Monday, August 11, 2008
sixteen-love
LA - Tai Shen Kuo, 58, long-time restaurateur and former tennis pro who pleaded guilty three months ago to spying for China was sentenced Friday to nearly 16 years in prison by a federal judge. “We had hoped to do a little bit better,” said John Hundley, of the Washington, D.C., law firm Trout-Cacheris. (more)
The Geek Chorus Wails Again...
Hackers at the DefCon conference were demonstrating these and other novel techniques for infiltrating facilities...Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections. (which makes our 24/7 rogue cellphone and wifi location service all the more valuable to you)
How about stealing someone's computer passwords? Forget trying to fool the person into downloading a malicious program that logs keystrokes. A tiny microphone hidden near the keyboard could do the same thing, since each keystroke emits slightly different sounds that can be used to reconstruct the words the target is typing.
As technology gets cheaper and more powerful, from cellphones that act as personal computers to minuscule digital bugging devices, it's enabling a new wave of clever attacks that, if pulled off properly, can be as effective and less risky for thieves than traditional computer-intrusion tactics. (more)
Cool Idea - Eavesdrop On Your Car Being Stolen
Morris Mbetsa, an 18 year old self-taught inventor with no formal electronics training from the coastal tourist town of Mombasa on the Indian Ocean in Kenya has invented the "Block & Track", a mobile phone-based anti-theft device and vehicle tracking system.The real-time system uses a combination of voice, DTMF and SMS text messages over cell-based phone service that allows control of some of a vehicles' electrical systems including the ignition.
Another feature of the system is the capacity to poll the vehicle owner by mobile phone for permission to start, as well as eavesdrop on conversation in the vehicle. Mbetsa is now looking for funding to commercially develop his proof of concept and bring it to the market (video)
Good work, Morris. I hope you get your funding.
Sunday, August 10, 2008
SpyCam Story #455 - The IT Boy
FL - A Gainesville man has been arrested for allegedly installing software on a woman’s computer, then using the software to remotely control the camera on her computer to take videos of the woman and her friends while they were clothed and while they were naked. The alleged victim is a Hialeah woman who told police she had a man perform some maintenance on her computer in early July. The woman told police she discovered the program on Monday along with about 20,000 photos of herself and her friends that had been made from the videos taken with the camera.
The man arrested in the case was identified as Craig Matthew Feigin, 23, who was charged with modifying computer data and disrupting or denying computer system services.
Once he was taken into custody, he quickly admitted to this crime, but also admitted to installing these programs on other computers as well. The Gainesville Florida Police believe there are eight or nine other victims. (more) (more)
Saturday, August 9, 2008
Bug Bites... with Bluetooth
Smart spies can build their own bugs; ones which average TSCM detection equipment can't see. One example of this are bugs which use off-the-shelf Bluetooth technology, like Bluegiga. Short range, but very effective.
Another example is second generation Zigbee which can transmit audio a much greater distance.
Both signals are digital. Both blend their transmissions into the sea of legitimate WiFi signals which surround us.
The cost for building these advanced bugging devices is less than $100. per bug.
Discovery requires the most advanced TSCM instrumentation... like what you will find only here.
Wednesday, August 6, 2008
Bugs don't grill people. People grill people.
Philadelphia - A gun-control activist who championed the cause for more than a decade and served on the boards of two anti-violence groups is suspected of working as a paid spy for the National Rifle Association, and now those organizations are expelling her and sweeping their offices for bugs. The suggestion that Mary Lou McFate was a double agent is contained in a deposition filed as part of a contract dispute involving a security firm. (more)
The employee double-cross is an old and highly successful trick. Aside from the obvious, undercover employees also have the time and opportunity to plant bugs and wiretaps. If an employee-spy is discovered be sure to conduct a thorough bug sweep after they are fired. Better... Conducting thorough bug sweeps on a regular basis is a good way to uncover the undercover spy.
SpyCam Story #454 - "Baby let me be..."
