Business Espionage: Arrest for Unsportsmanlike Conduct

UK - A third person has been arrested by police investigating allegations that people acting for Premier League soccer club Tottenham spied on officials during the club's failed bid to take over London's Olympic Stadium after the Games.

Tottenham has been accused of ordering surveillance on the London Olympic executives who eventually chose the bid of rival London club West Ham to take over the stadium.

Since August, London police have been investigating allegations of wrongdoing in the bidding process that were made by West Ham and the Olympic Park Legacy Company, whose board members decide the future of venues on the site of the Games. (more)

SpyCam Story #634 - The Busted Busman

NH - The former Provider bus driver charged with sexually assaulting two boys riding his school bus allegedly filmed those assaults with hidden cameras, according to recently unsealed court documents.

The documents, an affidavit and inventory regarding a Sept. 28 search at the home of John Allen Wright, 45, of Milton, allege Wright used a number of cameras hidden in pens and a pair of sunglasses to film encounters, both sexual and not, on his bus... a pair of spy-camera sunglasses and directions on how to use them were found in Wright's living room, along with a number of pens containing hidden cameras. (more)

SpyCam Story #633 - "A big troop cheer for the FBI!"

MI - Scott Allan Herrick, 40, of Twin Lakes, Michigan, was sentenced to serve 95 years in prison, U.S. Attorney Donald A. Davis announced today. Herrick surreptitiously videotaped boys as they were dressing in the boys’ locker room in the YMCA in Muskegon and kept a massive collection of 100,000 images of child pornography with him at the Gerber Boy Scout Camp in Twin Lakes, Michigan. He was convicted at trial of three counts of attempting to produce child pornography. On the first day of trial, Herrick pleaded guilty to two counts of distributing child pornography and one count of possessing child pornography...

The Honorable Paul L. Maloney, Chief U.S. District Judge, presided over the trial and sentencing... sentencing Herrick to 1140 months (95 years) of incarceration...

Herrick was the camp director for Gerber Boy Scout Camp in Twin Lakes, Michigan. Herrick also worked as a pool safety instructor for third grade children at the YMCA in Muskegon, Michigan. Herrick was trading child pornography and was discovered during a series of undercover FBI operations. On July 1, 2010, FBI and Homeland Security Investigations-Immigration and Customs Enforcement (“HSI-ICE”) agents executed a search warrant on the Gerber Boy Scout Camp and discovered evidence of child pornography. Herrick was arrested on July 8, 2010, and has been held in custody since. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Peter Shankman on Situational Awareness - A Cautionary Tale

How One Bit of Stupidity Could Have Brought Down a Multi-Million Dollar Media Company - An (abridged) true story, by Peter Shankman, who has a better grasp of business espionage than most executives.

Everyone is always concerned about digital espionage. “My account was hacked!” “I clicked on a bad link!” “Fifty million credit card numbers were stolen!” The fact is, however, that digital espionage is the least worrisome thing for the majority of companies. The chances of your company getting “hacked” and information being stolen is minimal, compared to getting in trouble due to the stupidity of your employees.

I was flying home this past weekend from Florida. I got into my seat and got settled. My seatmate sat down, an older gentleman in a suit and tie...

I happened to look over to my left, and this man was reading a huge binder. Had to be at least 100 pages, if not more. He was on the first few pages. I looked over, and in giant letters, it said “KEY INVESTMENT HIGHLIGHTS.” That caught my interest, as it would anyone. Within five words, I realized that he was reading an overview of a very large media company – In another thirty seconds, I’d put it together – This guy worked for a company that was hired to help this very large media company sell themselves. In other words, a company that produces both online and offline properties, that you probably read every week, was up for sale.

My seatmate couldn’t have been more clueless. He had his headphones on, enjoying his silence, while flipping pages in this binder, taking notes, not looking up, not aware of his surroundings in the slightest...

He spent an hour of the flight on several pages that were titled “Liabilities” – It was all proprietary information about problems the company was having, and how they planned to fix them. Unreal...

