Pegasus v. iPhone Update - iOS 14.7.1 Plugs the Loophole

Apple has reportedly fixed the vulnerability in iOS 14.7.1. The security notes don’t specifically mention Pegasus, but they refer to “a memory corruption issue” that “may have been actively exploited.” more

Pegasus Spyware Update: How to Check Your iPhone

If you’re concerned about recent reports of the Pegasus spyware reportedly installed by the Israeli NSO Group to hack journalists and world leaders, there’s a tool to check if it’s hidden on your iPhone. But you probably have nothing to worry about...

But if you’re concerned, there’s a way to test whether your iPhone has been targeted. It’s not an easy test, mind you, but if you’re using a Mac or Linux PC and have backed up your iPhone using it, Amnesty International’s the Mobile Verification Toolkit will be able to detect whether your phone has the Pegasus spyware installed on it. The tool, which TechCrunch tested, works using the macOS Terminal app and searches your latest iPhone backup on your Mac, “is not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal.” You’ll need to install libusb as well as Python 3 using Homebrew. (You can learn more about the installation here.) TechCrunch says the check only takes “about a minute or two to run” once it’s been set up. more

Private Espionage Is Booming - The US Needs a Spy Registry

via Wired Magazine...
Years ago, while stationed in Moscow as the bureau chief for a major news magazine, I was approached by a representative of a multinational company and presented with a tantalizing offer. He said he had highly sensitive materials exposing possible criminal activity by a Russian competitor. The documents were mine with one condition: advance notice so he could be out of the country when any story was published.

I had every reason to think the materials came from a private intelligence operative hired by the company—there were many such operatives in Moscow—but I didn’t ask my source for his source. Instead I embarked on a somewhat harrowing investigation of my own, and on corroborating the materials, I was able to publish a splashy story.

This episode came back to me while reading Barry Meier’s new book, Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies. A former New York Times investigative reporter, Meier casts a harsh light on both “private spies” and journalists who make frequent use of nuggets unearthed by these operatives. In the book’s afterword, he revives an idea for “a kind of ‘spy registry’ in which operatives for hire would have to disclose the names of their clients and assignments,” just as Congress now requires of lobbyists hired to influence legislators.

Is this truly a problem in need of a solution? Or would a spy registry create worse problems?

It’s tempting to conclude that there is really nothing new here and that private spies may even supply a public service. In the original, late-19th-century Gilded Age, the Pinkerton Detective Agency devoted itself to the art of subterfuge. In 1890, a Pinkerton man went undercover on behalf of his client, the governor of North Dakota, and confirmed from rigorous barroom investigation that a fair amount of “boodle,” bribe money, was being dispensed by advocates of a state lottery opposed by the governor. The governor revealed the dirty dealings to the public, and the lottery scheme failed—all perhaps to the civic good.

Today’s circumstances are far different. Inexpensive, off-the-shelf technologies for surveillance, hacking, and spoofing make the spy game easier to play than ever before. What hired sleuth doesn’t now travel with one of those metallic-fabric bags that blocks cellphone GPS signals, like the GoDark Faraday model that sells online for $49.97? It’s an insignificant item on the expense report.  more

US Warns Businesses in Hong Kong About Electronic Surveillance

The advisory, which was nine pages long, was issued by the Departments of State, Treasury, Commerce and Homeland Security. It alerted businesses to the possible risks associated with doing business in Hong Kong. According to the advisory, businesses are at risk from electronic surveillance without warrants and the disclosure of customer and corporate data to authorities. more

 

Pegasus Spyware Back in the News

Washington Post... NSO Group’s Pegasus spyware, licensed to governments around the globe, can infect phones without a click... Military-grade spyware licensed by an Israeli firm to governments for tracking terrorists and criminals was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi, according to an investigation by The Washington Post and 16 media partners. more

India Today... Pegasus spying: how Pegasus is installed on phone, what it does, and how to get rid of it...

• Pegasus can be installed on vulnerable phones through a web link or a missed call.
• The spyware can steal passwords, contacts, text messages, and photos.
• The only way to avoid Pegasus after it has infected a phone is by getting rid of the phone.

Pegasus, developed by Israeli cybersecurity firm NSO Group, is a highly sophisticated spyware that has been referred to as the "most sophisticated smartphone attack ever". It was first noticed in 2016 but created a lot of buzz in late 2019 when it was revealed that the spyware was used for snooping on journalists and human rights activists across the globe, including in India. more

Tech Xplore... Pegasus spyware: how does it work?

More recent versions of Pegasus, developed by the Israeli firm the NSO Group, have exploited weak spots in software commonly installed on mobiles.

In 2019 the messaging service WhatsApp sued NSO, saying it used one of these so-called "zero-day vulnerabilities" in its operating system to install the spyware on some 1,400 phones.

By simply calling the target through WhatsApp, Pegasus could secretly download itself onto their phone—even if they never answered the call.

More recently, Pegasus is reported to have exploited weaknesses in Apple's iMessage software.

