PA Spycam Suit Settled - Lawyers Win

PA - A suburban Pennsylvania school district accused of spying on students using school-issued laptops has agreed to pay $610,000 to settle litigation stemming from its controversial practice.

Under the proposed settlement, the Lower Merion School District will pay $185,000 to two high school students who had sued the district earlier this year for allegedly snooping on them. The remaining $425,000 will go to attorneys fees. (more)

Business Espionage - Conference Call Eavesdropping

State Republican Party staff members eavesdropped on a conference call organized by party activists to strategize ways to convince GOP candidates adopt more of the party platform, according to several people who participated in the meeting.

S.C. GOP 1st Vice Chairman Patrick Haddon organized the call with party activists including Randy Page, Chad Connelly and Justin Evans. Organizers said the call was intended as brainstorming session for fall campaigns, and not to discuss party leadership or direction.

But when the call ended, the list of participants contained an unknown number. Organizers called the number and reached a phone within Republican Party offices. State party officials declined to discuss the conference call.

“No comment,” S.C. GOP executive director Joel Sawyer said. “I’m not confirming or denying anything.” (more)

To all Murray Associates clients, please re-read the Conference Call section of your reports again. This problem is real and surfaces in the news quite often. Thank you, Kevin

A New Suite of Phone Espionage Software

Phone Creeper V0.9 (BETA) for Windows Mobile Cell Phones - "This is a phone espionage suite. It can be silently installed by just inserting an SD card with the files below on it. The program does not show up under installed programs or running programs and allows for a useful array or features. Phones running this software can be remotely controlled by SMS text messages. All commands will be silently received and deleted immediately and results will be issued back to sender. Pre-configured settings can be added to the installer to have your own default password and phone number to receive live updates. By default, this program will silently reinstall itself even after a hard reset, if the memory card with these files is still in the device." (more)

P.S. There is even an Anti-Creeper app. Both are FREE but donations are solicited.

"Used car... or 'copter, Mr. Bond?"

Three James Bond sports cars – and one helicopter – will be auctioned Oct. 27 at RM Auctions’ Automobiles of London sale at the Battersea Evolution arena.

The highlight of the lot is a 1964 Aston Martin DB5 driven by Sean Connery in “Goldfinger”. There’s also the green 1998 Jaguar XKR driven by the villain ‘Zao’ in “Die Another Day” and the 1969 Lamborghini Islero GTS driven by Sir Roger Moore in “The Man Who Haunted Himself”.

The helicopter at stake is a 1960 Hiller UH -12 E4, which was flown by actress Honor Blackman in her role as Pussy Galore. (Its first time on film was for a 1963 movie called “The VIPs”, which starred Elizabeth Taylor and Richard Burton.) RM says the chopper will likely go for nearly £400,000. (moore, Roger Moore)

Time to Recycle the Quote of the Century

“The growing use of the electric automobile, with its many advantages of simplicity, ease of operation and noiselessness, has resulted in a demand for some means of conveniently charging the batteries.” — GE Bulletin No. 4772, September 1910.

SpyCam Story #585 - "Purely Platonic, your Honor."

GA - A man was arrested Friday for using his cell phone to take video of a woman in a dressing room.

According to a report released Saturday by the Athens-Clarke County Police Department, Vicente Bautista, 26 of Greensboro, Ga. was in the dressing area of the Plato's Closet located at 196 Alps Road shortly before noon. Police said he put his cell phone under the divider to tape a 36-year-old woman as she tried on clothes. (more)

Business Espionage - Bratz v. Barbie

Mattel Inc will answer accusations it spied on rival toymakers by infiltrating their private showrooms around the globe, after a U.S. court denied its motion to dismiss claims filed by rival MGA.

In an escalation of a long-running battle over MGA's popular "Bratz" dolls, MGA Entertainment Inc accused Mattel of gaining entry to toy fairs with false credentials to steal trade secrets. It says Mattel then concealed evidence about these activities, according to court filings.

MGA has accused Mattel employees of gaining access to private showrooms of toy makers -- including Hasbro Inc, Lego and Sony Corp -- armed with fake business cards and spy cameras, to steal price lists and other sensitive information. (more)

Legal Phone Taps Vulnerable to DOS Attacks

Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.

Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack. (more)

Business Espionage - This Zeus is no Cretan

The Zeus banking Trojan could be a useful tool in corporate espionage...

