"Anybody can be a spy now."
– Todd Myers, President, Computer Sights
As a private investigator, Jim Bender has tracked everything from straying spouses to strung-out trust-fund babies - sometimes following them for days at a time.
But thanks to an innovative GPS device the size of a matchbox, he can now stake out a cheating husband without leaving his Fort Lauderdale office. Or, as he has done the last few weeks, help a major company figure out who is draining the diesel fuel from its big rigs.
Technological advances have revolutionized the surveillance business, making devices smaller, cheaper and more effective than ever. And not just for professional snoops like Bender, but for everyday people. (more)
Tuesday, May 13, 2008
Sunday, May 11, 2008
"Watch the donut, not the hole."
NY - Police arrested a Kings Park Dunkin' Donuts employee at 10:26 pm last Thursday for allegedly setting up an illegal surveillance camera in the shop's women's bathroom.
Danish Qureshi, 25, of Huntington Station, an employee of the Dunkin' Donuts at 101 Pulaski Road in Kings Park, allegedly installed a wireless pinhole surveillance camera in the women's bathroom, according to police. Qureshi was using his wireless laptop computer to observe occupants of the bathroom while he was sitting in his nearby vehicle, police claim.
An area resident who owns similar surveillance equipment called police after he intercepted the signal and observed the bathroom on his television, Suffolk police reported. (more)
Danish Qureshi, 25, of Huntington Station, an employee of the Dunkin' Donuts at 101 Pulaski Road in Kings Park, allegedly installed a wireless pinhole surveillance camera in the women's bathroom, according to police. Qureshi was using his wireless laptop computer to observe occupants of the bathroom while he was sitting in his nearby vehicle, police claim.
An area resident who owns similar surveillance equipment called police after he intercepted the signal and observed the bathroom on his television, Suffolk police reported. (more)
Friday, May 9, 2008
She said the man in the gabardine suit was a spy
FB-I said "Be careful his bowtie is really a wi-fi"Next time you flip open your laptop as you wait for a flight or work at a coffee shop, beware, says the Federal Bureau of Investigation. The person next to you may be stealing your personal bank account information, address book and other files from your computer.
The agency warned earlier this week that the information on your computers may not be protected when using some of the 68,000 Wi-Fi hot spots, or local wireless Internet connections, around the country.
"Odds are there's a hacker nearby, with his own laptop, attempting to 'eavesdrop' on your computer to obtain personal data that will provide access to your money or even to your company's sensitive information," the FBI said in a advisory on its Web site.
Think that's bad, the FBI goes further to warn that if a hacker hooks into your computer, you are also connecting to his computer. That means you could be unknowingly downloading viruses and worms.
Protect yourself:
• Update the security protection on your computer with current versions of operating systems, web browsers, firewalls and antivirus and anti-spyware software.
• When tapped into a Wi-Fi network, don't conduct financial transactions or use e- mail and instant messaging.
• Change the default setting on your laptop so you have to manually select the Wi-Fi network you connect to.
• Turn off your laptop's Wi-Fi capabilities when you're not using them. (more)
Clients... Ask us to demonstrate this during our next eavesdropping detection audit.
FutureWatch - Video Vigilantes
New Zealand - A Christchurch cul-de-sac has thwarted its boy-racer problem with secret video surveillance.Business owners and the only resident of Dalziel Place in Woolston were fed up with weekly crowds of boy racers converging on their street, doing burnouts, defacing properties and throwing bottles.
Cameras set up by a surveillance company that has its headquarters on the street captured footage of six cars and their drivers breaking the law.
The footage was passed on to police and all six drivers last week had their cars impounded for 28 days. (more)
"World's smallest" GSM bug
from the seller's web site...The PLM-JNGSMTX08 Micro GSM Listening Device is the pinnacle of GSM listening technology packed into an incredibly small package just 43 x 34 x 17mm. Just insert any SIM card, call the number and you will hear exactly what is going on in your absence.
UK customers can track its location at any time via the internet making it a compact dual purpose surveillance device. Supplied with mains charger and protective carry case. This is the ultimate micro miniature listening device! (more)
Why do I mention it?
So you know what you are up against.
Corporate Spies Killing The CIA
The CIA is having a growing problem with their analysts and spies being recruited away by corporations. One unpleasant, for government intelligence agencies, development of the last few decades has been the growing popularity of "competitive intelligence" (corporate espionage.) It's a really big business, with most large (over a billion dollars of annual sales) corporations having separate intelligence operations. Spending on corporate intel work is over $5 billion a year, and is expected to more than double in the next four years.
The corporate recruiters have a pretty easy time of it, as they can offer higher pay, better working conditions and bonuses. (more)
The corporate recruiters have a pretty easy time of it, as they can offer higher pay, better working conditions and bonuses. (more)
Wednesday, May 7, 2008
Spy Hard II
Former Peruvian President Alberto Fujimori on Monday had a minute-long laughing fit during his trial when he heard that his former military aides used to spy on him through the keyhole. (more)
JK Rowling wins privacy case over son's photo
UK - Harry Potter author JK Rowling has won her battle to ban the further publication of a long-lens photograph of her son, in a privacy case her lawyers called a major development in British law.
In a written judgment, a panel of judges upheld the appeal, a ruling which Rowling and husband Neil Murray welcomed.
"We understand and accept that with the success of Harry Potter there will be a measure of legitimate media and public interest in Jo's (Rowling's) professional activities and appearances," the couple said in a statement.
"However, we have striven to give our children a normal family life outside the media spotlight.
"We are immensely grateful to the court for giving our children protection from covert, unauthorised photography; this ruling will make an immediate and material difference to their lives." (more)
...but, if they didn't win, there was always... >Plan B<.
In a written judgment, a panel of judges upheld the appeal, a ruling which Rowling and husband Neil Murray welcomed.
"We understand and accept that with the success of Harry Potter there will be a measure of legitimate media and public interest in Jo's (Rowling's) professional activities and appearances," the couple said in a statement.
"However, we have striven to give our children a normal family life outside the media spotlight.
"We are immensely grateful to the court for giving our children protection from covert, unauthorised photography; this ruling will make an immediate and material difference to their lives." (more)
...but, if they didn't win, there was always... >Plan B<.
Tuesday, May 6, 2008
SpyCam Story #445 - More Workplace Voyeurism
Australia - Federal police (AFP) are investigating how women at SBS' headquarters in Sydney were filmed in a changing room two years ago.
The AFP told SBS management about two weeks ago they had found photos of three women on the home computer of a man who works there. It is alleged the photos were taken by a camera installed in the room in 2006.
SBS managing director Shaun Brown says the suspect has been suspended from his job.
"Clearly the AFP had in their possessions the photograph," he said.
"They obviously had the identity of the suspect, they knew where the suspect worked and they appeared to put two and two together and concluded that the offence took place on these premises." (more)
So, why did it take 2-years for the staff to be informed?
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
The AFP told SBS management about two weeks ago they had found photos of three women on the home computer of a man who works there. It is alleged the photos were taken by a camera installed in the room in 2006.
SBS managing director Shaun Brown says the suspect has been suspended from his job.
