Marlin SpyPen 4GB• Super Spy 4GB Digital Video Camera Pen
• Charged via any USB port; No need for an additional power supply
• Colour video recorder lets you clearly see the subject
• Super sensitive microphone can record in the range of up to 15 square meters
• Playback recorded video on your PC in AVI format
"Become the super spy you've dreamed of with the Marlin SpyPen. Using one of the smallest digital video recorders in the world and a super sensitive microphone, the Marlin SpyPen can capture video and sound and play it back on your PC with amazing clarity.
Makes a great hidden camera or spy cam; you can hide the pen in a hidden location or even your shirt top pocket to capture the moments you otherwise would not see. (Recommended for legal uses only)"
But, of course. $78.22 (more)
Why do I mention it?
So you will know what you are up against.
Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption and read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes...They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack. (more)They will.
The National Football League's unprecedented new effort to protect its image by cracking down on loutish behavior is making some of the league's 1,952 players a little nervous.
This sweeping new personal-conduct policy, which was announced before the 2007 season, allows the NFL to quickly and summarily fine and suspend players; not just for committing crimes, but for any act that's deemed harmful to the NFL's "integrity and reputation." To guard against these unpredictable suspensions (there have been 10 so far), NFL teams are hiring former police officers and FBI agents as security chiefs, ordering up extensive background checks, installing video-surveillance systems in locker rooms, chasing down rumors and sometimes forbidding players from talking to the press. (more)
Imagine...(from the manufacturer's web site)
"...an easy-to-install, easy-to-use Internet camera surveillance solution that allows you to monitor [video and audio] any room in your house from anywhere over the Internet.
...uses Powerline networking, which connects the Internet camera and your router using your house’s electrical wiring, eliminating the need to run networking cables across your home.
Furthermore, the Internet camera uses a single cable to both receive power and connect to the Powerline adapter, allowing you to place the camera anywhere in your home. ...zero-configuration setup gets you up and running in no time..."
KEY FEATURES• View and manage your camera remotely over the Internet
• Camera functions without PC turned on
• Records motion-triggered snapshots – saved to a secure server
• Receive instant e-mail notifications of motion-triggered events
• Share access to your camera with friends and family(What could possibly go wrong here?!?!)
• 0.5 lux CMOS sensor can capture video in low-light environments
• Built-in microphone lets you hear what’s happening *
* This could turn illegal (US law) the instant the consenting party leaves in the area. Note: In some states, all parties being heard must consent, even people who are not within view of the camera.
• Adjustable stand – place and position your camera anywhere
• Uses auto-provisioning for zero-configuration network setup
• PowerLine networking – place camera by any power outlet• Camera powered & networked through a single cable
• Easily expand network – Internet Surveillance Camera Expansion Kit
• Only $289.99 (more)
Our Point of View
Privacy nightmare. A repackageable, off-the-shelf, audio / video, surveillance system that sends digital signals (encrypted) over existing power lines, to a remote Internet connection (conceivably Wi-Fi'ed out), and then on to anywhere in the world, 24/7/365, for less than $300.00. Geeez... who you gonna call?
Step 1 - Go to your junk drawer.
Grab one of your regular old USB memory sticks.
Step 2 - Go to TrueCrypt.org.
Grab their FREE encryption software.
Step 3 - Read the Beginner's Tutorial. Load & Lock.
Ta-daaaa!
Instant FREE encrypted memory stick!!!
(clap, clap, clap)
Thank you.
Kevin
P.S. You can also roll Free Mac/Windows XP/Vista/2000/Linus sticks the same way.
Additional Spybusters Tips.
CT - Contract talks between an ambulance company and its medics were jolted last week when union negotiators said they found a small surveillance camera hidden in a smoke detector in a conference room at American Medical Response's regional office in West Hartford.