That would potentially give it access to the one billion Apple iPhones currently in use—all without the owners needing to even click a button. more

Why You Can't Get James Bond's Custom Martini These Days

 via Futility Closet... (worth subscribing)

In the first James Bond novel, 1953’s Casino Royale, Bond orders a drink of his own invention:

‘A dry martini,’ he said. ‘One. In a deep champagne goblet.’

‘Oui, monsieur.’

‘Just a moment. Three measures of Gordon’s, one of vodka, half a measure of Kina Lillet. Shake it very well until it’s ice-cold, then add a large thin slice of lemon peel. Got it?’

‘Certainly monsieur.’ The barman seemed pleased with the idea.

‘Gosh, that’s certainly a drink,’ said Leiter.

Bond laughed. ‘When I’m … er … concentrating,’ he explained, ‘I never have more than one drink before dinner. But I do like that one to be large and very strong and very cold, and very well-made. I hate small portions of anything, particularly when they taste bad. This drink’s my own invention. I’m going to patent it when I think of a good name.’

The name he thinks of is the Vesper, ostensibly inspired by the character Vesper Lynd. But in fact the recipe wasn’t original to Bond — Fleming had first received the drink from the butler of an elderly couple in Jamaica — it was named after vespers, a service of evening prayer. Bond says, “It sounds perfect and it’s very appropriate to the violet hour when my cocktail will now be drunk all over the world.” He’d have trouble getting one today — Kina Lillet was discontinued in 1986, and the strength of Gordon’s Gin was reduced in 1992.

The "Encrypted" Cell Phones Had One Flaw: The FBI Controlled Them

The criminals texted each other about drug deals and money laundering, confident in special encrypted devices using a platform dubbed Anom. There was just one problem for the crime rings: The FBI was being copied on every message — millions of them worldwide. In fact, the agency had sent the Anom devices into the black market in the first place.

Those are the details and allegations that are now emerging about Operation Trojan Shield, an international effort coordinated by the FBI that has resulted in more than 800 arrests.

With the help of Europol, the FBI identified "over 300 distinct TCOs [transnational criminal organizations] using Anom, including Italian organized crime, Outlaw Motorcycle Gangs, and various international narcotics source, transportation, and distribution cells," according to a search warrant affidavit filed in court by Nicholas Cheviron*, an FBI special agent in San Diego. The document was unsealed Monday.

In addition to heading the investigation, FBI Special Agent, Nic Cheviron (son of the best corporate security director ever), wrote the search warrant. It is a fascinating read.

Quantum Disappointment to Quantum Reserection

In theory, quantum cryptography enables two or more people to communicate with one another in complete secrecy. In practice, eavesdroppers can exploit weaknesses in the equipment used to send and receive secret keys.

Researchers in Singapore have now shown how practice can be brought closer to theory—by inserting a fairly simple passive device to prevent eavesdropping attacks involving bright light (Phys. Rev. X, doi: 10.1103/PRXQuantum.2.030304). They reckon their solution could be widely adopted in future, having shown that it can be applied to a number of popular cryptographic schemes...

Here is how it works.
Don't worry if you don't get it.
Just pretend Dr. Emilio Lizardo is doing the explaining.

Their device exploits an acrylic prism with a negative thermo-optical coefficient. Incoming light generates a gradient in temperature, and therefore in refractive-index, inside the prism that turns the acrylic into a concave lens. A small aperture placed behind the prism blocks most of the resulting diverged light beam, diminishing the beam power. more

Weird Science - Windows that Prevent and Facilitate Eavesdropping (you decide)

C-Bond Systems (the “Company” or “C-Bond”) (OTC: CBNT), a nanotechnology solutions company, announced today that it has received a purchase order for $220,000 to install specialty defense window film for a government customer.

Radio frequency defense film, also known as RF attenuation window film or anti-eavesdropping film, protects homes or workplaces against radio frequencies and electromagnetic radiation. The RF film that the customer requires meets strict security requirements for facilities handling classified or other sensitive information. The government customer has requested to remain anonymous for security reasons. more 

We've been down this road before, in 2007 and 2009.

•••

Listening & Anti-Eavesdropping Device
(18 years ago this month)
Abstract
A method and apparatus for transmitting information from a conversation in a room to a remote listener comprising selecting a structure (101) in the room which is capable of supporting vibration, selecting an electromechanical force transducer (90) which has an intended operative frequency range and comprises a resonant element (84, 86) having a frequency distribution of modes in the operative frequency range, mounting the transducer (90) to the structure (101) using coupling means (68) whereby the transducer excites vibration in the structure, positioning a sensor to detect vibration in the structure (101), determining information from the detected vibration and transmitting said information to a remote listener. There is also provided an anti-eavesdropping system which is the reverse of the method and apparatus according to the first and second aspects of the invention. (self-licking ice cream cone) more

Nervy Doctor Arrested - Spy Cameras Found in Woman Doctor's Bedroom & Bath

India - A 42-year-old neurologist was arrested in Maharashtra's Pune for allegedly installing spy cameras in the bathroom and bedroom of a trainee doctor's residential quarters, police said on Tuesday.

