Friday, June 13, 2008

Electronic Mata Haris (c. 1957)

Watch out for that girl, laddie; you might be talking over her head but into her microphone.

As Willie Shakespeare once said, -
“There’s more to this than meets the eye!” This, in the present case, happens to be the bodice of a Sweet Young Thing, said bodice containing microphone, batteries, antenna and transmitter—constituting a miniature radio station with a range of 200-300 feet.

The West German device is but one of several now being used in industrial espionage—the art of swiping your competitor’s business secrets without his knowing. It works like this: Sweet Young Thing has date with two scientists from Firm A.

Mike concealed in the bosom of her party dress picks up their shop talk and other bodice equipment transmits it to operative of Firm B waiting outside in a car equipped with tape recorder.

Sweet Young Thing gets paid off by Firm B.
We realize that all’s fair in love and war but isn’t this going too far?
(courtesy of those great folks at blog.modernmechanix.com/)

"There's nothing more ironic or contradictory than life itself." ~ De Niro










From the "Why are we not surprised?" file...
The Italian government has proposed a bill that would limit the use of phone intercepts and their publication in the media. (more)
Maybe this and this and this is why.

FutureWatch...
"I'll Getta You Sucka: The Silvio Story"
starring Robert De Niro

Secret Agent / Danger Man Episode # [TBD]

Guyana - The ruling People’s Progressive Party (PPP) yesterday distanced itself from drug accused Shaheed Roger Khan saying assertions being made through his attorney are “baseless” and it has no knowledge of any of its members ever being associated with him.

General Secretary Donald Ramotar made the assertions following queries from reporters yesterday at a press conference at Freedom House Boardroom. Ramotar was asked whether the party was concerned about the statements emanating from the US courts by Khan’s lawyers in the context of a purchase of high-tech surveillance equipment in Fort Lauderdale, Florida for which he allegedly secured the permission of the Guyana Government.

In response Ramotar said he saw the statements as baseless. “I am not concerned about those statements. I tend to believe the Ministry of Home Affairs in this case. The statement is baseless and I am not worried about baseless statements,” he asserted.

Lawyers for Khan, who is facing drug charges in the US, have cited an FBI investigation which they claim revealed that the government had given Khan permission to purchase the sensitive electronic surveillance equipment from Spy Shops in Fort Lauderdale, Florida.

In a subpoena to the US Drug Enforcement Administration, Khan’s lawyers stated: “FBI agent Justin Krider investigated Khan’s purchase of the computer telephonic surveillance equipment from Spy Shops in Fort Lauderdale, Florida and found Khan had permission from the Government of Guyana to purchase and possess this equipment.”


In a background paragraph, the subpoena said Khan was alleged to have used the equipment to improperly wiretap various high-ranking officials and others within Guyana in order to maintain his “alleged drug organization.”

...there has been no public information on what happened to the equipment and many questions posed to officials by this newspaper on how the
equipment came into the country and what happened to it after the court case went unanswered.

It was believed that the surveillance equipment was passed back to Khan after the trial as he later acknowledged that he had taped several conversations of leading security officials and other personalities.

Prior to his arrest in Suriname and subsequently by the US authorities, Khan had maintained that he had assisted the Guyana government in fighting crime and subversive elements. (more)

"Gadzooks! My secret folder... bloody Spy Bar drinks."

UK - One of Britain's top intelligence officers spies left a dossier of secret files detailing the threat from al-Qaeda and the status of Iraqi security forces on a train, the British Government was forced to concede...

Marked "secret" and in a bright orange folder, the papers were left on a commuter train traveling between Surrey and Waterloo station, London. The al-Qaeda document, apparently commissioned jointly by the Foreign Office and Home Office, was classified "UK top secret" and was so sensitive that each page was numbered and marked: "For UK, US, Canadian and Australian eyes only."

...the file, handed to the BBC by a passenger... (more)

FutureWatch - VoIP Bug Aids Bugging



Plans to compress internet (VoIP) phone calls so they use less bandwidth could make them
[more] vulnerable to eavesdropping. Most networks are currently safe, but many service providers are due to implement the flawed compression technology. (more)

"And just how do you think we are going to pay for all these renovations?!?!"

When we last looked, the Spy Bar in Cleveland had closed its doors forever, and the Spy Bar in Chicago had closed its doors for renovations.
What's a spy to do?
Go to Stockholm???

Good news! Spy Bar (Chicago) re-opens this week after a $1mil disguise upgrade. But our spies tell us that the bigger news is the new truth serum, "1996 Dom Perignon Rosé ($$$).. hooked up with Vosges Haut-chocolat ($$$) which is behind the truffles being paired with the Champagne." (more)
"Miss. Moneypenny, an advance from petty cash, please."

