Consumer Reports - All the tools You Need for Online Safety

Keep Your Data Secure With a Personalized Plan
Cut down on data collection and prevent hackers from invading your laptop, tablet and even your phone. Answer a few simple questions to get customized recommendations to help you:

• Safely backup files
• Browse online without tracking
• Avoid phishing scams
• Prevent identity theft

CR Security Planner is a free, easy-to-use guide to staying safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from smartphones to home security cameras, and reducing intrusive tracking by websites.

Consumer Reports is an independent, nonprofit member organization that works with consumers to create more fairness, safety, and transparency in the marketplace. We don’t run third-party ads, and no company will ever exercise influence over our recommendations of products or services.

Even North Korea has Industrial Espionage Problems

North Korean man investigated for industrial espionage...
A North Korean man in his 40s is reportedly under investigation by the Ministry of State Security for turning over internal analyses from his workplace to a Chinese trader, Daily NK has learned.

The internal analyses the man gave to the trader reportedly concerned technology used to develop North Korean-style cosmetics. There is speculation that he will be sent to a political prison camp for espionage. more

Covid 19 Affects MI5's Spies Street Surveillance Tactics

The pandemic has changed the way millions of people work -- and even spies aren't exempt.

Near-empty streets caused by fewer people traveling into city centers can make it difficult for Britain's spies to track suspects, the new head of MI5, the UK's domestic security service, has said.

Ken McCallum told journalists Wednesday that his agents have adjusted the way they work as a result of the coronavirus crisis, after crowds thinned in public spaces. more

Facebook "Bug" Bugged iPhone Camera - Bugged Instagram'er Sues

Facebook has got itself in trouble again as the California-based tech giant has been allegedly sued for spying on Instagram users using the camera on the phone, Bloomberg reported.

According to the lawsuit, which has come following reports from July, the photo-sharing application had been accessing the camera on the iPhone to spy on users even when they weren’t activated.

Facebook has denied the claim and blamed a bug saying that it’s correcting the problem. more

Woman Allegedly Hacked Ex’s Alexa to Scare off New Girlfriend

Double Feature!
An IoT Cautionary Tale...
A Crazy Ex Tale...

A jilted London woman allegedly hacked into her ex-boyfriend’s Amazon Alexa device and used it to scare off his new girlfriend, a report said.

Philippa Copleston-Warren, 45, was accused in a London court of using the virtual assistant to flash the lights inside her former boyfriend’s house on and off and tell his new sweetie to scram after he ended their relationship of two years, The Sun reported.

“The defendant spoke through the Alexa account to tell the complainant’s friend in the property to leave and to take her stuff,” prosecutor Misba Majid told Westminster Magistrates’ Court, according to the newspaper.

“This so distressed the girlfriend, it caused her to cry and she left.”

Copleston-Warren (inset), a management consultant, controlled the device from London, about 130 miles from her businessman ex-beau’s house in Lincolnshire, the paper reported.

She is also accused of hacking her ex’s Facebook account and uploading nude pictures of him. more

Spybuster Tip # 721: Learn how to adjust ALL the features of your digital assistant. This could have been prevented.

In Other News... Japan to Release Radioactive Water Into Sea

Japan is to release treated radioactive water from the destroyed Fukushima nuclear plant into the sea, media reports say.

It follows years of debate over how to dispose of the liquid, which includes water used to cool the power station hit by a massive tsunami in 2011.

Environmental and fishing groups oppose the idea but many scientists say the risk it would pose is low. more

What could possibly go wrong?

Enjoy the weekend, with a good flick.

New Malware Toolset Used for Industrial Espionage

Malware authors are using an advanced toolset for industrial espionage, warned researchers at cybersecurity firm Kaspersky.

...the tool uses “a variety of techniques to evade detection, including hosting its communications with the control server on public cloud services and hiding the main malicious module using steganography.”

...files are disguised to trick employers into downloading them. They contain names related to employees’ contact lists, technical documentation, and medical analysis results to trick employees as part of a common spear-phishing technique...

MontysThree is designed to specifically target Microsoft and Adobe Acrobat documents, Kaspersky said. The malware can enable attackers to capture screenshots and gather information about the victim’s network settings, hostname, etc. more

Espionage Alert: Children's Smartwatch is a Trojan Horse

A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.

The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches...

The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location, taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot. 

Sand also found that 19 of the apps that come pre-installed on the watch are developed by Qihoo 360, a security company and app maker located in China. more  (q.v. our 2017 post  & etc.)

Bugged Turtle Eggs – Good Surveillance Tech

The Wire Inspired a Fake Turtle Egg That Spies on Poachers 

Scientists 3D-printed sea turtle eggs and stuffed transmitters inside. When poachers pulled them out of nests, the devices tracked their every move.