Zeus typically steals online banking credentials and then uses that information to move money out of internet accounts. In the past year, however, Gary Warner, director of research in computer forensics with the University of Alabama, who has been closely monitoring the various criminal groups that use Zeus, has seen some hackers also try to figure out what companies their victims work for...

"They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organisation."

That's worrying because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims' computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim's computer to break into corporate systems. (more)

Espionage Life in the Fast lane

Luxury car manufacturer Porsche has banned employees from using Internet sites such as Facebook, Google Mail or Ebay during office hours, for fear of industrial spying, German media reported on Saturday. Corporate security chief Rainer Benne told business weekly Wirtschaftswoche that the company feared information could be leaked via social networking site Facebook in particular.

The magazine reported that foreign intelligence agencies systematically used Facebook to contact company insiders and win their trust in order to obtain information.

Roughly a quarter of Porsche's 13,000 global employees use Facebook and other social networking sites, Wirtschaftswoche reported. (more)

Espionage Research Institute - Day 2

Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.

This is what I heard today...

• Need to track down Cellular, Wi-Fi or Bluetooth signals?

Berkerley Varitronics RF Detection Products probably has just the little handheld instrument you need. Each instrument, with its own weird name (Yellowjacket, Swarm, Mantis, WatchHound, etc.) handles a very specific chore. You only buy what you need. That keeps the costs down. Need a special enclosure, like hiding their contraband cell phone detector in a water bottle, or secreting an antenna in a pocket pen? No problem. Very cool Jersey engineering dudes.

The rest of the day, ERI members taught what they know... 

• Protecting Your Computer Network - Dr. Gordon Mitchell

• Laser Eavesdropping Techniques - Dr. Gordon Mitchell

• Alternative Power Sources for the Eavesdropper - Mark Clayton

• Android App Vulnerabilities - Charles Patterson

• 4G LTE Cellular Network - Russ VasDias

• Covert Store and Burst Digital Stereo Bug - Vicente Garcia

• Display of most of the TSCM instrumentation designed and built by Glenn Whidden (with commentary by Glenn). Instrumentation provided by J.D. LeaSure.
• Discussions about topics for next year's meetings.

The discussions continue tomorrow.

Thank you to our client family for adjusting your schedules to allow us time to attend this important meeting in Washington, DC. Tomorrow we are back on the road again completing visits this month to Virginia, Maryland, Ohio, Philadelphia, Anchorage, Boston, New York City, New Jersey and Illinois. ~ Kevin D. Murray

Kevin's Security Scrapbook is prepared fresh almost daily for the clients and friends of Murray Associates - Eavesdropping Detection and Counterespionage Consulting for Business and Government

Snuggly the Security Bear

A few posts ago, it was noted that the FBI is echoing the desires of several countries around the world about having backdoor keys to all communications encryption schemes. BlackBerry, Skype, etc. are seeing the beginning of the end of their privacy advantage. 

Some countries threatened to outright ban encryption they can't crack, but how can this concept be sold to the U.S. Congress? 

Political cartoonist Mark Fiore thinks he knows how it should be done. Pop over to his site for a few words (and an evil giggle) from his Snuggly the Security Bear.

Espionage Research Institute - Day 1

Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.

This is what I heard today...

• Need to make sure the people outside of your room can't overhear you?

Dynasound to the rescue. As they say, "These are not your father's white noise generators." Made to be un-filterable, this white noise is injected directly into construction materials (as opposed to vibrated in with old piezo-electric transducers). The benefit... walls, windows, ceilings and floors transmit the sound outward. People in the room can hardly hear it. Bonus... Need a temporary solution (as in a hotel) or need to move the permanent installation? No problem. The new transducers are easy to move.

• Want to have 24/7 monitoring of an area for certain types of bugging devices?

Global TSCM Group has an answer. Their multi-faceted monitoring system may be monitored anywhere via the Internet. It may not be the total answer, but it helps when securing Boardrooms and creating secure conference rooms.

• Need to control Wi-Fi and cell phone usage in your building?

AirPatrol can do it. Once their system is installed, you will know where every rogue laptop, unauthorized Wi-Fi appearance point and cell phone is... within six feet of its exact location, plotted on a computer map. Also, monitorable via the Internet. (PS - There is a whole lot more their system does. Visit their web site.)

Ok... Lunch break.