The discovery of the camera, which was plugged into an outlet that was concealed by ceiling tiles, led the union - the National Emergency Medical Services Association - to file a federal unfair-labor-practice complaint. West Hartford police are also investigating. (more)
The FCC approved rules that would allow high-tech companies and others to use vacant TV airwaves for unlicensed use. Microsoft Corp., Google and other companies have lobbied heavily for access to the airwaves, which they say can be used to provide low-cost wireless Internet service that is more powerful than current Wi-Fi signals.Broadcasters and wireless microphone users fought against the use of those airwaves, citing interference concerns. However, the FCC unanimously decided to set rules on how those airwaves can be used. The airwaves will come available in mid-February, when the U.S. transitions to digital-only television broadcasts. (more)
The issue comes to a head on Election Day, when the Federal Communications Commission votes on a proposal to make a disputed chunk of radio spectrum available for public use. Google, Microsoft, Hewlett-Packard and other technology companies say the spectrum could be used by a whole new array of Internet-connected wireless gadgets...But a coalition of old-guard media — from television networks to Broadway producers — is objecting to the proposal, saying it needs a closer look. The opponents argue that signals sent over those frequencies could interfere with broadcasts and wireless microphones at live productions...If the spectrum is set free, Ms. Parton says, chaos could reign on Broadway — in the form of static and other interference.“The potential direct negative impact on countless people may be immeasurable,” Ms. Parton wrote in a letter last month to the F.C.C., urging it not to release the frequencies. (more)Bad news for eavesdroppers, too. Performer's wireless microphones have long been a source of information loss – from bug use, to monitoring corporate meetings, to just hanging around Broadway and boot-legging musicals for free! Tune in tomorrow to see if Google gets out-ogled. ~ Kevin (My bug out.)
(UPDATE)
...how to suck the brains out of a PC in 3 minutes or less – via sharp-ideas.netThe ScenarioAn unauthorized visitor shows up after work hours disguised as a janitor and carrying an iPod (or similar portable storage device). He walks from computer to computer and "slurps" up all of the Microsoft Office files from each system. Within an hour he has acquired 20,000 files from over a dozen workstations. He returns home and uploads the files from his iPod to his PC. Using his handy desktop search program, he quickly finds the proprietary information that he was looking for.Sound far fetched?An experimentI conducted an experiment to quantify approximately how long it takes to copy files from a PC to a removable storage device (iPod, thumbdrive, et cetera) if you have physical access. The quick answer: not very long.I wrote a quick python application (slurp) to help automate the file copy process. Slurp searches for the "C:Documents and Settings" directory on local hard drives, recurses through all of the subdirectories, and copies all document files.Using slurp.exe on my iPod, it took me 65 seconds to copy all document files (*.doc, *.xls, *.htm, *.url, *.xml, *.txt, etc.) off of my computer as a logged in user. Without a username and password I was able to use a boot CDROM to bypass the login password and copy the document files from my hard drive to my iPod in about 3 minutes 15 seconds. (more... including a free "pod slurping" program you can try yourself!) (much more)
India - A Bangalore-based construction company lost a multi-core tender by a thin margin. Baffled company officials vowed there was no way the rival firm could have come so near to their bid...Computer forensic tests revealed somebody had accessed the Universal Serial Bus (USB) port to download the tender documents. What surprised the company's top heads was that one of their employees had used his iPod to download the data. The data was then passed to the rival company for a price and to evade detection, the file was promptly deleted from the iPod. Investigators, however, retrieved it using advanced data-recovery software. (more) (how "pod slurping" is done)
This "pod slurp" didn't have to happen. Computers with especially sensitive data should have their ports and drives locked down. Don't know how? Call me, or any of my Geek Chorus Colleagues. Any of us can save you from going through an iPod high-jack.