"Clearly the AFP had in their possessions the photograph," he said.
"They obviously had the identity of the suspect, they knew where the suspect worked and they appeared to put two and two together and concluded that the offence took place on these premises." (more)
So, why did it take 2-years for the staff to be informed?
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Wi-Fi FBI Spy Cry
How do hackers grab your personal data out of thin air? Supervisory Special Agent Donna Peterson of our Cyber Division said one of the most common types of attack is this: a bogus but legitimate-looking Wi-Fi network with a strong signal is strategically set up in a known hot spot...and the hacker waits for nearby laptops to connect to it. At that point, your computer—and all your sensitive information, including user ID, passwords, credit card numbers, etc.—basically belongs to the hacker. The intruder can mine your computer for valuable data, direct you to phony webpages that look like ones you frequent, and record your every keystroke.“Another thing to remember,” said Agent Peterson, “is that the connection between your laptop and the attacker's laptop runs both ways: while he's taking info from you, you may be unknowingly downloading viruses, worms, and other malware from him.”
What can you do to protect yourself?
Agent’s Peterson’s best advice is, don’t connect to an unknown Wi-Fi network. But if you have to, there are some precautions you can take to decrease the threat:
• Make sure your laptop security is up to date, with current versions of your operating system, web browser, firewalls, and antivirus and anti-spyware software.
• Don't conduct financial transactions or use applications like e-mail and instant messaging.
Change the default setting on your laptop so you have to manually select the Wi-Fi network you’re connecting to.
• Turn off your laptop's Wi-Fi capabilities when you're not using them.
(more) (How to Protect Your Computer)
SpyCam Story #444 - Workplace Voyeurism
Employer Video Monitoring of Bathrooms and Locker Rooms
by The National Workrights Institute
"Electronic monitoring is a rapidly growing phenomenon in American businesses. By recent estimates, 92% of employers were conducting some form of workplace monitoring. This rapid growth in monitoring has virtually destroyed any sense of privacy as we know it in the American workplace. As technology has proliferated in the workplace, it has become ever more penetrating and intrusive... Most invasive of all is video monitoring. Some cameras are appropriate. Security cameras in stairwells and parking garages make us all safer without intruding on privacy. But employers often install cameras in areas that are completely indefensible. Many employers have installed hidden video cameras in locker rooms and bathrooms, sometimes inside the stalls..." (more, with examples)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
by The National Workrights Institute
"Electronic monitoring is a rapidly growing phenomenon in American businesses. By recent estimates, 92% of employers were conducting some form of workplace monitoring. This rapid growth in monitoring has virtually destroyed any sense of privacy as we know it in the American workplace. As technology has proliferated in the workplace, it has become ever more penetrating and intrusive... Most invasive of all is video monitoring. Some cameras are appropriate. Security cameras in stairwells and parking garages make us all safer without intruding on privacy. But employers often install cameras in areas that are completely indefensible. Many employers have installed hidden video cameras in locker rooms and bathrooms, sometimes inside the stalls..." (more, with examples)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Who's Watching You at Work?
"Surveillance is now routine business practice among American employers, both large and small, as the cost and ease of introducing have dropped. You leave your rights at the office door every day you go to work. Most surveillance is conducted without any individualized suspicion, and personal as well as business-related information is routinely collected," explained Jeremy Gruber, legal director at the National Workrights Institute.Two-thirds of the companies included in the "2007 Electronic Monitoring & Surveillance Survey" said they monitor Internet connections. (more)
Monday, May 5, 2008
The Dawn of the VoIP Bug
"...transform the existing power lines in your home or small office into a high-speed network solution. Without running wires, PLC-185S takes advantage of your existing electrical wiring to create or extend a network environment. PLC-185S is also an ideal solution for homes or small offices where concrete walls, floors in multi-storied buildings, or other architectural barriers could inhibit a wireless signal.Just plug the PLC-185S into an electrical outlet and it can turn every electrical outlet into a possible network connection to connect to any network devices, such as wireless router, network cameras, and video servers." or VoIP bugs :) (more)
Hollywood Wiretap - Is The Pellicano Case New?
Two-bit snoops are a dime a dozen, but Hollywood wiretappers rate a four-bit litereary, literally!Enough with the alliteration.
Blow 50 cents (not literally) and tap into some deja vu by Brad Lewis. Download Hollywood Wiretap
– instantly – from Amazon.com, now.
Lessons in Wiretapping Skills
Los Angeles - The wiretapping trial of Anthony Pellicano, the accused sleuth to the stars and irrepressible eavesdropper, has offered much fodder for celebrity watchers over its two-month run... the trial, which went to the jury last week, offered arguably more for people who enjoy talk of encryption software, code-wiping booby traps or the low-tech secrets of phone company networks.
Here, through various witnesses, are a few of the disclosures:
• Wiretapping is really, really easy. And not just for the government. Anyone sitting in on the Pellicano trial (and staying awake during the telecom testimony) could walk away ready to intercept phone calls after a quick stop at Radio Shack for less than $50 in equipment... For all his wiretapping prowess, however, Mr. Pellicano could not tap cellphones.
• Phone “sweeps” offer false security. There are many companies that offer wiretap detection services. But these services are meant to pick up devices on the premises of the target. If the tap is elsewhere, they are useless...
• The person who programmed Mr. Pellicano’s wiretap software was a college dropout named Kevin Kachikian... His software incorporated an encryption algorithm, Serpent, that the government’s code-breakers have not been able to crack. Serpent, can be downloaded free...
• Mr. Pellicano bragged about his wiretapping ability and vowed that no one on earth would ever learn of it — proving that a code of silence is not too useful if you never stop blabbing about it. (more)
Here, through various witnesses, are a few of the disclosures:
• Wiretapping is really, really easy. And not just for the government. Anyone sitting in on the Pellicano trial (and staying awake during the telecom testimony) could walk away ready to intercept phone calls after a quick stop at Radio Shack for less than $50 in equipment... For all his wiretapping prowess, however, Mr. Pellicano could not tap cellphones.
• Phone “sweeps” offer false security. There are many companies that offer wiretap detection services. But these services are meant to pick up devices on the premises of the target. If the tap is elsewhere, they are useless...
• The person who programmed Mr. Pellicano’s wiretap software was a college dropout named Kevin Kachikian... His software incorporated an encryption algorithm, Serpent, that the government’s code-breakers have not been able to crack. Serpent, can be downloaded free...
• Mr. Pellicano bragged about his wiretapping ability and vowed that no one on earth would ever learn of it — proving that a code of silence is not too useful if you never stop blabbing about it. (more)
Sunday, May 4, 2008
Eavesdropping Movie - "Monte Rouge"
Title: Monte RougeWriter/Director: Eduardo del Llano
Time: 15 minutes
Plot: Electronic eavesdropping.
Setting: Cuba.
Humor: Dark, subtle; like Monte Rouge.
"...two plain-clothed security agents knock at the door of a young man, Nicanor O'Donell.
"Good morning, my name is RodrÃguez. This is comrade Segura," they tell him. "We're here to install the microphones."
"Our mission is to install microphones in your home to listen directly to the anti-governmental comments you make," the SDE (state security) agent says.