Bugged? Check your breath. (Oddball Tip # 044)

Viral Marketing or Hogwash? You decide...
Listerine mouth wash is being touted as the latest weapon in the war to repel that most pesky of insects, the blood-sucking mosquito.

...there is a bumper crop of the varmints and the threat of West Nile is still strong, say local naturalist Terry Sprague and health officials...


People being bugged has led to Listerine, which some swear by and have used on his hikes, Sprague said, although where the idea of using mouth wash to repel mosquitoes came from is not clear.


"You spray it on your person," he said. "I am not sure what the active ingredient is."


However, Listerine does contain some eucalyptus, which is an evergreen tree, and the herb thyme, two proven mosquito repellers, Sprague said. (more)

Wednesday, June 11, 2008

Corporate Eavesdropping & Espionage - Get Smart

Three 'Get Smart' news reports in one day!
Just coincidence?
No...

"Get Smart" the TV-show movie remake hits next week +
Corporations are getting hit with more eavesdropping

= Corporations are Getting Smart...


Targets of Spying Get Smart
by M.P. McQueen

Tiny electronic-surveillance gadgets that James Bond could only dream of are increasingly turning up in boardrooms, bedrooms and bathrooms.


Crooks are parking vans outside people's homes to steal bank-account passwords and credit-card numbers, using programs that tap into Wi-Fi connections. Paparazzi hide cameras and microphones in private jets, hoping to record embarrassing celebrity video. Corporate spies plant keystroke-recording software in executives' laptops and listen in on phone conversations as they travel.

Now, people are deploying counter-spy technology to fight back. Some celebrities and corporate executives get regular sweeps of their offices, limos and private jets in search of hidden devices. Others hire security experts to safeguard their phones and home computers...

Kevin D. Murray, an Oldwick, N.J., counter-surveillance expert, said he received several calls from worried executives asking for sweeps of their offices and homes as soon as the Porsche incident surfaced. (more)


We've gotten smart:
Movie's spy gadgets do exist

The shoe phone on TV's "Get Smart" wasn't just a sneaky spy gadget, it was a technological marvel: a wireless, portable telephone that could be used anywhere — though it did require a dime to make a call.

Today, almost everyone has a pocket-sized version that also takes photos, shoots video, sends e-mail and surfs the Internet. About the only thing it doesn't do is protect your feet.

"Get Smart" comes to the big screen next week, along with a spate of new spy gadgets to help Maxwell Smart, Agent 99 and the other spies at CONTROL. The gadgets are just as goofy as they were in the original TV series, but because technology has caught up with the writers' imaginations, there's a big difference: many of the movie's doo-dads actually exist. (more)


Bugging of offices
‘grows sharply’

Wales - Boardrooms and similar high-level working environments are increasingly being bugged as rival businesses and even staff look to gain an advantage through industrial espionage... (more)

DIY Spy Tip #090 - Free Background Check Aggregator

Snoopstation.com (currently in BETA) is a portal to free web-based public records checking sites in the U.S. - Cool! They are also the entry point to a fee-based investigative service for when public record checks are not enough ...or you don't have the time / patience to DIY.

"Are You Being...

Surveilled Served?"

UK - Customers in shopping centres are having their every move tracked by a new type of surveillance (Path Intelligence) that listens in on the whisperings of their mobile phones.


The technology can tell when people enter a shopping centre, what stores they visit, how long they remain there, and what route they take as they walked around.

The device cannot access personal details about a person’s identity or contacts, but privacy campaigners expressed concern about potential intrusion should the data fall into the wrong hands.

The surveillance mechanism works by monitoring the signals produced by mobile handsets and then locating the phone by triangulation – measuring the phone’s distance from three receivers. (more)

Tuesday, June 10, 2008

SpyCam Story #449 - Deja View

Lawyers Gone Wild
Same trick!
Different country.

(previous report)

Scotland - A shamed solicitor who put a video camera in a ladies' toilet and filmed female staff is facing jail.

Peter Fitzpatrick, 49, from Rutherglen, hid the device in a cardboard box in the toilet at upmarket Stirling law firm Muirhead Buchanan.

The father-of-two, a solicitor for 27 years, was caught when a suspicious secretary noticed a circular hole in the side of the box was pointing straight at the pedestal. (more)

Monday, June 9, 2008

How To Manage Rogue Mobile Devices

A single unsecured smartphone (or laptop) can jeopardize the security of your entire organization.

For those not schooled in the risks, smartphones are the back-door deployment that can provide hackers -- or the competition -- with access to your network.

Imagine...
Jim, your employee, buys a smartphone and loads it up with contracts, sales quotes, pricing schemes, and other information you wouldn't want your competitors or customers to know.

The smartphone falls out of his pocket while he is boarding a plane in a crowded airport. Whoever finds the device will have instant access to all of Jim's emails and your corporate information.