More about "pod slurping", and an even scarier USB story. ~ Kevin
via sciencedaily.comProfessor Richard J. Aldrich, Professor of International Security at University of Warwick, who has just been awarded a £447,000 grant from UK's Art and Humanities Research Council to examine 'Landscapes of Secrecy' says that the once improbable seeming villains in the Bond movies have become close to the real threats faced by modern security services."Remarkably, the Bond villains - including Dr. No, Goldfinger and Blofeld - have always been post-Cold War figures. Bond's enemies are in fact very close the real enemies of the last two decades - part master criminal - part arms smuggler - part terrorist - part warlord. They are always the miscreants of globalization, they endanger not only the security of single country, but the safety of the whole world. Like our modern enemies, they thrive on the gaps between sovereign states and thrive on secrecy." (more)
Food for thought. Corporate espionage attacks by freelance spies are now commonplace, too. If you sense problems in your company, or just have a few questions, give me a call. ~Kevin
LA - Monroe Police Chief Ron Schleuter said Thursday he has not yet been served with a federal lawsuit filed against him by retired officer Paul Brown and officer Danny Pringle claiming the chief violated their privacy rights by using an illegal wiretap.The lawsuit, filed Oct. 15, states that Schleuter "used electronic devices to surreptitiously intercept both the oral and wire communications to (the officers') co-employee ... at the Monroe Police Department." (more)
PA - A former Cumberland County Commissioner has been charged in connection with the use of hidden surveillance throughout his home to videotape sexual encounters with young men, Attorney General Tom Corbett said.Bruce Barclay, 49, of Mechanicsburg, served as a Cumberland County Commissioner from January 2004 to April 2008. (more) (video)
1/14/09 - UPDATE - A Brecknock Township man pleaded guilty Tuesday to falsely accusing a former Cumberland County commissioner of raping him.
William M. McCurdy, 21, of the 1100 block of Alleghenyville Road entered his plea to making false reports and unsworn falsification in Cumberland County Court.
McCurdy is free on bail pending sentencing in March by Judge Edward E. Guido. The charges carry penalties of up to three years in prison...
State police investigating the accusation uncovered hidden video-recording equipment in Barclay's home. Investigators said Barclay hired male prostitutes on a weekly basis and used the hidden cameras to secretly record more than 100 sexual encounters inside his house.
The videotapes refuted McCurdy's rape accusation, investigators said, but led to Barclay's arrest on charges of wiretapping and related offenses. (more)
As always, there is more to this story, much more.
Guilty or innocent?
You decide.
New Zealand - An Auckland man has described a failed court case involving allegations of spying on his ex-wife with secret cameras as a joke and waste of taxpayer money.
The case against the man was dismissed last week after a judge ruled police had not been able to prove the charge of attempting to make an intimate visual recording.
The million-dollar home the man had shared with his wife was found to have small, infra-red surveillance cameras in the ceiling above the woman's bed when searched by a security firm.
The Herald on Sunday reported that the woman had hired the firm after suspecting someone was spying on her. (more)
High powered optics and a computer program is all that is needed to duplicate your keys according to three people at the University of California, San Diego..."Our SNEAKEY system correctly decoded the keys shown in the above image that was taken from the rooftop of a four floor building. The inlay shows the image that was used for decoding while the background provides a context for the extreme distances that our system can operate from. In this case the image was taken from 195 feet. This demonstration shows that a motivated attacker can covertly steal a victim's keys without fear of detection. The SNEAKEY system provides a compelling example of how digital computing techniques can breach the security of even physical analog systems in the real-world. (their paper)
Moral: Don't leave your keys where others can "see" them. But, you already knew that.
UK - A carer has been spared jail despite admitting the 'despicable' theft of cash from the home of a 77-year-old widow with Alzheimer's Disease. Michelle Bradshaw, aged 40, was caught after relatives of the pensioner marked notes in her purse with ultraviolet pen and set up a covert video camera. (more)
FutureWatch – This is the second story like this within two months. Carer steals from patient. Patient's family gets suspicious and installs hidden camera. Carer gets nailed. We see fewer bad nanny stories these days. Maybe spycams have them scared straight. Let's hope professional care givers get the message as well.
"...the episode serves as a reminder of just how extensive, sophisticated and sometimes ruthless corporate 'snooping' operations can become." ~Mike Hamilton, talking about the Dell - HP incident. (more)
via Martha L. Arias, Director, Internet Business Law Services...We may not need scientific data to prove that with the increasing use of the Internet, men and women have eavesdropped, or considered eavesdropping, their spouse's e-mails.
Eavesdropping spouses' e-mails may constitute a crime under both federal and state law but careful factual analysis is required. For instance, the United States Code (U.S.C.), title 18- crimes related to interception of wire and electronic communications, may apply to e-mail eavesdropping but there must be an actual "interception" within the meaning of the statute. Also, most U.S. states have criminal statutes penalizing the interception or eavesdropping of electronic or telephonic communications; analysis of technical terms is also required in these cases.
Lastly, some state tort claims may apply to these snoopy conducts; it seems that these claims are easier to win.
