Quote of the Month

“Absent a very strong federal privacy law, we’re all screwed.”
—Al Gidari, a privacy professor at Stanford Law School.
(via The New York Times article above)

Five Mile GPS Tracker Doesn't Require Cellular Service

GoFindMe is a real-time GPS tracker that works without cell service. By built-in GPS & long-range radio technology, it allows you to stay in touch with people even if your phone fails by rich handy features such as:
 -Real time location tracking
 -Send & receive texts, built-in voice and GPS coordinates
 -One-button emergency SOS
 -Automatic trace record
 -Sync up group activity
 -Set customized safe zone
 -Pin meeting place or home base
 -Mesh network to extend connectivity range
more


But what if you can't find it when you need it?

NIST - Detecting and Responding to Ransomware and Other Destructive Events

In response to growing ransomware attacks on businesses and governments small and large, the National Institute of Standards and Technology (NIST) has released draft guidelines to help organizations prepare for “data integrity cybersecurity events” that threaten their operations...

The free guide, which will be available for public comment through Feb. 26, focused specifically on potential tool sets for mitigating and containing cybersecurity attacks as well as what strategies security teams could adopt to respond...

Security teams and organization leaders can read the full report and provide public comment through NIST’s website. more

Facebook Tracks You - You can stop the spying, sort of.

If you’ve ever thought Facebook is listening or watching you when you’re not on the social media site, you are right. ...  The Washington Post says Facebook-owned apps like Instagram and Messenger are tracking you, too.

But now developers at the social media giant have rolled out a tool that may stop most of it, or at least tell you how Facebook is spying on users’ daily lives. It’s called off-Facebook activity...

Click the small triangle at the top right of Facebook and go to settings. Then click “Your Facebook Information” on the left column, then select Off-Facebook Activity to manage the information the company gleans from your life. Here you can either manage it or clear the entire history from your account.

But the company also has a caveat. You may clear your current history, but new activity will be shared back to Facebook in the future. more

Geez... just like barnacles.

FBI: Harvard Doc Can't Have Rice Cake and Eat it Too

Federal law enforcement officials arrested a top Harvard scientist on Tuesday for allegedly lying to the U.S. government about his involvement in a massive Chinese program that authorities say is responsible for stealing proprietary information from U.S. institutions.

Authorities arrested Dr. Charles Lieber, 60, chair of the department of chemistry and chemical biology at Harvard University...

"...received more than $15,000,000 in grant funding from the National Institutes of Health (NIH) and Department of Defense (DOD),” The Department of Justice said in a statement. “These grants require the disclosure of significant foreign financial conflicts of interest, including financial support from foreign governments or foreign entities.”

“Unbeknownst to Harvard University beginning in 2011, Lieber became a ‘Strategic Scientist’ at Wuhan University of Technology (WUT) in China and was a contractual participant in China’s Thousand Talents Plan from in or about 2012 to 2017.” more

The original traveling professor.

Hershey Sues Former Top Official - Alleges Corporate Espionage

The Hershey Company is accusing a former top executive of committing corporate espionage, and it and wants a federal judge to order him to repay hundreds of thousands of dollars.

The target of Hershey’s lawsuit filed suit in U.S. Middle District Court is Doug Behrens, who is now chief customer officer of KIND LLC, a snack food maker and a competitor of Hershey.

The suit reads like the intro to a spy novel. more

Spybusters Tip #509: When someone resigns, is fired, or is laid-off... lock them out. This includes access cards, passwords, and email accounts.