"The accused doctor is a neurologist lecturer at a city-based medical college," said Jagannath Kalaskar, senior police inspector, Bharti Vidyapeeth police station.

Last week, the trainee doctor had tried to switch on the bulb in her bathroom, however, it did not work. She then called an electrician who spotted a spy camera installed in the bulb. The doctor found another spy camera in her bedroom too, following which she lodged a police complaint. more

Facebook Reportedly Fired 52 Employees Caught Spying on Users

Facebook fired 52 employees for abusing their access to the social network’s user data — including creepy men who obtained location data on women they were romantically interested in, according to a new report. 

Using their access to troves of user data through Facebook’s internal systems, male engineers were able to view women’s locations, private messages, deleted photos and more, according to a bombshell report in the Telegraph...

While 52 employees were fired for such transgressions in 2014 and 2015, Facebook’s then-chief security officer Alex Stamos reportedly warned that hundreds of others may have slipped by unnoticed. more

Recording Conversations And Phone Calls - A Quick Primer

by Gary L. Wickert

One-Party Consent

If the consent of one party is required, you can record a conversation if you’re a party to the conversation. If you’re not a party to the conversation, you can record a conversation or phone call provided one party consents to it after having full knowledge and notice that the conversation will be recorded...

All-Party Consent

Twelve (12) states require the consent of everybody involved in a conversation or phone call before the conversation can be recorded. Those states are: California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania and Washington. These laws are sometimes referred to as “Two-Party” consent laws but, technically, require that all parties to a conversation must give consent before the conversation can be recorded.

Consent

What constitutes “consent” is also an issue of contention when you are considering recording a conversation. In some states, “consent” is given if the parties to the call are clearly notified that the conversation will be recorded, and they engage in the conversation anyway. Their consent is implied. For example, we have all experienced calling a customer service department only to hear a recorded voice warning, “This call may be recorded for quality assurance or training purposes.” It is usually a good practice for practitioners to let the witness know they are recording the call in order to accurately recall and commemorate the testimony being given – such as during the taking of a witness’ statement.

Exceptions

Nearly all states include an extensive list of exceptions to their consent requirements. Common exceptions found in a majority of states’ laws include recordings captured by police, court order, communication service providers, emergency services, etc... 

Interstate/Multi-State Phone Calls

Telephone calls are routinely originated in one state and participated in by residents of another state. In conference call settings, multiple states (and even countries) could be participating in a telephone call which is subject to being recorded by one or more parties to the call. This presents some rather challenging legal scenarios when trying to evaluate whether a call may legally be recorded. A call from Pennsylvania to a person in New York involves the laws of both states. Which state’s laws apply and/or whether the law of each state must be adhered to are questions parties to a call are routinely faced with...

Federal Law

In most cases, both state and federal laws may apply. State laws are enforced by your local police department and the state’s attorney office. Federal wiretapping laws are enforced by the FBI and U.S. Attorney’s office. It is a federal crime to wiretap or to use a machine to capture the communications of others without court approval, unless one of the parties has given their prior consent. This means that if you are initiating a recording on a call that you are participating in, the other party does not need to be notified that the call is being recorded. It is likewise a federal crime to use or disclose any information acquired by illegal wiretapping or electronic eavesdropping. more

More information on the laws in all 50 states regarding the recording of phone conversations found here.

Don't Own the Trade Secret But Still Want to Sue for Misappropriation?

You may be able to bring a misappropriation of trade secrets claim even if you do not actually own the misappropriated trade secret. A growing number of federal cases indicate ownership of a trade secret may not be required in order for a plaintiff to sue for misappropriation; possession alone may be enough to confer standing.

In Advanced Fluid Systems, Inc. v. Huber, the Third Circuit affirmed a district court ruling holding that a plaintiff suing for misappropriation under the Pennsylvania Uniform Trade Secrets Act (“PUTSA”) need only demonstrate lawful possession of the trade secret at issue, and not legal ownership, to maintain a claim. There, Advanced Fluid Systems (“AFS”), a designer and installer of hydraulic systems, filed suit against defendants alleging they had conspired to misappropriate AFS trade secret information to divert business to a competitor.  

In a twenty-six page opinion, the Court concluded that fee simple ownership of a trade secret is not a prerequisite to recover for its misappropriation. more

FutureWatch – The Eyes Have IT

One of the more interesting aspects of Technical Surveillance Countermeasures (TSCM), or sweeping for bugs, is looking into the future. Seemingly an exercise in entertainment at first glance, looking forward has a serious purpose—staying ahead of the bad guys, not one step behind (as some TSCM’ers seem to be proud to say). Smart contact lens technology caught my eye for this episode of FutureWatch.

Taking a look at “future vision” we see… more

While we don’t have smart contact lenses yet, we do have X-ray vision.