...the man sitting next to me was reading proprietary information, information that could be very, very damaging to this company if in the wrong hands, and he couldn’t have cared less about it. When I landed, I confirmed it. This was extremely private information.

I’ve often said that privacy doesn’t exist, that we all need to be smarter, that instead of working on new ways to gain more fans, perhaps we should take a day and work on situational awareness!

I decided to see how out of it he really was, and also prove a point. Check this out.


Heavily Redacted by Me

This is one of a handful of photos I took with both my iPad and my Droid. Just to see if I could, which obviously, I could.

The man next to me caught a break that day. I’m not a dick. I’m not going to name the company, nor the company he works for (which was on the bottom of every page of the report.) But I have a feeling I’m in the minority here.

Guys, we have to be smarter than this. We simply have to. We can’t afford not to. Here are four tips on how to be:

1) Assume you’re always being watched. Assume everything you do can be watched, and probably is. You have to assume this for everything, from your work life to your personal life. It means you’ll be seen doing anything stupid that could get you in trouble, from doing drugs with people you assume are friends, to meeting someone for insider information in a parking lot. It’s too easy to get caught nowadays.

2) Assume most people are much less nice than me. I knew immediately what I was looking at, and also that I’d never go public with the information... I’m not saying don’t be nice to people you meet – But don’t start sharing information with people until you truly trust them. In other words, enter every interaction with a healthy dose of cynicism. That’s not a bad thing. It’s a smart thing.

3) It’s always little things that will nail you. You have any idea how many times I’ve been in an airport or hotel lounge, when I’ve heard someone spouting off their credit card to the person they’re talking to? Or explaining, step by step, their entire itinerary, while their home address sits on their luggage?... We need to pull our heads out of our collective smart-phone asses and start realizing what the hell is going on around us!

4) As always, alcohol comes into play. Some of the most fun I’ve ever had in my life has come at events where I’ve stayed sober... I still say the best way to get drunk is with a trusted friend, in your own home. Anything else just asks for trouble.

I’d suggest that we make 2012 the year we become smarter – But I’ve been suggesting that for years. And it never seems to happen.

We need to be smarter. (unabridged version)

From our "You Can't Make This Stuff Up" files...

A Polish military prosecutor has shot himself in the head during a break in a press conference at which he was defending his office against allegations of illegal wiretapping. (more)

SpyCam Story #632 - Darwin Award to Video Voyeur

Australia - A man who secretly filmed his housemate showering is ashamed and embarrassed about what he did, a Northern Territory court has been told.

20 year old Jayden Trevitt, 20, cried in the Darwin Magistrates Court as he was given a two-month jail sentence, which was then suspended.

Trevitt had pleaded guilty to filming his housemate on his phone while she was showering. He secretly filmed her from outside a bathroom window on five separate occasions last year. (more)

SpyCam Story #630 - The Road to Woodinville

WA - The husband of a Juanita High School (girl's) volleyball coach has been charged with voyeurism in a case involving many of the coach's players.

Kirkland resident Steve C. Meeks, 23, is accused of videotaping five victims while in a restroom during a non-high school sanctioned team sleepover on Nov. 5, according to charging documents...

Meek's wife, who was a coach for the Juanita High School volleyball team and a former coach of the Kamiakin Junior High volleyball team, arranged for the Rebel volleyball players to have a sleepover at her father's Woodinville warehouse...

During the evening, a hidden video camera was spotted in the ceiling tile of the woman's bathroom by a 17-year-old high school student as she was using the toilet. (more)

Why mention these incidents?

To give show the depth of the problem. (Remember, these are only the failed attempts.)

To give you clues as to where people hide spycams, so you can protect your own privacy.

P.S. King County detectives later found there were actually more than one camera. "We found two hidden cameras – one hidden above the toilet and the other in the ceiling tiles," said Cindi West, a spokesperson for the King County Sheriff's Office, noting the cameras were not wireless and were part of a retail home security system. "There were wires running through the ceiling and it was connected to a DVR (digital video recorder) in another room … There is quite a bit of investigation involved with this case."