January's Hot Mic Moments... so far

Leaked audio appears to catch Trump demanding the firing of Marie Yovanovitch: “Get rid of her!”
“Get her out tomorrow," a voice that is apparently President Trump’s says in the recording. more

Hot mic catches Pence telling Netanyahu 'He's unstoppable' “We are contending. He’s unstoppable, like someone else I know,” the vice president was overheard telling Israel's prime minister. more

Trudeau's hot mic comments cause consternation in Canada... Trudeau was caught on camera at a Buckingham Palace reception for NATO seemingly trash talking President Donald Trump. more

“You Called Me a Liar”: CNN Hot Mic Catches Warren-Sanders Blowup more

Biden heard on hot mic joking with Sanders about his arm gestures at debate. more

Patrick Cantlay involved in classic hot-mic fail at Sentry Tournament of Champions... Patrick Cantlay can expect to receive a stern letter from PGA Tour Commissioner Jay Monahan, and it won’t have anything to do with his pace of play. This one will be for “conduct unbecoming a professional.” more

Steve Kerr went BALLISTIC on a ref during the Warriors' game against the Sacramento Kings on Monday night -- and the whole profanity-laced rant was caught on a hot mic!!! more

It turns out it was Virginia State Senator Dave Marsden who called gun rights advocates "children" on a hot mic at a public meeting over the weekend. But calling them "children" was just the beginning. Things just got worse. Much worse. more

Five 'hot mic' moments that got leaders in trouble... more

"If you don't have something nice to say about somebody, don't say it." ~my mom
"Always assume you are being recorded." ~common sense
"Been there. Done that. Have the T-Shirt." ~hackneyed phrase

FutureWatch: Mind-Reading Called Brain-Hacking - Food for Thought

The world is in the middle of a new technology arms race, according to best-selling historian Yuval Noah Harari, who warns that the prize being fought over this time is not physical territory, but our brains. 

Speaking at the World Economic Forum in Davos, Harari predicted a future where governments and corporations will be able to gather enough data about citizens around the world that, when combined with computational power, will let them completely predict – and manipulate – our decisions. Harari calls this concept "brain-hacking".

"Imagine, if 20 years from now, you could have someone sitting in Washington, or Beijing, or San Francisco, and they could know the entire personal, medical, sexual history of, say, every journalist, judge and politician in Brazil," said Harari.

"You could control a whole other country with data. At which point you may ask: is it an independent country, or is it a data colony?" more   Previous mind-reading posts.

Android Users Beware: These Top Camera Apps May Secretly Be Spying

The latest warning has come from the research team at CyberNews, exposing “camera apps with billions of downloads [that] might be stealing user data and infecting them with malware.”

...But that’s exactly what some of the top beauty camera apps have been found guilty of doing. more

1. BeautyPlus – Easy Photo Editor & Selfie Camera
2. BeautyCam
3. Beauty Camera – Selfie Camera
4. Selfie Camera – Beauty Camera & Photo Editor
5. Beauty Camera Plus – Sweet Camera & Makeup Photo
6. Beauty Camera – Selfie Camera & Photo Editor
7. YouCam Perfect – Best Selfie Camera & Photo Editor
8. Sweet Snap – Beauty Selfie Camera & Face Filter
9. Sweet Selfie Snap – Sweet Camera & Beauty Cam Snap
10. Beauty Camera – Selfie Camera with Photo Editor
11. Beauty Camera – Best Selfie Camera & Photo Editor
12. B612 – Beauty & Filter Camera
13. Face Makeup Camera & Beauty Photo Makeup Editor
14. Sweet Selfie – Selfie Camera & Makeup Photo Editor
15. Selfie camera – Beauty Camera & Makeup camera
16. YouCam Perfect – Best Photo Editor & Selfie Camera
17. Beauty Camera Makeup Face Selfie, Photo Editor
18. Selfie Camera – Beauty Camera
19. Z Beauty Camera
20. HD Camera Selfie Beauty Camera
21. Candy Camera – selfie, beauty camera & photo editor
22. Makeup Camera-Selfie Beauty Filter Photo Editor
23. Beauty Selfie Plus – Sweet Camera Wonder HD Camera
24. Selfie Camera – Beauty Camera & AR Stickers
25. Pretty Makeup, Beauty Photo Editor & Selfie Camera
26. Beauty Camera
27. Bestie – Camera360 Beauty Cam
28. Photo Editor – Beauty Camera
29. Beauty Makeup, Selfie Camera Effects & Photo Editor
30. Selfie cam – Bestie Makeup Beauty Camera & Filters

Dude, you gotta be a government before you shoot spies!