Nicanor can't believe. To him it is a bad dream or a bad joke.
The agents explain that they run a pilot scheme to make their work "more inclusive." No longer will the SDE break in to the houses of suspects to place microphones, they will just knock on the door and ask the house owner to let them install them. All in the name of "more openness."
In exchange they ask that Nicanor accepts the "obvious limitations" of having only two microphones placed in the house (one in the bathroom). And, to ensure that all subversive conversations are held in that place, offering to install a free mini-bar in the bathroom to get guests to go there for these conversations.
In a mild mannered conversation (with some dark undertones), they explain they know all about him: his black market dealings (exchanging a table from a museum with a guard of the museum for a VCR), the conversations he has had with friends in bars, ... The say he was selected for this test program because of his "excellent analysis" that goes beyond "more bitching" (and the fact that he lived close to the station while they had no access to a car).
They also ensure him that the devices are independent of the electricity grid (Cuba is known for its blackouts) as it "hardly would make sense to make eavesdropping dependent of the electricity." The young man is also warned that it is known to them that he also makes some positive comments about Cuba, but that he is to refrain from that "crap" as doesn't interest them and is a waste of their time.
The author stresses that he did not mean to indict Cuba's state security system, he just wanted to create and describe an present absurd Kafkaesque situation. He succeeded.
In Cuba and abroad there is a lot of speculation that del Llano and the other participants in Monte Rouge, could face reprisals for the irreverent clip. Let's hope that the popularity of the clip will protect them."
(en español: video Part 1 video Part 2)
Saturday, May 3, 2008
Spy Agency’s Eavesdropping Rose Last Year
S. Korea - The Broadcasting and Communications Commission (BCC) said Thursday that the number of eavesdropping requests from the spy agency and police last year was the highest since 2004, while the number of cases of e-mail monitoring and caller identification also rose.
Telephone companies allowed the National Intelligence Service (NIS), police officials and prosecutors to tap 1,142 phone calls last year, up from 1,062 cases in 2006. Most of the requests were from the NIS, the spy agency.
The number of caller identification requests from investigation authorities also increased by more than 20 percent to 183,659 cases from 150,743, the BCC said. E-mail monitoring rose 28.9 percent to 326 cases.
Furthermore, the actual number of eavesdropping cases can be higher than the released figure since multiple requests on a single case are counted as one, the BCC said. (more)
Telephone companies allowed the National Intelligence Service (NIS), police officials and prosecutors to tap 1,142 phone calls last year, up from 1,062 cases in 2006. Most of the requests were from the NIS, the spy agency.
The number of caller identification requests from investigation authorities also increased by more than 20 percent to 183,659 cases from 150,743, the BCC said. E-mail monitoring rose 28.9 percent to 326 cases.
Furthermore, the actual number of eavesdropping cases can be higher than the released figure since multiple requests on a single case are counted as one, the BCC said. (more)
SpyCam Story #443 - Reality YOU tube
Reporter Tom Regan of ABC News' Atlanta station, WSB-TV, investigated how video cameras may be providing an unwelcome window into your private life.
From a baby's nursery, to a restaurant, to an office, private scenes proved shockingly easy to eavesdrop on with minimal equipment in a recent WSB-TV outing.
Regan's team bought a $100 rearview camera from a local auto parts store, installed it in an S.U.V. and simply drove around. They were amazed by the images picked up by the wireless monitor that came with the rearview camera... (more with video report)
And so, our list of residential snitch devices grows longer...
• 1960's - AM wireless intercom systems.
• 1970's - FM wireless intercom systems.
• 1980's - Cordless telephones.
• 1990's - Wireless audio baby monitors.
• 2000's - Wireless TV baby/security monitors.
What ABC News didn't mention is that professional burglars have taken advantage of these technologies for over 50 years. Their latest tool is a sensitive, compact video scanner.
Friday, May 2, 2008
SpyCam Story #442 - Webcam Hijack Warning
Experts at SophosLabs™, are warning computer users about the importance of properly securing PCs, following news that a man who allegedly used computer malware to prey upon young women has been charged in Canada.
According to media reports, 27-year-old Daniel Lesiewicz has been charged with using spyware to take over the webcams of women as young as 14 and coerced them into posing naked for him. (more)
According to media reports, 27-year-old Daniel Lesiewicz has been charged with using spyware to take over the webcams of women as young as 14 and coerced them into posing naked for him. (more)
PIs and Bug Creators Jailed for Industrial Espionage
An Israeli firm of private investigators has been rapped for using spyware to steal sensitive information.
According to reports, four members of the Israeli Modi'in Ezrahi private investigation company have been sentenced after being found guilty of using a Trojan horse to steal commercial information.
The Trojan, which was designed and marketed by London-based couple Michael and Ruth Haephrati, was said to have been used by a number of different private investigation firms to spy on companies including the HOT cable television group and Rani Rahav PR agency.
Another alleged victim was Champion Motors, which imports Audi and Volkswagen vehicles. (more)
A married couple accused of using computer worms to conduct industrial espionage has received jail terms of four and two years after pleading guilty in an Israeli court.
Ruth Brier-Haephrati, 28, and her husband Michael Haephrati, 44, were also ordered to pay damages of two million shekels (£245,000) to their victims. (more)
According to reports, four members of the Israeli Modi'in Ezrahi private investigation company have been sentenced after being found guilty of using a Trojan horse to steal commercial information.
The Trojan, which was designed and marketed by London-based couple Michael and Ruth Haephrati, was said to have been used by a number of different private investigation firms to spy on companies including the HOT cable television group and Rani Rahav PR agency.
Another alleged victim was Champion Motors, which imports Audi and Volkswagen vehicles. (more)
A married couple accused of using computer worms to conduct industrial espionage has received jail terms of four and two years after pleading guilty in an Israeli court.
Ruth Brier-Haephrati, 28, and her husband Michael Haephrati, 44, were also ordered to pay damages of two million shekels (£245,000) to their victims. (more)
The Essential Guide to VoIP Privacy
What you need to know about protecting the privacy and confidentiality of IP phone calls.
People generally assume that their private phone calls are just that: private. VoIP users, however, shouldn't take privacy for granted. (neither group should)
The problem with most VoIP calls is that they travel over the Internet, a very public network. This means that calls are vulnerable to snooping at various points throughout their journey. And even private-network VoIP calls can be tapped if access can be gained to the physical wiring.
As a result, business competitors, employees, criminal gangs, tech hobbyists and just plain snoops can all listen in to a business's outgoing and incoming VoIP calls. All that's needed is a packet-sniffing program, easily downloaded from the Internet, and perhaps a tiny piece of hardware to tap into a physical wire undetectably.
But the news isn't all bad. Methods and systems are available to safeguard VoIP traffic... (more)
People generally assume that their private phone calls are just that: private. VoIP users, however, shouldn't take privacy for granted. (neither group should)
The problem with most VoIP calls is that they travel over the Internet, a very public network. This means that calls are vulnerable to snooping at various points throughout their journey. And even private-network VoIP calls can be tapped if access can be gained to the physical wiring.