• Need portable secure storage for cell phones and tablets when everyone enters the top secret meeting? Hey, you never know whose cell phone is infected with spyware, turning their phone into a bugging device. Vector Technologies has the answer, and if the answer doesn't suit you, talk to them. They will make whatever you need. Bonus... It won't look like an old pirate's chest. They make really nice looking stuff with pneumatic lids! Independent testing labs certify effectiveness. Call 540-872-0444.

The rest of the afternoon, ERI members taught what they know...
• "Finds in the Computer World" - Dr. Gordon Mitchell
• "Access Control / Physical Security" - Mark Clayton
• "Building and Using a UV LED Light Source" - Dr. Gordon Mitchell
• "Adventures with Software Defined Radio" - Kevin D. Murray

More tomorrow...
(MJD, DC can be fun. Make the TSCM hajj next year.)

Thus spiking battery sales for adult toys...

Back in 2007, when the Dutch government announced that all 7 million homes in the Netherlands would be equipped with smart meters by 2013, it anticipated little resistance. After all, who wouldn’t welcome a device that could save both energy and money? But consumers worried that such intelligent monitoring devices, which transmit power-usage information to the utility as frequently as every 15 minutes, would make them vulnerable to thieves, annoying marketers, and police investigations. They spoke out so strongly against these ”espionage meters” that the government made them optional...

Of more than 9000 consumers polled in 17 countries, about one-third said they would be discouraged from using energy-management programs, such as smart metering, if it gave utilities greater access to data about their personal energy use...

It all sounds less paranoid when you consider that each appliance—the refrigerator, kettle, toaster, washing machine—has its own energy fingerprint, or ”appliance load signature,” that a smart meter can read. Anyone who gets hold of this data gets a glimpse of exactly what appliances you use and how often you use them. (more)

The Dregs of the Data Mine - Reality TV?

"300" writer Michael Gordon has sold a spooky surveillance project to NBC. The idea was spawned by the controversial U.S electronic eavesdropping apparatus ECHELON, a program that supposedly captures virtually all data signals for analysis at a central hub in West Virginia.

These millions of video, audio and data files are then disseminated to various federal and local law enforcement agencies for further investigation.

Now here's the twist from the show's logline: "There is, however, less than 1% of the data that nobody wants to touch. These are the classified video files that seem to have captured the unexplainable."

The show will center on a fictional team called G.H.O.S.T. (Global Hierarchical Observation Strategy Taskforce) whose assignment it is to investigate this paranormal data. (more)

Business Espionage - Selling Out

An Akamai Technologies Inc. employee was arrested and charged Wednesday with allegedly providing confidential business information over an 18-month period to a person he believed to be an agent of a foreign government.

Elliot Doxer, 42 years old, was charged in a complaint with one count of wire fraud, according to the Justice Department. The complaint alleges that on June 22, 2006, Mr. Doxer, of Brookline, Mass., sent an email to a foreign country's consulate in Boston stating that he was willing to provide any information that he had access to that might help the country.

It is alleged that in later communications, Mr. Doxer said his chief desire "was to help our homeland and our war against our enemies." He also allegedly asked for $3,000 in light of the risks he was taking.

The unnamed foreign government cooperated with the U.S. in the investigation. A Justice Department spokeswoman wasn't immediately available to comment. (more)

Business Espionage in Tasmania?

Tasmania, Australia - An overnight break-in in which burglars ransacked Aurora Energy's Hobart head office has puzzled police and company chiefs.

Only the second-floor commercial section of Aurora was targeted by the thieves, who cracked a secret safe and stole a small sum of cash.

Computers were accessed and documents strewn across the office...

Police have not ruled out corporate espionage as a possible reason for the break-in, which occurred either late on Monday night or in the early hours of yesterday...

Professor John McFarlane, from the Australian National University's Centre for Excellence in Policing and Security, said yesterday industrial espionage was not uncommon in the business world. "There have been very few prosecutions in Australia for this sort of activity, but that doesn't mean it isn't happening," Prof McFarlane said. (more)

Spy Rule-Book Update

The US Army updated its 17-year-old rule book on espionage to specifically require that troops alert authorities if they suspect classified leaks to the media.