FL - A man is facing charges after authorities say he fired shots at children he thought were spying on him from canoes outside his home.

Deputies with the Volusia County Sheriff’s Office

said they were called to the home in the 1500 block of Murphy Road in Pierson after the victims said they were fishing in a lake when 30-year-old Michael Adams fired several shots their way...

Adams was arrested and booked into the Volusia County Branch Jail on two counts of aggravated assault with a firearm. more

Plumbing for Secrets in Davos

Swiss officials foiled an apparent spying operation by Russians posing as plumbers in Davos, site of the World Economic Forum's annual meeting, a newspaper reported on Tuesday, but police did not confirm key details of the account.

The report in the Tages-Anzeiger newspaper said the pair presented diplomatic passports and left the country. more

‘Spy Games’ - 10 Civilians Vie for $100,000 Prize

One can’t deny that there is a certain charm and pull around the life of a spy - from going on undercover missions to just enjoying the finer things in life à la James Bond, and if you are keen on seeing how one goes about acquiring the skills needed to be a good spy, then Bravo’s latest offering ‘Spy Games’ might just be what you have been looking for...

One can’t deny that there is a certain charm and pull around the life of a spy - from going on undercover missions to just enjoying the finer things in life à la James Bond, and if you are keen on seeing how one goes about acquiring the skills needed to be a good spy, then Bravo’s latest offering ‘Spy Games’ might just be what you have been looking for.  more

"I found this thing. Is it a bug?"

At Murray Associates we occasionally receive calls asking, "I found this thing. Is it a bug?"

Usually, the identification is easy:

• it's a piece of electronic jewelry (blinky earring, or pin); 
• an old annoy-a-tron; 
• or Bluetooth tag, like a Tile item finder.

Today, a call comes in from a well-respected private investigator in Boston. He has a corporate client whose employee "found this thing."

She takes a photo, sends it to him, who sends it to us... via low resolution text message...

Rough guess...
A Bluetooth item finder, similar to a Tile, but a Chinese knockoff branded with some corporate logo. Possibly a promotional item?

We later learned it was in her bedroom, mounted to the wall, not found in a covert location. She had pulled it off the wall to take the photo. We did not receive a photo of the mounting piece, or a mention of its placement.

Later we eventually received a photo of the flip side...

Hummm... not too helpful, but no evidence of on the front of a pinhole for video, or a microphone on the circuit board. No battery seen, but the two large solder tabs and circles on the circuit board indicate there is a battery on the other side of the board.

Why would someone mount something like this on a bedroom wall?!?!

One possibility emerged... "How to find your lost iPhone with Tile."

Nope. Tiles have their logo on them. Ours looks different.

Another possibility... Yahoo changed their logo last Fall.

Could they have sent out a promotional "Tile" with their newly designed exclamation point logo on it?

Close, but no prize.

Okay, let's start fresh.
Say, the Tile is a MacGuffin.
Look elsewhere.

What other wall-warts do we know of?
HVAC sensors, for one.

Google search....

Ah ha.... that's what this thing is. 
Case closed.

This was a good investigative process refresher for us, and a thing we will all remember next time "this thing" shows up.

Extra Credit:

• If you find a thing and think it's a bug, read this.
• To learn about the other Thing—the famous spy eavesdropping device—read this.

~Kevin

The Case of “Eddie Spaghetti” and the First Spycam News of 2020

We are only halfway through, the first month, of the first year, in a new decade... and the spycam pandemic is off to a roaring start. 

Like corporate espionage and other forms of illegal electronic surveillance, only the failures make the news. The vast majority of illegal covert electronic surveillance goes undetected.

Learn how to spot spycams and keep scheduling your corporate TSCM inspections.

