Alphabet, over allegations of technology theft.
The suit accuses former Google engineer Anthony Levandowski of stealing technology when he left the company to create a start-up called Otto, which was also building self-driving cars.
Uber acquired Otto for $680m (£540m) last year, at which point Mr Levandowski began to oversee Uber's work on developing autonomous cars. more
The suit accuses former Google engineer Anthony Levandowski of stealing technology when he left the company to create a start-up called Otto, which was also building self-driving cars.
Uber acquired Otto for $680m (£540m) last year, at which point Mr Levandowski began to oversee Uber's work on developing autonomous cars. more
Corporate Espionage Countermeasures Tips
via Colleen McKown – American Greed Report
Corporate espionage schemes can occur when people already working for someone else infiltrate a company, or employees who've already left a company leave behind co-conspirators who send them data.
Some important steps companies can take:
Corporate espionage schemes can occur when people already working for someone else infiltrate a company, or employees who've already left a company leave behind co-conspirators who send them data.
Some important steps companies can take:
- Install technology that monitors everything going into your email system to determine if it's a legitimate message or if it's phishing or malware.
- Monitor for what's going out of your email system as well by installing leakage control systems. These can, for example, tell whether data is being sent to Dropbox or personal Google, Amazon or Microsoft cloud accounts. They can also monitor for documents or spreadsheets going out.
- Use whitelisting, which lets you specify which applications are approved to run on a computer system. Anything not on the whitelist won't run, which protects the network from malware and other harmful applications.
- Consult with labor employment counsel to make sure your agreements on who owns intellectual property and prohibiting misuse or removal of such property are up to date. more
Labels:
#espionage,
advice,
business,
counterespionage,
email,
Tips
Friday, May 12, 2017
The Unexpected Keystroke Logger on Some HP Laptops
The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.
Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.
According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.
This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."
This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at: C:\users\public\MicTray.log more
Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.
According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.
This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."
This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at: C:\users\public\MicTray.log more
Friday, May 5, 2017
Competitive Intelligence is a Euphemism for Business Espionage
How far would you go to figure out what the competition is up to?
Test out their products and services to see how they work? Hire away their staff to learn their tricks? Monitor their job listings to glean insight about upcoming initiatives?
Such tactics are par for the course in the technology industry, in which companies go to great lengths to size up their competition.
The latest example is Uber, which according to a New York Times report employs what it calls a “competitive intelligence” team to study its rivals. That team bought anonymized data — including information on Lyft receipts gleaned from customer in-boxes — from analytics firm Slice Intelligence. more
Competitive Intelligence is a euphemism for Business Espionage. Smart businesses employ Business Counterespionage, which is a euphemism for companies like mine. ~Kevin
Test out their products and services to see how they work? Hire away their staff to learn their tricks? Monitor their job listings to glean insight about upcoming initiatives?
Such tactics are par for the course in the technology industry, in which companies go to great lengths to size up their competition.
The latest example is Uber, which according to a New York Times report employs what it calls a “competitive intelligence” team to study its rivals. That team bought anonymized data — including information on Lyft receipts gleaned from customer in-boxes — from analytics firm Slice Intelligence. more
Competitive Intelligence is a euphemism for Business Espionage. Smart businesses employ Business Counterespionage, which is a euphemism for companies like mine. ~Kevin
Sounds Like Spying - Ultrasonic Sounds
Your smartphone may have some apps that are continuously listening inaudible, high-frequency ultrasonic sounds from your surroundings and they know where you go, what you like and dislike — all without your knowledge.
Ultrasonic Cross-Device Tracking is a new technology that some marketers and advertising companies are currently using to track users across multiple devices and have access to more information than ever before for ad targeting.
For example, retail stores you visit, a commercial on TV or an advertisement on a web page can emit a unique "ultrasonic audio beacon" that can be picked up by your device’s mobile application containing a receiver. more
I plan to run some tests on this. ~Kevin
Click to enlarge. |
For example, retail stores you visit, a commercial on TV or an advertisement on a web page can emit a unique "ultrasonic audio beacon" that can be picked up by your device’s mobile application containing a receiver. more
I plan to run some tests on this. ~Kevin
Friday, April 28, 2017
FlexiSpy Spyware Hacked - Other Spyware is Next They Say
After blitzing FlexiSpy, hackers declare war on all stalkerware makers: 'We're coming for you'
A Brit biz selling surveillance tools that can be installed on phones to spy on spouses, kids, mates or employees has been comprehensively pwned by hackers – who promise similar stalkerware peddlers are next.
