The US-CERT has issued a warning about a new, free BlackBerry application that transforms the phone into a bugging device.PhoneSnoop, which runs on the victim's phone, lets an attacker stealthily call the targeted BlackBerry, answer the call, turn on the speakerphone, and let the attacker listen in on the victim. The app has to be configured to recognize the attacker's phone number, and it automatically and quickly answers it to evade detection.
Sheran Gunasekera, the developer of PhoneSnoop, says he was surprised US-CERT identified his app in an advisory. "I am happy that they did, though, because it's one step further in getting the word out," says Gunasekera, who is director of IT security at Hermis Consulting in Jakarta, Indonesia.
"I think the reason my app was flagged was because it's free and more easily accessible" than more expensive commercial spy tools. (more) (video)
Side note: The attacker either needs to have physical access to your Blackberry to load the spyware program, or in some way, trick you into doing it.
MN - The police chief of Gaylord is now charged with two gross misdemeanors in an alleged "bugging" scheme.Police Chief Dale Lee Roiger is accused of having one of his officers secretly plant a digital recorder to see if City Council members were meeting illegally at the Chamber of Commerce office. (more)
Oddly, the article mentions a digital recorder, which stores the recording in a solid-state memory, yet shows a photo of analog cassette tapes.
Example photo of a digital recorder...
This one is high quality, voice activated and stores up to 300 hours of conversation; about $375. on ebay. Lower fidelity digital recorders are also being sold in the $10.-$40. price range. Be careful what you say, and have your office swept periodically.
UK - An article this week at The Register states that between November 2008 and September 2009, there were 356 self-reported data losses this year by UK companies and government departments. In the same time frame a year before, there were 190 such incidents reported.The information was compiled by Software AG, which used a Freedom of Information Act request to get the data from the UK Information Commissioner's Office. (more)
WI - An Appleton man charged with installing spyware on his ex-wife's computer was fined after he entered into a plea agreement on a lesser charge.Brent J. Walbrun, 47, W3291 Hartland Court, originally was charged with interception of an electronic communication under the state's electronic eavesdropping law for installing the spyware on the computer.In October, Walbrun's ex-wife discovered the spyware program when she realized Walbrun was intercepting her e-mails. Walbrun entered a no-contest plea Oct. 19 to a misdemeanor charge of disorderly conduct and was fined $476. (more)
Australia - Distributors for new software that allows parents to spy on their children's text messages say they are still hopeful, as they try to get approval for their product.The software, which allows parents to see every text message their child sends and receives, was due to be on sale in August, but the earliest it will now be available is early next year.Civil libertarians and technology experts have deep concerns about the privacy implications of the product. (more)
(Reports coming in from GA, MA, and IL)
...The unknown sharp object penetrates the door metal, hits the lock mechanism and disengages it. The burglar or burglars slip inside the vehicle without having to break a window or otherwise heavily damage the car, which would call attention to themselves.Because the damage is minor, the owners may not realize they are victims until they notice items missing from the car or items that were moved. The puncture hole that the intruders leave under the lock, usually on the driver's-side door, is only up to about a half-inch in diameter.The thieves prefer to hit General Motors cars, Golike said."Most were GM vehicles," he said. "Many of the GM cars have a lock mechanism that somebody's familiar with."He said some of the cars were Dodges.The thieves target just about anything of value, including cash, wallets, purses and guns left in the cars.The first such "punch" car burglary reported in the greater Alton area happened to a vehicle owned by Telegraph Photo Editor John Badman. That burglary happened Sept. 23 while his Chevrolet Impala was parked in the parking lot of Fast Eddie's Bon-Air tavern along East Broadway. The tavern is at 1530 E. Broadway.Once inside the car, the burglar popped the lid of the trunk, making off with $14,000 in camera equipment - after first relocking the car door. (more) (more) (more)
An American whose secret recordings have placed him at the center of a $27 billion lawsuit against Chevron in Ecuador is a convicted drug trafficker, records show, throwing another complication into a case already tainted by accusations of bribery and espionage.
The lawsuit pits Ecuadorean peasants against Chevron over oil pollution in the Amazon and has been a major headache for the company for nearly a decade, producing a saga that underscores many of the hazards and ethical challenges of oil companies working in the developing world.