In the HBO series The Wire, Baltimore cops Herc and Carver devise an unorthodox way to listen in on a drug dealer named Frog, right on the street: They shove a tiny, $1,250 microphone into a tennis ball, which they then place in a gutter. 

Listening in from a building across the street, they watch as Frog picks up the ball and absentmindedly tosses it between his hands, sending thuds and an electric screech into Herc’s headphones. Quickly over it, Frog chucks the ball over their building. Carver rushes after it, only to watch a semi truck crush their very expensive tennis ball.

The Baltimore PD’s failure, though, may still be biologists’ gain. Drawing both from the imaginary surveillance tennis ball and a story arc from Breaking Bad, in which the Drug Enforcement Agency uses GPS to track methylamine barrels, real life researchers have developed the InvestEGGator: a fake sea turtle egg filled with a transmitter in place of an embryo, a clever new way to track where poachers are selling the real deal. more

The FBI Hotel Wi-Fi Security Checklist

The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework. FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. 

US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. 

Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework. more

Mystery Deepens Around Unmanned Spy Boat Washed Up In Scotland

Last week a small unmanned vessel washed up on the rocky Scottish Isle of Tiree, about a hundred miles from the U.K.’s nuclear submarine base at Faslane.  

It was identified as a Wave Glider, a type made by U.S. company Liquid Robotics, which is capable of traveling thousands of miles and is used by both the U.S. Navy and Britain’s Royal Navy as well as other government agencies and scientific researchers. 

The local Coast Guard have been unable to trace the owner so far, but the craft’s configuration suggests it was on a secret mission...

...the mystery remains over who was operating it, what it was doing — and why they are keeping quiet. more

UPDATE:

What is a Wave Glider and how do they work? 

Wave Gliders are unmanned surveillance boats built by the American company Liquid Robotics.

They are used by the British and American navies to monitor the movement of submarines in hostile territories.

The boats tow sensors under water to detect vessels entering or operating in a targeted area and send messages to shore-based operators via satellite.

During a mission to patrol the waters around the Pitcairn Islands, the Wave Glider successfully intercepted and collected data on three vessels whose AIS signatures were unavailable.

A new Wave Glider was released in 2019.

Dave Allen, Chief Executive Officer, Liquid Robotics said at the time: 'Over the years our customers’ missions have grown in complexity and scale, operating in one of the most challenging environments on Earth – the ocean. 

'In response we’ve continued to raise the bar for unmanned surface vehicles. 

'We’ve poured 12 years of lessons learned into this newest Wave Glider to ensure we can meet and exceed our customers’ mission demands.' more

 

Former Police Officer Jailed for Threats to Release Compromising Images

Australia - A former Portuguese police officer who installed covert cameras in his ex-partner's home and threatened to share compromising photos of her has been sentenced to four years in jail in a Brisbane court...

Prosecutor Alexandra Baker said the man, who had been a police officer in Portugal for 12 years, installed cameras covertly in his ex-partner's home and monitored her through spyware on her phone.

Ms Baker said the cameras made more than 4,500 recordings, including some of the woman in states of undress, and Marques Malagueta had threatened to release sensitive images...

The court heard Marques Malagueta was likely to be deported. more

In Other News...

Electric shocks to the tongue can quiet chronic ringing ears...

Tinnitus—a constant ringing or buzzing in the ears that affects about 15% of people—is difficult to understand and even harder to treat. Now, scientists have shown shocking the tongue—combined with a carefully designed sound program—can reduce symptoms of the disorder, not just while patients are being treated, but up to 1 year later.

It’s “really important” work, says Christopher Cederroth, a neurobiologist at the University of Nottingham, University Park, who was not involved with the study. The finding, he says, joins other research that has shown “bimodal” stimulation—which uses sound alongside some kind of gentle electrical shock—can help the brain discipline misbehaving neurons. more

Physical Security's 15 Greatest Hits

When it come to corporate espionage, many tricks are available for getting around your security measures. We can alert you to them. Our counter espionage survey can identify the weak spots in your organization’s physical and information security efforts and make recommendations to remediate them. 

The following video demonstrates bypass techniques from physical security professionals Brent White at WeHackPeople.com, and Deviant Ollam, and Rob Pingor of RedTeam Alliance.

  

Physical security is important to any business or government organization. Even though an organization has taken all the security measures possible, corporate spies know how to bypass many of them.