As a result, business competitors, employees, criminal gangs, tech hobbyists and just plain snoops can all listen in to a business's outgoing and incoming VoIP calls. All that's needed is a packet-sniffing program, easily downloaded from the Internet, and perhaps a tiny piece of hardware to tap into a physical wire undetectably.
But the news isn't all bad. Methods and systems are available to safeguard VoIP traffic... (more)
CBS 46 Investigates: Cell Phone Spying
New cell phone “spyware” has made it easy for just about anyone to bug your phone and uncover details of your private life, communications experts say.
The “spyware," marketed to suspicious spouses, parents and employers, can turn just about any cell phone into a high-tech spying device.
A quick search on the Internet reveals dozens of "spy phone" programs ranging from $4 to $400. Some “spyware” works on Bluetooth technology, while others require a download onto a "smart" phone, like a Blackberry or Web-based device. CBS 46 Investigative Reporter Wendy Saltzman tested Flexispy, high-end software that experts say allows people to eavesdrop on calls, download e-mails, and even track a person's GPS location at the touch of a button. (more) (video) (similar subject, different source)
The “spyware," marketed to suspicious spouses, parents and employers, can turn just about any cell phone into a high-tech spying device.
A quick search on the Internet reveals dozens of "spy phone" programs ranging from $4 to $400. Some “spyware” works on Bluetooth technology, while others require a download onto a "smart" phone, like a Blackberry or Web-based device. CBS 46 Investigative Reporter Wendy Saltzman tested Flexispy, high-end software that experts say allows people to eavesdrop on calls, download e-mails, and even track a person's GPS location at the touch of a button. (more) (video) (similar subject, different source)
Hairdresser Makes Man Harried
Can you solve this mystery?
Police in Germany helped a man solve a mystery that had been bugging him for over two years. The phone would ring and the man did not recognize the number so he had the number blocked.
After paying to have the number blocked for a while he stopped paying for the blocking service and the mystery started all over again. (answer)
Police in Germany helped a man solve a mystery that had been bugging him for over two years. The phone would ring and the man did not recognize the number so he had the number blocked.
After paying to have the number blocked for a while he stopped paying for the blocking service and the mystery started all over again. (answer)
Court-Approved Wiretapping Rose 14% in '07
Last year might have been a rough year for U.S. home prices, but growth in government wiretaps remained healthy, with the eavesdropping sector posting a 14% increase in court orders compared to 2006.In 2007, judges approved 4,578 state and federal wiretaps, as compared to 4,015 in 2006, according to two new reports on criminal and intelligence wiretaps.
State investigators are increasingly turning to wiretaps, according to newly released statistics. State police applied for 27% more wiretaps in 2007 than in 2006, with 94% of them targeting cell phones, according to figures released by the U.S. Courts' administrator.
In 2007, state judges approved 1,751 criminal wiretap applications, without turning any of them down, according to the report (.pdf). That's a near-three fold increase in state wiretaps since 1997. (more)
Thursday, May 1, 2008
Porsche CEO Eavesdropping Case (update)
The well-respected Strafor (a private strategic intelligence analysis service) today characterized the eavesdropping of Porsche CEO, Wendelin Wiedeking, this way...
"The aggressor’s tactics were amateur."
Given the target – Mr. Wiedeking – and business climate around Porsche, it is unlikely amateurs would be involved. This is a high-stakes assignment. Professionals only.
Think like a professional eavesdropper. "I know they are going to look. I'll plant something they can find fairly easily; a trophy for the sweepers, a little confusing, with no clear culprit, amateurish, but plausible.
Result...
Triumphant, the TSCM team waves their 'find' and goes for a beer.
The real bugs/taps are planted deeper – much deeper.
But wait... This half-baked story should never have hit the press. Something smells.
Porsche went from 0 to 60 in filing their police complaint.
Normally, corporate eavesdropping finds are kept quiet and investigated further. When enough evidence is gathered to actually prove something, the police might be called. Publicity undermines stockholder confidence.
Amateur? Yes. But, is it the eavesdropper who should wear that moniker? If what appeared in the press is really the truth, characterize the handling of the case as amateur.
Other possibilities...
• Porsche planted the eavesdropping device themselves. A PR stunt – thinking it would somehow enhance their business bargaining position.
• The baby monitor bug was planted by the TSCM technicians to make themselves look good. (When a TSCM team presents evidence of bugs they should also volunteer for polygraph testing. My guess is they won't.)
The rest of Strafor's Porsche bugging analysis is accurate...
"The use of a security contractor to employ technical security countermeasures (TSCMs)* was not only a smart move by Wiederking in 2007 (a previous eavesdropping problem), but a wise decision for other players in today’s corporate environment. Industrial espionage is a common occurrence in the modern business world."
Espionage is foreseeable.
When was the last time you checked for bugs? ~Kevin
* This should read, "technical surveillance countermeasures (TSCM)"
"The aggressor’s tactics were amateur."
Given the target – Mr. Wiedeking – and business climate around Porsche, it is unlikely amateurs would be involved. This is a high-stakes assignment. Professionals only.
Think like a professional eavesdropper. "I know they are going to look. I'll plant something they can find fairly easily; a trophy for the sweepers, a little confusing, with no clear culprit, amateurish, but plausible.
Result...
Triumphant, the TSCM team waves their 'find' and goes for a beer.
The real bugs/taps are planted deeper – much deeper.
But wait... This half-baked story should never have hit the press. Something smells.
Porsche went from 0 to 60 in filing their police complaint.
Normally, corporate eavesdropping finds are kept quiet and investigated further. When enough evidence is gathered to actually prove something, the police might be called. Publicity undermines stockholder confidence.
Amateur? Yes. But, is it the eavesdropper who should wear that moniker? If what appeared in the press is really the truth, characterize the handling of the case as amateur.
Other possibilities...
• Porsche planted the eavesdropping device themselves. A PR stunt – thinking it would somehow enhance their business bargaining position.
• The baby monitor bug was planted by the TSCM technicians to make themselves look good. (When a TSCM team presents evidence of bugs they should also volunteer for polygraph testing. My guess is they won't.)
The rest of Strafor's Porsche bugging analysis is accurate...
"The use of a security contractor to employ technical security countermeasures (TSCMs)* was not only a smart move by Wiederking in 2007 (a previous eavesdropping problem), but a wise decision for other players in today’s corporate environment. Industrial espionage is a common occurrence in the modern business world."
Espionage is foreseeable.
When was the last time you checked for bugs? ~Kevin
* This should read, "technical surveillance countermeasures (TSCM)"
Wednesday, April 30, 2008
Wanted: Surveillance Camera Monitors
Washington - The D.C. government plans to begin centralized monitoring of about 5,000 security cameras it maintains throughout the city, giving emergency-management officials a broad look into schools, public housing and other sites.The city says the system will save money and provide 24-hour monitoring, rather than the sporadic attention in the current patchwork of camera systems. But civil liberties advocates expressed alarm.
"Having it all together in one place brings us one step closer to the kind of scary movie scenario where they can track somebody moving across the city," said Art Spitzer, legal director of the American Civil Liberties Union for the Washington area.