Solution - Do these things...
• Use VPN's
• Block Access to Public Wi-Fi
• Make Strong Passwords Mandatory
• Block Removable Storage
• Educate Employees
• Educate IT
• Encryption is Key
• Better Security Through Software
(here's how)

We can help you identify and locate rogue devices operating in your offices. This is just one of many problems we solve with our Wireless LAN (wi-fi) Security Audit and Compliance Report service.

Expect negative 'feedback' from FBI

Skype, the eBay-owned company, says it is unable to comply with court-authorized wiretap requests.

"...because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request," said Jennifer Caukin, Skype's director of corporate communications. (more)

Federal judge reserves decision in alleged school eavesdropping suit

NY - Susan Burgess, a Brockport attorney, and her former client, Carmen Coleman... accusing a school official and a Buffalo attorney for the school district of illegally eavesdropping on their private conversation in a district conference room nearly two years ago....

Named in their suit are the district; its board of education; Kevin Ratcliffe, director of Pupil Services; and Jay Pletcher, the attorney in question, and his law firm...

Burgess and Coleman met at school district offices with Ratcliffe and Pletcher, to discuss the educational needs of Coleman’s son. At one point, Burgess and Coleman asked to speak privately; Ratcliffe and Pletcher left the room.

But, they claim Pletcher called a cell phone and then left it on the table in the conference room so he could listen in from Ratcliffe’s adjoining office, presumably with Ratcliffe, on their private conversation in violation of their civil rights...

To support their claim, Coleman and Burgess say there was a series of subsequent events that led them to believe their conversation had been overheard. It began with Pletcher re-entering the room and removing a cell phone immediately after Coleman asked Burgess about the device lying on the table.

...They expect a decision in six to 10 weeks. (more)

Car mechanic at center of probe into bugging

Ireland - GARDAI (Irish national police) are to review all contracts given to garages which service its fleet after a mechanic, who was returning from a trip to the UK, was found with bugging equipment.

A number of cars, including unmarked vehicles used by detectives, were checked for bugging devices last week after a mechanic who services Garda vehicles was found with the specialist equipment during a routine search at Dublin Port.


A high-level investigation is now under way amid fears that cars used by senior gardai, including Commissioner Fachtna Murphy, could have been bugged and sensitive information leaked to criminals or terrorist organisations.


It is understood that a man employed by a company which won a contract to service garda cars was stopped with the equipment during a search at Dublin Port. (more)

Sunday, June 8, 2008

Eavesdropping, worth repeating...

Eavesdropping on the Boss: Is it “Cause” to Fire Me?
by Alan L. Sklover
Question: I was put on suspension for sharing information I learned when playfully eavesdropping on my boss. Then I was called at home and terminated. I was told my actions, and the actions of another employee who I shared the information with, did not meet the required level of integrity of the company. At the same time, one employee who is still there goes to strip clubs. Was my firing a wrongful termination?
S.A.M., Houston, TX

Answer: Sorry, but on this issue I have to agree with your employer. Eavesdropping on your boss, even if it’s playful, is not something most any employer would tolerate. If people think their telephone conversations are being listened to, they may be reluctant to use them. If people think their conversations may be repeated, they may not speak openly. And taking precious time at work to do things like this just don’t help anyone. Additionally, the fact that someone else does things that are not proper (either on their own time or on company time) does not in any way excuse or justify your errors. Your conduct would be considered “cause” for firing at almost any employer. My best advice: learn from the mistake. Work is for working; eavesdropping isn’t working, and will get you fired. It’s that simple.
Best, Al Sklover

SpyCam Story #417 - Illinois' New Law (update)

Original report - "A lawyer in Wheaton (IL) hid his cameras in a roll of toilet paper and a basket of potpourri in the women's restroom."

Update - "A former Wheaton attorney (Jerald Mangan) convicted in 2006 of spying on a female colleague has had his license suspended for another two years after admitting to spying on a neighbor in his apartment complex." (more)

"All right, who said, 'Turkey'?"

When we last left Turkey...
• A possible Turkish Watergate scandal.
• “AK Party is eavesdropping” claims the opposition.
• Turkish opposition claims security forces bugged its headquarters.

Now, the rest of the story...
• CHP’s bugging allegations turn into bitter comedy.
When the Vakit daily published details of a private conversation between Sav and a former governor last week, Sav claimed his party's headquarters had been bugged. The CHP backed the allegations, reasoning that there was no other way the daily could have obtained such detailed information about the conversation. The CHP argued that a group close to the government within the police force was gathering intelligence for the ruling party.

In response to the accusations, Vakit said its reporter had called Sav on his cell phone for a statement on the day of the meeting and that Sav simply forgot to end the call on his cell when he received his guest, leaving the phone connected for nearly an hour. Records of the call from Turk Telekom and Sav’s cell phone company, Turkcell, seemed to verify this story, as they both showed a 44-minute connection between a phone at Vakit and Sav’s cell phone...