The miscreants, supposedly Brazilian and dubbing themselves the Decepticons, have explained how they, allegedly, easily infiltrated FlexiSpy before snatching its source code and other files, and wiping as many servers as they could. That code has now leaked online, and the gang say they are on the warpath.
"We're just, like, this group of guys, you know? We can hack these people, and we can expose their secrets, but it's up to everyone to make a difference," the team said on Monday.
"If you're a spouseware vendor, we're coming for you. Stop, rethink your life, kill your company, and be a better person."
FlexiSpy is one of a number of creepy outfits making a living selling borderline-legal code to people who are paranoid that their significant other is cheating on them, or that their kids or staff are up to no good. more
A Brit biz selling surveillance tools that can be installed on phones to spy on spouses, kids, mates or employees has been comprehensively pwned by hackers – who promise similar stalkerware peddlers are next.
The miscreants, supposedly Brazilian and dubbing themselves the Decepticons, have explained how they, allegedly, easily infiltrated FlexiSpy before snatching its source code and other files, and wiping as many servers as they could. That code has now leaked online, and the gang say they are on the warpath.
"We're just, like, this group of guys, you know? We can hack these people, and we can expose their secrets, but it's up to everyone to make a difference," the team said on Monday.
"If you're a spouseware vendor, we're coming for you. Stop, rethink your life, kill your company, and be a better person."
FlexiSpy is one of a number of creepy outfits making a living selling borderline-legal code to people who are paranoid that their significant other is cheating on them, or that their kids or staff are up to no good. more
Thursday, April 27, 2017
Why TSCM is Important – Reason 294
Is he here to repair something?
Is he an employee coming to work?
Is he a vendor attending a proposal meeting?
Does it matter? In each case, he was allowed on your premises.
Unfortunately, he will plant electronic eavesdropping devices, in strategic areas. It will only take seconds. You won't see it happen. You won't know. And, this is only one industrial espionage spy trick. Hundreds more are available to him.
Savvy corporations, organizations and governments conduct periodic Technical Surveillance Countermeasures (TSCM) bug sweeps to clean their sensitive areas of bugs, wiretaps and computer attack devices. You should too.
Visit counterespionage.com
The Circle - A Surveillance Movie for Our Time
Our creepy times now have their own creepy movie.
“The Circle”, a film that debuts this week—about a privacy-flouting version of Google, Apple, and Facebook wrapped into one—makes you want to move to the woods. Is surveillance a worthwhile trade-off for any digital service? And is Silicon Valley prepared for the evils its technologies unleash?
In the film, a CEO played by Tom Hanks holds a Steve Jobs-style product launch that fills the globe with tiny constantly broadcasting webcams. His Orwellian mission statement: “If it happens, we’ll know.” (opens today)
more
“The Circle”, a film that debuts this week—about a privacy-flouting version of Google, Apple, and Facebook wrapped into one—makes you want to move to the woods. Is surveillance a worthwhile trade-off for any digital service? And is Silicon Valley prepared for the evils its technologies unleash?
In the film, a CEO played by Tom Hanks holds a Steve Jobs-style product launch that fills the globe with tiny constantly broadcasting webcams. His Orwellian mission statement: “If it happens, we’ll know.” (opens today)
more
Wednesday, April 26, 2017
Former Fox News Host Sues Network for Allegedly Spying on Her
Andrea Tantaros, once a long-time fixture at the Fox News Channel, filed a suit on Monday alleging that the cable news network spied on her private communications
and utilized information it gleaned via surveillance in an intimidation campaign after she began having disputes with network management.
According to the complaint, Fox News, primarily at the instigation of Ailes and others who formerly worked in his secret “black room” operation, snooped inside of Tantaros’ email and recorded her telephone conversations. They then allegedly provided the information back to Snyder and others who repeated it back to Tantators via anonymous social media accounts in order to dissuade her from taking legal action against the network. more
and utilized information it gleaned via surveillance in an intimidation campaign after she began having disputes with network management.
According to the complaint, Fox News, primarily at the instigation of Ailes and others who formerly worked in his secret “black room” operation, snooped inside of Tantaros’ email and recorded her telephone conversations. They then allegedly provided the information back to Snyder and others who repeated it back to Tantators via anonymous social media accounts in order to dissuade her from taking legal action against the network. more
They Always Blame the IT Guys and the Cops – Shocking
Malicious software bought by a London Police Officer can remotely hack users...