The first line of defense for any secure building or office is the door. Many of these are controlled by card-key access controlled locks. Exiting is often automated using an IR or infrared door lock release sensor. Unfortunately, many common security measures are simple for spies to circumvent. more

Apple T2 Security Chip Has Unfixable Flaw

Intel Macs that use Apple's T2 Security Chip are vulnerable to an exploit that could allow a hacker to circumvent disk encryption, firmware passwords and the whole T2 security verification chain, according to team of software jailbreakers.... 

On the plus side, however, it also means the vulnerability isn't persistent, so it requires a "hardware insert or other attached component such as a malicious USB-C cable" to work. more 

Malicious USB cables are the latest, and arguably the most insidious, threats on the corporate information security landscape. Every USB cable on premises, and those being used elsewhere by employees, needs to be vetted for authenticity. Security directors are enlisting the aid of technical counterespionage consultants to perform this task.

The Story of the Murray Associates Logo

“Does the logo have a meaning, or is it just a nice design?”

The logo does indeed have meaning. It was inspired by my college textbook. I saw the dots as information in motion, and the rings as protection.

• Blue dots are information.
• The red ring is protection.
• The gray ring represents the many unknown forces trying to steal the information.

Simple… and not inspired by a department store, shooting targets, or a brand of cigarette. Just my design inspired by a book which taught me a lot.

Another reason the shape is appealing is that circles represent comfort, safety, warmth—exactly how I want to make our clients feel.

The logo seems counter-intuitive for a security firm. It goes against the norm… swords, shields, lightning bolts, birds of prey; symbols seen in most security logos. People forget, strong and harsh symbols are used by governments. They are meant to inspire warriors and intimidate enemies. Clients are not enemies.

The way we use the logo behind the company name is also intentionally symbolic, in a subliminal way. It’s the “rising sun” look; used to invoke that upbeat feeling you get when your problems are solved… sing-a-long ~Kevin D. Murray

Dumb Cyber Attack – Hacker Receives Our Darwin Award

...the hacker responsible for this attack on a luxury goods company which happened back in 2018 but has just been revealed by Max Heinemeyer...

The luxury goods business had installed ten fingerprint scanners so as to restrict access to warehouses in an effort to reduce risk. "Unbeknown to them," Heinemeyer continues, "an attacker began exploiting vulnerabilities in one of the scanners. In perhaps the weirdest hacker move yet, they started deleting authorized fingerprints and uploading their own in the hope of gaining physical access."

The AI brain picked this up because one scanner was behaving differently than the others, meaning the security team became aware of the attack within minutes. And, of course, had some pretty conclusive evidence to provide to law enforcement. more

Best Business Espionage Article of the Year (A corporate executive must read.)

The Espionage Threat to U.S. Businesses

By Bill Priestap, Holden Triplett

Many authoritarian governments are doing everything they can, including using their spy services, to build successful businesses and grow their economies. Indeed, even some nonauthoritarian governments are taking this approach. The reason for this is simple: A large number of nation-states view privately owned companies within their jurisdictions as extensions of their governments. They support and protect the companies as if those entities were integrated parts of government...

(Main Points)

• U.S. companies must understand that in many cases they are no longer simply competing with corporate rivals. They are competing with the nation-states supporting their corporate rivals—nation-states with enormous resources and capabilities and with very little restraint on what they will do to succeed.
  
  
• U.S. businesses are decidedly not supported by U.S. government spy agencies. For this reason, they are often competing on an uneven playing field.
   
• Exacerbating the problem is the fact that businesses and investors are woefully unprepared for this new environment.
  
  
• Intelligence and the art of spying are no longer constrained to the government sphere. While spy tools and tactics are more readily available, what is truly driving this proliferation is the intelligence realm’s shift in focus from government to businesses.
  
  
• In addition, most companies are focused too myopically on strong cybersecurity as a panacea for spying. Of course, cybersecurity is extremely important, but it protects only one vector by which a nation-state could spy on and subsequently loot a company.
   
• If businesses want to protect their assets, then developing an understanding of spies and their activities should become standard practice for business leaders and investors today.
   
• Spy services may also target a business via its partners and vendors, so it is equally important to shield those entities from potential attack or attempted exploitation.
   
• Understanding and mitigating the activities of spies must become standard practice for business leaders. And if investors don’t see companies doing this, they should hold onto their money—tightly. more
  

The Modern Detective: How Corporate Intelligence Is Reshaping the World (book)

More than thirty thousand private investigators now work in the United States, Maroney reports in his new book, “The Modern Detective: How Corporate Intelligence Is Reshaping the World” (Riverhead). 

They engage in a dizzying variety of low-profile intrigue: tracking missing people, tailing cheating spouses, recovering looted assets, vetting job applicants and multibillion-dollar deals, spying on one corporation at the behest of another*, ferreting out investment strategies for hedge funds, compiling opposition research. 