FutureWatch - Super Microphones Coming to Eavesdropping Devices and...

... more mundane items like smart speakers and cell phones...  

 A KAIST research team ... has developed a bioinspired flexible piezoelectric acoustic sensor with multi-resonant ultrathin piezoelectric membrane mimicking the basilar membrane of the human cochlea. The flexible acoustic sensor has been miniaturized ... is ready for accurate and far-distant voice detection. more

CCTV Company Pays Remote Workers to Yell at Armed Robbers

Clerks at 7-Eleven and other convenience stores are being constantly monitored by a voice of god that can intervene from thousands of miles away.

In a short CCTV video, a clerk at a small convenience store can be seen taking a bottle of coffee from a cooler and drinking it. When he returns to the cash register, an unseen person's voice emits from a speaker on the ceiling and interrogates him about whether he scanned and paid for the item.

In another video, a cashier is standing behind the counter talking to someone just out of frame. There’s a 'ding' sound, and the voice from above questions the cashier about who the other man is—he’s there to give the cashier a ride at the end of his shift—then orders the man to stand on the other side of the counter.

The videos are just a few examples that Washington-based Live Eye Surveillance uses to demonstrate its flagship product: a surveillance camera system that keeps constant watch over shops and lets a remote human operator intervene whenever they see something they deem suspicious.  

For enough money—$399 per month according to one sales email Motherboard viewed—a person in Karnal, India will watch the video feed from your business 24/7. The monitors “act as a virtual supervisor for the sites, in terms of assuring the safety of the employees located overseas and requesting them to complete assigned tasks,” according to a job posting on the company's website. more

Security Director Alert: Millions of Connected Cameras Open to Eavesdropping

A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.  

Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency (CISA).

The bug (CVE-2021-32934, with a CVSS v3 base score of 9.1) has been introduced via a supply-chain component from ThroughTek that’s used by several original equipment manufacturers (OEMs) of security cameras – along with makers of IoT devices like baby- and pet-monitoring cameras, and robotic and battery devices. 

The potential issues stemming from unauthorized viewing of feeds from these devices are myriad.

For critical infrastructure operators and enterprises:

• video-feed interceptions could reveal sensitive business data,
• production/competitive secrets,
• information on floorplans for use in physical attacks,
• and employee information.

And for home users, the privacy implications are obvious. more

A Month of Spycam News

IN - A former Indiana police officer awaiting sentencing for recording young girls in a bathroom died by suicide Monday. more

Ireland - Devout Christian busted for filming men and boys using toilet and setting up secret cameras in B&B more

FL - A Florida youth pastor who was previously accused of hiding a camera in a church bathroom has now been charged with possession of child pornography. more

Canada - A Cold Lake high school teacher was charged by RCMP with making child pornography and voyeurism. Assumption teacher James Neil Morrison allegedly installed a camera in a student changeroom and recorded inappropriate imagery of a 16-year-old. more

FL - Robert Sampson, 52, of Gulf Breeze, Florida, pled guilty today to charges of Video Voyeurism and Disorderly Conduct. Sampson surreptitiously videoed eight fellow Department of Veterans Affairs (VA) employees using a hidden recording device that he placed in a restroom at the Veterans Affairs Joint Ambulatory Care Center in Pensacola, Florida, on multiple occasions. more

PA - A Pennsylvania florist has been accused of hiding a small camera in a flower arrangement so that he could spy on a woman. According to local reports, this was learned after a relative of the victim found nude images downloaded on the florist’s computer. more

Japan - Police in Tokyo have arrested a 33-year-old elementary school teacher on suspicion of violating the child pornography law and forcible obstruction of business after he allegedly installed a spy camera inside the girl’s toilet. more

UK - A man has been charged with voyeurism offences involving 107 alleged victims over a period of six years. David Glover, 47, of Edelweiss View in Tallington, is accused of installing camera equipment to observe women doing a private act, without their consent, for his own sexual gratification. more

FL - A bartender in Islamorada was arrested after reportedly placing a video camera that captured photos of a woman in a bathroom... The device was disguised as a USB charging adapter, according to deputies. more

Canada - A former maintenance worker at Royal Oaks Country Club who hid a cellphone in a restroom to secretly record a woman using the toilet was sentenced Monday to 30 days on a work crew. more 

CT - A city man accused of recording guests in his Glenbrook condo while they used the bathroom has pleaded guilty to multiple counts of voyeurism. more 

SC - Riviere is named as a defendant in three separate lawsuits in state court that accuse the management of some Aiken short-term rental properties of secretly recording women who paid to stay there. more 

US - A man has claimed he caught his girlfriend of six years cheating on him by using a hidden spy camera secreted away inside a USB plug that he left in their apartment. The anonymous man, from the US, went viral on TikTok earlier this week after he revealed he had bought a plug-in USB brick, which contained secret spyware... The video, which has been hashtagged #CheatersGettingCaught, has been viewed over 2.5million times and amassed over 432,000 likes. more 