P.P.S. Not fur nottin', but... If the warehouse is owned by Ms. Meek's father, and the cameras were part of a hard-wired, overall security system, lawyers might want to check the old man's pockets for depth, and him for culpability. Just a thought. 

Hey, ever see The Road to Wellville? Some things never change, do they?

SpyCam Story #631 - Pfuhl Hides SpyCam at Work

NM - A businessman from Rio Rancho, in jail, accused of using a hidden camera to watch his workers go the bathroom. Richard Pfuhl owns Fine Line Home Inspection...

Back in November, two women who worked for him say they saw a camera behind a vent and called the cops. They say they also found recording equipment inside Pfuhl's bedroom and DVD's of women using the bathroom. (more)

Pocket 3G Spy Car (Yes, it rhymes with noodle.)

This just in...

Click to enlarge.

 from the seller... "See live video on your Mobile phone from anywhere in the world. No time limit no distance limit No internet or IP address needed. Just simply call your 3G camera and see live video of your home, office, car, or even your Nanny." (more)

Why do I mention it?

So you will know what you're up against.

Social Engineering Attacks on the Enterprise in 2012

Amit Klein, CTO for security company Trusteer has just published his predictions for cybercrime trends in 2012... The following is one of his observations for the year ahead:

• Personal information, disclosed on social networks, will be used in social engineering attacks against the enterprise. Fraudsters, all too aware of the valuable intelligence freely available on social networks, are starting to mine these data sources, capturing the personal details needed to successfully complete social engineering attacks. Trusteer predicts this will manifest itself over the coming year as an enterprise issue.

Example: The "mark" might receive an email from someone who claims to be an old high school classmate. The email has a link to an invitation to a class reunion, except that the link really goes to a website that surreptitiously drops a keystroke logger on the unsuspecting person's computer.

Criminals are finding it easier than ever to create a pretext using the unprecedented amount of personal information that people willingly publish about themselves on Facebook, LinkedIn and scores of other social sites...

In the case of attacks against enterprises, every employee is a viable target, from the people in the mailroom to the ones in the corner offices...

Security Tips...

• Train employees to recognize and avoid phishing and other social engineering attacks. Good educational products are available from PhishMe and Wombat Security Technologies.

• Restrict the use of company email addresses for business use only. Encourage employees to use a personal email account for everything that isn't related to company business.

• Implement strict security rules to filter out spam and phishing messages. Wombat has an anti-phishing tool called PhishPatrol that specifically catches phishing and spear-phishing emails. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

iSnitch, ilLumiaNaughty & RIMshot Cell Out

India - Apple, Nokia and Research In Motion (RIM) gave Indian intelligence agencies secret access to encrypted smartphone communications as the price of doing business in the country, according to what appear to be leaked Indian government documents.

The purported documents, if they are real, indicate that the smartphone giants gave India's Central Bureau of Investigation (CBI) and Indian military intelligence "backdoor" tools that would let the Indian agencies read encrypted emails sent to and from RIM's BlackBerrys, Apple's iPhones and Nokia smartphones...

A "decision was made earlier this year to sign an agreement with mobile manufacturers (MM) in exchange for the Indian market presence," the military intelligence document reads. (more)

More Video Voyeurism Laws Coming

FL - Last summer, Rep. Dana Young heard about the two Bulgarian women who found hidden cameras inside their west Hillsborough apartment.

The part that surprised her most: Video voyeurism is only a misdemeanor.

"You can destroy someone's life, their career, without their even knowing they've been put on video," said Young, a Tampa Republican.

Spurred by that case and others, Young is pushing legislation that would toughen the penalties in video voyeur cases. Currently, a first-time violation is a misdemeanor, punishable by a maximum one-year jail sentence and $1,000 fine. House Bill 215 would make it a third-degree felony, which increases the maximum punishments to a five-year sentence and $5,000 fine. (more)

The Spy Who Helped Us - RIP

 Gevork Vartanian, a Soviet intelligence officer who helped prevent a Nazi assassination plot on the leaders of the U.S., the U.K. and the Soviet Union, died yesterday at the age of 87, Russian state television Vesti 24 reported...