The revision seems aimed at the service’s WikiLeaks debacle. Earlier this year, an Army intelligence analyst was charged with providing a classified video to WikiLeaks, an anti-war organisation that describes itself as a government whistleblower. (more)

Bugs in the Coffin

Canada - At the time of his kidnapping by the FLQ, Pierre Laporte was being monitored by the police as part of a probe into the Montreal Mafia that went as far as planting a microphone in his coffin after his murder, according to stunning revelations by a retired Sûreté du Québec wiretapping expert.

Claude Lavallée, who pioneered wiretapping techniques in Quebec in the late 1960s, said in a book to be released Wednesday (Révélations d’un espion de la SQ / Revelations of an SQ Spy - ISBN 13: 9782761927048) that the murder of the Liberal minister in October 1970 by the Front de Libération du Québec put an end to the investigation.

The author even claims that wiretaps caught a leading organized crime figure offering the Mafia’s help in finding Mr. Laporte before he was killed. (more)

Note to D.R.: Please start your book.

More Next Week...

Hi Folks,

I am off to the Espionage Research Institute annual convention in Washington, DC this week and will be speaking on SDR (Software Defined Radio) as it applies to counterespionage and eavesdropping detection.

This is the one time each year when eavesdropping detection specialists from all over the world gather to trade knowledge and socialize. It should be fun and I will report "the latest" next week when I return.

In the meantime, entries into Kevin's Security Scrapbook may be lean. Hang in there. It should be worth the wait. Have a cup of coffee.

Be seeing you,

Kevin

Turkish Sitcom - Fact vs. Sitcom

Turkey - Erzincan’s chief public prosecutor confessed to having wiretapped, albeit accidently, the prime minister on Saturday during the “32. Gün” (32nd Day) debate program aired by private TV station Kanal D.

According to Erzincan Chief Public Prosecutor İlhan Cihaner, “Had I given the telephone conversations of the prime minister [Recep Tayyip Erdoğan] to the media, the political composition in Turkey would have changed, and heaven and earth would have moved here.” The program’s host, Mehmet Ali Birand, asked whether he “witnessed” the phone conversations of the prime minister. In response, Cihaner said, “Yes, you could say so.”

Cihaner was arrested earlier this year on charges of membership in a terrorist organization. (more) (Turkish Sitcom)

Turkey has more than its share of wiretapping intrigue. I have been to Turkey twice on business and love the country, its people, food and history. I have yet to understand the wiretapping intrigue. But it happens. This is just one more story. P.S. If you would like a copy of Turkish Sitcom I will sell you my copy at half price. If you want your own, click Turkish Sitcom. (Trailer) "Kiss my Kabob."

Hard Time for "Die Hard" Director

"Die Hard" director John McTiernan was sentenced to one year in prison Monday for lying about his association with a private investigator to illegally wiretap a movie producer.

In a stinging rebuke of the 59-year-old McTiernan, U.S. District Judge Dale Fischer said he should receive a harsher sentence than the year recommended by prosecutors because he didn't accept responsibility for his actions. "The defendant doesn't think the law applies to him," Fischer said.

Fischer also ordered McTiernan to pay a $100,000 fine and serve three years probation. He will remain free on bond pending an appeal.
 
McTiernan previously pleaded guilty to lying to an FBI agent in 2006 about the investigation of private investigator Anthony Pellicano. Pellicano was convicted in 2008 of wiretapping film producer Charles Roven for McTiernan and of bugging the phones of celebrities and others to get information for clients.

In April 2006, McTiernan told Fischer he hired Pellicano to wiretap Roven. (more)

"Do spy shop gadgets really work?"

Once in a while I can point to a news event which answers the question.

...A former Shirley Town Administrator Kyle Keady, 46... is alleged to have victimized an undetermined amount of people, but largely Town Hall officials and employees. Via secreted pen cameras, digital recorders and a baby monitor, Keady is charged with possessing hundreds, if not thousands, of audio, still images and video images of unwitting town officials and employees. Many images are reportedly of women in various stages of undress. 

Keady led investigators to a baby monitor in the ceiling tiles above Town Accountant Bobbi Jo Coburn's office - the extension cord running to his office where it ran down a wall covered by maps to be plugged into the wall. A Sony digital recorder was discovered in a potted plant on the desk of Administrative Assistant Kathleen Rocco. But, causing the widest-spread grief, battery operated pen cameras were apparently systematically placed in the ceiling vent, aimed downward, above the second stall in the public women's room at Town Hall capturing any number of women, intended or otherwise.