One of the officers of UK’s Metropolitan Police Service was caught in possession of a malicious software used for infecting computers and smartphones after gaining physical access to them.
It’s unclear as of yet whether this software was bought for official or personal use, but it does raise a question that why would an MPS’s officer need to buy a malware that can do things like intercepting phone calls, turning on microphones and taking pictures remotely via the infected device’s camera. Especially if the use of this malware wasn’t allowed, which would make it illegal. more
Former Expedia IT tech gets 15 months in jail for insider trading, stealing information from execs...
“This was not a one-time lapse in judgement – this defendant used his technology skills to repeatedly invade the email accounts of Expedia executives so that he could enrich himself at the expense of others,” U.S. Attorney Annette L. Hayes said in a statement. “Even after he moved on to a better paying position at a different technology firm he continued his crimes, all while trying to make it look like other employees were at fault...
As a “senior IT support technician” based in San Francisco, Ly routinely had access to Hotwire and Expedia employee login information and devices. Ly used those credentials to break into company files to get information he later used in stock transactions....
Ly tried to cover his tracks by using login credentials of other employees when using the service to look at sensitive information... Ly’s acts didn’t end when he left the company in April 2015. Ly kept a company-issued laptop that could connect to Expedia’s network, and he used other employees’ login information to continue breaking into Expedia files and emails. more
One of the officers of UK’s Metropolitan Police Service was caught in possession of a malicious software used for infecting computers and smartphones after gaining physical access to them.
It’s unclear as of yet whether this software was bought for official or personal use, but it does raise a question that why would an MPS’s officer need to buy a malware that can do things like intercepting phone calls, turning on microphones and taking pictures remotely via the infected device’s camera. Especially if the use of this malware wasn’t allowed, which would make it illegal. more
Former Expedia IT tech gets 15 months in jail for insider trading, stealing information from execs...
“This was not a one-time lapse in judgement – this defendant used his technology skills to repeatedly invade the email accounts of Expedia executives so that he could enrich himself at the expense of others,” U.S. Attorney Annette L. Hayes said in a statement. “Even after he moved on to a better paying position at a different technology firm he continued his crimes, all while trying to make it look like other employees were at fault...
As a “senior IT support technician” based in San Francisco, Ly routinely had access to Hotwire and Expedia employee login information and devices. Ly used those credentials to break into company files to get information he later used in stock transactions....
Ly tried to cover his tracks by using login credentials of other employees when using the service to look at sensitive information... Ly’s acts didn’t end when he left the company in April 2015. Ly kept a company-issued laptop that could connect to Expedia’s network, and he used other employees’ login information to continue breaking into Expedia files and emails. more
Install an Internet Connected Microphone and Camera in Your Bedroom?!?!
Amazon is giving Alexa eyes.
And it's going to let her judge your outfits.
The newly announced Echo Look is a virtual assistant with a microphone and a camera that's designed to go somewhere in your bedroom, bathroom, or wherever the hell you get dressed. more
Amazon is betting you will. I'm taking bets on how long before the hackers over. ~Kevin
And it's going to let her judge your outfits.
The newly announced Echo Look is a virtual assistant with a microphone and a camera that's designed to go somewhere in your bedroom, bathroom, or wherever the hell you get dressed. more
Amazon is betting you will. I'm taking bets on how long before the hackers over. ~Kevin
Monday, April 24, 2017
TSCM Questions We Get - "How often do you find a bug?"
Q. How often do you find a bug?
A.
It depends on the type of sweep. We
conduct Technical Information Security Surveys (enhanced TSCM) sweeps for bugs and
surveillance devices in businesses and government (and occasionally residential
or matrimonial type sweeps).
Business and Government TSCM Sweeps
Business and Government TSCM Sweeps
Regularly scheduled, due-diligence, technical information security
surveys rarely turn up devices. No surprise there. Typically, organizations
using our services already have a high overall security profile. They are “hardened
targets”. For those clients, the bug sweep bonus is... having a known window-of-opportunity when
something is found.
Often, what we do find are other information vulnerabilities like: decayed security hardware; security policies no longer being followed; and other unseen security issues (scroll down).