At the age of 19, Vartanian was among the officers responsible for blocking a plot by Adolf Hitler to assassinate Soviet leader Josef Stalin, U.S. President Franklin D. Roosevelt and British Prime Minister Winston Churchill at the Tehran Conference in 1943, Vesti reported on its website. (more)

SpyCam Story #629 - Holy Water Cam, Batman

UK - A church youth leader has admitted spying on a young man while he was in the shower during a visit to a faith camp.

Mark Pennell, 37, admitted filming the man when he attended the East of England Show with other members of the church in August. The court heard how the victim became suspicious of Pennell, a youth leader, after he repeatedly showered next to him... the victim noticed a glow coming from a mobile phone... in a gap between the floor and the cubicle. (more)

How to Handle a Web-site Hack Attack Gracefully

As you may have heard, Stratfor (a respected global intelligence web site) was the victim of an embarrassing hack attack last month. They are now getting back on their feet.

An e-mail I received from them this morning began, "We are happy to announce that our website is back online, and temporarily free for everyone. Visit Stratfor.com..." What followed was a sincere full disclosure and apology from their CEO, George Friedman via print and video.

Take some time today to make sure your web site is locked down. But, should you have a problem some day, this is the way to handle it...

SpyCam Story #628 - How to Push a Perv's Hot Button

An on-line review via The Nerd Gereration

"This is the coolest spy gadget I have ever used. This tiny keychain fob poses as an automatic door unlock/panic for a car. In actuality it is a tiny albeit powerful camera capable of snapping photographs at 640 x 480 resolution and recording video in AVI format. I figured the photos and video I got with this little device would be blurry and useless in real world spying practices.

I took the camera out on a couple secret missions and compiled a plethora of photographs and video files. When I arrived at my home base I plugged the device into my computer and downloaded the files from the 4 GB micro SD card (a small cable allows xfer without worrying about a card reader).

I was absolutely floored with the quality of images and video this camera took!  

I figured the video would not have any audio, but there it was! Crisp and clear! How is this possible? Technology my friends… and it’s awesome." (more)

Security Director Alert — Use of these inexpensive, yet high-quality devices in restrooms, employees showers and changing areas is now a serious workplace issue. The lawsuits are just beginning to roll out.

You are the deep pockets in this scenario, and just one spycam can spawn dozens of employee lawsuits.

FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Solution — Your organization needs to show pro-active due diligence. Conduct periodic inspections of your facilities. Call us for further advice and pricing.

Spycam Story #627 - SpyCam Incident Settlements Top $600,000.00

PA - A suburban Philadelphia school district has settled another lawsuit over its alleged spying on students through laptop webcams.

A lawyer says Joshua Levin has settled his lawsuit against the Lower Merion School District. Lawyer Norman Perlberger tells The Philadelphia Inquirer (http://bit.ly/uihP4S ) the 2009 Harriton High School graduate will get more than the $10,000 offered to some other students, but says he can’t specify the amount.

The district has paid more than $600,000 to resolve litigation over software that allowed school employees to remotely activate webcams to track missing computers. (more)

SpyCam Story #626 - The Slime of the Ancient Sub-Mariner

A 40-year-old man has pleaded guilty in the Perth Magistrates Court to covertly filming more than 40 women while they were showering in backpacker hostels across Perth.

Allyn Wilson Fitzgerald used his iPhone to record 70 video clips of women in showers over a 12 month period.

The court heard Fitzgerald was a former serviceman with the Australian Navy and was suffering from post-traumatic stress disorder. He had been a submariner for 12 years. (more)

Top German cop uses spyware on daughter, gets hacked in retaliation

A top German security official installed a trojan on his own daughter's computer to monitor her Internet usage. What could possibly go wrong?

Nothing—well, at least until one of the daughter's friends found the installed spyware. The friend then went after the dad's personal computer as a payback and managed to get in, where he found a cache of security-related e-mails from work. The e-mails, in turn, provided the information necessary for hackers to infiltrate Germany's federal police.