Contemporary private eyes, Maroney explains, are often “refugees from other industries,” including law enforcement, journalism, accounting, and academia. 

One hallmark of the business is discretion—like spy agencies, private eyes must often keep their greatest triumphs secret—so it is notable that Maroney would write a book like this. In a disclaimer, he says that he has had to change names and alter some details, presumably to protect client confidentiality. But “The Modern Detective” is not an exposé. It is part memoir, part how-to guide, a celebration of the analytical and interpersonal intelligence that makes a great investigator. more

*Counterespionage is also being done.

Today's Spy Stories

The Spanish judge presiding over the trial of a security firm owner apparently hired to spy on jailed Wikileaks publisher Julian Assange has sent a request to the US Department of Justice for an interview with Zohar Lahav, the Israeli-American vice president for executive protection at Las Vegas Sands. more

The Greek authorities have "prepared a case file that includes the offenses of forming and joining a criminal organization, espionage, violation of state secrets, as well as violations of the Immigration Code against a total of 35 foreigners," reported Greek news agency ANA-MPA... more

A bug recently found in the coding of the Instagram app could give hackers easier access to try to spy on you. more

These days, many people consider their cars to be their safe havens-their sanctuary. Did you know that your car is actually spying on you? You probably already know your phone, your computer, heck, even some running shoes, are constantly collecting and storing information about you. Most of today’s vehicles are doing it, too. Most newer model vehicles collect data and send it wirelessly and surreptitiously to the vehicle manufacturer. more  sing-a-long

Is it time to start spying on your employees? more 

Conspiracy theories are common on social media; in the field of technology, the biggest of recent years proposed that 5G will kill you (it won't). But now Apple and iOS 14 have acquired a viral conspiracy theory of their own...claims that iOS 14's new home screen widgets - specifically the Widgetsmith and Color Widgets apps - contain keyloggers that read everything you type and steal your passwords. more

No Oversight, No Limits, No Worries: A Primer on Presidential Spying and Executive Order 12,333 more

Miss Universe Thailand contestants find a ‘spy’. Another beauty queen came under the spotlight on Monday after the manager of Miss Universe Thailand favourite Chayathanus ‘Cheraim’ Saradatta was found to be doubling up as an employee of the organising company. more

Why Private Eyes Are Everywhere Now - Private investigators have been touted as an antidote to corruption and a force for transparency. But they’ve also become another weapon in the hands of corporate interests. more

International Association of Professional Security Consultants (IAPSC) NEWS - Opt In

The bi-monthly IAPSC News (emailed) is full of the latest security news, webinar offerings, and product updates.  

It comes to you in one easy to read email. Nothing you need to know will slip by you. 

Best of all, it is FREE. No obligation. Cancel any time. Just click here to opt-in. 

Extortionography: Executives Recorded Bragging of Cozy Government Relationships

Top executives hoping to blast open North America's largest gold and copper mine were secretly recorded describing in detail their cozy influence over US lawmakers and regulators. 

They also revealed their intentions to go far beyond what they were saying on applications for federal permits to work near the headwaters of Bristol Bay, Alaska -- one of the last great wild salmon habitats left on Earth.

"I mean we can talk to the chief of staff of the White House any time we want, but you want to be careful with all this because it's all recorded," said Ron Thiessen, CEO of Northern Dynasty Minerals, of official communications to the White House, as he himself was recorded unknowingly. "You don't want to be seen to be trying to exercise undue influence." more

What is Extortionography? You need to know. 

Ring's New Drone Camera - George Saw This Coming

Amazon’s Ring surveillance platform announced a new line of products, including a drone with a camera designed to fly around your home, that would expand its surveillance network beyond the Ring doorbell camera...

The Always Home Cam and a new line of Ring security cameras for cars are set to launch next year: the Car Cam, Car Alarm, and Car Connect platform... 

The biggest concern, however, is about where surveillance footage will end up...

Ring claims the surveillance drone will be autonomous but that users can direct paths for it, have it occupy specific parts of your home, and have it respond to alerts from the Ring surveillance network...

Last year, hackers broke into multiple Ring cameras thanks to a particularly porous security system.  more

Ventitillation

NJ - Additional charges have been filed against an HVAC technician from West Deptford for allegedly spying on students in a school bathroom. Gregory Mahley is now facing 20 additional counts for spying on students at Cape May County Technical High School in 2013 and 2014.

Earlier this month, Mahley was charged for secretly recording girls in the bathroom at Glen Landing Middle School in Gloucester County.

Mahley allegedly positioned mirrors in stalls to create a view from an overhead air conditioning vent. more

If there's something strange In your neighborhood, who you gonna call?