The secularist media, which had initially supported Sav, started calling for his resignation after it turned out that the Vakit scandal was caused by what they described as “his inability to use a cell phone properly.” (more)

Saturday, June 7, 2008

SpyCam Story #448 - Premature Ejection

Hong Kong - A suspected Peeping Tom was critically injured after falling 10 floors while allegedly spying on a woman taking a bath in her high-rise Hong Kong flat.

The man was a neighbour of the 28-year-old woman and had apparently scaled the outside of the apartment block to shoot film of her with his mobile phone camera, police said.

The woman screamed for her husband when she spotted the suspect, aged 44, who then slipped and fell, falling 10 storeys to the ground, according to police. (more)

World Spy News Roundup

The world is a busy place when it comes to spying.
Here is the action over the last few weeks...

Australia
• Government email spying plan under criticism.
• Government report... embrace "illegal", "deceptive" and "underhanded" espionage overseas.

Canada
• Was the bedroom of minister's ex really bugged?

China
• China calls computer spying claim ‘totally groundless’.
Video surveillance equipment will be installed at Beijing schools.

European Union
• In-flight spycams - one in every seat; software analyzes you.

France
Privy Privacy in Cannes - Madonna's unpaid $93,000 hotel bill over spying camera.

Germany
• Businesses across Germany spy on their workers.
• German spying scandals reawaken dark memories.
• Deutsche Telekom admits bugging phones of top management; then denies that it listened!
• The spying scandal affecting Deutsche Telecom continues to grow.
• Government gives police greater powers to monitor homes, phones and computers.
• Heinz Geyer, deputy head of former East German spy agency, dies.
• Lufthansa admits spying on journalist.

India
• Debate continues: Should Blackberry allow government security to spy on users.
• India practices unacceptably intrusive electronic surveillance.

Israel
• Israel frees Hezbollah spy for soldiers' remains.

Italy
Ferrari spying may still be an issue.

The Netherlands
• Netherlands banned electronic voting machines; "
eavesdropping risk".

Pakistan
Dueling wiretaps. Battle of the political phone bugs.

Poland
Lech Walesa angry with President Kaczynski about spying accusations.
• President Kaczynski denies ordering wiretaps on ex-prime minister Kazimierz Marcinkiewicz.

Russia
• Russia to demand Georgia ends spy flights.

Saudi Arabia
• 6 caught selling eavesdropping devices.

Sweden
• Swedish government may soon get power to spy on its citizens.

Taiwan
• National Security Bureau denied wiretapping telephone calls of officials and president.

Turkey
• A possible Turkish Watergate scandal.
• “AK Party is eavesdropping” claims the opposition.
• Turkish opposition claims security forces bugged its headquarters.

Uganda
• MP accuses government of spying on committees.

United Kingdom
• Government refused to investigate BT's covert wiretapping of thousands of customers.
• Cou
ncils admit spying on residents.
• Councils admit phone, e-mail spying.
• Bugging epidemic spreads - Vodafone fingered in new spying row.

• Top gadgets for spying on fellow SEO’s.
• Redcar hotel owner set up video camera to spy on couple.
• Government considering interception and data-mining all electronic communications.

United States
• Former S. Korean spy granted asylum. Had divulged illicit wiretapping of mobile phones.
• Court upholds conviction of Cuban spies.
• Study secretly tracked cell phone users outside US.
• Chinese expelled from the US for suspected industrial spying.
• Sheriff's Office disbands tarnished spy squad.
• Gutierrez possible victim of Chinese cyber spying.
• Former police chief accused of illegally bugging his secretary's office has pleaded guilty.
• P.I.'s In HP spying scandal fined.
• Billboards look back. Tiny cameras gather and analyze viewer's faces.
• Woman pleads guilty to aiding Chinese spy.
Rent-A-Spy - 3/4's of the U.S. intelligence budget now goes to outside contractors.
• Feds encrypt 800,000 laptops; 1.2 million to go.
• Ex-CIA official indicted over agency job for mistress.
• TJX staffer sacked; talked about lax information security.

Venezuela
• Hugo Chavez's move to boost internal spying in Venezuela.
• Chavez spy laws 'creating society of informers'.
Update! Chavez changes his mind. No new spy law.

Friday, June 6, 2008

New Bug Hides In USB Cable

A normal USB 2.0 cable?
Acts like a normal USB cable.
But, U BS and this SOB will UHF it up to several hundred feet away! UBF'ed.

A wired wireless eavesdropping device. Weird.

This bug is just one of scores of Internet-available eavesdropping devices. Bugs bugging businesses - happens every day.

So, who cleans up these problems?
SOP... US.

Monday, June 2, 2008

Reverse Phone Detective

"Find out the owner of any cell phone or unlisted number. Results include name, current address, carrier, and location details when available. Your search is 100% confidential."