Wait, it gets worse...

The hackers got into the servers for the "Patras" program, which logs location data on suspected criminals through cell phone and car GPS systems. Concerned about security breaches, the government eventually had to take the entire set of Patras servers offline. (more)

Cellphone Spying Getting Easier for Abusers, Stalkers

NJ - “You could now listen in 100% completely undetected” — that’s the promise one company makes on its website to anyone who wants to eavesdrop on someone else’s cellphone.

Spy technology is now available to the average person who wants to glean cellphone information, read private emails, and track someone’s location using global positioning systems. And increasingly, experts say, the technologies are being used by spouses and partners to track, harass and stalk... 

“Any time you have technological advancements, you also have the downside that comes along with it as far as privacy is concerned,” said Kevin D. Murray, a consultant on eavesdropping detection and counterespionage services, based in Oldwick, NJ.

Murray, who advises business and government, said people who are concerned about privacy or who transmit sensitive information should know that smart phones are vulnerable. Someone with access to a smart phone can load spyware on it within minutes.

He urges wary individuals to restrict access to their phones by using a strong and unique password and by always keeping their phone in sight. Another form of protection, he said, is to use an old-fashioned phone without Internet capabilities. Phone companies, he said, aren’t likely to improve security because it’s not in their financial interest, since they make money from transmissions.

Many of the companies that sell spyware are based outside the country, making them tough to prosecute, Murray said. (more)

Killers who shot dead debt collector jailed after he 'bugged' his own murder

You can't make this stuff up...

UK - Two lovers were jailed yesterday after their murder victim 'bugged' his own clothing (apparently using a cell phone) before his brutal death. Scott Davidson, 23, was sentenced to life imprisonment whilst his 19-year-old girlfriend Rachel Horton will serve eight years in a young offenders' institution.

Martin Ithell, 49, was shot and stabbed in the neck eight times after he was invited round by the pair to collect an outstanding £26,000 loan with the pair oblivious to the recording device he had strapped to his body.

As Ithell’s friends eavesdropped round the corner from the couple’s house, they heard Mr Ithell ask them: 'Hi, have you been doing some painting?' before a shot rang out and the line went dead. (more)

Home SpyCam Success Story

PA - The man who was arrested after police said surveillance video caught images of him breaking into a Brookline home on New Year's Day told detectives Thursday that he also broke into the home in the fall.

Raymond J. Walsh, 50, of Brookline, now faces additional charges of burglary and theft. Mr. Walsh was arrested Sunday after a woman's surveillance system sent her electronic alerts that included time-stamped photos of a man walking through her home in the 1400 block of Bellaire Place.

When detectives interviewed Mr. Walsh Thursday, he admited the New Year's break-in and also said he broke into the home at the end of September and stole $100, according to a criminal complaint filed in court. (more)

One Man Makes the Corporate Security World Less Secure Today

Mark Cheviron didn't come into work today. He retired yesterday, after 30+ years as Corporate VP - Director Corporate Security & Administrative Services at ADM (a Fortune 39 company with 30,000 employees). 

In some respects, corporate security everywhere is less secure today for losing his leadership and innovations, which he freely shared with the community. 

On the other hand, he single-handedly re-invented the modern corporate security department and left us a model for future generations to follow.

Mark was the first security director ADM hired. Immediately, his one-man department began to grow. Today, the security department has many specialized sub-departments, each staffed with some of the best investigators I have ever met. They handle cases all over the world, and have personnel permanently stationed overseas. 

I've had the chance to watch the growth of this security department from almost Day One. Here are the secrets to Marks' success from my vantage-point. I am sure there is more to it, but you'll have to ask Mark.

1. Make sure the security department is a company profit-center, and document your profitability. There were several years where I saw millions of dollars returned to the company due to Mark's efforts. For all I know, he did this every year.

2. Employ honest, talented, hard-working people to assist with the task. Inspire them, and hold them to account. 

His inspiration was infectious. Accountability to him was a welcome part of the package. He made you want to be your best, at all times. 