Your lovin teddy bear
Put a chain around my neck,
And lead me anywhere
Oh let me be
Your teddy bear.
Australia - A Rivervale man has admitted to secretly filming his female housemate with a camera concealed in a teddy bear in her bedroom.
Russell Christopher Hounslow, 22, pleaded guilty to one count each of using an optical device to record a private activity and possessing an obscene article in the Perth Magistrate's Court today.
Magistrate Steven Heath heard how on April 22 this year, Hounslow's flatmate found a covert camera in the toy, linked to a transmitter under her bed.
Police prosecutor Steve Mayne said the woman then found a similar transmitter on top of a video recorder in the house. (more)
Put a chain around my neck,
And lead me anywhere
Oh let me be
Your teddy bear.
Australia - A Rivervale man has admitted to secretly filming his female housemate with a camera concealed in a teddy bear in her bedroom.
Russell Christopher Hounslow, 22, pleaded guilty to one count each of using an optical device to record a private activity and possessing an obscene article in the Perth Magistrate's Court today.
Magistrate Steven Heath heard how on April 22 this year, Hounslow's flatmate found a covert camera in the toy, linked to a transmitter under her bed.
Police prosecutor Steve Mayne said the woman then found a similar transmitter on top of a video recorder in the house. (more)
"You talkin' to me?" - India
India - Telephone booth operators, taxi drivers and guesthouse owners in the national capital have been asked to keep an eye and eavesdrop on people calling Pakistan, Bangladesh, Nepal, Jammu and Srinagar as Independence Day approaches. Cyber cafes and guesthouses have been told to install closed circuit television (CCTV) cameras. (more)
"You talkin' to me!" - China
China - Tens of thousands of taxi drivers in Beijing have a tool that could become part of China's all-out security campaign for the Olympic Games. Their vehicles have microphones -- installed ostensibly for driver safety -- that can be used to listen to passengers remotely. The tiny listening devices, which are connected to a global positioning system able to track a cab's location by satellite, have been installed in almost all of the city's 70,000 taxis over the past three years, taxi drivers and industry officials say.
...those devices in Beijing taxis can be remotely activated without the driver's knowledge to eavesdrop on passengers, according to drivers and Yaxon Networks Co., a Chinese company that makes some of the systems used in Beijing. The machines can even remotely shut off engines. (more)
"No, I wasn't talkin' to you!" - New Zealand
New Zealand - National leader John Key has hit back at suggestions his party has a hidden agenda after a second set of secret recordings were leaked to 3 News.
Key says the latest recordings are not significant and he has accused Young Labour activists of bugging National's party conference. (more)
Key says the latest recordings are not significant and he has accused Young Labour activists of bugging National's party conference. (more)
Monday, August 4, 2008
Yawn, and your laptop goes to sleep
What if you could simply think about an action, and the computer would respond?Emotiv is currently fine-tuning a mind-reading headset called the Epoc, which should ship late this year. The $299 device purports to eavesdrop on your thoughts and translate them into computer instructions, so you can play a game or arrange photos without using your hands or speaking words.
Epoc "neuroheadset" has 16 sensors embedded in its crossbars that communicate wirelessly with your PC. There are no messy smears or tangles of wires. But in order to get correct readings, the sensors must make just the right contact with your scalp, which can take a fair amount of fiddling. And once the headset is in place, you have to be careful not to move around too much or the sensors will slip, preventing the computer from getting a clear signal. (more)
...and you were self-conscious about wearing your Bluetooth earpiece.
Seriously, you are witnessing the future of eavesdropping. Near-term... physical motion replacement, a boon to the seriously handicapped. Mid-term... Doors that auto-lock if the person approaching is of the wrong frame of mind. Far-term... TiVO your life whenever you want. I can't wait.
Friday, August 1, 2008
PI Toolkit Item #141 - Pocket Phone Bud-dy
Need to record a cell phone call, or any telephone call? Call on your Pocket Phone Bud-dy! An Olympus TP-7 headset.