-----

Canada - Edward Casavant, 55, (who gave himself the nickname, “Eddie Spaghetti”) pleaded guilty to possession of child pornography, making child pornography, voyeurism and sexual exploitation of a person with a disability, and was sentenced to six years in prison. more

OH - A former Hillsdale Middle School and High School art teacher convicted of voyeurism was sentenced Tuesday to 180 days in jail. more

CA - Peterborough man charged with voyeurism after allegedly using electronics to peer through windows. more

Singapore - The alleged victims of a Singaporean undergraduate accused of illicitly filming 12 women want a gag order on his identity to be lifted, despite being fully aware of the risk of being identified. more

ID - Kory Ray West, the 34-year-old man accused of concealing a video camera in the bathroom of a Blackfoot home where he had been staying, and of stealing items of underclothing from bedrooms, could serve up to seven years in prison for his crimes. more

NY - The husband of a New York prosecutor who filmed his child's nanny on bathroom spycam, could have charges against him dropped, after he claimed he only used it to watch himself undress. more

HI - An $8,000 project to install covert security cameras in the Council Chambers of the county building in order to monitor an active shooter or hostage situation was kept secret from most council members and the public, county officials said. more

CA - Ring of fired: Amazon axes multiple workers who secretly snooped on netizens' surveillance camera footage. more

KY - A former teacher at a Kentucky high school admitted to filming students in a bathroom...

Police...reported finding a recording device set up in the bathroom of the nurse's station. Police said the video recorder captured the person putting the device in place. more

MI - A Canton man pleaded guilty last month to three felony charges associated with illegal voyeurism at an Aqua-Tots swim school in his hometown... Police said they were dispatched to the Canton Aqua-Tots swim school for young children...because a woman saw a recording device targeting her changing stall. She reported her suspicions to staff. more

UK - staff and parents with children at Denmead Junior School were in shock at the grim discovery of an iPhone in a vent. Action was taken by the school. A 23-year-old man from Waterlooville (was arrested) on suspicion of voyeurism. He has been released under investigation. more

CT - An investigation that began in South Windsor in August that led to a Manchester man being charged with voyeurism after filming people in a locker room at L.A. Fitness resulted in more charges being filed against him Friday stemming from similar incidents in Farmington, police said. South Windsor police said that Selby had placed his cellphone in one of the lockers and left the door open. more

CA - A Desert Hot Springs man who was previously required to register as a sex offender pleaded not guilty Friday to charges of filming people inside a grocery store bathroom in Cathedral City...10 misdemeanor counts of unlawful use of a concealed camera to secretly videotape.... 2013 - Prosecutors alleged he concealed a video camera in a paper bag and entered a woman's restroom in a Los Angeles Macy's department store dressed as a woman and secretly videotaped women using the restroom. more

Wales - A sportsman who once represented Anglesey in the Island Games has admitted installing a camera in toilets where people, including youngsters, got changed. more

Surveillance in Tombstone Territory

It's the Wild West when it comes to modern surveillance tech. 

One recent example we've come across is the Tombstone Cam... Click to enlarge. more  The last time we heard of a bugged funeral.

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

...All of the electronics at the embassy—some 10 tons of equipment—was securely shipped back to the United States. Every piece was disassembled and X-rayed.

After tens of thousands of fruitless X-rays, a technician noticed a small coil of wire inside the on/off switch of an IBM Selectric typewriter. Gandy believed that this coil was acting as a step-down transformer to supply lower-voltage power to something within the typewriter. Eventually he uncovered a series of modifications that had been concealed so expertly that they had previously defied detection.

A solid aluminum bar, part of the structural support of the typewriter, had been replaced with one that looked identical but was hollow. Inside the cavity was a circuit board and six magnetometers. The magnetometers sensed movements of tiny magnets that had been embedded in the transposers that moved the typing “golf ball” into position for striking a given letter. more

Security Tip #792: Be Gone Phishing

via Krebs on Security
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."