Discovery statistics on our "emergency sweeps" (sweeps where illegal electronic surveillance is suspected) varies from year to year, about 2%-5%. However, the rate of determining what happened and resolving the client's concerns is extremely high. (Isn't that the real point of the exercise?) More often than not, these info-loss cases can be traced back to the human element, or the poor security practices, which allowed the leak to occur some other way.
Often, what we do find are other information vulnerabilities like: decayed security hardware; security policies no longer being followed; and other unseen security issues (scroll down).
Discovery statistics on our "emergency sweeps" (sweeps where illegal electronic surveillance is suspected) varies from year to year, about 2%-5%. However, the rate of determining what happened and resolving the client's concerns is extremely high. (Isn't that the real point of the exercise?) More often than not, these info-loss cases can be traced back to the human element, or the poor security practices, which allowed the leak to occur some other way.
With
organizations, the opposition's focus is on getting the information, in all its
forms. Corporate espionage, industrial espionage, call it what you will. There
is no one spy tool of choice here. It's electronic surveillance plus hundreds
of other tradecraft techniques which may be employed. Solving these organizational
emergency cases requires more than a simple TSCM bug sweep. Required add-on
skills and experience include: corporate investigations, alarm system design,
computer forensics, and information management to name a few.
Residential Bug Sweeps
Residential Bug Sweeps
When
it comes to residential and matrimonial bug sweeps, the find rate for locating
bugs and surveillance devices is quite high. This makes sense. The opposition's
focus is narrow; they want to intercept communications and/or determine the
location of a specific person. Electronic surveillance is the
tool of choice. Personal privacy is the biggest loss.
Solving
these cases is relatively easy for a number reasons:
· The spy is usually a do-it-yourselfer, an amateur, or someone
with limited tradecraft skills.
· The victim has a good idea who is doing the spying.
· Resources rarely permit the purchase of advanced bugging or
tracking devices.
· Surveillance devices adequate to accomplish the goal are
inexpensive and easy to obtain.
· Locations for placement of bugs, taps, spy cameras and trackers
are limited.
· Having a personal stake in this type of surveillance, spies
often tip their hand to show power.
The Security Director’s Dilemma
Justifying
cost to the bean counters.
Private
investigators and people who handle residential and matrimonial bug sweep cases
don’t charge very much for their services. Mainly because private individuals
have limited budgets. But, also because their overhead is low. Their detection
gadgets are often basic and inexpensive, insurance costs (if any) are not up to
corporate standards, for example.
Professional
security consultants who specialize in business and government-level TSCM are
not a dime-a-dozen. They invest heavily, and continually in: sophisticated
instrumentation, professional certifications, and advanced (and continuous)
training. Their overhead includes: an office staff, trained Technical
Investigators, licensing, insurance, instrument calibration, and an annual
Carnet so they can travel Internationally for their clients.
Security
directors know, it’s not all about the money. It’s all about the protection you get for your money. A cheap sweep is a mental band-aid, and a CYA
move.
They
are charged with protecting corporate assets. This type of information security
requires a security consultant with a depth of experience and knowledge of:
information management, corporate investigations, complex security systems, and
yes… Technical Surveillance Countermeasures.
Benefits
of Quality TSCM
Second to 'getting the goods', the goal of espionage and voyeurism is 'never be discovered'. Obviously, if you don't check, you won't know you’re under attack. Organizations don’t have a choice. They don’t want their pockets picked, so TSCM is an important element of their security.
The benefits of having a Technical Information Security Survey (enhanced TSCM) as part of an organization’s security program include:
·
Increased profitability.
·
Intellectual property protection.
·
A working environment secure from electronic surveillance
invasions.
·
Advance warning of intelligence collection activities
(spying).
·
Checks the effectiveness of current security measures
and practices.
·
Document compliance with many privacy law
requirements.
·
Discovery of new information security loopholes, before they can be used against them.
·
Help fulfill legal the requirement for "Business
Secret" status in court.
·
Enhanced personal privacy and security.
·
Improved employee morale.
·
Reduction of consequential losses, e.g. information
leak can spark a stockholder's lawsuit, activist wiretaps, and damage to “good
will” and sales.
The
benefit list is really longer, but you get the idea. There are some excellent corporate-level TSCM consultants out there. Now that you know about the different levels of service, track one down to help solve your information security concerns. You will look like a hero to all your colleagues, except perhaps, the near-sighted bean counters.
Contact me here if you would like to know more. Kevin D. Murray, CPP, CISM, CFE
Subscribe to:
Posts (Atom)