LA - Monroe man arrested on four counts of video voyeurism... The victim then stated she found a video of herself getting in and out of the shower at his residence. Fairly stated that he ordered a clock with a hidden camera on Ebay to record the inside of his house. more

CO - Denver Firefighter Paid $100K over Station Bedroom Spycam. The settlement comes after a former lieutenant was convicted last year in connection with setting up a hidden camera and recording a female firefighter changing clothes. more

S. Korea - There has been a public outcry over a recent case in which a male teacher allegedly installed hidden cameras in a restroom for female teachers at the high school where he works. more

New Zealand - A man who repeatedly planted a spy camera in an Auckland gym's changing rooms to film people naked was promoted to chief executive of Crown entity International Accreditation New Zealand (IANZ) after the offending took place. more 

TN - A former high school nurse has been arrested on child pornography charges for photographing over 40 girl students undressing in the bathroom... The seized photos were all captured through a hidden camera placed in a school bathroom. more  

Japan - A staff member at a social welfare facility in the prefecture resigned after he was accused of illicit filming inside a bathroom, the facility revealed on Monday. The camera, which was hidden inside a pen... “I did it for thrills,” the staff member said in admitting to the allegations. more

UK - Judge James Burbidge QC, sentencing, described how the defendant had hidden a spy camera in an air freshener and had used it to take more than 10,500 photographs. more

You don't have to become a victim. Learn how to detect spy cameras.

Concerns Increase As Business Espionage Escallates

Business espionage has become more common in recent times due to the growth of outsourcing. Outsourcing work reduces the amount of direct contact between workers and employers, yet increases the potential for conflict and theft. An increase in business Espionage is therefore of major concern...

Companies must take steps to protect their intellectual property from employees who may be tempted to use this information to gain an unfair advantage ... The longer Espionage goes on the more the company will pay for it in terms of lost revenue. more

***

Companies—large and small—need to be aware of espionage threats. If that seems a bit overboard, consider the dramatic increase in the number of incidents related to geopolitical cybercrime. 

"Many authoritarian governments are doing everything they can, including using their spy services, to build successful businesses and grow their economies," explained Bill Priestap and Holden Triplett, co-founders of Trenchcoat Advisors, and adjunct professors at Georgetown University's Walsh School of Foreign Service, in their Lawfare Institute article: The Espionage Threat to U.S. Businesses. "These nation-states are consciously building national champions to dominate industries to extend their national power—not just domestically but also worldwide." 

Priestap and Triplett advise the weapon of choice is espionage, since an average business owner would never suspect that kind of interest. "Intelligence and the art of spying are no longer constrained to the government sphere," mention Priestap and Triplett. "The assets that competitor states are now seeking to obtain from the United States are not possessed by the government—they are possessed by companies." more

Yet Another Spycam in a Smoke Detector Story

Rob Riggle’s divorce from his wife, Tiffany, after 21 years of marriage has taken a dramatic, new turn after the actor accused her of hacking his Apple account, taking $28,000 from his home office, and spying on him with a hidden camera... 

The actor says he began to grow suspicious that he was being watched after he noticed that his estranged wife somehow knew about private conversations he’d had in his home office either with or about his girlfriend and assistant...

In response the actor decided in April to have his home swept for devices that might be spying on him, claiming to have found a camera hidden in one of his smoke detectors. He says the camera had a memory card with more than 10,000 videos stored on it. He believes the camera was installed in August 2020 and had likely been watching him ever since. The actor claims that one of those videos shows Tiffany standing on a ladder installing the spy camera...

Riggle has been granted a temporary restraining order against his ex, and another hearing is set for July regarding his request to have all of the footage obtained from the hidden camera analyzed by a forensic expert. more

Imagination Becomes a Reality... somewhat.

≈1990 - Murray Associates... "Picture this. You’re the Chief of R&D at a mid-sized snack food company. You have just discussed a new project with your staff of fifteen. Top secret. Your company is preparing a new cookie. Encapsulated chocolate bits make noises when bitten. From loud pops to whistles to burps, depending on speed of the bite. Your kids loved the idea. But this is only half the secret. In addition to being Sonic, it’s: Natural, Oven-baked, Oil-free, Kalorie-free, and Yogurt-enriched. The staff affectionately names your pet project ‘SNOOKY the Cookie.’ Top management is excited. Sales potential is incredible if you get to the marketplace first." from, Corporate Espionage - The Missing Business School Courses

2021 - Hostess Brands, LLC is introducing a new texture-rich item for consumers looking to indulge their sweet tooth with the launch of its creamiest and crunchiest snack yet, Hostess Cr!spy Minis™. Available in two irresistible flavors, Cookies & Crème and Strawberries & Crème, the incredibly poppable Cr!spy Minis come in a resealable, stand-up pouch for optimal freshness. more

Ikea Fined $1.3 Million Over Spying

A French court ordered home furnishings giant Ikea to pay some 1.1 million euros ($1.3 million) in fines and damages Tuesday over a campaign to spy on union representatives, employees and some unhappy customers in France.