"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more

Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.

Death by Spycam

The wedding hall was booked and home furnishings all bought... but the bride — one of thousands of women to fall victim to an epidemic of high-tech voyeurism in South Korea — is not here.

Lee Yu-jung took her own life after a colleague secretly filmed her in the changing room of the hospital where they both worked, the country’s first reported spy-cam death.

Footage of Lee was found among a bigger video cache of women, all illegally snatched in the country’s spy-cam epidemic, often with cheap devices as small as a key ring. more

Spybuster Tip #632: Fortify Your Two-factor Authentication

Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead.

 The most popular authenticator apps are Google Authenticator and Authy, but password managers 1Password and LastPass offer the service as well, if that helps you streamline. If you're heavy into Microsoft's ecosystem, you might want Microsoft Authenticator. While they all differ somewhat in features, the core functionality is the same no matter which one you use. more

The Art of Investigation (book)

The Art of Investigation examines the qualities required to be a professional, thorough, and effective investigator. As the title suggests, it delves into more than the steps and procedures involved in managing an investigation, it also covers the "soft skills" necessary to effectively direct investigations and intuit along the way.

The editors and contributing authors* are the best in their field, and bring a wealth of real-world knowledge and experience to the subject. There are several publications available on the nuts-and-bolts of the process and stages of an investigation. That ground has been covered. However, little has been published on the investigative skills required, the traits necessary, and the qualities endemic to an inquisitive mind that can be cultivated to improve an investigator’s professional skill-set.

Each chapter discusses the applicability of the traits to the contributor’s own work and experience as an investigator. more
*Robert Rahn (Lt. Ret.) is one of the excellent contributors.

ISBN-13: 978-1138353787

ISBN-10: 1138353787

FutureWatch: The Demise of the Common Spies

Not so long ago, Secret Agent Man could globe-hop with impunity (sing-a-long) and hide with undercover diplomatic immunity. Now, he may as well wear the Scarlet Letter "A", for Agent.

WTF happened? Quite a bit...

9/11, for one. It's not so easy to fly under the radar these days.

In 2014, U.S. spies were exposed when the Office of Personnel Management was hacked. About 22 million fingerprints, security clearance background information, and personnel records allegedly fell into Chinese hands. In 2015 it happened again.

One can be fairly sure this isn't just a problem for U.S. spies. Other countries get hacked, too. You just don't hear about it.

If all this wasn't bad enough, a spy's best friend turned on him in the 2000's. Technology.

Video cameras are planted everywhere, and facial recognition is becoming more accurate every day. It is being used at airports, in buildings, and with in conjunction with city surveillance cameras. This list will grow, of course.

The latest advancement is analysis of video streams using artificial intelligence logarithms.  Suspicious movements, packages left unattended, predictions of future movements and crimes are analyzed by mindless machines 24/7, waiting to trigger an alert.

On the communications side spyware is a concern. Smartphone and GPS tracking don't help spies hide either.

It has been reported that some countries are compiling real-time databases which incorporate the above-mentioned speed bumps with: taxis, hotel, train, airline, credit card, customs and immigration information. As soon as one enters the country, they know where you are—minute by minute. And, if one takes too long going between locations, or a dual timeline appears (being in different places at the same time), a security alert is generated.

Couple all this with countries sharing information, e.g. EU, being a spy who needs to make in-person contacts becomes nearly impossible.

Think staying out of view is a good spy strategy? For now, perhaps. However, progress is being made by constructing a person's face by the sound of their voice.

The future of spying (no, it won't go away) will be radically different out of necessity. One can only guess how, but I understand they are working very hard on mind-reading.

Be seeing you.

Surveillance is Hot at CES 2020

At CES show, devices that see, hear, track people are promoted. Privacy concerns? Not so much.

From the face scanner that will check in some attendees to the cameras-everywhere array of digital products, the CES gadget show is all-in on surveillance technology...