The various digital medium used to warehouse the images were allegedly given up willingly by Keady upon request by State Police while investigators executed a search warrant on the second floor at 7 Keady Way - the Town Hall address on the roadway named in honor of Keady's father Daniel, a longtime town official. Nine thumb drives were found on a single key ring in Keady's pocket that he freely emptied, according to police reports.

Keady also allegedly granted police permission to search his vehicle and home. Nothing was found in his car but loads of pornography and seven boxes of digital recording devices were found at his home, along with another pen camera, several thumb drives and lurid, clandestinely attained Town Hall photos and videos. Keady also reportedly admitted to entering Rocco's home and photographing a drawer full of her undergarments without her knowledge or permission. ...Keady remains free on $2,500 cash bail posted in June. (more)

Eavesdropping Arrest - Spouse v. Spouse

NY - State Police in Watertown arrested Sean M. Walsh, 41 years of age, Fort Drum, NY 13602 (not a soldier) Town of Leray on 1 count of Eavesdropping, a Class E Felony.

Mr. Walsh engaged in 'mechanical' overhearing of privileged conversations between his wife, her family members, and friends while at their residence on Fort Drum during the time period of August/September 2010. (more)

Make Big Bucks at Home... Spying!

A controversial new website (interneteyes.co.uk) allowing citizen spies to plug into the nation's CCTV cameras and snoop from home was launched today. A £1,000 reward will be on offer each month for the video vigilantes who spot the most crimes. But civil liberties campaigners say the scheme is "distasteful" and encourages people to spy on each other. (more)

"Tony! Missile at six o'clock!"

Raytheon engineers show Iron Man suit - The new robotic suit enables the wearer easily to lift 200lb several hundred times without tiring and repeatedly punch through three inches of wood; yet, the suit, which was developed for the U.S. Army, is also agile and graceful enough to let its wearer kick a football, punch a speed bag, or climb stairs and ramps with ease. 

They unveiled the second-generation exoskeleton called XOS 2 at the company’s research facility in Salt Lake City, Utah.

The new robotic suit is lighter, faster, and stronger than its predecessor, yet it uses 50 percent less power. Its enhanced design also means that it is more resistant to the environment. (more)

National Security Aims Risk Shooting Foot

Paul Mah has something important for the FBI, all lawmakers and the rest of us to ponder. 

 "...the implementation of (encryption) backdoors is not a technically feasible idea. ...the presence of backdoors being built into existing software will prove to be completely irresistible to cybercriminals. And we're not even talking about foreign states yet, one of which is suspected to have created the extremely advanced Stuxnet worm. So yes, these backdoors will be cracked eventually, resulting in devastating consequences to U.S. businesses and interests." (more)

FutureWatch Prediction - Not all encryption will have a back door. 

Personal communications like phone calls and e-mail, yes. Government communications, no. A diplomatic pouch, even an electronic one, will remain a diplomatic pouch. Encryption in support of critical system infrastructures (like financial) will be licensed, with the proviso that the government can have the key under due process of law. 

Some things will never change. Governments will still crack. Criminals will still hack. Terrorists will won't care - they still have codes, cyphers and stenography. Businesses which take their counterespionage strategies seriously will fare better than those who do not.

Top Cop Attorney Fired for E-Mail Spying

The Ohio Department of Public Safety's former top attorney has been fired for snooping on emails to his agency from the state inspector general's office and an Ohio newspaper. Joshua Engel, who has been at the center of several high-profile investigations pitting his department against Inspector General Tom Charles in the past year, had intercepted emails since last October, said Public Safety director Tom Stickrath. (more)

SpyCam Story #584 - Intra-Family Abuse

KS - A Saline County man has been arrested after authorities say he videotaped his family without their knowledge. The man has been arrested on two counts of felony sexual exploitation of child and nine counts of eavesdropping.

By Thursday afternoon, sheriff's office personnel had reviewed hours of VHS tape that they had seized from the suspects home in Bridgeport. This all comes after his own step-daughter found a hidden camera in the bathroom and notified officials. (more)

SpyCam Story #583 - Pushed to Suicide

NJ - Rutgers University students wore black on Friday to remember a classmate who committed suicide as a lawmaker proposed stiffer penalties for invasion of privacy - the charge levied against the roommate accused of secretly streaming online video of the victim having sex with a man. (more)

When SpyCam Story #1 was published laws against video voyeurism didn't exist. Although many states now have laws, more has to done. I hate posting tawdry SpyCam stories, but do so to raise awareness. The victims deserve the support.