For 18 months, residents of a village in Wales have been mystified as to why their broadband internet crashed every morning... Then local engineer Michael Jones called in assistance...

 (Note: For a faster tracker, call a TSCM'er.)

Engineers used a device called a spectrum analyzer and walked up and down the village "in the torrential rain" at 6 a.m. to see if they could locate an electrical noise, Jones said in a statement. 

"The source of the 'electrical noise' was traced to a property in the village. It turned out that at 7 a.m. every morning the occupant would switch on their old TV which would in-turn knock out broadband for the entire village." more | sing-a-long | TSCM'er

TSCM Nerd Corner News

• U.S. Army scientists at the CCDC Army Research Laboratory (ARL) have developed a first-of-its kind antenna that could change how ground vehicles and airborne systems communicate, transmit and receive radio frequency signals. The Army used a manufacturing process based on a special class of engineered materials known as metaferrites to make an ultra-thin wideband antenna. The antenna conforms to curved surfaces, making it ideal to integrate into unmanned aircraft systems, rotary wing aircrafts and ground vehicles. more
  
  
• Of ever-increasing concern for operating a tactical communications network is the possibility that a sophisticated adversary may detect friendly transmissions. Army researchers developed an analysis framework that enables the rigorous study of the detectability of ultraviolet communication systems... In particular, ultraviolet communication has unique propagation characteristics that not only allow for a novel non-line-of-sight optical link, but also imply that the transmissions may be harder for an adversary to detect. more
  
  
• Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication more
  
  
• Groundbreaking new material 'could allow artificial intelligence to merge with the human brain' more

iRobot Picked the Wrong Person to Roomba With!

One of our Blue Blaze irregulars alerted us to some slick social engineering.

He recently purchased an iRobot Roomba 960 Robot Vacuum Cleaner. He writes...

"What is "odd" is that when we first bought the thing we didn't have any screens requiring registration. Then about two weeks later the entire user interface changed that required registration. 

These two screens were strategically placed among "required information" even though this information was not mandatory. If you weren't paying attention you'd fill this out. Clever!"

I had a look at their Privacy Policy. Dig deep enough and you find this...

Some of our Robots are equipped with smart technology which allows the Robots to transmit data wirelessly to the Service...

• When you register your Robot with the online App, we collect information about the Robot, such as a Robot name (how cute) and device number, and information about the Robot and/or App usage (reveals when might you not be home), such as battery life and health.

• Certain Robot models are equipped to collect information about the environment in which the Robot is deployed. For example, the Robot collects information about the level of dirt detection and the Wi-Fi signal strength in each location and information about its movement throughout the environment to create a location ‘map’ of the Robot’s domain and the existence and type of objects (chair, desk, fridge etc.) or obstacles encountered.

 

Security Issues

1. Do you really want a map of your home and belongings sent who-knows-where?
2. Do you really want someone to know all your router information and password which connects to one of their apps on the internal side of your firewall?
3. What happens when their database gets hacked?
   

I am guessing you don't. I'm also guessing you didn't know this was going on in the Internet-of-Things.

Ah, for the good old Jetson days when robots only talked to themselves.

How to Detect Malicious USB Cables

A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions...

The worst malicious cables take control of a user’s cell phone, laptop, or desktop...

We purchased and tested several malicious USB cables. From what was learned during these tests our technical staff developed several new inspection protocols.

 more

Can’t identify the bugged cable?
No worries. You can’t tell just by looking, even we can’t.
That’s why we put a small black mark on it.
It is Cable 3.

Apple's iOS 14 Now Alerts You To Eavesdropping & Spycam'ing

Any time an app access your microphone, a little amber dot will appear in the status bar, over by where the Wi-Fi and cellular connection symbols are. 

When an app access the camera, a green dot will appear. 

These are fairly universally understood as “recording” lights and they will clearly point out when an app you’re using is accessing the camera or microphone at times it shouldn’t.

Just since the release of the iOS 14 beta, the lights have already revealed sketchy behavior in several apps that have gone on to promise updates to fix the “bugs.” (good word to use)

This and six other new privacy features can be found here... more

Flashback - July 1988 - Eavesdropping in America

 July 1988 - Eavesdropping in America

A podcast before there were podcasts. Ted was way ahead of his time.

Two FREE Security Book Offers for Potential Clients

Free books are a great way to get to know who you are dealing with, before you decide to deal with them!

---

While international travel has come to a screeching halt due to COVID-19, the threat of economic and industrial espionage continues to proliferate. 

In fact, due to the global pandemic, intellectual property (IP) and business intelligence (BI) is more valuable than ever to foreign governments and business competitors, looking to gain an economic advantage in the marketplace. 