Two former Ikea France executives were convicted and fined over the scheme and given suspended prison sentences. Among the other 13 defendants in the high-profile trial, some were acquitted and others given suspended sentences.

Adel Amara, a former Ikea employee who helped expose the wrongdoing, called the ruling “a big step in defense of the citizen….It makes me glad that there is justice in France.” more  previous stories

Football Team Launches Retaliation Drone

As football rivalries go, the one between Chile and Argentina is up there among the fiercest. So it should come as no surprise that when Chile's national team saw a drone hovering above a training session, it suspected its rival of spying ahead of Thursday's World Cup qualifier.

The team sent up its own drone which swiftly brought down the "spy-cam".

But rather than being a devious Argentine device, the drone turned out to be from a Chilean energy company. more

New X-Ray Inspection and Analysis Service Detects Eavesdropping Devices Secreted in Everyday Objects

Click to enlarge.

Planting bugs, spy cameras, and other illegal surveillance devices is easy. Most come pre-disguised as fully functional everyday objects. They are being built into wall clocks, power strips, USB chargers, and even desktop calculators, for example.

Competent Technical Surveillance Countermeasures (TSCM) consultants have a variety of very effective ways to detect electronic surveillance devices. But, when the stakes are high enough—and the opposition is sophisticated enough—a Murray Associates TSCM X-ray deep clean is the logical option. This new service offers the most assurance that room objects are not bugged. 

------

Kevin D. Murray, Director, relates an interesting cautionary tale, “There are also times when a TSCM X-ray deep clean is just smart due diligence. The classic example of a lack of due diligence is the KGB bugging of American typewriters during the Cold War.”

Popular Mechanics explains… “The Cold War spy drama that played out between the U.S. and the Soviet Union was the source of much ingenious spy technology. One of the most ingenious devices fielded by both sides was a typewriter designed to spy on the user, quietly transmitting its keystrokes to KGB listeners. The technology was an early form of keylogging but done entirely through hardware—not PC software.”

A total of 16 bugged typewriters were used at the U.S. Moscow embassy for over eight years before discovery. Had a TSCM X-ray inspection been conducted before the typewriters were installed, no secrets would have been lost.

Keep the KGB typewriters in mind when bringing in a new phone system, keyboards, mice or other office items. This is the ideal time to sneak a bug in, and for a TSCM X-ray deep clean.

------

Murray Associates TSCM can economically inspect all your new arrivals at one time, at your location, or ours. And, discretely security seal your items at no extra charge—before you start using them.

When should a TSCM X-ray inspection be conducted?

• When the stakes are high.
• When the opposition is formidable.
• When the areas being inspected with regular TSCM methods are especially sensitive.
• Whenever you bring new tech into the workplace en masse. New desk phones, new computer equipment, new gifts, for example.
  

How often should an a TSCM X-ray deep clean be conducted?

• Once per year during the quarterly, proactive TSCM inspections. (Quarterly inspections are the norm for most businesses.)
• Whenever there are active suspicions of illegal electronic surveillance.
• Upon the discovery of a listening device or other suspicious object.


Counterespionage Tip: If one bug is discovered, keep searching. Professionals will plant multiple devices, with one being easy to find. Their strategy… to thwart further searching by inexperienced TSCM technicians.

Types of X-ray analysis services offered:

• On-site, when we are conducting a Technical Surveillance Countermeasures (TSCM) inspection for you.
• On-site, to inspect multiple new items entering your environment, such as new telephones, keyboards, computer mice, etc.
• Objects may also be mailed to the Murray Associates TSCM lab for X-ray analysis. Contact them directly for details.

Full Press Release
 

Watergate-style Scandal Rocks Bulgaria Ahead of Election

Bulgaria's National Security and Technical Operations agencies eavesdropped on opposition politicians in the run-up to last month's parliamentary elections, caretaker Interior Minister Boyko Rashkov said on Friday.

Why it matters: Rashkov was echoing echoing claims from a leading opposition politician, who said 32 politicians from three parties had been wiretapped. All three parties are opponents of the long-term ruling party, GERB, and former prime minister Boyko Borissov, who dominated Bulgarian politics for the past decade. more

Mystery Solved: The Govt Manager and the Spy Cam

A porn-addicted Government manager who planted a spy camera in a gym bathroom has had his discharge without conviction and permanent name suppression overturned and can now be identified.

He is Phillip Barnes, the former chief executive of International Accreditation New Zealand - a Crown organisation at the fore of the national Covid-19 pandemic response.

And he has issued a lengthy apology for his offending. more

The Biggest Spies are Now Hiding in Your Car

Cars have undergone a major transformation in recent years.

Traditional models are slowly being replaced by new-age, technology-packed vehicles. Telematics and infotainment that provide convenience, entertainment and security are a driving force behind this revolution.

But they are also turning modern vehicles into one of the biggest threats to personal privacy...

An infotainment system is a collection of hardware and software in automobiles that provides vehicle status information, as well as audio or video entertainment...