During these last two years at ADM, he made a concerted effort to get his team ready to carry on successfully once he retired. Why? Because, from Day One, right up until the end, he had pride in his work and he cared.

That's it. Two secrets to corporate security department success. Simple, right?

After my first five years with Mark, I understood his methods and vision. I told him, "You have the hardest working, most productive security department I have ever seen." Today, I can still say, "You have the hardest working, most productive security department I have ever seen," without anyone thinking I am being self-serving. Feels good.

I don't know if Mark is interested in acting as a consultant to corporate security departments looking to restructure and become profit-centers, but if he does, open the corporate vault. It will be worth every million you pay him to get what he knows.

~Kevin

FutureWatch: Help! - A security app to record your demise.

via gizmag...

Help! Users of the app would activate it simply by touching an icon on their home screen, whenever they found themselves in what could become a dicey situation - such scenarios could include being at a protest that is threatening to become a riot, being followed on the street at night, getting into an altercation with another person, or anything else that could escalate into a problem.

When the icon was pressed, the smartphone would surreptitiously begin recording audio and video, and sending it to a remote server. Once the connection to the server was broken (by the app being turned off, the phone's battery dying, or perhaps by the phone being violently smashed), an email would be sent to up to five preselected personal contacts. This email would tell them that the user possibly needed help.

Care to help Help!?

The developer of Help!, Joseph Reilly, is currently raising development funds for his app on Kickstarter. He plans on starting out with a version for Android devices, with an iOS version soon to follow, if funds allow. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

PI excuse 2012: "I lost the guy in the crowd." 2020: "What crowd?"

Scientists have made an entire event impossible to see. They have invented a time masker.

Think of it as an art heist that takes place before your eyes and surveillance cameras. You don't see the thief strolling into the museum, taking the painting down or walking away, but he did. It's not just that the thief is invisible - his whole activity is.

What scientists at Cornell University did was on a much smaller scale, both in terms of events and time. It happened so quickly that it's not even a blink of an eye. Their time cloak lasts an incredibly tiny fraction of a fraction of a second. They hid an event for 40 trillionths of a second, according to a study appearing in Thursday's edition of the journal Nature. (more)

"Is that an ear mullet, or are you just happy to record her?"

Bogartski all you see with this Bluetooth Headset Camera! Lightweight and easy-to-use. The Bluetooth Headset Cam has the ability to record video or take still photos. Recorded images will always look sharp even if the user is in motion or using the camera in low light. 4GB internal storage and rechargeable Lithium battery. (more)

Why do I mention it?

So you will know what you're up against.

Joe Finder asks, "Who's Listening In?"

via Joe Finder - author who introduced the “private spy” — who finds out things powerful people want to keep hidden — in the New York Times bestselling novel VANISHED. 

Now, in BURIED SECRETS, Nick Heller returns, finding himself in the middle of a life-or-death situation that’s both high-profile and intensely personal.

"I found Kevin Murray’s website, Counterespionage.com, while doing research for VANISHED about surveillance techniques. Kevin’s spent more than 30 years helping corporations and individuals protect themselves from eavesdropping and information theft, and has even written a book on the subject: Is My Cell Phone Bugged? 

He’s answered a lot of questions for Nick Heller, and was kind enough to answer a few more for the newsletter." Read the interview with Kevin Murray.

'Cheaters' Spy Shop: TV Show Opens Online Store

via the Huffington Post... 
"Cheaters," a syndicated reality series that investigates cheating spouses and records the often-violent confrontations that ensue...now series creator Bobby Goldstein thinks he's found a better product for his corporate brand: A website that sells spy goods.

It's called Cheaters Spy Shop, and sells all sorts of surveillance gear for suspicious minds, including recovery sticks that can pull up anything currently on the iPhone and even recover deleted information; mobile software that will send a person all texts and pictures being sent, web history, call logs, and GPS location every 30 minutes; and even motion-activated hidden cameras that record any movement and activity in high resolution. "We also sell audio recorders that look like pens," Allen Watson, president of the Cheaters Spy Shop, told HuffPost Weird News... 