Among Enemies: Counter-Espionage for the Business Traveler, by Luke Bencie, is a valuable textbook. It should be read by, "corporate executives, defense contractors, lawyers, academics, military personnel, diplomats and virtually anyone else who travels with important information, how to protect their themselves and their interests."

It has a 4.4 out of 5 star rating on Amazon, and 25 excellent reviews. You may purchase a copy there. Visit Luke's website (smiconsultancy.com/) first. If his services can help your organization, request a complimentary copy.

---

This informative bundle should also be on every security director's desk...

Is My Cell Phone Bugged?: Everything You Need to Know to Keep Your Mobile Conversations Private (Coincidentally, This book also has a 4.4 out of 5 star rating on Amazon, and 25 excellent reviews.)

The Security Director's Guide to Discussing TSCM with Management

Both are available to Murray Associates potential clients. Complimentary. No obligation. No follow-up sales call unless you request it.

Visit counterespionage.com to learn how to detect and deter electronic surveillance and corporate espionage. Click here to request you complimentary bundle.

Accurate knowledge is the first step in protecting your privacy and valuable information. Contact us through our websites, today.  (offer expires 10/31/2020)

Security Director Alert - Information Technology, Government, Healthcare, Financial, Insurance, and Media Sectors

via counterespionage-news.com

Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are aware of a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States.

The threat actor conducts mass scanning and uses tools, such as Nmap, to identify open ports. Once the open ports are identified, the threat actor exploits CVEs related to VPN infrastructure to gain initial access to a targeted network.

After gaining initial access to a targeted network, the threat actor obtains administrator-level credentials and installs web shells allowing further entrenchment. After establishing a foothold, the threat actor’s goals appear to be maintaining persistence and ex-filtrating data. This threat actor has been observed selling access to compromised network infrastructure in an online hacker forum. more

Make Google Street View Myopic When it Looks at Your Home

Google Street View offers up a window to the world in all its bizarre, intimate, and often raw glory. That window just so happens to peek into your home, as well. What that peek reveals may be more than you've bargained for — think views into bedroom windows, potential fodder for stalkers, and more.

Thankfully, there is something you can do about it. Specifically, you can ask Google to permanently blur your house out — leaving only a smeared suggestion of a building in its place. The entire process is surprisingly easy...

Here's what you do:

1. Go to Google Maps and enter your home address

2. Enter into Street View mode by dragging the small yellow human-shaped icon, found in the bottom-right corner of the screen, onto the map in front of your house

3. With your house in view, click "Report a problem" in the bottom-right corner of the screen

4. Center the red box on your home, and select "My home" in the "Request blurring" field

5. Write in the provided field why you want the image blurred (for example, you may be concerned about safety issues)

6. Enter in your email address, and click "Submit"

And, when you're done with that, do the same thing on Bing Maps (the process is surprisingly similar). more

Centerfold's Drowning Prompts Police to Probe Possible Spying Mission

A Playboy model from Russia drowned during a photo shoot in proximity of a major European NATO base prompting police to investigate whether it was a cover for a secret spying mission, according to reports.

The naked body of Galina Fedorova, 35, was discovered by coast guards after she and her photographer swam in the Mediterranean Sea off Sardinia, officials told Agence France-Presse (AFP).

Police then interrogated Yev Taranovs, a 42-year-old British photographer.

His cameras and a drone used during their shoot were confiscated, according to the UK newspaper The Sun.

“There is interest in the drone footage as this happened very close to a NATO firing range,” a police source told the paper of one of Italy’s largest military bases on the Teulada coastline. “We have to make sure the assignment was not a cover for a spying mission.” more

Could the "spying mission" explanation be a cover for examining the drone footage?

Australia's IoT Code, or "No worries, mate, she'll be right."

The Australian government has introduced a new code of practice to encourage manufacturers to make IoT devices more secure. 

The code provides guidance on secure passwords, the need for security patches, the protection and deletion of consumers' personal data and the reporting of vulnerabilities, among other things.

 The problem is the code is voluntary. Experiences elsewhere, such as the United Kingdom, suggest a voluntary code will be insufficient to deliver the protections consumers need.

Indeed it might even increase risks, by lulling consumers into a false sense of security about the safety of the devices they buy. more

Judge Rules for Plaintiffs Spy Camera Case

PA - Two State College-area residents have won part of their federal suit against a Massachusetts man accused of placing spy cameras in the apartment they shared...

Crust, Edelstein and Knutrud, all former Penn State students, knew each other for about two years before August 2017 when they began sharing an apartment on West Aaron Drive in Ferguson Twp.