18 U.S.C § 2512 makes it a crime to possess, manufacture, distribute, and advertise wire, oral, or electronic communication intercepting devices... A Michigan case illustrates how this federal statute and these state tort claims have been used in spouse cases involving e-mail eavesdropping. In Bailey v. Bailey (2008 U.S. Dist. LEXIS 8565), husband eavesdropped his wife's yahoo e-mail and found compromising information.
As the Bailey's case shows, typifying eavesdropping of e-mails within title 18 of the U.S.C. is not an easy task. Factual analysis and careful review of the term "interception" as interpreted by state law is required. If the spouse's conduct does not qualify as actual "interception," a claim under title 18 may not be successful. Torts claims of invasion of privacy may prove to be more victorious in e-mail eavesdropping cases. (more) (background) (
18 U.S.C.)
1. Unambiguous Rules – Put the policy in writing. Send out reminders. Make compliance easy. Examples: • Block off-limit web sites. • Place shredders where they are needed.• Configure Wi-Fi systems automatically force compliance.2. Consequences – Educate employees about the consequences of poor security practice. Explain how it affects the company's stability, and consequently, their jobs. Establish consequences for not following the policy.3. Unobtrusiveness – Do not establish a security policy which either hinders productivity, or is ultimately unenforceable. Find a better way to achieve the security goal. Work with employees and they will work with you. ~Kevin
The New York Times – and others – will listen to your private conference calls... if you let them.
Published in The New York Times this week...
"In point of fact, the dirty little secret of the banking industry is that it has no intention of using the money to make new loans. But this executive was the first insider who’s been indiscreet enough to say it within earshot of a journalist. (He didn’t mean to, of course, but I obtained the call-in number and listened to a recording.)" ~Joe Nocera, The New York Times (more)
When a corporate eavesdropping detection specialist tells you...
• Give each participant their own – one-time – passcode.
• Distribute conference call numbers and passcodes discretely.
• Do not send them via mass emails.
• Do not let admins post passcodes on their cubicle walls.
• Do advise all participants to keep the codes secret.
• Change the passcodes for reoccurring calls.
• Assign passcode distribution responsibility to one person.
Please listen.
...or, skip the call and buy The Times.
Next steps:
• Consider encryption for the call itself.
• Have the rooms/offices checked for bugs. (Sources: 1, 2)
"50 Rules Kids Won't Learn in School: Real-World Antidotes to Feel-Good Education"
A sneak peek at Sykes’ sage advice:
1. Life is not fair. Get used to it.
7. If you think your teacher is tough, wait until you get a boss. He doesn’t have tenure, so he tends to be a bit edgier. When you screw up, he’s not going to ask you how you FEEL about it.
15. Flipping burgers is not beneath your dignity. Your grandparents had a different word for burger flipping. They called it “opportunity.”
42. Change the oil.
43. Don’t let the success of others depress you.
48. Tell yourself the story of your life. Have a point.
9. Your school may have done away with winners and losers. Life hasn’t.
14. Looking like a slut does not empower you.
29. Learn to deal with hypocrisy.
32. Television is not real life.
38. Look people in the eye when you meet them.
47. You are not perfect, and you don’t have to be.
50. Enjoy this while you can.
Sykes says the rules are a "blunt contrast to the thumb sucking, feel good infantilism that has become so common in American education and culture." (more) (more books by Sykes)
Enterprises are stepping up efforts to counter spying operations that aim to steal their trade secrets, according to a former U.S. Federal Bureau of Investigation agent who now works for Xerox.Companies such as Wal-Mart, DirecTV and Motorola have in recent years been victimized by employees or others who stole sensitive data, said David Drab, a principal in Xerox's information and content security services section. Drab spent 27 years in the FBI fighting organized crime and economic espionage."The payoffs are high and the risks of getting caught are low," Drab said.A study by PricewaterhouseCoopers found that economic espionage costs the world's top 1,000 companies £22.4 billion (US$34.7 billion) annually, Drab said. Another study by the Society for Competitive Intelligence Professionals found companies spent $2 billion on spying activities in 2004. (more) (fight back)
"Let me tell you the story
Of a man named Charlie
On a tragic and fateful day
He put ten cents in his pocket,
Kissed his wife and family
Went to ride on the MTA"
© Jacqueline Steiner, and B. Lomax-Hawes
The MBTA, Massachusetts Bay Transportation Authority (Boston subways and street trains) - made famous in this song for their fare increase - is on the hot seat again.