But, guess what!

A 'Full Report' will cost you $14.95
A One-year Membership will cost you $39.95

Want to make sure no one can look up your number?
Want to opt out?
You guessed it!
That will cost you $4.95 :)
(more)

Bluetooth Bites

Bluetooth eavesdropping, and related security/privacy issues, are covered here on a regular basis. The following are from the new, and worth repeating, files...

Car Whisperer
"Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car."

Blooover II
"Blooover II is the successor of the very popular application Blooover (Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable). After 150000 downloads of Blooover within the year 2005 (since the initial release in at 21c3 in December 2004), a new version of this mobile phone auditing tool is on its ready."

"Besides the BlueBug attack, (Exploiting this loophole allows the unauthorized downloading phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things.) Blooover II supports the HeloMoto attack (which is quite close to the BlueBug attack), the BlueSnarf and the sending of malformed objects via OBEX." (more)

Friday, May 30, 2008

Corporate Security Directors. Make your job easier.

Get your employees to love you.
Distribute this NEW book...
"Staying Safe Abroad."

Ed Lee, a retired U.S. diplomat and
Federal agent, spent most of his years in the U.S. State Department as a Regional Security Officer (RSO) in Asia, Latin America and the Middle East, where he successfully kept diplomats, their families and U.S. interests safe from terrorism and crime.

In 2002, Ed
returned to the State Department as a senior advisor to help institute post-9/11 anti-terrorism strategies, retiring again in 2006. He then formed Sleeping Bear Risk Solutions, which provides investigative, emergency planning and staff security services. He also regularly delivers speeches on terrorism and international security to corporate and governmental audiences. (ISBN: 978-0-9815605-0-2, 360 Pages, $22.95)

Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World "is the best book yet on travel security. This book is one that should be read and kept in every traveler’s briefcase for reference.” — John L. Makowski, Director - Global Security, Briggs & Stratton Corporation

"Every person who travels, whether abroad or domestically, should own this book." — Martha Miller, Ph.D., Cross Cultural Trainer to U.S. Diplomats and Multinational Executives

P.S. - Employees... A free copy of this should accompany the plane ticket whenever your employer sends you abroad. Ask your Security / Personnel / Travel Department Director for a copy. It's the least they could do for you. If all else fails, buy it yourself.

Available from Amazon.comAmazon
or
Sleeping Bear Risk Solutions

If you are my client, I'll buy it for you!
Contact me for a
free copy. ~Kevin

Saturday, May 24, 2008

Victorian SpyCam Project - Finally Completed!

Preceded by a great rumbling, the giant auger burst the bounds of earth – New York and London were connected, as planned!

Hardly anyone knows that a secret tunnel runs deep beneath the
Atlantic Ocean.

This past week, more than a century after it was begun, the tunnel has finally been completed.

An extraordinary optical device called a Telectroscope has been installed at both ends which miraculously allows people to see right through the Earth from London to New York
and vice versa.


"...the Trans-Atlantic Telectroscope...started out as a dream project of the eccentric Victorian engineering entrepreneur Alexander Stanhope St. George.

Some called it a "folly." Others said, "shear madness." Even the greatest visionary of the age, Sir Arthur Conan Doyle, blustered, "But, I was just kidding!"

The nay-sayers were correct. The spycam tunnel – a camera just a little too obscura – failed.

But now, after
all these years, the tunnel has been fitted with a giant "electronic telescope" and
state-of-the-art technology, by his great-grandson!

The present-day Mr. St. George, resurrected the project and developed the Telectroscope after discovering his great-grandfather's dusty notes and diaries in an attic.

The tunnel entrances were reopened beside Tower Bridge in London and Brooklyn Bridge in New York.

Needless to say, many are excited at the prospects of "seeing" friends and relatives across the Atlantic. Imagine standing 3,460 miles away from your loved one and peep into the telescope to see them."

Humbug or Amazing?
You decide...
On view until June 15th.

UPDATE...
06/01/08 0253HRS EST COUNTERMEASURE'S COMPOUND
SURVEILLANCE CHOPPER PHOTO - ANALYSIS: USA SIGHTING CONFIRMED

DOUBLE UPDATE...
60/01/08 0023HRS GMT WHITEROCK DEFENCE SURVEILLANCE PHOTO - ANALYSIS: UK SIGHTING CONFIRMED

Tuesday, May 20, 2008

Before you upgrade your iPhone next month...

Scary stuff in the news...
"iPhones sold as refurbished units may contain personal data from their previous owners that, with a little leg-work, is readily accessible by new owners. These data include email, images, contacts and more.
...performing a “Restore” operation on the iPhone does not delete personal data from the device. Such information remains intact on the device after a restore, making the process unsuitable as a preparatory measure for iPhone resale or service. Apparently, Apple’s refurbishing procedure also does not delete the personal data.