Plug it into the ‘MIC’ jack of a recorder. Pop the bud in your ear and you are good-to-go.
Captures both sides of the conversation. Frequency range is 50 - 20,000 Hz. Plugs into a 3.5mm monaural jack and comes with two plug adaptors to convert either to a 3.5mm stereo plug or a 2.5mm monaural plug. (more)
Deep Packet Inspection - Computer Santa Claws
Imagine a Santa who receives bags of mail every second, reads and sorts each request, knows everybody's naughty or nice quotient and dispenses the correct 'just deserts' as fast as each request arrives. Creep'ed out yet?
If so, stop reading now.
"Anyone who uses the Internet needs to be aware of Deep Packet Inspection (DPI), its uses, and potential misuses... DPI is next-generation technology that’s capable of inspecting every byte of every packet that passes through the DPI device, that means packet headers, types of applications, and actual packet content... DPI allows people controlling the device to know everything, including the payload of each packet in the data stream. For example, if an unencrypted e-mail is scanned, the actual body of the e-mail can be reassembled and read.
What makes DPI all the more impressive is that the packet analysis happens in real time, with data stream throughput approaching 20-30 Gb. See where I’m going with this? With no loss of throughput, ISPs are able to insert these devices directly in their data streams, forcing all traffic to pass through the devices. Procera, Narus, and Ellacoya are front-runners in development of this technology, having placed equipment throughout the world.
DPI developers are adamant that the technology is benign and will create a better Internet. experience. However, privacy groups have two major concerns: little or no oversight and the potential for losing still more individual privacy.
An optimist would say that DPI will help enhance the experience, even producing ads that are relevant to each individual user. Whereas a pessimist would say it’s “big brother” technology that only benefits ISPs." (more)
A realist would say: "history tends to repeat" "mission creep" "if a technology can be abused..."
Wednesday, July 30, 2008
"Nailing bronze in the Tap-athlon...
...Sweden." Swedes may cherish openness and transparency, but not enough to accept a new law giving the government the right to snoop on all e-mails and phone calls crossing the country's borders. Outrage over the statute has led to 2 million protests — filed by e-mail... Swedish telecommunications group TeliaSonera AB and U.S.-based Google Inc. have called the law passed June 18 the most far-reaching eavesdropping plan in Europe, comparable to snooping powers authorized in the United States. The law narrowly passed Parliament in a 142-138 vote two weeks ago, despite protests that included demonstrators handing out copies of George Orwell's novel "1984" about a fictional futuristic police state. It gives Sweden's National Defense Radio Establishment, or FRA, the right to scan all international phone calls, e-mails and faxes without a court order as of January. (more)
"Nailing silver in the Tap-athlon...
...USA."
The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.
The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected...
DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information...
DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.
A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists. (more)
The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.
The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected...
DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information...
DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.
A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists. (more)
"Nailing gold in the Tap-athlon...
...China."
"The Chinese Government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying," Senator Sam Brownback said.
The conservative Republican from Kansas, citing hotel documents he received, added that journalists, athletes' families and others attending the Olympics next month "will be subjected to invasive intelligence-gathering" by China's Public Security Bureau.
He said the agency will be monitoring internet communications at the hotels.
The US senator made a similar charge a few months ago but said that since then, hotels have come forward with detailed information on the monitoring systems that have been required by Beijing.
Senator Brownback refused to identify the hotels, but said "several international hotel chains have confirmed the existence of this order".
Spokesmen at the Chinese Embassy in Washington were not available for comment. (more)
"The Chinese Government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying," Senator Sam Brownback said.
The conservative Republican from Kansas, citing hotel documents he received, added that journalists, athletes' families and others attending the Olympics next month "will be subjected to invasive intelligence-gathering" by China's Public Security Bureau.
He said the agency will be monitoring internet communications at the hotels.
The US senator made a similar charge a few months ago but said that since then, hotels have come forward with detailed information on the monitoring systems that have been required by Beijing.