From our Esoteric Files... Back in early August, the Massachussetts Bay Transit Authority successfully prevented a small group of students from giving a presentation at DEFCON that would have highlighted failures in the CharlieCard RFID system that the MBTA currently uses. Although eventually overturned, the injunction and corresponding gag order that the MBTA was temporarily granted did prevent the students from giving their original presentation.
Now, ironically, it turns out that all the MBTA's effort was for nothing, as researchers based in the Netherlands have successfully cracked the MIFARE Classic crypotographic cipher that's currently used in multiple mass transit systems across the globe. (more) (presentation)
Modern bugging and wiretapping sprouted in the late 1940's and was really blooming big-time by the 1960's. Miniature electron tubes and the newly invented transistor were the seeds. The seediest places were New York City and Los Angeles.
Here are two short LA stories...Mickey Cohen, high-tech gangster
This episode began (1949) when vice officers arrested another of Mickey's men for illegal possession of a weapon. Enraged, Mickey arrived at his underling's trial with his personal bugging expert, 300-pound J. Arthur Vaus, and announced that they were going to blow the lid off the LAPD.It seems that a vice detective working out of Hollywood had hired Vaus to eavesdrop on the Strip's leading madam, hoping to document her unholy relationship with a rival vice cop from downtown. But the madam insisted that she was paying off both cops,and Mickey's rotund bugger said he had the damning evidence on magnetic wire. They brought a recorder to court and plopped it on a table, daring anyone to call their bluff.A grand jury did. It had the wire recordings seized and discovered they'd been erased. In one of the more bizarre chapters of a bizarre time, Vaus attended a Billy Graham crusade, found the Lord and confessed his sin -- he'd lied about the tapes. (more)------
The mobster who died in pink pajamas, or how The Gangster Squad got to Jack Dragna by bugging his mistress' bed.
His nighttime attire notwithstanding, Jack Dragna was everything Mickey Cohen was not: cautious to a fault and allergic to limelight. With Dragna, icy distance was the rule when the squad members camped outside his banana warehouse or the Victory Market, where he held meetings in a concrete-walled back room.
The squad's bugging expert, Con Keeler, did once get in between the rounds of a night watchman, but he didn't have time to fully conceal his bug. Dragna's men found it, carried it outside and smashed it on a curb...
The younger Dragna's (law) suit was pending in 1951 when the squad bugged the bed of his father's mistress. She was a secretary for the dry cleaners union, in which the mob had its hooks. If a dry cleaning shop didn't sign up, Dragna's men would send over suits with dye sewn inside so all the clothes in its vats turned purple or red.
The secretary had a wooden headboard with a sunburst pattern. While she was out, Keeler picked the lock to her apartment and hid a mike in the center of the sun. Amid the pillow talk, the bug picked up occasional mentions of mob business, including plans for a new casino in Las Vegas...
Dragna's lawyers could argue that the police didn't have a warrant to eavesdrop, but to no avail -- back then authorities could use illegally obtained evidence.
The misdemeanor case earned Dragna a mere 30-day sentence, but how and where he was bugged stood to cost him respect in the mob... he died in 1956. (more) (background about these two stories) (one more really great bugging story - 2/3rds down the page)
30+ more great electronic-eavesdropping history stories await you at Murray's Eavesdropping History Emporium.
ZDnet.com is offering the following for free...
EncryptOnClick is a very simple to use program that lets you securely encrypt and decrypt files. (more) Free registration at ZDnet is required.
No Macintosh version :PBetter deal here...TrueCrypt.org - Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and LinuxMain Features:• Creates a virtual encrypted disk within a file and mounts it as a real disk. • Encrypts an entire partition or storage device such as USB flash drive or hard drive.• Encrypts a partition or drive where Windows is installed (pre-boot authentication).• Encryption is automatic, real-time (on-the-fly) and transparent.• Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:1) Hidden volume (steganography) and hidden operating system.2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).• Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.(download)
Marlin SpyPen 4GB