As a Christmas gift that year, Knutrud gave them a DVD player that he installed at the foot of their bed.

Edelstein became suspicious because Knutrud would take the player to his upstairs bedroom at times.

Crust and she disconnected it but they claim Knutrud plugged it back in and aimed it at their bed.

They also accused him of installing devices capable of capturing and storing audio, video and still images throughout the apartment including the bathroom.

Brann’s opinion states Knutrud captured Crust and Edelstein in various state of undress and while engaging in sex acts.

He also is accused of accessing and storing 27 nude or partially nude photograph of her she had stored on her Apple iCloud account.

(And now, The Darwin Award) The recording equipment on one occasion captured Knutrud in the bedroom sniffing Edelstein’s undergarments, Brann noted. more

Electronic Surveillance Countermeasures (TSCM) are in More Budgets These Days

CA - Modesto has allocated as much as $700,000 over the next two years for law firms and private investigators...

Modesto issued what is called a Request for Proposals to seek law firms and investigators for this work. 

The request asked for such services as “surveillance, investigative research, interviews, background investigations, undercover investigations, people locates, Internet & E-mail tracing, computer examinations as well as electronic surveillance countermeasures,” according to the RFP. more

Read more here: https://www.modbee.com/news/local/article245640555.html#storylink=cpy

Make sure they are not in your business.
Conduct periodic TSCM inspections.

Read more here: https://www.modbee.com/news/local/article245640555.html#storylink=cpy

China Looks To Build Espionage Hub In Iran Under 25-Year Deal

The next phase of the 25-year deal between China and Iran will focus on a large-scale roll-out of electronic espionage and warfare capabilities focused around the port of Chabahar and extending for a nearly 5,000 kilometer (3,000 mile) radius, and the concomitant build-out of mass surveillance and monitoring of the Iranian population, in line with the standard operating procedure across China, senior sources close to the Iranian government told OilPrice.com last week. 

Both of these elements dovetail into Beijing’s strategic vision for Iran as a fully-functioning client state of China by the end of the 25-year period.

By that time, Iran will be an irreplaceable geographical and geopolitical foundation stone in Beijing’s ‘One Belt, One Road’ project, as well as providing a large pool of young, well-educated, relatively cheap labor for Chinese industry. 

The mass surveillance, monitoring, and control systems to cover Iran’s population is to begin its full roll-out as from the second week of November...

“The plan is for nearly 10 million extra CCTV [closed-circuit television] cameras to be placed in Iran’s seven most populous cities, to begin with, plus another five million or so pinhole surveillance cameras to be placed at the same time in another 21 cities, with all of these being directly linked in to China’s main state surveillance and monitoring systems,” said an Iran source. “This will enable the full integration of Iran into the next generation of China’s algorithmic surveillance system that allows for the targeting of behavior down to the level of the individual by combining these inputs with already-stored local, national, and regional records on each citizen, together with their virtual data footprints,” he said. more

 

Law Enforcement's Love Hate Relationship with Video Doorbells

Ring Doorbell Helps Kalamazoo Police Find Home Invasion Suspects more

FBI Worried That Ring Doorbells Are Spying on Police more

Drive-by Shooting Caught on Ring Doorbell Camera in Detroit more 

Video Doorbell Devices Poses Risk to Law Enforcement more

Amazon Ring Police Partnerships Rise Nationwide more

Report: U.S. Could Counter Un-Democratic Uses of Surveillance Tech

The U.S. government should take a more active role in responding to the use of surveillance technology by authoritarian and repressive nations such as China, according to a new report.

The Center for New American Security published a report Thursday outlining steps the U.S. government should take to ensure surveillance technologies do not become abusive. The report suggests federal agencies, including the State Department and the Defense Advanced Research Projects Agency, should research and fund the development of technology solutions that would preserve users’ data privacy. more

A Brief History of Chinese-American Espionage Entanglements

Since the establishment of the People's Republic of China in 1949, intelligence services in both Beijing and Washington have vied to uncover secrets in one another's countries, and to safeguard their own secrets, in pursuit of military, economic, and technological advantage. 

Many bona fide spies on both sides have been caught; many innocents have been unfairly implicated. What follows is a brief history of key events in this conflict.

1950 - Qian Xuesen, co-founder of the Jet Propulsion Laboratory and professor at Caltech, is stripped of his security clearance for alleged connection to the communist party. Qian, who had questioned Nazi rocket scientists on behalf of the U.S government after World War II and worked on the Manhattan project, resigns from Caltech and asks to leave the US for China, at which point he is held under house arrest for five years. 