All these talking speakers, doorbell cameras and fitness trackers come with the promise of making life easier or more fun, but they're also potentially powerful spying tools.

And the skeptics who raise privacy and security concerns can be easily drowned out in the flashy spectacle of gee-whiz technology. more

Information Security and Cryptography Seminar

Information Security and Cryptography —
Fundamentals and Applications
June 8-10, 2020 in Zurich, Switzerland
Lecturers: Prof. David Basin and Prof. Ueli Maurer

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience.

A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2020.html. Early registration is until February 28th.

The seminar takes place in Zurich Switzerland. The lectures and all course material are in English. more

U.S. Securities & Exchange Commission Issues Guidance on IP and Tech Risks

...Among the risks faced by companies is the risk of theft of technology, data and intellectual property through a direct intrusion by private parties or foreign actors, including those affiliated with or controlled by state actors.


While not exclusive, examples of situations in which technology, data or intellectual property may be stolen or compromised through direct intrusion include cyber intrusions into a company’s computer systems and physical theft through corporate espionage, including with the assistance of insiders... more

Your Smart TV is Spying on You — How to stop it...

Those smart TVs that sold for unheard of low prices over the holidays come with a catch. The price is super low, but the manufacturers get to monitor what you're watching and report back to third parties, for a fee.

 Or, in some cases, companies like Amazon (with its Fire TV branded sets from Toshiba and Insignia) and TCL, with its branded Roku sets, look to throw those same personalized, targeted ads at you that you get when visiting Facebook and Google.

It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!

• He tried to stop smart devices spying on him. Here's why he failed. 
  
• Is Your Smart TV Spying on You? Warning From FBI

2020 Quote of the Year - First Contender

“The biggest thing (coming in 2020) is connected everything,” said Carolina Milanesi, a technology analyst for the research firm Creative Strategies. “Anything in the home — we’ll have more cameras, more mics, more sensors.” *
 ----
via The New York Times...
The 2010s made one thing clear: Tech is everywhere in life... In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments. more

* Thus, a need for more TSCM; the yin to espionage yang.

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

Every engineer has stories of bugs that they discovered through clever detective work. But such exploits are seldom of interest to other engineers, let alone the general public.

Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.

It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more

Get Ready for a Wild Security Ride in 2020

Drones are considered mainstream business tools and are used from surveillance and delivery to agriculture and mining.

In 2020, we will see hackers trying to find out what drones know, said Lavi Lazarovitz, group research manager at Cyberark. This information can be vital for intelligence gathering, government control, corporate espionage, and more. It also means CDOs need to consider a security framework when introducing devices like drones from the onset. (and other issues) more

Now Santa's Toys Know if You Are Naughty or Nice

Christmas is over, which means there may be a few extra toys for children in the house.

Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.

...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more

This Month in Spycam News

UK - A school caretaker who installed a hidden camera in a toilet used by female teachers was sentenced to prison after the device recorded him committing the crime... When investigators searched Stupples' house, they discovered 76 videos and nearly 150,000 photos recorded from 50 separate instances of people using the toilet... Even as Stupples initially denied installing the hidden camera, his defense soon fell apart after prosecutors told the court how the accused was "very clearly visible" in one of the videos that showed him installing the device. more

US - Charges are expected to be filed Friday against a one-time registered sex offender suspected of mounting a small video camera inside a grocery store bathroom in Cathedral City. more

US - A Georgia army officer with high-ranking clearance has been arrested on charges of distribution of child pornography after an FBI agent caught him sharing nude pictures of a teenage relative captured via a spy camera. more

CA - A 56-year-old Owen Sound man is facing voyeurism charges after police allege he had been secretly filming a resident for months. Detectives with the Owen Sound Police uncovered a video camera that had been hidden in a fake heating vent in the washroom of an apartment... Police say the man worked maintenance for the building in which the incident occurred and allege the camera was installed in anticipation of a new tenant moving into the unit earlier this year. more

UK - A "deviant" voyeur secretly filmed a woman trying on a dress in a supermarket changing room - but was caught when her nine-year-old daughter saw what was happening. more

 

Walt Disney World Employee Charged with Illegal Recording

A Walt Disney World employee made an illegal audio recording of her interview with Disney security officials while being questioned about thefts at the theme parks, according to prosecutors.