BlackBerry Responds to Government Monitoring

RIM co-CEO Jim Balsillie has no objections if companies that make use of its secure BlackBerry smartphones want to hand over their encryption keys to government officials. However, RIM itself has no way of providing the unencrypted content of the emails that passes through its network operating center (NOC), since it doesn't have the keys in the first place.

This was the most direct answer to date given by RIM in response to government sanctioned wiretapping, a topic that was brought to the front even as countries such as the United Arab Emirates and India have threatened to ban the BlackBerry service unless RIM accede to their demands to a backdoor into its encryption system. Other countries such as Lebanon, Indonesia and Saudi Arabia were reportedly considering similar steps. (more)

Are governments going to accept this explanation, or say with finger poking their lips, "You will change your NOC, Mr. Berry. Un-zip it." 
Stayed tuned.

FutureWatch - The Privacy Party is Over

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.

Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages. 

The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally. (more)

It will.

Corporate Espionage in India

India - Corporate espionage is on the rise in the country, with the digital medium offering an extremely fertile ground for its perpetuation.
An increasing number of companies are also hiring private detectives to keep tabs on both their employees and business partners. Detective agencies says they are flooded with strange requests from companies to plant spies in rival firms, to fish for confidential data, engineering designs, software codes or to manipulate rate contracts to favour their clients.

"An entire gamut of corporate espionage is happening around us and it is a huge industry by itself," says cyber law expert and supreme court advocate Pavan Duggal. On an average, detective agencies get 5 to 10 requests a day for such services. The fee could range from Rs 30,000 to a few lakh of rupees, depending on the complexity of the job.

"Such things are rampant and we get a lot of requests, though we do not entertain it as a matter of policy," says Ravi Kapoor, chairman of ACE Detectives. He says that usually a person is hired for the job who has access to passwords and other information. It could be a data entry operator, security personnel or even a driver.

"Hiring spies is prevalent in IT firms, especially where big tenders are underway ," confirms Manpreet Sidhu, head of Top Secret Detective Agency. (more)

Eavesdropping Suit Settled During Secret Phone Call

CA - After meeting in closed session by teleconference with attorney Susan Trager, Bighorn-Desert View Water Agency directors announced Tuesday night that litigation had been settled in an unlawful eavesdropping case brought by former director Maryan Barkley. The amount of the settlement was not made public. (more) 

What most people settle for... video.

"Ruff, ruff, I'm going to get tutored!"

VA - "The Danville Area Humane Society will have more options for spying and neutering dogs and cats belonging to residents of Danville and Pittsylvania County during the week of Oct. 11-15." (more)

Laser Eavesdropping - 50 year old technology...

...still amazing the newbies.
"Here’s a surprisly (sic) simple way to build yourself a laser-based listening device. It consists of two modules, a transmitter and a receiver. The transmitter is a set of lasers, one is visible red for aiming, and the other is infrared for measuring the vibration of a surface. Point the transmitter at the window of the room you want to listen in on and the laser can be reflected back to the receiver. The receiver module has a phototransistor to pick up the infrared laser light, and an LM386 audio amplifier to generate the audio signal sent to a pair of headphone. The need to be well-aligned which is easy enough using a pair of tripods. Check out the demo." (more) (more)

Spy Story #771 - Famous Last Words

"Let's go with the low bid on this sweep thing." 

(Corporate takeover victim. Not a member of the Murray Associates client family.)

OSS Memorabilia - Warning & Request

If you have been saving OSS memorabilia and would like to see it properly preserved, or you have inherited OSS items and don't know what to do with them, please consider the following message from The OSS Society in Washington, DC.

"OSS Artifacts — It has come to our attention that private collectors of OSS artifacts may have been identifying themselves as 'official' historians. The OSS Society does not have an official historian. If anyone identifies themselves as such to you or has done so previously, please contact us immediately.

The same collectors may be inducing OSS veterans and others to part with their OSS memorabilia by promising not to sell items donated to them or promising to return them and not doing so. It is also our understanding that collectors have not been properly documenting these gifts. Without such documentation, anyone to whom you donate OSS items is free to do with them as they choose, including selling them.