D.C. police will continue to watch their 73 surveillance cameras in high-crime neighborhoods, Darrell Darnell, head of the D.C. Homeland Security and Emergency Management Agency, said yesterday. But his agency will set up a center to monitor an array of other closed-circuit TV cameras, including nearly 3,500 inside D.C. public schools, 131 used by the Department of Transportation and 720 used by the D.C. Housing Authority. (more)
The Headline Evil Word You Can Prevent
April 22, 2008 - "Sanford Hospital tightens security after baby taken"
The good news...
The child was rescued a short time later by a police officer who stopped a Chevy Blazer on Interstate 4 (more)
The bad news...
Most corporations are hedging their bets that the word "after" will not appear in a headline about their security efforts.
In the corporate world, stealing intellectual property is the real-life equivalent of a baby – the corporation's baby. The baby who is to be nurtured into the company's future.
Now is the time to tighten security;
• while it is inexpensive to do,
• while your stockholder good-will is high,
• while you still have a job.
1. Work with your Legal Department to upgrade and keep current: non-disclosure agreements, non-compete contracts, and pro-active programs to detect and deter eavesdropping and espionage.
2. Work with your IT department on: password protection, encryption, wireless LAN security audit and compliance surveys, and employee education.
3. Keep current with intellectual property threats.
Read the news.
Offer the boss proof!
You need funding to prevent eavesdropping and espionage problems.
P.S. Problems do happen...
• Recent Problem #1
• Recent Problem #2
• Recent Problem #3
• Recent Problem #4
• Recent Problem #5
• Recent Problem #6
• Recent Problem #7
• Recent Problem #8
• Recent Problem #9
• Recent Problem #10
And all this was just April's news!
Is it any wonder that this Hot Boardroom Topic was also in April's news?
~Kevin
The good news...
The child was rescued a short time later by a police officer who stopped a Chevy Blazer on Interstate 4 (more)
The bad news...
Most corporations are hedging their bets that the word "after" will not appear in a headline about their security efforts.
In the corporate world, stealing intellectual property is the real-life equivalent of a baby – the corporation's baby. The baby who is to be nurtured into the company's future.
Now is the time to tighten security;
• while it is inexpensive to do,
• while your stockholder good-will is high,
• while you still have a job.
1. Work with your Legal Department to upgrade and keep current: non-disclosure agreements, non-compete contracts, and pro-active programs to detect and deter eavesdropping and espionage.
2. Work with your IT department on: password protection, encryption, wireless LAN security audit and compliance surveys, and employee education.
3. Keep current with intellectual property threats.
Read the news.
Offer the boss proof!
You need funding to prevent eavesdropping and espionage problems.
P.S. Problems do happen...
• Recent Problem #1
• Recent Problem #2
• Recent Problem #3
• Recent Problem #4
• Recent Problem #5
• Recent Problem #6
• Recent Problem #7
• Recent Problem #8
• Recent Problem #9
• Recent Problem #10
And all this was just April's news!
Is it any wonder that this Hot Boardroom Topic was also in April's news?
~Kevin
Wiretap Laws Morph With Technology
Excellent article detailing how legal wiretapping in the United States was forced to grow with technology.In the old days, everyone was linked to a lug nut... (everyone's telephone) ended up in the basement of the telephone company's switching station. There, the wire emerged, pegged to a rack by a single copper lug nut. Acres of racks lined the walls, each holding rows and columns of lug nuts and their wires, neatly stacked atop each other...
And then it all went sideways.
At the same time that the phone companies were preparing for the transition to digital, the use of cellphones -- which were inherently harder to tap because they used phone lines differently than analog devices -- mushroomed. ...Electronic surveillance, once such a dependable, relatively easy craft, was becoming inordinately difficult. (more)
Tuesday, April 29, 2008
"...thus proving they could keep a secret, for decades."
Japan - The Ministry of Internal Affairs and Communications' regional information policy office has decided to warn local governments about using analog cordless phones after it was learned that people could listen in on calls with commercially available receivers. (more)
Industrial Espionage - Battle Bot Boy Bolts
Who Stole the Plans for iRobot's Battle Bots?Jameel Ahed was 20 years old when he joined iRobot in May 1999, a biomedical engineering student at the University of Illinois on a summer internship. In those days, the company was just 80 or so geeks in the Boston exurbs designing toys for Hasbro and doing research for Darpa. Ahed stood out. He was hardworking, flirtatious, and outgoing...
In December 2001, he bought the domain name roboticfx.com, planning to launch his own startup...
Before he left, a company staffer demanded that he sign a final confidentiality agreement. Ahed complained but signed. The next day, an email was sent at 10:18 pm from his still-active iRobot account to his new Robotic FX address detailing how the PackBot's batteries were made. Shortly thereafter, Ahed packed up and returned to Chicago...
By 2004, Ahed had a bare-bones prototype he called the Negotiator. It weighed just 20 pounds and cost less than $30,000 — half what iRobot was charging for a comparable early version of the PackBot...
...the Army announced its biggest ground robot contract ever. The so-called xBot deal would be worth up to $300 million and cover as many as 3,000 units...
In February 2007, iRobot's lawyers sent a cease-and-desist letter to Ahed, demanding that he stop making and marketing the Negotiator...
On September 14, 2007, the Army awarded the five-year xBot contract to Ahed for $279.9 million. iRobot went into battle mode. (more) (coda)
Lessons:
• Keep all confidentiality / nondisclosure agreements current.
• Create an environment which discourages intellectual theft.
• Don't delay. If you suspect something is wrong, trust your instincts.
• Implementing a defense after loosing a $279m contract is expensive.
• Implementing a defense at the outset is cheap insurance.
"36 billion channels; still nothing worth watching!"
New anti-terrorism rules 'allow US to spy on British motorists'
UK - Routine journeys carried out by millions of British motorists can be monitored by authorities in the United States and other enforcement agencies across the world under anti-terrorism rules introduced discreetly by Jacqui Smith.
The discovery that images of cars captured on road-side cameras, and "personal data" derived from them, including number plates, can be sent overseas, has angered MPs and civil liberties groups concerned by the increasing use of "Big Brother" surveillance tactics. (more)
UK - Routine journeys carried out by millions of British motorists can be monitored by authorities in the United States and other enforcement agencies across the world under anti-terrorism rules introduced discreetly by Jacqui Smith.
The discovery that images of cars captured on road-side cameras, and "personal data" derived from them, including number plates, can be sent overseas, has angered MPs and civil liberties groups concerned by the increasing use of "Big Brother" surveillance tactics. (more)
Sunday, April 27, 2008
"Relations... have always been based on true friendship and mutual values and interests."
Germany's foreign minister has apologized to his Afghan counterpart for officials' snooping on correspondence between a German reporter and an Afghan government minister, the Foreign Ministry said Saturday.
A spokesman at the ministry, speaking on customary condition of anonymity, said Frank-Walter Steinmeier telephoned Afghan Foreign Minister Rangeen Dadfar Spanta about the wiretapping incident and said those involved had been disciplined and three officials transferred to other duties.