Senator Brownback refused to identify the hotels, but said "several international hotel chains have confirmed the existence of this order".
Spokesmen at the Chinese Embassy in Washington were not available for comment. (more)
Monday, July 28, 2008
Builders uncover 'bugging device'
Northern Ireland, UK - A suspected bugging device has been found at a house in Coalisland.
It is believed that Sean O'Farrell, an IRA member shot by the SAS in 1992, may have had some connection with the house.
Builders working at the house on Monday found a 60cm box-like object with batteries in a roof space. It is believed the device had been there since the early 1990s. (more)
It is believed that Sean O'Farrell, an IRA member shot by the SAS in 1992, may have had some connection with the house.
Builders working at the house on Monday found a 60cm box-like object with batteries in a roof space. It is believed the device had been there since the early 1990s. (more)
Wi-Fi Wall to Block Outsiders
Meru Networks announced RF Barrier, the next salvo in the industry's on-going battle against piggybackers and hackers who access networks from parking lots or other areas within range of a corporate WLAN’s signal. Unlike counter-measures that use encryption to scramble sensitive data, RF Barrier fights fire with fire by transmitting over Wi-Fi signals that would otherwise propagate farther than intended.
"Wireless security has largely been about applying wired techniques [like encryption and IPS]," said Joe Epstein, Meru's senior director of technology. "But most really damaging attacks have taken advantage of wireless signal bleed into areas like parking lots. Those [passive eavesdropping attacks] are the worst because they cannot be detected electronically. This is where RF Barrier comes in, to stop signals from reaching perimeter attackers." (more)
How RF Barrier Works
from their press release...
"RF Barrier (patent pending) is installed by mounting a Meru Networks wireless access point along the inside perimeter of a building, and an advanced external antenna outside the perimeter. RF Barrier technology inspects the traffic in real time to determine which part belongs to the WLAN (and is therefore designated as sensitive) and uses the external antenna to block outbound traffic at the RF layer. Would-be attackers are limited in their ability to see useful packet information about the internal network.
Because RF Barrier uses directional antennas and selective enforcement technology, it has no impact on signals within the building or from other networks. Internal clients connect normally, with enterprise access points serving them at full speed. RF Barrier can be turned on and off as needed, giving enterprises the flexibility to allow access at certain times of day while restricting it at others." In short, it drowns out the real signal."
The fine print... "Available beginning in September 2008 for networks using any Meru 802.11a/b/g access points."
"Wireless security has largely been about applying wired techniques [like encryption and IPS]," said Joe Epstein, Meru's senior director of technology. "But most really damaging attacks have taken advantage of wireless signal bleed into areas like parking lots. Those [passive eavesdropping attacks] are the worst because they cannot be detected electronically. This is where RF Barrier comes in, to stop signals from reaching perimeter attackers." (more)
How RF Barrier Works
from their press release...
"RF Barrier (patent pending) is installed by mounting a Meru Networks wireless access point along the inside perimeter of a building, and an advanced external antenna outside the perimeter. RF Barrier technology inspects the traffic in real time to determine which part belongs to the WLAN (and is therefore designated as sensitive) and uses the external antenna to block outbound traffic at the RF layer. Would-be attackers are limited in their ability to see useful packet information about the internal network.
Because RF Barrier uses directional antennas and selective enforcement technology, it has no impact on signals within the building or from other networks. Internal clients connect normally, with enterprise access points serving them at full speed. RF Barrier can be turned on and off as needed, giving enterprises the flexibility to allow access at certain times of day while restricting it at others." In short, it drowns out the real signal."
The fine print... "Available beginning in September 2008 for networks using any Meru 802.11a/b/g access points."
Eavesdropping on Skype, "...not a problem..."
There’s growing speculation coming out of Europe that there’s a backdoor in Skype that allows remote eavesdropping of telephone conversations.
A report in the reputable Heise Online says the issue was discussed at a meeting with ISPs last month where high-ranking officials at the Austrian interior ministry claims “it is not a problem for them to listen in on Skype conversations.”