There currently exits no viable, publicly available method for erasing personal data on the iPhone. Erasing your content and settings has no effect on whether a subsequent owner can recover personal information." (source)

Kevin's Reality Check
1. Go into Settings > General > Reset
2. Hit "Erase all Content and Settings."

This will keep your info from most people, but not forensic types with toolkits. They can access what doesn't get erased - the application screenshots. Screenshots are taken every time the Home button is pressed. Reason: to generate the zoom effect for the next time an application is accessed.

Still paranoid?
• Make new screenshots after you erase all content.
Still paranoid?
• Search the net for info on reformatting the phone's NAND.

Spook Vault Stuff - Data Loss via Optoanalysis

Researchers have developed two new techniques for stealing data from a computer that use some unlikely hacking tools: cameras and telescopes.

In two separate pieces of research, teams at the University of California, Santa Barbara, and at Saarland University in Saarbrucken, Germany, describe attacks that seem ripped from the pages of spy novels. In Saarbrucken, the researchers have read computer screens from their tiny reflections on everyday objects such as glasses, teapots, and even the human eye. The UC team has worked out a way to analyze a video of hands typing on a keyboard in order to guess what was being written. (more)

Wannaknowhowitisidone?
Reflections.
Observations.

Q&A Time - Radio Frequency (RF) Blocking

From a professional colleague...
Q. "I would like to know if there is any security film that can be applied to windows to help block RF emissions. I have heard of curtains that are made for purpose? not sure though? Any ideas would be appreciated. Thanks."


A. Their are all sorts of RF shielding materials on the market: window film, speciality glass, screening, wallpaper, paint, gaskets, curtains, beanies, etc. Each item, by itself, is not a very effective solution. Used in conjunction with one another, RF may be attenuated to a point where it solves a particular problem. The attenuation will not be 100% unless one constructs a fully shielded room (Faraday cage). In government circles these specially built rooms are called Sensitive Compartmentalized Information Facility, otherwise known as a SCIF. Even then, the slightest crack or deformed door gasket will allow RF in/out.

100% shielding becomes problematic when the application is eavesdropping countermeasures. Shielded rooms are ugly and expensive, and other methods are not 100% effective. In counterespionage and TSCM, the information is either protected, or it is not protected.

Monday, May 19, 2008

Blindsided

What do you think?
• Disrepair breeds disrespect.
• Focus on the expected, and the unexpected.
• Like deer, security would do well to look up.
• Kilroy had kids.

Chlorine for stagnant security thinking...
Our roof artist might have spent their time entering the building, planting bugs or stealing documents, instead of graciously exposing a security vulnerability.

Time to shake it up. Make sure 80% of your security budget isn't protecting 20% of your company's value.

The value ratio in many companies is more like 20% physical assets, 80% intellectual assets. Many security budgets protect in the opposite direction – which is like looking in the wrong direction.
(photo courtesy of spiggycat)

Sunday, May 18, 2008

Alert - Throw These Bums Out!

Bum One...
The FM analog wireless presenter's microphone – one of the Top 5 corporate eavesdropping threats. Why?
No secret. Radio waves travel. A quarter mile is the advertised standard. Interception of an FM analog signal is easy. Safer solutions exist. Throw these bums out.

Bum Two..
Any meeting planner who still uses FM analog wireless microphones for your sensitive presentations or meetings. Educate them. Give them a chance to change. If they don't, your sensitive meetings become Town Hall Meetings. Throw these bums out.


Bum Three...
Any security director or security consultant who does not point out the dangers of FM analog wireless microphones. They have an obligation to stand up to meeting planners and
AV crews. They have an obligation to recommend one of the several, more secure, options available. If they don't. Throw these bums out.

Bum Four...
These days, any AV production company that doesn't invest in digital, encrypted wireless microphones for their clients is stupidly cheap. For years, they hid behind excuses like "digital technology is not reliable enough," and "it lacks fidelity." Those days are over.

You pay these guys hundreds of thousands each year to produce your corporate events. The least they can do is update their equipment (a one-time investment).


They KNOW they are leaking your sensitive/secret information when they continue to use FM analog wireless microphones. Not upgrading to secure communications is negligence on their part. Demand secure wireless microphones, or... throw these bums out.

Bum Five...
YOU. If you are not part of the solution, as of this moment you are now part of the problem.

The New Wireless Mics Can Make Your Meetings More Secure.
Some even have encryption capabilities!

Lectrosonics (...and an Encryption White Paper)
Zaxcom
Mipro ACT-82
Telex SAFE-1000

Infrared Choices...
Glonetic Audio
PA-System
Azden

Q&A Time - GPS Trackers

This question comes from a novelist working on a plot.
We also receive similar inquiries from other folks
– corporate security directors to scared spouses!