Afghan Foreign Ministry spokesman Sultan Ahmad Baheen confirmed the call had taken place. He said Spanta accepted Steinmeier's apology "and both foreign ministers emphasized the good relations of both countries and both mentioned that this will not affect bilateral relations." (more)
A spokesman at the ministry, speaking on customary condition of anonymity, said Frank-Walter Steinmeier telephoned Afghan Foreign Minister Rangeen Dadfar Spanta about the wiretapping incident and said those involved had been disciplined and three officials transferred to other duties.
Afghan Foreign Ministry spokesman Sultan Ahmad Baheen confirmed the call had taken place. He said Spanta accepted Steinmeier's apology "and both foreign ministers emphasized the good relations of both countries and both mentioned that this will not affect bilateral relations." (more)
“A half-truth is a whole lie” - Yiddish Proverb
Israel on Wednesday assured the United States that it had not spied on its key ally since 1985, after the arrest in New York of an US Army veteran (Ben-Ami Kadish) charged with passing defense secrets to the Jewish state nearly 30 years ago...
The case has been linked to the 1980s Jonathan Pollard spy scandal which rocked US-Israeli relations... The government publicly admitted in 1998 that Pollard had been an agent acting on its behalf and awarded him Israeli citizenship.
"Relations between the United States and Israel have always been based on true friendship and mutual values and interests," foreign ministry spokesman Arye Mekel said. (more)
The case has been linked to the 1980s Jonathan Pollard spy scandal which rocked US-Israeli relations... The government publicly admitted in 1998 that Pollard had been an agent acting on its behalf and awarded him Israeli citizenship.
"Relations between the United States and Israel have always been based on true friendship and mutual values and interests," foreign ministry spokesman Arye Mekel said. (more)
Answer: "Mission Creep"
Question: What happens when tiny towns are given big £'s to watch for terrorists who never come?
UK - Campaigners have called for a "root and branch review" of spy laws after it emerged local councils were using them to track dog-foulers and litter bugs.
The Press Association contacted 97 councils to find out how they were using the powers, originally designed to combat crime and terrorism. It followed the controversy surrounding the case of a family in Poole, Dorset, who were tracked covertly for nearly three weeks to check they lived in a school catchment area...
...the research found the law was also used to find out about people who let their dog foul, a breach of planning law, an animal welfare case and an instance of littering.
Surveillance was also used to investigate alleged misuse of a disabled parking badge. (more)
Once surveillance is part of the civil infrastructure justifying usage moves from difficult to easy.
UK - Campaigners have called for a "root and branch review" of spy laws after it emerged local councils were using them to track dog-foulers and litter bugs.
The Press Association contacted 97 councils to find out how they were using the powers, originally designed to combat crime and terrorism. It followed the controversy surrounding the case of a family in Poole, Dorset, who were tracked covertly for nearly three weeks to check they lived in a school catchment area...
...the research found the law was also used to find out about people who let their dog foul, a breach of planning law, an animal welfare case and an instance of littering.
Surveillance was also used to investigate alleged misuse of a disabled parking badge. (more)
Once surveillance is part of the civil infrastructure justifying usage moves from difficult to easy.
What happens in Vegas...
Las Vegas, NV - Clark County police and prosecutors say they have intercepted more than 29,000 incriminating conversations in 11 years, yet the wiretap recordings usually are hidden -- even years later -- because they are rarely used in open court to prosecute murderers, drug dealers and others.Now a prominent Las Vegas defense attorney, Dominic Gentile, suggests they are being used, instead, to improperly gather intelligence about alleged crimes for which no wiretap was authorized. Failing to reveal the search results is cheating, he said, because when those other crimes are prosecuted, it denies defense lawyers any chance to examine the wiretap affidavit and question the tap's legality. (more)
Saturday, April 26, 2008
Eavesdropping Attempt Made on Porsche Chief
German police have launched a probe after an attempt was made to eavesdrop on Porsche boss Wendelin Wiedeking while he was staying in a luxury hotel.Security staff from the the Ritz-Carlton hotel in Wolfsburg found a "babyphone" concealed under a sofa in his room, the media reports said, which had been turned on and was transmitting.
Porsche has filed a complaint with the prosecutors' office in Braunschweig, a company spokesperson told the AP news agency on Saturday, April 26.
The news magazines Der Spiegel and Focus said an investigation (a different investigation) is underway after a monitoring device was found in Wiedeking's room at the Ritz-Carlton in Wolfsburg in November. The reports said there was suspicion that the spying attempt took place one day before a meeting on Nov. 16.
Left behind?
The online news site Spiegel Online has reported that hotel security ruled out that a family with a child could have stayed in the suite previously and simply forgotten the device. For several weeks, there was no record of a family having spent an evening in the room.
Porsche told AP that other company officials had also been spied upon, including works council head Uwe Hueck, but did not supply any details. Focus has reported that his telephone conversations at Porsche headquarters in Stuttgart were allegedly wiretapped. It is not known who was behind the action but the company has reportedly notified prosecutors. Porsche owns 31 percent of shares in Volkswagen, the biggest European automobile manufacturer, and wants to take full control of the firm. Volkswagen has denied any role in espionage, Focus reported. (more)
Update...
Focus reports that the offices of Porsche workers’ organization head Uwe Hück are to be made bug proof after it was discovered that his phone was being tapped. And Der Spiegel says that a bug was found planted in the private flat of former VW chief Wolfgang Bernhard. (more)
16 Extra Eyes in the Florida Eye Institute
SpyCam Story #441
The mysterious tale of 16 SpyCams, 16 Microphones, and a recorder!
FL - A 45-year-old Vero Beach woman has been arrested on eight felony charges that allege illegal electronic eavesdropping on doctors, copying hard drives from their computers and the theft of a laptop.
But the seven-page complaint filed by the State Attorney's Office against Brenda Doan-Johnson, of the 3400 block of Atlantic Boulevard, does not explain why
she supposedly paid a Melbourne man to place cameras and microphones in the private offices of three doctors at the Florida Eye Institute in Vero Beach.
Both a Jan. 24 Vero Beach Police report and a Jan. 28 civil lawsuit filed by three of Dr. Paul V. Minotty's business partners, say Minotty, founder of the institute, had hired a private investigator and the police report identified her as Doan-Johnson.
According to the state attorney's complaint affidavit, Doan-Johnson paid Mark Lynch, of Spy Source Warehouse in Melbourne, with a $6,000 personal check as deposit on $13,000 to install 16 video cameras, 16 microphones and a digital recorder at various places in the Florida Eye Institute — including the offices of doctors Karen Todd, Mark Gambee and Val Zudan.
Lynch worked after business hours for six days, starting Jan. 11, to install the equipment, the affidavit states, noting that audio recording apparently did not function.
Investigators reported that Doan-Johnson introduced Lynch to two other people who also were working in the building, identifying them as computer forensic specialists who were copying the hard drives from the desk computers of doctors Gambee, Todd, Zudan and Thomas Baudo.
According to investigators, Lynch phoned Gambee (!?!?!) Jan. 24 and told him about installing the electronics in Florida Eye Institute offices — including Gambee's office. The Vero Beach police were called to Florida Eye Institute the same day.
Gambee told Vero Beach officers his computer was missing. Doan-Johnson returned it, saying it was thought to be company property... (more) ...and, more to come as this case unfolds.