The company appeared to gain the upper hand in August when it revealed video recordings — captured on watches and pens implanted with bugging devices — that suggested a bribery scheme involving Ecuadorean officials, and possibly even the judge hearing the case.
But the company was put on the defensive again on Thursday, after lawyers for the peasants revealed that one of two men who made the tapes was a convicted felon. Court and other records provided by the plaintiffs show that Wayne Hansen, the American who helped make the recordings, was convicted of conspiring to traffic 275,000 pounds of marijuana from Colombia to the United States in 1986. He also was sued successfully in 2005 by a woman who accused him of unleashing his two pit bulls to attack her and her dog...
“It’s another blockbuster development in a case that never runs short of them,” said Ralph G. Steinhardt, a professor at George Washington University Law School...
Chevron has said it had no involvement in the videotaping, and company spokesmen have said Mr. Hansen was never their point of contact. “We’ve had no association with this guy,” said Donald Campbell, a Chevron spokesman. (more) (the videos)
As cell phones become more like pocket computers, many people are calling for closer scrutiny of their security... "The phone is a very stripped-down environment," says Benjamin Jun, vice president of technology at Cryptography Research, a security research company based in San Francisco, CA. "Which means that someone who's trying to attack the device generally has an easier time, because it's not as complicated as a desktop system."Jun believes attacks on mobile devices are particularly serious because these devices are being used to access high-value corporate data. (more)
The Australian Security Intelligence Organisation (ASIO), says it has had its most intense period of operational activity since 2005. ASIO's annual report says in the last financial year it detected and responded to a new alleged terrorist cell...It also picked up internet espionage as a rapidly growing threat to Government and business information. (more)
Los Angeles - ROBERT H. PHILIBOSIAN, as one of his first acts as district attorney, had a “bug”—the electronic sort—removed from the DA’s executive office.Philibosian says that when he walked through the executive office after he was appointed at the end of 1982, he asked Clayton Anderson, chief of the Bureau of Investigation: “Is this office bugged?” He recites that Anderson responded: “Yes it is,” and pointed to an electrical outlet.The former district attorney says he told Anderson: “I want it out of here now.” (more)
"And, if you're into taxes...the American Institute of Certified Public Accountants kicks off its National Tax Conference at the J.W. Marriott in Washington. Hanging around the hotel and eavesdropping between now and Friday, when the conference closes, could save you thousands of dollars." ~ Marc Ambinder, The Atlantic (more)This is an off-handed, humorous comment.
It is also deadly accurate. I handle counterespionage strategy for my client's off-site meetings. Hotels and conference centers are the worst. It is not at all unusual to catch the competition (and unidentified others) hanging around, eavesdropping, crashing meetings and banquets, picking up unsecured papers and engaging meeting participants – one indiscretion can blackmail a loyal employee into becoming a million dollar problem.
The technical possibilities for eavesdropping are considerable as well. Bugs are easy to plant. Most meeting presenters use wireless microphones.
Competitors reserve a cosy hotel room above the meeting rooms. They arm themselves with a sensitive radio receiver and a directional antenna. Crashing a meeting is a no-brainer. You can see how a 2-3 person team from the competition could clean up with very little investment. One might almost call them negligent if they weren't there.Having an off-site meeting? Get a counterespionage strategy.Avoid leaking your corporate blood.
The new Devil Drive elevates the office prank to a new level of sophistication and maddening effectiveness. It looks like a regular USB thumb drive, but it's actually a devious device of electronic harassment. Its use should be strictly limited to deserving subjects only.The Devil Drive has three functions:
(1) it causes annoying random curser movements on the screen,
(2) it types out random phrases and garbage text, and
(3) it toggles the Caps Lock.
It allows you to select any combination of these frustrating functions, or all of them. It also allows you to set the time interval between events (ranges from 5 seconds to 15 minutes; the longer intervals are recommended for the most maddening effects).
Note: the Caps Lock toggle function does not work on Macs. To deploy the Devil Drive, just discreetly insert it into any unused USB port on the victim's computer (no drivers are needed).The Devil Drive never hits the "Enter" key and it never clicks the mouse button, but still you should not use it on anyone's computer who is doing critical work where any disruption could cause serious consequences; like any prank, exercise prudence and judgment before deploying. (more)
The threat to the United States from foreign economic intelligence collection and industrial espionage has continued unabated since the publication of the Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, 2007. Economic espionage cases went up slightly and nearly every day brought reports—in the press and in the classified world—of new cyber attacks against US Government and business entities.