In doing so, day after day, these systems generate torrents of data (around 25 gigabytes per hour), a portion of which is transmitted to the manufacturer as well as stored on your car’s storage device. The amount of data recorded is truly impressive and disconcerting, and includes various technical vehicle parameters, GPS location, favorite destinations, speed and so on. 

Once a user connects their smartphone to the console via USB (or wirelessly), the amount of data shared with the car increases even further. By pairing up with the device, the infotainment system downloads (and saves) even more data, adding to its database information that previously existed only on your smartphone. This includes your favorite music, apps, social media, emails, SMS history, voice data and more.

Used cars are even worse. Their data logs contain records of every phone ever connected to them, making them a veritable treasure trove for savvy hackers and government agencies alike. more

Study: Are Smartphones Really Eavesdropping on our Conversations?

It’s a common fear- are smartphones listening and using our private conversations to sell advertising? New research shows many believe this is true.

The study, from Tidio, asked over 1000 people (48.6% males, 49.8% females, and 1.6% declaring as non-binary) about their opinions and experiences, and the results are surprising. more

Seminar in Information Security & Cryptography

Zurich Switzerland, June 14−16, 2021
Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

We are very pleased to announce that the seminar in Information Security and Cryptography on June 14-16 in Zurich Switzerland will take place and we still have a few places free.

We are fortunate that the situation with COVID-19 has improved to the point where we may hold the seminar, under the provisions of the Swiss Federal Office of Public Health (BAG) and their regulations for hotels and restaurants. 

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects. The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography including blockchains and crypto currencies.

The lectures and all course material are in English. A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2021.html. There are hotel rooms at a special group rate (deadline 24th of May) Please ensure you are allowed to enter Switzerland as every country has different regulations.

FutureWatch: A New TSCM Detection Tool is in Development...

The developers just don't know it yet.
It's an Electronic Dog Nose (EDN).

New sensors developed by Otto Gregory at the University of Rhode Island, and chemical engineering doctoral student Peter Ricci, are so powerful that they can detect threats at the molecular level, whether it's explosive materials, particles from a potentially deadly virus or illegal drugs entering the country.

"This is potentially life-saving technology," said Gregory. "We have detected things at the part-per-quadrillion level. That's really single molecule detection."

Because Gregory's sensors are so small and so powerful, there is a wide range of applications. more

Kevin's analysis...
Specially trained dogs have been used to sniff out covert electronic items, like cell phones in prisons, for quite a while now. The secret to detection is the device's electronic circuit boards. They contain these compounds: triphenylphosphine oxide (TPPO) and hydroxycyclohexyl phenyl ketone (HPK). This second compound is also found on CDs, DVDs, Blu-Rays, the old tech floppy disks.

FutureWatch: Technical Surveillance Countermeasures (TSCM) professionals have many types of technologies at their disposal for detecting illegal electronic surveillance devices. To name a few... Non-Linear Junction Detection, Infrared Thermography, and Radio-frequency Spectrum Analysis. We are now well on our way to adding EDN to our kit.

Italy Appoints First Female Spy Chief

Prime Minister Mario Draghi announced his choice of Elisabetta Belloni as head of the Department of Information Security (DIS) on Wednesday.

The department oversees the country's foreign and domestic intelligence services and reports directly to the Italian government.

Ms Belloni, 63, has a long career of firsts. more

Tin Foil Hat Alert: Tiny, Wireless, Injectable Chips Use Ultrasound to Monitor

Columbia Engineers develop the smallest single-chip system that is a complete functioning electronic circuit; implantable chips... that can be injected into the body with a hypodermic needle to monitor medical conditions.

Researchers at Columbia Engineering report that they have built what they say is the world's smallest single-chip system, consuming a total volume of less than 0.1 mm³. The system is as small as a dust mite and visible only under a microscope. In order to achieve this, the team used ultrasound to both power and communicate with the device wirelessly. The study was published online May 7 in Science Advances.

“We wanted to see how far we could push the limits on how small a functioning chip we could make,” said the study’s leader Ken Shepard, Lau Family professor of electrical engineering and professor of biomedical engineering. “This is a new idea of ‘chip as system’—this is a chip that alone, with nothing else, is a complete functioning electronic system. This should be revolutionary for developing wireless, miniaturized implantable medical devices that can sense different things, be used in clinical applications, and eventually approved for human use.” more

Hvaldimir: Seeking Sanctuary for Whale Dubbed a Russian Spy

A mysterious beluga whale was dubbed a spy when he appeared off Norway's coast wearing a Russian harness... The whale seemed to be seeking help... The fisherman put on a survival suit and jumped into the icy water, freed the whale and retrieved the harness. To his surprise it had a camera mount and clips bearing the inscription "Equipment St. Petersburg"... 