The mysterious tale of 16 SpyCams, 16 Microphones, and a recorder!
FL - A 45-year-old Vero Beach woman has been arrested on eight felony charges that allege illegal electronic eavesdropping on doctors, copying hard drives from their computers and the theft of a laptop.
But the seven-page complaint filed by the State Attorney's Office against Brenda Doan-Johnson, of the 3400 block of Atlantic Boulevard, does not explain why
she supposedly paid a Melbourne man to place cameras and microphones in the private offices of three doctors at the Florida Eye Institute in Vero Beach.Both a Jan. 24 Vero Beach Police report and a Jan. 28 civil lawsuit filed by three of Dr. Paul V. Minotty's business partners, say Minotty, founder of the institute, had hired a private investigator and the police report identified her as Doan-Johnson.
According to the state attorney's complaint affidavit, Doan-Johnson paid Mark Lynch, of Spy Source Warehouse in Melbourne, with a $6,000 personal check as deposit on $13,000 to install 16 video cameras, 16 microphones and a digital recorder at various places in the Florida Eye Institute — including the offices of doctors Karen Todd, Mark Gambee and Val Zudan.Lynch worked after business hours for six days, starting Jan. 11, to install the equipment, the affidavit states, noting that audio recording apparently did not function.
Investigators reported that Doan-Johnson introduced Lynch to two other people who also were working in the building, identifying them as computer forensic specialists who were copying the hard drives from the desk computers of doctors Gambee, Todd, Zudan and Thomas Baudo.
According to investigators, Lynch phoned Gambee (!?!?!) Jan. 24 and told him about installing the electronics in Florida Eye Institute offices — including Gambee's office. The Vero Beach police were called to Florida Eye Institute the same day.
Gambee told Vero Beach officers his computer was missing. Doan-Johnson returned it, saying it was thought to be company property... (more) ...and, more to come as this case unfolds.
Wednesday, April 23, 2008
Cautionary Tale: Prevention = Cost-Effective
Hannaford spending millions to upgrade after security breach.
Background...
Yet Another Corporate Info-Loss Confession
"But, IT said our data was secure."
Hannaford Bros. Co. said it is spending millions of dollars to enhance the security of its data network following a massive security breach that exposed up to 4.2 million credit and debit card numbers to fraud...
Hannaford President and CEO Ron Hodge apologized again Tuesday to customers for concerns and inconvenience they experienced because of the breach...
In a conference call with reporters, Hodge and Bill Homa, senior vice president and chief information officer, declined to address the cause, scope and nature of the breach, citing the ongoing criminal investigation and pending litigation.
The Hannaford case is among the largest security breaches on record but is much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains. (more)
The "millions" figure is likely just a system fix number. The final cost, which will include: public embarrassment, loss of customer good-will and customer ill-will lawsuit losses, can not be tallied just yet.
Recommendation:
Be smart.
Be frugal.
Be a corporate hero.
Spend the bucks to protect your company's communications privacy (voice and data). There is a good chance you will save money in the long run... a lot of money! ~Kevin
Background...
Yet Another Corporate Info-Loss Confession
"But, IT said our data was secure."
Hannaford Bros. Co. said it is spending millions of dollars to enhance the security of its data network following a massive security breach that exposed up to 4.2 million credit and debit card numbers to fraud...
Hannaford President and CEO Ron Hodge apologized again Tuesday to customers for concerns and inconvenience they experienced because of the breach...
In a conference call with reporters, Hodge and Bill Homa, senior vice president and chief information officer, declined to address the cause, scope and nature of the breach, citing the ongoing criminal investigation and pending litigation.
The Hannaford case is among the largest security breaches on record but is much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains. (more)
The "millions" figure is likely just a system fix number. The final cost, which will include: public embarrassment, loss of customer good-will and customer ill-will lawsuit losses, can not be tallied just yet.
Recommendation:
Be smart.
Be frugal.
Be a corporate hero.
Spend the bucks to protect your company's communications privacy (voice and data). There is a good chance you will save money in the long run... a lot of money! ~Kevin
Tuesday, April 22, 2008
Anticipated Mission Creep Arrives
UK - Anti-terrorism surveillance is being used to spy on kids
Councils are using anti-terrorism surveillance laws to spy on children trying to buy alcohol, it has emerged. One authority alone has run 70 snooping operations, including tracking youngsters and covertly filming people selling counterfeit DVDs. It also admitted using the laws to obtain phone records and e-mails of those suspected of what it described as 'petty' offences. (more)
Councils are using anti-terrorism surveillance laws to spy on children trying to buy alcohol, it has emerged. One authority alone has run 70 snooping operations, including tracking youngsters and covertly filming people selling counterfeit DVDs. It also admitted using the laws to obtain phone records and e-mails of those suspected of what it described as 'petty' offences. (more)
Putting the squeeze on Blackberry to get the juice
Talks between Indian officials and Canada's Research In Motion (RIM, the BlackBerry Bunch) would seem not to have gone very smoothly...The backstory here is that the top brass at India's burgeoning and powerful state security services are concerned that Blackberry's advanced communications technology cannot be breached by their operatives and thus the "authorities" are currently unable to eavesdrop Blackberry users.
They have asked RIM to provide them with the capability to conduct covert surveillance on Blackberry users by requiring the company to install local servers and provide secret back door access to services, but the Canadian vendor has so far refused to comply. (more)
Get the PR team some O2, stat!
UK - O2’s PR team mistakenly connected a journalist of tech website The Register to a call earlier this month, allowing him to eavesdrop on their conversation about his news enquiry.
Turns out, O2 (a UK cellular service provider) reckons The Register’s readers are “techie nerds” and “Muppets” for wanting to move to 3. O2 duly apologised on the website, and said to Mobile News: “Hey, we’re techie nerds ourselves.” (more)
Turns out, O2 (a UK cellular service provider) reckons The Register’s readers are “techie nerds” and “Muppets” for wanting to move to 3. O2 duly apologised on the website, and said to Mobile News: “Hey, we’re techie nerds ourselves.” (more)
Friday, April 18, 2008
"...This DVD will self-destruct in..."
Germany - The branded 'Einmal' (Deutsch for 'once') discs employ a chemical coating that starts breaking the disc down once the vacuum seal is breached. On average, users get 48 hours of use from a €3.99 ($6.44) disc. Once the disc has run its course, it'll show up as non-readable when popped into a player (no explosion). (more)Proposition Impossible, unless a good security application comes along.
FutureWatch - Cell Phone Crackdowns
Austria - Taking a cue from France's national railway, which offers phone-free «zen zones» on high-speed trains, Austria's second-largest city this week began ordering public transit commuters to keep their phones on silent mode.The crackdown in the southern city of Graz has triggered a loud debate between advocates of free speech and people who say they're simply fed up with having to listen to annoying ring tones and intrusive cell phone chatter while riding a public bus or tram. (more) (etiquette) (how other are dispensing justice) (Divine justice)
Extra Credit...