Q. If a bad guy places a real-time GPS tracker on my hero's car, and knows my hero is a skilled investigator...

• Where might they put the tracker?
• Where might investigator not look for it, or find it?

And, is there a detector that would allow him to find it? The car is parked either outside or in a parking garage, and the bad guys have lots of access to it.

A. The best answer could come from Lo-Jack mechanics. They do this type of covert installation daily.

Real-time GPS trackers are very cool devices. They are small and may be secreted anywhere in/on a vehicle (in hollow body panels, atop gas tanks, inside bumpers, under seats, within dash panels, etc.). The real trick hiding the power connection and the two antennas properly.

For long-term tracking, a
connection has to be made to the car's 12 volt power bus, preferably where the connection can not be seen and the new power wire to the GPS device can not be seen. This part is fairly easy.

Next, get two radio-frequency signals to/from the tracking device...
• The satellite signal (to the device).
• The cellular signal (to/from the device).

A GPS antenna is required t
o receive the weak satellite signal...

(Either a standard size GPS remote antenna, or a much smaller GPS antenna)
Ideally, this antenna needs to "see" the sky. However, this doesn't mean the antenna will be visible to you.

A GPS antenna can "see" it's signal through non-metallic materials, like: back seat windows and decks, rubber material on bumpers, plastic tail-lights, etc. Make the antenna connecting cable look like the factory installed wiring and you're in!

The cellular GSM antenna is not as hard to position since it will work wherever a regular cell phone will work.

Again, hiding the cable is important. Imagine, embalming the antenna and cable in a car's undercoating; making it 100% invisible!

Caution: Do not position the GSM antenna cable near any of the car's audio wiring or you may hear the
GSM transmission noise through the car sound system... a definite tip-off that something ain't Kosher.
(small GSM antennas)
How to detect a real-time GPS/GSM tracking device?
• Physical search.
• Take car to an isolated area and use a real-time spectrum analyzer and look for the cell site registration burst transmissions.
• Keep a cell phone detector in the car. If it alerts on a regular basis, and there are no other cell phone users in the area, the problem might be a tracking and/or listening device in the car.

And, then there is the 'ol sharp stick-in-the-eye approach...
Blockers!
GPS Blocker
GSM Blocker
GPS/GSM/GPRS Blocker
(all are illegal, but available, in the U.S.)
~Kevin

The Geek Chorus Wails, "Beware VoIP. Shun GSM."

"Be careful what you say over that mobile phone or VoIP system."
The most widely used mobile phone standard, GSM, is so insecure that it is easy to track peoples' whereabouts and with some effort even listen in on calls, a security expert said late on Saturday at the LayerOne security conference.

"GSM security should become more secure or at least people should know they shouldn't be talking about (sensitive) things over GSM," said David Hulton, who has cracked the encryption algorithm the phones use. "Somebody could possibly be listening over the line."

For as little as $900, someone can buy equipment and use free software to create a fake network device to see traffic going across the network...

VoIP systems based on open standards are not encrypting the traffic, which leaves them at risk for eavesdropping, forged or intercepted calls and bogus voice messages, he said, adding that there are numerous tools for doing that, with names like "Vomit" and "Cain and Abel." (more)

Saturday, May 17, 2008

Wiretapping PI Pellicano Convicted

A Hollywood private investigator was convicted Thursday of federal racketeering and other charges for digging up dirt for his well-heeled clients to use in lawsuits, divorces and business disputes against the rich and famous.

Anthony Pellicano, 64, was accused of wiretapping stars such as Sylvester Stallone and running the names of others, such as Garry Shandling and Kevin Nealon, through law enforcement databases to help clients in legal and other disputes.

Pellicano was found guilty of all but one of the 77 counts against him. He looked at the judge with his arms crossed and didn't react when verdicts were read. (more)

Comverse - Smells like Sneakers

"Martin Bishop is the head of a group of experts who specialise in testing security systems. When he is blackmailed by Government agents into stealing a top secret black box, the team find themselves embroiled in a game of danger and intrigue. After they recover the box, they discover that it has the capability to decode all existing encryption systems around the world, and that the agents who hired them didn't work for the Government after all..."
...and now the news...

Friday, May 16, 2008

"My password is stronger than your password!"

"Oh, yea... Prove it!"
...even strong passwords can be cracked in seconds using an open source tool called Ophcrack.


Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days. (by Scott Sidel)

SpyCam Story #447 - The Neighbor

Q. "I am being overlooked by a neighbor's camera and was just wondering if there was a anything that could interrupt or jam the filming/picture of a WIRED night/day cctv. Any ideas would be much appreciated. Many thanks."

A. I love easy questions. Once you have tried all the civil things (a polite request to re-aim the camera, threat of filing a voyeurism complaint with the police, etc.) there is always the sharp stick in the eye approach.