The report said a number of others at the meeting confirmed that claim. (more)
The public believes Skype phone calls are encrypted; eavesdropping is not possible. This may yet be true. But, what if there is a back door? Why would a government official admit it? The bigger story here may be this is a serious intelligence leak, or an intelligence red herring. Stay tuned.
In the meantime, a little history...
Oct 15, 2003 - (See FutureWatch heading)
June 9, 2008 - Expect negative 'feedback' from FBI
A report in the reputable Heise Online says the issue was discussed at a meeting with ISPs last month where high-ranking officials at the Austrian interior ministry claims “it is not a problem for them to listen in on Skype conversations.”
The report said a number of others at the meeting confirmed that claim. (more)
The public believes Skype phone calls are encrypted; eavesdropping is not possible. This may yet be true. But, what if there is a back door? Why would a government official admit it? The bigger story here may be this is a serious intelligence leak, or an intelligence red herring. Stay tuned.
In the meantime, a little history...
Oct 15, 2003 - (See FutureWatch heading)
June 9, 2008 - Expect negative 'feedback' from FBI
Saturday, July 26, 2008
Grade "A" Hack Attack with VoIP Crack
GA - A college student was behind bars Friday night, accused of stealing his professor's identity to change his grades. Police called 19-year-old Christopher Fowler a computer hacker. Investigators said the student also, "Hacked into their Voice/Internet Protocol system where it uses internet to make phone calls and intercepted phone conversations."
Fowler could get five years for an unlawful eavesdropping charge. (more) (video)
Friday, July 25, 2008
Crypt Your Stick - USB Vaults to Go
Remember?
• Nato Secrets USB Stick Lost
• Airport Laptop Searches - No Probable Cause Needed
• Lax USB stick security causing havoc
• More than 100 USB memory sticks lost admits Ministry of Defence
Don't want to be next?
Get a cryptstick.
There is no excuse not to.
Many models to choose from...
• Ironkey
• Kingston DataTraveler Secure
• Kingston DataTraveler Secure - Privacy Edition
• Kingston DataTraveler Vault
• Kingston DataTraveler Vault - Privacy Edition
• Kingston DataTraveler BlackBox (government version)
• SanDisk Cruzer® Titanium Plus
• SanDisk Cruzer® Professional
• SanDisk Cruzer® Enterprise FIPS Edition
• SanDisk CMC (Central Management and Control) for IT Departments
• Nato Secrets USB Stick Lost
• Airport Laptop Searches - No Probable Cause Needed
• Lax USB stick security causing havoc
• More than 100 USB memory sticks lost admits Ministry of Defence
Don't want to be next?
Get a cryptstick.
There is no excuse not to.
Many models to choose from...
• Ironkey
• Kingston DataTraveler Secure
• Kingston DataTraveler Secure - Privacy Edition
• Kingston DataTraveler Vault
• Kingston DataTraveler Vault - Privacy Edition
• Kingston DataTraveler BlackBox (government version)
• SanDisk Cruzer® Titanium Plus
• SanDisk Cruzer® Professional
• SanDisk Cruzer® Enterprise FIPS Edition
• SanDisk CMC (Central Management and Control) for IT Departments
Spy vs. Spy Display at State Department
Spy technology is now on display now in the lobby of the State Department Annex at 1400 Wilson Blvd. in Rosslyn, Va.“Listening In: Electronic Eavesdropping in the Cold War Era” is an exhibit that pulls together spy technology circa 1955 through 1985. Produced by the Countermeasures Directorate’s Office of Security Technology in the Bureau of Diplomatic Security, the show displays a large array of Cold War era surveillance technology, including wired microphones and radio transmitters.