''No matter the excitement in the industry he had created, Bell forever refused to have a telephone in his study. He resented its persistent jangle.'' - from ''Once Upon a Telephone: An Illustrated Social History
'' (Harcourt Brace & Company, 1994) by Ellen Stern and Emily Gwathmey
FutureWatch - Eavesdropping on GSM Cell Phones
A web service that will make it easy and inexpensive to crack the GSM A5/1 encryption protocol, quickly enough for a call that is still in progress, is slated to launch at the end of April. Living right at the intersection of open hardware, open source software, software as a service, and cryptography, the service will reduce the cost and effort of cracking GSM call encryption by at least an order of magnitude.
The service is being developed by members of the GSM Software Project and demonstrates just how much things have changed in the world since the GSM system was designed. Various approaches to cracking both A5/1 (the European standard) and A5/2 (the weaker US standard) have been available for some time but this one is unique in that it should be available to researchers and hackers at the end of April in hosted api form instead of pdf.
Back in 1997, this overview of the GSM system declared that "Enciphering is an option for the fairly paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers." After all, such a radio encoding scheme made the signals invisible to typical radio band scanners.
Today, however, the availability of the Universal Software Radio Peripheral (USRP), an open hardware software defined radio that sells for about $700, combined with work being done at GNU Radio project to codify the GSM waveform (also targeted for the end of this month), makes this once reasonable point of view seem quaint. Good encryption is now a must and it appears that A5 no longer qualifies. (more)
The service is being developed by members of the GSM Software Project and demonstrates just how much things have changed in the world since the GSM system was designed. Various approaches to cracking both A5/1 (the European standard) and A5/2 (the weaker US standard) have been available for some time but this one is unique in that it should be available to researchers and hackers at the end of April in hosted api form instead of pdf.
Back in 1997, this overview of the GSM system declared that "Enciphering is an option for the fairly paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers." After all, such a radio encoding scheme made the signals invisible to typical radio band scanners.
Today, however, the availability of the Universal Software Radio Peripheral (USRP), an open hardware software defined radio that sells for about $700, combined with work being done at GNU Radio project to codify the GSM waveform (also targeted for the end of this month), makes this once reasonable point of view seem quaint. Good encryption is now a must and it appears that A5 no longer qualifies. (more)
Wannabea Spy?
The Shin Bet website now features recruitment blogs by four high-tech spies.Israel’s domestic intelligence agency shed some of its shadowy mystique three years ago when it went online to draw new applicants. Recently, the site launched a new page, on which four Shin Bet computing experts discuss what they like about their jobs.
The Hebrew-language texts are sparing on details, with only silhouette portraits of the authors, whose names are withheld. Security sources said the Shin Bet hopes the blogs will help win over recruits from the private high-tech industry. (more) (What does a Spy look like?)
Thursday, April 17, 2008
Night Flight
Two men attempting to board a plane to China with nearly a dozen sensitive infrared cameras in their luggage were arrested... Yong Guo Zhi, a Chinese national, and Tah Wei Chao, a naturalized U.S. citizen, were arrested for investigation of trying to take thermal imaging cameras with potential military use to China without the proper export licenses... Ten of the cameras, which measure about 2 inches square and cost about $5,000 each, were found in the men's checked luggage... (more) (related video) (the other Night Flight)
Corporate Espionage - Contractor Pleads Guilty
A U.S. Department of Defense (DOD) contractor from Baltimore pleaded guilty today to conspiring to steal competitive information concerning contracts to supply fuel to DOD aircraft at locations worldwide, the Department of Justice announced.
Matthew W. Bittenbender has entered into a plea agreement, filed in U.S. District Court in Baltimore, where he was originally charged on January 7, 2008. According to the terms of the plea agreement, which is subject to court approval, Bittenbender has agreed to cooperate in the government's investigation...
...Bittenbender conspired to steal trade secrets from his employer Avcard, a division of Kropp Holdings LLC, and sell that information to his competitors, FERAS, and Aerocontrol. In return, Bittenbender received cash and a percentage of the profit earned on the resulting fuel supply contracts. According to the plea agreement, Cartwright, Wilkinson, FERAS and Aerocontrol, in turn, used that information to underbid Avcard at every location where the companies were bidding against each other. Avcard ultimately lost each of the contested bids. (more)
Matthew W. Bittenbender has entered into a plea agreement, filed in U.S. District Court in Baltimore, where he was originally charged on January 7, 2008. According to the terms of the plea agreement, which is subject to court approval, Bittenbender has agreed to cooperate in the government's investigation...
...Bittenbender conspired to steal trade secrets from his employer Avcard, a division of Kropp Holdings LLC, and sell that information to his competitors, FERAS, and Aerocontrol. In return, Bittenbender received cash and a percentage of the profit earned on the resulting fuel supply contracts. According to the plea agreement, Cartwright, Wilkinson, FERAS and Aerocontrol, in turn, used that information to underbid Avcard at every location where the companies were bidding against each other. Avcard ultimately lost each of the contested bids. (more)
Wednesday, April 16, 2008
"...and she went to the hospital to have it removed! Blahaaaaaa..."
Australia - Attorney-General Robert McClelland says the proposal to let some employers access workers' emails without consent is only being considered as a way to stop cyber terrorist attacks.
He says it would not be targeted at personal communications.
"What you would be looking and permitting access to is information that would reveal an attempted infiltration," he said.
But deputy Opposition leader Julie Bishop says...
"Employers should not be burdened with the responsibility of intercepting emails involving staff suspected of behaviour that threatens Australia's national security."
"This places an unfair surveillance responsibility upon employers and effectively requires them to undertake what is a potential criminal investigation." (more)
Seriously bad idea...
- Pay IT guy to do a government intelligence agents' work?
- Pay twice!?!? Salary for IT guy and (via taxes) government intelligence agents'.
- Conflict of interest? Employees spying on friends and colleagues?
- Entrust national security to an army of untrained private employees...
- ...whose work product might equal less than educated guesswork?
- ...who may be tempted to use the snoop power for personal gain?
- Not to mention: loss of regular business productivity, opening new avenues of corporate espionage, data vulnerabilities, etc.
Outsourcing your job responsibilities should not be an option; especially when you have been entrusted with national security.
He says it would not be targeted at personal communications.
"What you would be looking and permitting access to is information that would reveal an attempted infiltration," he said.
But deputy Opposition leader Julie Bishop says...
"Employers should not be burdened with the responsibility of intercepting emails involving staff suspected of behaviour that threatens Australia's national security."
"This places an unfair surveillance responsibility upon employers and effectively requires them to undertake what is a potential criminal investigation." (more)
Seriously bad idea...
- Pay IT guy to do a government intelligence agents' work?
- Pay twice!?!? Salary for IT guy and (via taxes) government intelligence agents'.
- Conflict of interest? Employees spying on friends and colleagues?
- Entrust national security to an army of untrained private employees...
- ...whose work product might equal less than educated guesswork?
- ...who may be tempted to use the snoop power for personal gain?
- Not to mention: loss of regular business productivity, opening new avenues of corporate espionage, data vulnerabilities, etc.
Outsourcing your job responsibilities should not be an option; especially when you have been entrusted with national security.
Subscribe to:
Posts (Atom)