Additionally, the increasing use of new modes of communication and social networking has provided uncharted opportunities for transferring information and espionage for enterprising foreign intelligence services.
"Collection methods included everything from eliciting information during seemingly innocuous conversations to eavesdropping on private telephone conversations to downloading information from laptops or other digital storage devices."
Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, FY 2008(click here for pdf version)
via The Wall Street Journal...
Companies are moving to plug leaks and contain the damage from sweeping insider-trading allegations disclosed last week.(more)Galleon Group received confidential information in 1998 about Intel Corp. chip shipments from a woman who has emerged as a key government witness against the hedge fund and its founder Raj Rajaratnam, according to a document filed by the Justice Department.The woman, Roomy Khan, was employed at the time by Intel and sent a fax containing "proprietary, non-public and highly confidential" information from the company to Galleon's headquarters in New York City, the two-page charging document indicates. She did so at the request of an unnamed representative of Galleon, the Justice Department alleged. (more)Need an information protection strategy?(click here)
Coming soon! Contest starts on November 17th, 2009
MAKE is teaming up with the Penguin Group to present The Alex Rider Dream Gadget Contest!
All of you adventure-seekers and gadget lovers out there are invited to join in. If you were Alex Rider, what gadget would you want in the upcoming adventure "Crocodile Tears"?
Design your dream Alex Rider gadget, inspired by an everyday object (i.e. an iPod, toothpaste, a pen).
The winning gadget will be built right here at the MAKE Labs. Send us a schematic of what your gadget is made from and how it works. (Your schematic can be a diagram, a drawing or an explanation by you).
Remember that the winning gadget will be inspired by an everyday object that one could realistically build (as much as we wish we could create a pair of scissors that could fly us to the moon)! (more) FYI... (via boingboing.net)
"In case you're unaware, Alex Rider is a young spy whose exploits are chronicled in a popular series of teen spy/adventure books. Alex uses all sorts of crazy high tech contraptions, made from things in his school backpack, to get out of sticky situations."Let me know your ideas. Just for fun, I will post them here with your initials and country or state. To play for the prize, visit Make Magazine.
NY - US prosecutors who used wiretaps to make their insider trading case against billionaire Raj Rajaratnam, founder of hedge fund firm Galleon Group, said they would use similar tactics to fight future Wall Street crimes.The US attorney for Manhattan, Preet Bharara, said on Friday the justice department would employ the same kind of electronic surveillance traditionally reserved for organized crime, drug syndicates and terrorism prosecutions.Bharara, whose office has jurisdiction over the headquarters of some of the world’s biggest financial firms, said investigators relied on wiretaps to build a case against Rajaratnam and former directors at a Bear Stearns hedge fund.He said it was the first time wiretaps had been used to target insider trading. (more)
NY - Blond society babe Ali Wise -- the fired publicity director for Dolce & Gabbana -- was slapped with four felonies yesterday for allegedly making a compulsive, vindictive leap from flacking to hacking.
The ferocious fashionista embarked on a strange, high-tech vendetta against the girlfriends of her old boyfriends, according to a criminal complaint filed against her in Manhattan Criminal Court.
Wise allegedly used widely available "SpoofCard" software more than 1,000 times. With it, she broke into the voice-mail systems of four people -- at least two of whom had dated her high-powered ex-boyfriends -- nearly 700 times, prosecutors said.