Here is what other people are doing...
Ouch #1
Ouch #2
Ouch #3
Ouch #4
Ouch #5
Good luck!
Kevin

Wednesday, May 14, 2008

DIY Spy Tip #089 - "...with 'friends' like you..."

If you are still relying on Google to snoop on your friends, you are behind the curve.

Armed with new and established Web sites, people are uncovering surprising details about colleagues, lovers and strangers that often don't turn up in a simple Internet search. Though none of these sites can reveal anything that isn't already available publicly, they can make it much easier to find. And most of them are free.

Zaba Inc.'s ZabaSearch.com turns up public records such as criminal history and birthdates. Spock Networks Inc.'s Spock.com and Wink Technologies Inc.'s Wink.com are "people-search engines" that specialize in digging up personal pages, such as social-networking profiles, buried deep in the Web. Spokeo.com is a search site operated by Spokeo Inc., a startup that lets users see what their friends are doing on other Web sites. Zillow Inc.'s Zillow.com estimates the value of people's homes, while the Huffington Post's Fundrace feature tracks their campaign donations. Jigsaw Data Corp.'s Jigsaw.com, meanwhile, lets people share details with each other from business cards they've collected -- a sort of gray market for Rolodex data. (more)

Report: C-level execs more involved with security

The major data breaches that have received mass media coverage are driving so-called "C-level" executives to become actively involved in their organization's security policies, according to a new report from the (ISC)2.

There are several key "take-aways" from the report, titled "2008 (ISC)2 Global Information Security Workforce" and authored by Rob Ayoub, Frost & Sullivan's network security industry manager.

Ayoub told SCMagazineUS.com that these include the fact that C-level executives are paying attention to security...

"CEOs are asking their security professionals important questions about how they're prepared to not become another TJX," (answers) (more)

SpyCam Story #446 - The Diogenes Dilemma

NY - Matt Walsh finally had his day in front of the NFL, and as far as commissioner Roger Goodell is concerned, this chapter of the Patriots videotaping saga is closed.

Walsh, a former Patriots video assistant who last week turned over eight tapes showing the team recording opposing offensive and defensive signals, met for more than three hours with Goodell yesterday. In the commissioner’s view, he offered no new information worth reopening the league’s investigation into the Patriots’ videotaping practices.

Goodell said Walsh told him there was no tape of the Rams walkthrough prior to Super Bowl XXXVI. He said Walsh was unaware of any other violations of league policy, including the bugging of locker rooms, manipulation of communications equipment, or miking of players to pick up opposing signals...

He also told the commissioner that he had helped a small number of players scalp between eight and 12 Super Bowl tickets. (more)

Tuesday, May 13, 2008

From Spy Novels to CIA Papers

Washington, DC - Georgetown University’s newest addition to its special collections delves deep into the world of spies, espionage and secret intelligence...

Most recently, the university acquired a special collection from the family of the late Richard Helms, director of the Central Intelligence Agency from 1966 to 1973. Personal and professional papers and photographs paint a picture of a nation in turmoil from the Vietnam and Cold Wars – and how that turmoil forced U.S. intelligence gathering to adapt.

The library’s espionage and intelligence division stands as just one subset of an overall special collection that boasts 100,000 rare books and 7,000 linear feet of manuscripts in addition to art and other media. The division began in earnest 25 years ago with the Russell J. Bowen collection, comprising of thousands of nonfiction books on intelligence. Bowen had worked for the CIA as a senior foreign technology analyst in the areas of non-nuclear energy and illegal technology transfer.

Georgetown celebrated the new collection, which will be on display at Lauinger Library (Gunlocke Room) through May 31. (more)

Spycraft 101: CIA Spytechs from Communism to Al-Qaeda

Tuesday, 3 June; 6:30 pm
Rubber airplanes, messages planted inside dead rats, and subminiature cameras hidden inside ballpoint pens…

Science fiction? Q’s imaginary tools? Think again. These are just a few of the real-life devices created by the ultra-ingenious CIA Office of Technical Services (OTS).

In support of their new book Spycraft: The Secret History of the CIA’s Spytechs from Communism to Al-Qaedathe former director of OTS Bob Wallace teams up with internationally renowned espionage historian H. Keith Melton to reveal the amazing life and death operations of OTS, the CIA’s shadowy “wizards.”

Presented against a backdrop of some of America’s most critical periods of history—including the Cold War, the Cuban Missile Crisis, and the war on terror—this is a unique chance to go inside the hidden world of America’s “Q” and see many of the actual gadgets.

Rare devices including concealments, microdots, and disguises will be on display, and all attendees will have the opportunity to have their photos taken (bring your own camera please) with an authentic (and official) freeze-dried CIA rat designed for covert communications in Moscow. It will be a memento of the evening you’ll treasure forever!
Tickets: $20 • Members of The Spy Ring® (Join Today!): $16 (more)