Norwegians were captivated by the whale's dramatic rescue. Because of the whale's apparent spy status, he was given a tongue-in-cheek name. In a nod to hval, Norwegian for whale, and Russian President Vladimir Putin, the beluga was christened Hvaldimir. more

The Very Long Arm of the Law

UK - A Royal Navy submarine and a bugged Scottish farmhouse were used to try to catch the killers of Stephen Lawrence, it has emerged.

The elaborate surveillance operation was set up in 1999 in an attempt to gather evidence from five men accused of the teenager’s murder, as they enjoyed a two-week break after giving a high-profile TV interview...

But the Daily Mail yesterday revealed how, before they arrived, police had planted hidden microphones in the house, in the Perthshire village of Forteviot. The submarine, which took up position off Dundee, sent the signal back to London...

The Met rigged up the whole venue with hidden listening devices even placing them in golf buggies the suspects rode on in the quaint village of Forteviot.

They relayed their signal to a helicopter circling nearby which passed it onto the sub which in turn fired it down to detectives in Scotland Yard.

Even the friendly minibus driver who showed them the sights during their 15-day Highlands stay was an undercover police officer, reports the Mail.

One source said: “It was pure James Bond. It was run like a big anti-terror operation. The team had every piece of kit you had ever heard of.” more  more

PimEyes: Cool New PI Tool or Privacy Alert - You Decide

You probably haven't seen PimEyes, a mysterious facial-recognition search engine, but it may have spotted you... Anyone can use this powerful facial-recognition tool — and that's a problem.

If you upload a picture of your face to PimEyes' website, it will immediately show you any pictures of yourself that the company has found around the internet. You might recognize all of them, or be surprised (or, perhaps, even horrified) by some; these images may include anything from wedding or vacation snapshots to pornographic images.

PimEyes is open to anyone with internet access. more

Weird GPS Tracking Story: Shark Seems to Leave Sea for a Road Trip

Australia - A bull shark under surveillance left scientists scratching their heads after it seemed to begin traveling down a major roadway in New South Wales.

Marine biologists noticed the predator – or at least its tag – was moving along the Princes Highway between Shellharbour and Wollongong, having apparently quit the sea at Shell Cove on Wednesday morning. more 

I recall a somewhat similar incident involving a bear here in New Jersey... sing-a-long Enjoy the weekend!

Industrial Espionage: A New Disclaimer Seen in Corporate Report's Fine Print

/PRNewswire/ Corteva, Inc. (NYSE: CTVA) today reported financial results for the three months ended March 31, 2021...

Cautionary Statement About Forward-Looking Statements
This communication contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934...Forward-looking statements are based on certain assumptions and expectations of future events which may not be accurate or realized. Forward- looking statements also involve risks and uncertainties, many of which are beyond Corteva's control...

...(xii) effect of industrial espionage and other disruptions to Corteva's supply chain, information technology or network systems;  more

If your company thinks industrial espionage is beyond their control, call us.

Vishing — Phone Call Attacks and Scams

via Jen Fox, SANS OUCH Newsletter...
While some of today’s cyber criminals do use advanced technologies, many simply use the phone to trick their victims...

The greatest defense you have against a phone call attack is yourself. Keep these things in mind:

• Anytime anyone calls you and creates a tremendous sense of urgency or pressure, be extremely suspicious. They are attempting to rush you into making a mistake. Even if the phone call seems OK at first, if it starts to feel strange, you can stop and say “no” at any time.

• Be especially wary of callers who insist that you purchase gift cards or prepaid debit cards.

• Never trust Caller ID. Bad guys will often spoof the number, so it looks like it is coming from a legitimate organization or has the same area code as your phone number.

• Never allow a caller to take temporary control of your computer or trick you into downloading software. This is how they can infect your computer.

• Unless you placed the call, never give the other party information that they should already have. For example, if the bank called you, they shouldn’t be asking for your account number.

• If you believe a phone call is an attack, simply hang up. If you want to confirm that the phone call was legitimate, go to the organization’s website (such as your bank) and call the customer support phone number directly yourself. That way, you really know you are talking to the real organization.

• If a phone call is coming from someone you do not personally know, let the call go directly to voicemail. This way you can review unknown calls on your own time. Even better, on many phones you can enable this by default with the “Do Not Disturb” feature. more
  

Apple Airtags - You're It

A new report today says that AirTag stalking is “frighteningly easy” thanks to a number of weaknesses in Apple’s privacy protections...

...three days is a very long time to be tracked without your knowledge if you are an Android user. Additionally, for a stranger stalker, they would be able to track you to your home address or another location you frequently visit, before you are alerted – in other words, after the damage is done...

...An AirTag starts a three-day countdown clock on its alarm as soon as it’s out of the range of the iPhone it’s paired with. Since many victims live with their abusers, the alert countdown could be reset each night when the owner of the AirTag comes back into its range...

...There’s an option in the Find My app to turn off all of these “item safety alerts” — and adjusting it doesn’t require entering your PIN or password. People in abusive situations don’t always have total control over their phones...

...The only protection for Android users is the audible alert after three days, and it’s already been shown that the speaker can be disabled... more