Tuesday, January 30, 2018

The Allentown Wiretap Tapes

If you have never listened to a wiretap, you might find this interesting...


Wiretaps from the Allentown City Hall corruption case.

TSCM: African Union Headquarters China Built Found To Be Bugged


China has again been accused of state-sponsored espionage after several information backdoors were discovered in the African Union (AU) headquarters it built in the Addis Ababa, the capital of Ethiopia.

The AU is a bloc of the 55 countries in Africa, where China has been trying to spread it’s influence in quest of the natural resources the continent holds. As part of it’s African outreach, China had financed and built the AU headquarters at a cost of $200 million in 2012. The building was inaugurated with much fanfare as a symbol and was meant to be a symbol of Chinese-African partnership.

However, an investigation by the French newspaper Le Monde has revealed that data from the servers in the AU headquarters was being transferred to Shanghai every night since the last five years, starting 2012. A followup sweep of the building led to the discovery of microphones embedded in desks and walls of the building revealing major cracks in the building’s security.

The AU has since replaced the Chinese machines with it’s own servers and is moving to encrypt it’s data and communications. more

Secret Surveillance Of Fox News Women Changing Clothes Alleged

Former Fox News star Andrea Tantaros is alleging that the network's former chair and CEO, Roger Ailes, secretly watched female hosts changing clothes on company surveillance equipment and that the conservative channel spied on employees' electronic devices.

Tantaros made the claims in a proposed amended complaint she filed in US District Court on Monday as part of a nine-month lawsuit against her former employer.

Tantaros, who is now representing herself in the legal matter, said Ailes had a CCTV system that allowed him to see inside Fox News offices: "Fox offices are where most Fox female talent, including Ms. Tantaros, disrobed daily from their regular clothing into their on-air attire, sometimes multiple times a day... Upon information and belief Ailes was surreptitiously recording, both through audio and with hidden cameras, Tantaros (and others)." more

Corporate Alert...
If you do not have a Recording in the Workplace Policy and conduct periodic inspections of Expectation of Privacy areas, you are at risk. Get these two elements into your security program. Start here.

Monday, January 29, 2018

Dutch Treat, or Watching the Spies Spy

According to a report in the Dutch newspaper de Volkskrant, the General Intelligence and Security Service of the Netherlands (AIVD)—the Netherlands' domestic intelligence service—had hacked into the network of a building at a Russian university in Moscow some time in the summer of 2014. The building housed a group running a hacking campaign now known as "Cozy Bear," one of the "threat groups" that would later target the Democratic National Committee.

AIVD's intrusion into the network gave them access to computers used by the group behind Cozy Bear and to the closed-circuit television cameras that watched over them, allowing them to literally witness everything that took place in the building near Red Square, according to the report. Access to the video cameras in a hallway outside the space where the Russian hacking team worked allowed the AIVD to get images of every person who entered the room and match them against known Russian intelligence agents and officials.

Based on the images, analysts at AIVD later determined that the group working in the room was operated by Russia’s Foreign Intelligence Service (SVR). An information and technology sharing arrangement with the National Security Agency and other US intelligence agencies resulted in the determination that Cozy Bear’s efforts were at least in part being driven by the Russian Federation’s leadership—including Russian President Vladimir Putin. more

So, how do you feel about the security of your security cameras now?

Friday, January 26, 2018

Austria - Bugging, break-in at far-right leader's office.

The office of Austrian far-right leader and vice chancellor Heinz-Christian Strache was broken into this week, shortly after bugging devices were discovered there, and a criminal inquiry has been launched, prosecutors said on Thursday...

The spokesman said the electronic surveillance devices had been discovered last week behind a mirrored wall by intelligence service specialists. “This was a routine check after moving into a new office,” he said.  more

Routine checks can pay off big-time.

Better Secure Voice over Internet - Novel Solution

Researchers at the University of Alabama at Birmingham have developed a novel method to better protect Crypto Phones from eavesdropping and other forms of man-in-the-middle attacks.
Crypto Phones consist of smartphone apps, mobile devices, personal computer or web-based Voice over Internet Protocol applications that use end-to-end encryption to ensure that only the user and the person they are communicating with can read what is sent. In order to secure what is being communicated, Crypto Phones require users to perform authentication tasks.

Research has shown that these tasks are prone to human errors, making these VoIP applications and devices highly vulnerable to man-in-the-middle and eavesdropping attacks... more

A long, technical, interesting read.

Extra Credit... The 4 Best Phones for Privacy & Security


Wednesday, January 24, 2018

Tinder Hackers May Find Out How Desperate You Are

Eavesdroppers could be able to peek in on mobile flirts.

A lack of security protections in Tinder's mobile app is leaving lonely hearts vulnerable to eavesdropping.

That's according to security biz Checkmarx this week, which claimed Android and iOS builds of the dating app fail to properly encrypt network traffic, meaning the basic actions of peeps looking to hookup – such as swipes on profiles – could be collected by anyone on the same Wi-Fi or carrying out similar snooping. more

Monday, January 22, 2018

"I'm sorry, Dave. I'm afraid I can't do that."

Logitech's $180 Circle 2 wired security camera is easy to set up and works with Amazon Alexa, Apple HomeKit and Google Assistant for a wide variety of smart home/voice control applications.

 

Sunday, January 21, 2018

White Marsh Mall Spycam Man Suspect Charged - Day job... runs business that installs security cameras.

Baltimore County police say they are analyzing electronic items seized from the Abingdon home of a man charged with secretly recording people in a bathroom at White Marsh Mall.

The suspect, 40-year-old Mussawwir Sterrett, is general manager of a company that provides technology services including security camera installation, police said.