Alicia Reese later shared that secret recording with Patrick Spikes, a former Disney employee who is accused of breaking into a theme park attraction and stealing props, deputies allege.

Prosecutors have charged Reese with an illegal interception of oral communications, a felony punishable by up to five years in prison.

Reese and Spikes have pleaded not guilty to the charges against them. Reese, who had been an employee of ESPN Club restaurant at Disney’s Boardwalk Resort, was interviewed by two Disney security investigators in March about thefts from the company. more

The 11 types of business failure – and how you can learn from the mistakes of others

Founders and business professionals can learn a lot about the failure landscape from Robin Banerjee’s new book, Who Blunders and How: The Dumb Side of the Corporate World. The eleven chapters are written in a conversational style and span 265 pages, full of examples, analysis and tips...

(Guess what made the list.)
Some rivalries between business groups have led to allegations of unethical advertising practices, and even corporate espionage... more

It's easy to "blunder" when it comes to corporate espionage. By definition, espionage is a covert practice. Because you don't see it, you don't believe it is happening. Successful espionage is invisible. Only failures make the news. Successful corporations employ specialists to monitor for espionage.

The Top 200 Worst Passwords of 2019

Independent researchers, who requested to stay anonymous, compiled and shared with us a list of 200 most popular passwords that were leaked in data breaches just this year. The database is quite impressive — 500 million passwords in total. And if you think that’s a lot of leaked passwords, we have some bad news for you — it’s just the tip of the iceberg. more

Here are the Top 20 to get you started...

Top 2020 New Years Resolution... Fortify your passwords.

World's Smallest Video Camera (unfreakinbelieveable!)

This company in Taiwan has been reducing the size of video cameras year after year. I would like to say this is the smallest possible, but they continue to surprise.


If you have privacy concerns caused by the flood of covert video surveillance cameras, stop by here and learn how to fight back.

Trend Micro Reveals Security Worries for 2020

In 2020, tried-and-tested cyber crimes – such as extortion, obfuscation and phishing – will remain, but new risks will inevitably emerge.

Full 5G implementations will introduce new security threats and the increased migration to the cloud will see more organizations facing risks from their cloud and supply chain.

In addition, the sheer number of connected assets and infrastructures will open doors to threats, and fake images, videos, or audio will be used to manipulate enterprise business procedures.

This is according to a new report from security firm Trend Micro, titled: “The New Norm: Trend Micro Security Predictions for 2020.”

...of special interest to our clients...

IOT devices used for espionage, extortion.

Machine learning and AI will be abused to listen in on connected devices like smart TVs and speakers to snoop on personal and business conversations, which can then provide material for extortion or corporate espionage. more

"Electronic Device" Found in Mayor's Office

MI - Flint Police are investigating after an electronic surveillance device was found inside Flint City Hall.

The device was found in the mayor's office, Interim Police Chief Phil Hart said.

Hart said he cannot speak as to what the capabilities of the electronic surveillance device are at this time.

No other information has been released because it is still under investigation. more

Former Flint Police Chief Timothy Johnson believed the device could've been in City Hall when Former Mayor Karen Weaver was in office. 

He said she was concerned when she moved into City Hall that it had been bugged with recording devices. So Johnson said they checked her office, even removing ceiling tiles.* But, he explained, Weaver's was the only office they checked. more

* A professional technical surveillance countermeasures inspection is quite a bit more thorough.

Spybuster Tip #734: Don't Store Incriminating Photos on Your Android Phone

This time around, a team of security researchers found a terrifying flaw with the Android camera apps that could let malicious apps completely take control over a phone’s camera to spy on users without their knowledge.