If you have OSS artifacts in your possession, The OSS Society would be honored to receive them. We respectfully ask that you consider donating them to The OSS Society and not to private collectors so that your donations can be properly documented and preserved. You can also rest assured that your donated items will never be sold or donated to a third party by The OSS Society."

If you have items that you wish to donate, please contact:

The OSS Society, Inc.

6723 Whittier Ave. 200

McLean, VA 22101
703-356-6667

oss ( at ) osssociety.org

The "Thousand Grains of Sand" Approach to Business Espionage

American counter-intelligence efforts are snagging more Chinese spies. This may be more because of increased spying effort by China, than more success by the FBI and CIA...

For over two decades, China has been attempting to do what the Soviet Union never accomplished; steal Western technology, then use it to move ahead of the West...

China gets around this by making it profitable for Western firms to set up factories in China, where Chinese managers and workers can be taught how to make things right. At the same time. China allows thousands of their best students to go to the United States to study. While most of these students will stay in America, where there are better jobs and more opportunities, some will come back to China, and bring American business and technical skills with them. Finally, China energetically uses the "thousand grains of sand" approach to espionage. This involves China trying to get all Chinese going overseas, and those of Chinese ancestry living outside the motherland, to spy for China, if only a tiny bit. (more)

In many societies, this activity is considered normal and patriotic. This highly organized info-harvesting for the sake of the tribe is not the norm in Western society. We have a difficult time fathoming this mentality. Our natural reaction is to treat the threat as unreal. Crime victims often mention this phenomena when describing their experience. 

Accepting the evidence is the first step in defending yourself from an international mugging. Put yourself in the other society's shoes for a moment. Think about it. Their strategy makes sense. Look around. Their strategy works. Accept the evidence. There is no reason for them to change tactics. There is every reason for it to continue and intensify.

They have a working strategy. You need a counter strategy, before your pockets are picked. Call us or the person who hosts Kevin's Security Scrapbook on their web site. Get a counterespionage strategy... while you can still afford one.

Eavesdrop on Cell Phones? Beware Divine Justice

A new study shows that the overheard half of cell phone dialogue can steal our attention from other tasks, with potentially dangerous outcomes.

Currently a doctoral candidate in psychology at Cornell University, Lauren Emberson and her co-authors recently published a study that helps explain why hearing only one half of a cell phone conversation is so aggravating, yet so captivating. The researchers argue that such "half-alogues," as they dub them, make for dissonant eavesdropping because they are unpredictable. The less information we glean from a conversation, the harder our brains work to make sense of what we hear and the more difficult it is to stop listening. The findings, published online September 3 in Psychological Science, further suggest that cell phone half-alogues demand more of our attention than dialogues and decrease our performance on other cognitive tasks—whether we are sitting at a computer in the lab, trying to read on the subway or driving a car. (more)

Low Tech Still Works - Bin Noc'ed Up

WI - A Racine County man is accused of spying on ATM customers with binoculars, and then using ID numbers to grab money from their bank accounts.

33-year-old Thomas Kasprovich of Mount Pleasant is charged with 27 felony counts of identity theft. 

Prosecutors said bank employees were the first to alert police that their ATM’s were being watched. Some victims told police they never closed their ATM sessions when they drove away, and Kasprovich allegedly tried to get money. Video from a convenience store was eventually used to arrest the man. (more)

What's Worse Than One 'Cash Cab'?

3,024 Spy Cabs!

Apparently not content the with the more than 2.75 million surveillance cameras they already have blanketing public spaces, Chinese security forces have decided to push a new frontier in video-assisted vigilance.

According to a recent Xinhua report, authorities in Wuhu, a city of 2.3 million in Anhui Province, are installing security cameras in all 3,024 of the city’s taxis–much to the dismay of the local cab-riding public. (more) (sing-a-long)

Hand-Powered Paper Shredder

Shredsors - 9-blade portable shredding scissors 

• Perfect for destroying junk mail, bank statement, old credit cards, top secret memos and photos of your ex!
• Easy grip plastic handle with 9 metal shredding blades
• Size: 7-1/2" long x 1" thick blades (19 cm x 2.5 cm)
• Not a toy: use only under adult supervision 
• (more)

The Pit and the Password Pendulum

via Risks-Forum Digest Monday 20 September 2010 Volume 26 : Issue 17
"The discussion about overly complex password rules reminds me of sage advice that Digital once published in a VAX security manual. I'll paraphrase: The definition of security must be broad. Security aims to see that authorized users, and only authorized users, succeed in doing their jobs.