Sterrett is accused of placing a small camera, pointed toward a toilet, in the family bathroom near the mall’s food court on Dec. 23. The camera recorded 11 people, both children and adults, according to police spokeswoman Officer Jennifer Peach.

Sterrett faces charges of “peeping Tom” and visual surveillance with prurient intent. more

Vineyard Owners Arrested for Eavesdropping... didn't hear it through the grapevine.

The owners of a Monroe County winery accused of recording customers and employees without their knowledge say they were surprised by their arrests and subsequent criminal charges.

Randy and Linda Rice, who own and operate Mountain View Vineyards in Hamilton and Jackson Townships, were arrested Thursday and charged with interception of oral communications and possession of devices utilized to surreptitiously record oral communications.

The Monroe County District Attorney's Office said it was tipped off in December that there was illegal wiretapping at the winery part of the business at 2332 Walters Road in Hamilton Township.

Detectives on Thursday found wireless surveillance cameras in the new winery, but no signs indicating the cameras were recording video and audio. Prosecutors say only two employees knew audio was being recorded and monitored. more sing-a-long

Economic Espionage, Theft of Trade Secrets - 5 Year Sentence

A former software engineer for IBM in China has been sentenced to five years in prison for stealing the source code for highly valuable software developed by the tech company, the U.S. Justice Department announced Friday.

Xu Jiaqiang, 31, was sentenced Thursday by a federal judge in White Plains, New York, months after he pleaded guilty to three counts of economic espionage and three counts of theft, possession and distribution of trade secrets. 

Prosecutors said Xu stole the source code for computer performance-enhancing software while working for IBM from 2010 and 2014, with the intent to benefit China's National Health and Family Planning Commission.

Acting Assistant Attorney General Dana J. Boente of the Justice Department's national security division said the agency “will not hesitate to pursue and prosecute those who steal from American businesses.” Xu, a Chinese national, “is being held accountable for engaging in economic espionage against an American company,” Boente said in a statement. more

PI Sued for Planting Tracking Device... on a politician's pick-up truck.

An Oklahoma lawmaker who found a tracking device attached to his pickup truck last month is suing a private investigation company and an investigator who works for the company over the device.
Click to enlarge.
 Discovery of the tracking device has shocked Oklahoma politicians, who are wondering who was spying.

Rep. Mark McBride, a Republican from the Oklahoma City suburb of Moore, is suing Eastridge Investigations and Asset Protection and Eastridge investigator H.L. Christensen for unspecified damages of more than $10,000, according to an attorney for Eastridge. more

Tuesday, January 16, 2018

Hawaiian Emergency Management - Passwords on Post-it Notes on Computer Screens

The Hawaii Emergency Management false alarm mess was not caused by pressing the wrong button. It was caused by poor design.

Ever select the wrong thing from a drop-down menu? Sure, it happens all the time.

The Washington Post reports...
The menu, which triggers alerts, contains a jumble of options, ranging from Amber alerts to Tsunami warnings to road closures. Some of them, such as “High Surf Warning North Shores,” are in plain English.

Others, including the one for a missile attack, “PACOM (CDW)-STATE ONLY,” use shorthand initials. (PACOM refers to the United States Pacific Command based in Hawaii.)

And the menu contained no ballistic missile defense false alarm option — which has now been added at the top of the image, marked up by officials for explanatory purposes. more
 Suggestions: 
1. Separate the messages into smaller groups: Routine Tests | Advisories | Life Threatening
2. Drop the jargon. Say what you mean, clearly.
3. Do not use instant-select dropdown menus.
4. Use radio buttons to select the message, plus a CONFIRMATION and CANCEL button to activate the selected alert, or not. Two extra seconds of thought can prevent a lot of mistakes.

If you need help with design, call on the master, John McWade. He can teach you.

And, what's with posting the passwords to an emergency management computer screen?!?!
If the personnel can't memorize a password as lame as this, they shouldn't be allowed anywhere near a keyboard. more

Password: Warningpoint2

Monday, January 15, 2018

Spy Drone Filming - Detection Method Developed

The first technique to detect a drone camera illicitly capturing video is revealed in a new study published by Ben-Gurion University of the Negev (BGU) and Weizmann Institute of Science cyber security researchers.

The study addresses increasing concerns about the proliferation of drone use for personal and business applications and how it is impinging on privacy and safety.

In a new paper, "Game of Drones - Detecting Captured Target from an Encrypted Video Stream," the researchers demonstrate techniques for detecting if a targeted subject or house is being recorded by a drone camera. "The beauty of this research is that someone using only a laptop and an object that flickers can detect if someone is using a drone to spy on them," says Ben Nassi... more video

"Listening In: Cybersecurity in an Insecure Age" (book)

A cybersecurity expert and former Google privacy analyst’s urgent call to protect devices and networks against malicious hackers​.

New technologies have provided both incredible convenience and new threats. The same kinds of digital networks that allow you to hail a ride using your smartphone let power grid operators control a country’s electricity—and these personal, corporate, and government systems are all vulnerable.

In Ukraine, unknown hackers shut off electricity to nearly 230,000 people for six hours. North Korean hackers destroyed networks at Sony Pictures in retaliation for a film that mocked Kim Jong-un. And Russian cyberattackers leaked Democratic National Committee emails in an attempt to sway a U.S. presidential election.

And yet despite such documented risks, government agencies, whose investigations and surveillance are stymied by encryption, push for a weakening of protections. In this accessible and riveting read, Susan Landau makes a compelling case for the need to secure our data, explaining how we must maintain cybersecurity in an insecure age. more