Thursday, October 31, 2019

This Week's News About Spies

 Busy, as always...

Drones: An Increasing Business Espionage Concern Worldwide

South Africa - The increased use of unmanned aerial vehicles, or drones, in SA over the last few years has opened local organisations to a significant and evolving scope of threat in areas such as cyber espionage, illegal surveillance, electronic snooping and reconnaissance.

Security experts warn that while drone technology is increasingly being harnessed to carry out a host of commercial tasks faster, safer and more efficiently across industries including agriculture, media, health and defence, it is also increasingly being exploited by criminals as a tool to usher in a new era of physical and IT security threats. more

• Our other Security Scrapbook drone coverage.
• Researching anti-drone technology for your corporate security department? Contact us for our free Anti-Drone Research Paper.

Wednesday, October 30, 2019

Southwest Airlines Flight Attendant Says Pilots Streamed Secret Bathroom Live Feed into Cockpit

A Phoenix-based flight attendant has sued Southwest Airlines for retaliation after she reported two pilots for live streaming secret lavatory video onto an iPad in the cockpit. 

Renee Steinaker says...she saw an iPad mounted to the jet’s windshield where she could see the pilot in the restroom. She says the co-pilot then told her that the cameras were a new “top secret security measure” which Steinmaker later determined was not true.

She claims that the pilots also left the aircraft unattended after landing the flight, and “left a loaded firearm unattended in the cockpit” which violates FAA regulations. more

The two pilots, both based near Southwest's Dallas headquarters, have denied the allegations in court documents. So has the airline, which dismissed the incident as an "inappropriate attempt at humor" in a statement. more

UPDATE:  A statement by the Southwest Airlines Pilots Association this week:
"Southwest Airlines has never placed cameras and never videoed anyone in any lavatory, and the pilots on Flight 1088 did not video anyone. The incident, which occurred over two years ago, was a poor attempt at humor where the pilot took a selfie video from the chest up, fully clothed, in the lavatory of a completely different airplane months before Flight 1088 and then replayed the exact same selfie video on his iPad when Ms. Steinaker came into the cockpit." more

Kettle Gets Called Black... or, Who's Zoomin' Who

Facebook launched a new front in the battle over encryption yesterday by suing the Israeli spyware firm NSO Group for allegedly hacking WhatsApp, its encrypted messaging service, and helping government customers snoop on about 1,400 victims...


The lawsuit marks the first time a messaging service has sued a spyware company for undermining its encryption and it could prompt a slew of suits against companies that have developed encryption workarounds bolstering governments' ability to spy on their citizens. more

More People Searching for Technical Surveillance Countermeasures (TSCM)

Analysis: More organizations are hardening their defenses against electronic surveillance and information theft.  With TSCM information security surveys becoming mainstream attacks will shift toward the defenseless...

Defenseless equals lunch in the Infowar Jungle.

Friday, October 25, 2019

Espionage Weekend Movie: "The Current War"

Don't let the fancy attire and the Gilded Age setting fool you, there is nasty business afoot in "The Current War."

It's a power struggle, both literal and societal, with Benedict Cumberbatch as inventor Thomas Edison on one side, Michael Shannon as industrialist George Westinghouse on the other, Nicholas Hoult as eccentric visionary Nikola Tesla in the middle and the future of electricity in America hanging in the balance.



In theaters Friday, Oct. 25, the film is a tale of innovation advanced via moral compromise. There are dead animals, corporate espionage, even the invention of the electric chair all deployed in the battle to determine whether Edison's direct current or Westinghouse's alternating current would light up the nation.

It's a story rife with tragedy and squandered potential. more

Spy Doc Dropped

The doctor accused of corporate espionage and stealing trade secrets from blood giant CSL to further his career and to land a job at rival group Pharming has been sacked from his job.

Dutch pharmaceutical company Pharming announced on Thursday that it had permanently terminated Joseph Chiao's employment.

Dr Chiao had been subject to a US court injunction preventing him from starting work at Pharming in October so that CSL and Pharming could investigate CSL's allegations that Dr Chiao had stolen 1,000,000 documents from CSL. more

Hacker Physically Plants Keylogger Devices on Company Systems

A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time.

It appears that the individual was after data relating to an "emerging technology" that both targeted companies were developing.

In February 2017, 45-year old Ankur Agarwal of Montville, New Jersey, trespassed the premises of one of the two tech companies and installed keylogging devices on its computers to capture employee usernames and passwords. He also added his laptop and a hard drive to the company's computer network. more

A Technical Information Security Survey could have prevented this in the first place. ~Kevin

Racoon Steals Data for $200. per Month - Cute

A new kind of easy to use trojan malware is gaining popularity among cyber criminals, providing them with simple means of stealing credit card data, passwords and cryptocurrency -- and it has already infected hundreds of thousands of Windows users around the world.

Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.

Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more

Thursday, October 24, 2019

Turning Amazon and Google Smart Speakers into Smart Spies

Researchers at Germany’s SRLabs found two hacking scenarios — eavesdropping and phishing — for both Amazon Alexa and Google Home/Nest devices. They created eight voice apps (Skills for Alexa and Actions for Google Home) to demonstrate the hacks that turns these smart speakers into smart spies. The malicious voice apps created by SRLabs easily passed through Amazon and Google’s individual screening processes...

For eavesdropping, the researchers used the same horoscope app for Amazon’s smart speaker. The app tricks the user into believing that it has been stopped while it silently listens in the background. more

Google Accused of Spying with New Tool

Google employees have accused their employer of creating a surveillance tool disguised as a calendar extension designed to monitor gatherings of more than 100 people, a signal that those employees may be planning protests or discussing union organizing. Google parent company Alphabet “categorically” denies the accusation. 

The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.  

Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more

Hospital Bathroom Video Voyeur had 1 Million Images

FL - Authorities have arrested a 41-year-old man who they say hid a small camera in bathrooms at three Florida medical facilities...
 
Police began investigating on Oct. 3 when a hidden camera was found inside an employee bathroom at St. Mary's Medical Center. 
 
Investigators found more than a million still and video images.
 
(The suspect) was a technician who took CT scans at the hospital and PET scans at medical facilities in Delray Beach and Boca Raton. more

Toga! Toga! Toga! ...SCIF Fight!

SCIF fight shows lawmakers can be their own biggest cybersecurity vulnerability.

About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.

A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more

"You're all worthless and weak!" ~Doug Neidermeyer

Wednesday, October 23, 2019

CNN - In 1999 a listening device was planted inside the State Department...

After a suspicious rise in Russian diplomats visiting the State Department in 1999, the FBI worked with the Diplomatic Security Service to follow mysterious radio frequencies. For more, watch "Declassified" Sunday at 11 p.m. ET/PT. more

Thanks to our Blue Blase Irregular at Big T for spotting this one for us.

Free Ransomware Decryption Tool

Emsisoft Decryptor for STOP Djvu

The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.

Please note: There are limitations on what files can be decrypted. more

Of course, put all the safeguards in place first so you won't need this tool. ~Kevin