The modern definition of computer security seems much narrower. It focuses on preventing unauthorized uses, and malware. If security procedures hinder authorized users from doing their jobs, security still succeeds under the narrow definition, but fails under Digital's broader definition.

An onerous password policy is a form of denial of service attack. 

Might things improve if we made security people responsible for productivity of the good guys as well as denial of the bad guys?"

--------

Also…
An additional irony of keyloggers is that the bad guys can typically see your password better than you can, since they don't have every character replaced by a black blob. Only a very few programs (7-Zip, when asking for a password on a protected archive, springs to mind) allow you to check a box to say "I do not fear Tempest scanning, and there is nobody else in the room. Please let me see this password as I type it." 

To impose passwords like fH%JK43-oe9 and then prevent people from seeing what they're typing is just sadism. It must cost millions per year in password reset costs, even with automated delivery of new passwords to e-mail addresses. 

I've added this functionality to the Web applications which I maintain. I suggested its addition to a site which I use frequently, where I have contact with the development team, and which has no major, banking-style security issues. Their reply was, "We've decided not to do this, because it's not an industry-standard practice". 

Review your password policy. Make some innovative improvements. The easier it is for employees to use, the more effective it will be. Here is your mantra for the day, "Death to passwords on sticky notes." Come on, say it! 

Ear Mullets with Eyes

Pecker would have loved this. "Looxcie is always on, continuously videoing – there's no record button. When you experience something you want to share, just click the Instant Clip button to save a clip of the last thirty seconds." Great for cyclists who want to document harassment by other vehicles, or their last wipe out. Private investigators and corporate espionage types will find it helpful as well. Video clips are transmitted to your cell phone via Bluetooth, ready for instant transmission to your social notwork. (more)

Why do I mention it?

So you will know what your are up against.

Quote of the Week - On NSA Extroverts

"Last NSA party I was at was pretty boring, it was full of NSA extroverts, they were too busy looking at everyone else's shoes!" ~ William Knowles

Hope everyone finds a better party this weekend.

"Might as well admit it, we're addicted to bugs."

John Locke, a professor of linguistics in New York... Eavesdropping may be socially unacceptable in many quarters, but it is hardwired into us. I think of social eavesdropping, 'recreational eavesdropping' if you like, as actually irrepressible. We have an evolved appetite for information about the personal and private lives of others. Professor Locke has been studying the history of the subject for a new book - Eavesdropping, An Intimate History. (more) (sing-a-long)

Blackberry agrees to government access... Now, what are governments doing with this information?

Rows over whether several emerging countries can effectively intercept Blackberry smartphone messaging have turned attention to how state spy agencies access electronic communications. For business users, the main question is not whether messages can be read but whether that information will then be used for commercial ends. (more) A long but comprehensive look at how different countries use their electronic communications intercepts.

SpyCam Story #582 - The Deep Six

A man who objected to a CCTV camera keeping watch on his bedroom window from the house opposite appeared before a judge – for stealing the camera and throwing it in a river. The camera had been installed in the empty house opposite Christian Lord’s home... 

He and his girlfriend didn’t like the 24-hour monitoring of their movements, so he broke in and removed it. The 35-year-old pleaded guilty at Carlisle Crown Court to a charge of burglary and the theft of the £1,500-worth of surveillance equipment. 

The judge said, "While in no way can I condone your actions, this is far removed from a typical case of burglary. It seems you did it just to stop yourself being snooped upon.” (more)

"Hey, boss. Check your office lately?"

Monster Worldwide, Inc., recently polled its U.S. visitors to gauge their feelings towards bosses... The August poll also asked Americans that if they could spy or eavesdrop on their boss without getting caught, would they? 

More than half of the 2,153 respondents (57 percent) said they want to know what their bosses are saying about them behind closed doors. Only 12 percent say they would not eavesdrop on their boss because they are afraid of what they might hear. (more)

Funny, this mirrors our eavesdropping detection findings. About half of the corporate eavesdropping cases we solve are "inside jobs." 

If you haven't checked your office lately, give a call (from somewhere other than your office) to the person who hosts Kevin's Security Scrapbook in your area. These counterespionage specialists are friendly, smart and really good at solving this type of problem. You can also contact me directly.