The U.S. Embassy in Moscow seems like it was one big recording booth in the 1960s. One photo shows Ambassador Henry Cabot
Lodge Jr. in 1960 holding a listening device that had been discovered inside a large wooden carving of the Great Seal of the United States, a gift from the Soviet Union in 1945. Hidden magnetic microphones were especially popular in U.S. embassies in Eastern Europe. These were small microphones attached to long wooden tubes that could be deeply recessed into embassy walls. Even Cold War era typewriters had countersurveillance mechanisms built into them. Included in the exhibit is an IBM Selectric typewriter. It coupled a motor to a mechanical assembly, so
pressing different keys caused the motor to draw different amounts of current that were specific for each key. Close measurements of the current could reveal what was being typed on the machine. To prevent these measurements, State Selectric typewriters were equipped with “inertia” motors connected to a large flywheel. The spinning flywheel absorbed the stress of the mechanical assembly and masked the keys being typed. (more)For more on the exhibit, click here.
SpyCam Story #453 - Spy'er Education
Tucked away in a 1,200-page bill now in Congress is a small paragraph that could lead distance-education institutions to require spy cameras in their students' homes.
It sounds Orwellian, but the paragraph — part of legislation renewing the Higher Education Act — is all but assured of becoming law by the fall. No one in Congress objects to it.
The paragraph is actually about clamping down on cheating. It says that an institution that offers an online program must prove that an enrolled student is the same person who does the work. (more)
It sounds Orwellian, but the paragraph — part of legislation renewing the Higher Education Act — is all but assured of becoming law by the fall. No one in Congress objects to it.
The paragraph is actually about clamping down on cheating. It says that an institution that offers an online program must prove that an enrolled student is the same person who does the work. (more)
Thursday, July 24, 2008
SpyCam Sunglasses
from the seller's web site..."Sunglasses DVR Camera is the newest and most advanced spy camera with built in Video Recorder in the world. Unlike other device of this type, This sunglasses records everything you see and hear, without connecting to MP4 or other Recording source.
Cool hands free video recording any time any where. These quality Polarized lens sunglasses have a built-in 1.3 mega pixel self recording color camera
and real time (30 fps) digital video recorder. Internal 2GB memory and li-polymer rechargeable battery records for 5 hours continuously.Up to 2GB Micro SD card (not Included) offers even more recoding time and easy storage of Audio and video. Stereo recording insures great sound quality to go along with the action. Ideal for outdoor activities such as bike riding, sporting events, snow skiing, tennis, and other events and SURE for SPY and INVESTIGATION." (more)
Why do I mention it?
So you know what you are up against!
VoIP Eavesdropping - How Difficult Is It?
by Stephan Varty, Vulnerability Analyst, in Nortel's Voice Security Blog...
Many people assume a certain level of confidentiality is assured when they use their phone. Concerns have been raised about the increased risk of someone eavesdropping on a VoIP call compared to a traditional PSTN call. Although the concern applies similarly to other VoIP protocols such as UNIStim, H.323, or SCCP as well, what follows is an opinion on the susceptibility of a SIP call to remote eavesdropping...
...due to common vulnerabilities such as missing or outdated patches, misconfiguration, and undetected software defects, it is likely that in many cases a determined sophisticated attacker would be capable of eavesdropping on unencrypted SIP calls. (more)
Lessons:
• Employ encryption.
• Install all software patches and updates.
• Double check your configurations.
Extra Credit:
Eavesdropping an IP Telephony Call
Many people assume a certain level of confidentiality is assured when they use their phone. Concerns have been raised about the increased risk of someone eavesdropping on a VoIP call compared to a traditional PSTN call. Although the concern applies similarly to other VoIP protocols such as UNIStim, H.323, or SCCP as well, what follows is an opinion on the susceptibility of a SIP call to remote eavesdropping...
...due to common vulnerabilities such as missing or outdated patches, misconfiguration, and undetected software defects, it is likely that in many cases a determined sophisticated attacker would be capable of eavesdropping on unencrypted SIP calls. (more)
Lessons:
• Employ encryption.
• Install all software patches and updates.
• Double check your configurations.
Extra Credit:
Eavesdropping an IP Telephony Call
Subscribe to:
Posts (Atom)