The Barbie-esque publicist would then eavesdrop on their messages, even deleting those that did not meet with her favor, prosecutors said. (more)
Stewart Nozette, 52, developed an experiment that fueled the discovery of water on the south pole of the moon, and held a special security clearance at the United States Department of Energy on atomic materials.He has been charged with “attempted espionage for knowingly and willfully attempting to communicate, deliver and transmit classified information relating to the national defence of the US to an individual that Nozette believed to be an Israeli intelligence officer,” the US Department of Justice said.But the person Mr Nozette believed to be an Israeli intelligence officer was in fact an undercover FBI agent in a sting operation, the department said...During a meeting in a bugged Washington hotel room, Mr Nozette is alleged to have said he wanted to receive cash amounts “under $10,000” to keep him from reporting it to the authorities. (more)
CA - The word espionage conjures up images of James Bond or Alger Hiss, not usually techies in Silicon Valley. But as the San Jose Mercury News reports, two engineers are about to face economic espionage charges in San Jose for allegedly stealing superfast computer chip plans. It’s only the second such trial of its kind in the nation. “For Silicon Valley, where companies have worried for years about their prized secrets being leaked to China and other countries, such a trial is a window into the complexities of protecting product information in a place with ties to every corner of the global economy,” reports the Mercury News. (more)Moral: Don't count on the law to protect you. Have a good counterespionage strategy in place.
Yet another "record your life" tool...
uCorder by iResSpy cameras have been with us for over 100 years; mostly used offensively to spy, sometimes used to inoffensively document life without intrusion-disruption.Times are changing. Today, everyone has a chance at instant global immortality. YouTube and Flickr are our memory mausoleums; CNN's iReport, our chance to be part of the world. The price of admission to this ego-lottery... microelectronics.Microelectronic spycam offerings have dramatically picked up pace during the past 12 months.
Take a stroll in the Security Scrapbook memory mausoleum. You will be amazed at what you see ...and what can see you. (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more) (more)
...never, never say it with ink."New documents shed light on a widely disseminated comment by Bank of America Corp. director Charles Gifford, who wrote in a January email that a U.S.-required dividend cut meant "unfortunately it's screw the shareholders." (more) (more)Effective Counterespionage Strategy Rule #1:
Develop a culture which practices being discreet.
South Korean embassies and other diplomatic missions abroad are vulnerable to electronic eavesdropping due to the shortage of preventive devices, according to the foreign ministry.In a recent report to Rep. Rhee Beum-kwan for the ongoing parliamentary audit of government agencies, the ministry said only 34 of the country's 167 diplomatic offices across the world are equipped with devices for blocking electronic eavesdropping...
An anti-bugging device costs about 8 million won (US$6,600), and only one billion won would be needed to install them in the remaining 133 diplomatic missions, he pointed out. (more)
If there was an effective "anti-bugging device," it would sell for a whole lot more than $6,600.
There is a common misconception (even in government circles) that bugging is accomplished by only one technology - radio frequency transmission. "Install our handy-dandy 'anti-bugging receiver system' and you will be bug-free, 24/7/365... forever!" Even Fortune 1000 companies have almost fallen for this mental band-aid.
A while back, the South African government found one of these "anti-bugging devices" and thought it was a bug! (more) Interestingly, that system was from Korea.
Moral: Avoid gadgets. Get a Strategy.
Researchers at the University of Utah have found a way to see through walls to detect movement inside a building.The surveillance technique is called variance-based radio tomographic imaging and works by visualizing variations in radio waves as they travel to nodes in a wireless network. A person moving inside a building will cause the waves to vary in that location, the researchers found, allowing an observer to map their position...Of course there are privacy and security concerns associated with the technology. A burglar could use it to detect if anyone is home or to scout the location of security guards. (more)
This technology is a cousin to our Digital Surveillance Location Analysis™. We use it to detect and pinpoint the locations of rogue computers, unauthorized Wi-Fi hot spots and digital GSM wireless bugs. (more)
Researchers (University of Tokyo) say they have created a special kind of paint which can block out wireless signals. It means security-conscious wireless users could block their neighbours from being able to access their home network - without having to set up encryption.The paint contains an aluminium-iron oxide which resonates at the same frequency as wi-fi - or other radio waves - meaning the airborne data is absorbed and blocked.By coating an entire room, signals can't get in and, crucially, can't get out...Some security experts remain unconvinced by the paint. "The use of electromagnetic shielding techniques are nothing new," said Mark Jackson, security engineer at Cisco UK. (more)Mark is correct. This is nothing new. Furthermore, the "blocking" claims are bogus. Radio waves may be attenuated, but they are not blocked. Windows and cracks around doors allow radio waves to pass freely. We've reported on this before. (more)
The US-CERT has issued a warning about a new, free BlackBerry application that transforms the phone into a bugging device.