It doesn’t take a genius to know that photos and videos can contain extremely sensitive information, and therefore, you should think twice about giving an app permission to use a camera...

Android camera apps often store photos and videos to an SD card, granting an app permission to storage gives it access to the entire contents of that card, according to the researchers. And the truly terrifying thing is that attackers wouldn’t even need to request access to the camera.

To demonstrate the vulnerability, the team at Checkmarx recorded a proof-of-concept video. Using a mockup Weather app, the team was able to not only take photo and video from a Pixel 2 XL and Pixel 3, it also was able to glean GPS data from those photos.


The team was able to detect when the phone was face down and could then remotely direct the rear camera to take photos and video. Another creepy bit is that attackers could potentially enact a “stealth mode,” where camera shutter noises are silenced and after taking photos, return the phone to its lock screen like nothing happened.

But perhaps most disturbingly, the video demonstrates a scenario where attackers could start recording a video while someone was in the middle of call, record two-way audio, and take photos or video of the victim’s surroundings—all without the target knowing. more

WhatsApp? Eavesdropping. That's WhatsApp.

WhatsApp parent company Facebook has issued a warning about a new vulnerability on its hugely-popular chat app, which could let hackers take control of their device remotely and eavesdrop on your every conversation.

Facebook has warned users about a potential vulnerability within its WhatsApp chat app that allows cyber-criminals to take control of your device remotely. The security flaw could also allow them to eavesdrop on your conversations.

And if that wasn’t worrying enough, all you’d have to do to let the hackers access your handset is watch a single video... This security flaw affects all versions of WhatsApp, from Windows Phone to iOS. It even includes the enterprise-focused WhatsApp Business. That suggests the issue was found in the underlying code that powers all versions of the chat app...

WhatsApp has closed the loophole with the latest updates to WhatsApp. If you haven’t already got automatic app updates set on your smartphone, you should head to your respective app store and download the latest software to make sure you’re sa

According to Facebook, the potential issue only impacts the following versions of WhatsApp:
fe from attack.

• Android versions of WhatsApp before 2.19.274
• iOS versions of WhatsApp before 2.19.100
• Enterprise Client versions of WhatsApp before 2.25.3
• Windows Phone versions of WhatsApp before and including 2.18.368
• Business for Android versions of WhatsApp before 2.19.104
• Business for iOS versions of WhatsApp before 2.19.100

Beginner's Guide to Small Business Cyber Security

Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.

Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness...

Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements... more

Eavesdropping Vulnerability: Cisco SPA100 - Update Firmware

While setting up a VoIP service in their home, security researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100 Series.

If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.

Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.

...if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild. more

Hot Wheels - Part I

A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . .
And His $9 Million WhatsApp Hacking Van


On a wildflower-lined gravel track off a quiet thoroughfare in Larnaca, Cyprus, Tal Dillian is ensconced in a blacked-out truck. It’s a converted GMC ambulance, pimped out with millions of dollars of surveillance kit, antennas on top reaching out to learn what it can from any smartphone within a 1-kilometer radius and, at the click of a button, empty them of all the content within.

WhatsApp messages, Facebook chats, texts, calls, contacts?
Everything?

“Exactly,” says Dilian, a 24-year Israeli intelligence veteran and multimillionaire spy-tech dealer, though he doesn’t look it; imagine a shabbier, more hirsute George Clooney...

He’s dialing up the charm offensive over the two days he gives Forbes unprecedented access to the normally hidden, clandestine spy-tech industry, estimated to be worth $12 billion and rising. more

Hot Wheels - Part II

Cypriot police have confiscated a van reportedly loaded with sophisticated surveillance equipment and have questioned its Israeli owner following media reports that the vehicle was being hired out to spy on people...

The police probe was initiated after local media highlighted an earlier Forbes report on the Israeli it identified as a former intelligence officer who showed off the $9 million van’s spying capabilities. more