In 1955 the US deports him and Qian is greeted as a hero in China and goes on to become the father of Chinese rocketry, helping jumpstart China’s space and missile programs. No substantive evidence has ever been released that he was a Chinese spy. Deporting Qian was “the stupidest thing the country ever did” according to Dan Kimball, Undersecretary of the Navy at the time of Qian’s arrest. more

Employer Best Practices For Monitoring Remote Devices

It is generally known that individuals have reduced privacy rights for work-related activity than they have in their personal lives, and that these reduced privacy rights extend to devices owned or provided by their company.

As just one example, consider the federal Electronic Communications Privacy Act, or ECPA, which permits employers to: 

(1) monitor employees' oral and electronic communications to the extent that they relate to a legitimate business purpose;
(2) monitor any communications for which the employee has provided consent; and
(3) access emails that are stored by the employer.

All of these exceptions decrease an individual's privacy rights and reasonable expectation of privacy in work-related matters. However, is "exceptions" the correct word? Exceptions to what? Does this reference a specific privacy law or privacy rights in general? 

(The short version.) Ultimately then, the best practice for employees is to keep work and personal devices and communications entirely separate even in COVID-19 times. more

Spy Quote of the Week

"I'm sorry if this is news to you, but not all Australians are the good guys."

Rachel Noble, the head of Australia's top foreign cyber-intelligence agency says spying on some Australians is essential because authorities are in a "near-impossible game" to defeat terrorism and espionage. more

True in any country...

A senior French military officer stationed at a NATO base has been indicted and detained on suspicion of spying for Russia, local media and legal sources said on Sunday. more

The Stress of Being a Professional Spy

A top CIA spy killed himself in front of his wife, whom he wanted to take to the “afterlife”... Anthony Schinella, 52, the national intelligence officer for military issues, shot himself in the head outside his Arlington home...

“My husband was planning on murdering me. He had talked about taking me to the afterlife before,” Washington, DC-based journalist Sara Corcoran, 46 — who had only recently married Schinella.

“We would often watch documentaries on Egypt, Valley of the Kings, pharaohs. He had a love of Egypt, he spent a great deal of time in the Middle East, he spent several years living in Bahrain,” she told the outlet. 

Corcoran told the Sun she believes her late husband — who was just weeks away from retirement after a 30-year career in the CIA — had been suffering from stress after being involved in four wars.

Corcoran said she believes her husband had been planning to blow up their home. more

This Week in Spycam News

Thailand - A school director has been moved to an inactive post pending an investigation into a video showing him placing a camera in the toilet of a pub in this northeastern province. more

 ID - A federal grand jury has indicted a Rigby man on 17 charges after he was arrested last year for video voyeurism...Jefferson County Sheriff’s deputies learned that a woman had discovered videos of a 14-year-old girl in the shower on Boam’s phone. Additionally, the woman stumbled upon a video of herself showering on the phone, according to an affidavit of probable cause. more

Singapore - NTU student caught trying to film hall mate showering. When confronted, suspect allegedly claimed it was his first time and he was just being 'playful and curious'. more

MI - Police were called to the Aqua-Tots after a woman complained she saw a recording device capturing her in a changing stall and reported it to staff. Sakamoto was arrested for allegedly using a hidden camera. They found the memory card to his phone in the toilet in which they suspect he put there. more

TX - A Sevier County man faces a felony charge of video voyeurism for an alleged incident involving a female relative, according to records....a Sevier County woman reported to the Sheriff's Office that her 13-year-old female relative had found nude photos and videos of herself on the suspect's iPad...The girl told police she often got dressed in her closet. She reported that she was bending over to pick up some clothes when she noticed the iPad on a shelf and that it was recording. The girl reported that she stopped the recording and went to the recently deleted videos, where she found a video of herself changing clothes. more

UK - A woman was undressing after finishing her shift when she noticed an LED light shining from a shoe which had been placed in the next cubicle in the mixed gender locker room. She then discovered a small black camera attached to a long cable and yanked it towards her, before it snagged. The horrified supermarket worker found the peeping Tom cowering in a nearby locker and demanded his phone. more

LA - A onetime Assumption Parish political candidate and local business leader has been arrested for a second time in three months on video voyeurism counts. more

AR - Dillon Dooms, 35, is accused of hiding cameras inside his studio and videotaping unsuspected models changing their clothes... While changing clothes, the woman noticed a USB charging port with a small, pin-point-style lens on it. She inspected the device and found that it was a video camera with a micro SD card inside. According to the report, she found three other hidden cameras in the studio. She was only able to retrieve one of the SD cards from the cameras. The woman took the SD card to Fayetteville Police. Dooms was interviewed by investigators a few days later. more

The epidemic continues. Learn how to spot spycams.