Meanwhile, Kevin D. Murray, who does eavesdropping audits and counterespionage consulting, says that the idea of doing your own investigation of a suspected cheat may sound appealing, but often causes more problems than it's worth.

"Private electronic eavesdropping and stalking is illegal on both a federal and state level," he told HuffPost Weird News. "Conducting electronic surveillance oneself can create far more problems than it solves. A person with a legitimate concern should hire a licensed private investigator to collect the facts. Do-it-yourselfers lack the experience and emotional detachment to conduct successful investigations."

Murray also thinks that, even if the Cheaters Spy Shop offers its share of disclaimers on the use of the product, they could still be risking legal problems.

"Any person who assists another with illegal electronic surveillance is equally guilty," said Murray, author of the e-book, Is My Cell Phone Bugged?. "For example, a guy might ask the guy at Radio Shack, 'How can I secretly record my wife?' and that guy might say, 'Just buy this voice-activated recorder and hide it under the dashboard of her car.'"

"When it hits the fan, guess who the lawyers come looking for? Big-pockets Radio Shack," he said. "There have also been similar cases where private investigators just dispense advice like this. They get prosecuted, and the spouse who actually did the bugging gets off due to 'matrimonial immunity.'"

Murray says modern electronic surveillance has been regulated by law since 1968, but due to benign neglect and more pressing crimes, enforcement is rare. However, he said that on a few occasions, when the marketplace has become a little too hot, there is enforcement.

"From what I see, the pot is about to boil over again. Look for laws about spyware on cell phones, and raids on 'spy shops' in 2012," he warned.

But while he thinks the Cheaters Spy Shop could be putting itself at risk, Murray doesn't seem that concerned. At the end of the interview, he hinted he may contact the shop about carrying his book.

"It's a yin-yang thing," he explained. (more)

Dilbert vs. The Recycling Bin

...which can lead to some crafty employee solutions to sensitive wastepaper security. 

This blue bin was discovered recently by Murray Associates information security consultants...

It's enough to straighten Dilbert's tie.

Spybusters Security Tip # 512: Never store confidential materials awaiting shredding in an unlocked container. If there is an on-going need to shred small amounts of materials daily, buy a deskside crosscut shredder... and be sure to use it.

Make "I'm taking back my privacy!" a News Years Resolution

Suppliers of the best-known anti-tracking tools — Ghostery, Adblock Plus and TrackerBlock — all reported big jumps in usage in the second half of 2011. Ghostery, for instance, is being downloaded by 140,000 new users each month, with total downloads doubling to 4.5 million in the past 12 months, says Scott Meyer, CEO of parent company Evidon. 

Meanwhile, the goal of newcomer Abine, supplier of Do Not Track Plus, is to make anti-tracking as common as anti-virus for personal computing devices, says CEO Bill Kerrigan, who formerly headed anti-virus giant McAfee's global consumer business.

Abine projects the number of Internet users in North America using anti-tracking tools and services will be 28.1 million by the end of 2012, up from 17.2 million today. "We want to drive the next level of adoption," Kerrigan says. "No one is suggesting don't use Facebook or Google. At the same time, we are suggesting there is a better way for consumers to experience those type of products without necessarily being tracked at every step they take in their digital life." (more)

Hacker Justifies Exposing Wireless Security Weakness. Wait... in 1903!

A century ago, one of the world’s first hackers used Morse code insults to disrupt a public demo of Marconi's wireless telegraph

LATE one June afternoon in 1903 a hush fell across an expectant audience in the Royal Institution's celebrated lecture theatre in London. Before the crowd, the physicist John Ambrose Fleming was adjusting arcane apparatus as he prepared to demonstrate an emerging technological wonder: a long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi. The aim was to showcase publicly for the first time that Morse code messages could be sent wirelessly over long distances. Around 300 miles away, Marconi was preparing to send a signal to London from a clifftop station in Poldhu, Cornwall, UK.

Yet before the demonstration could begin, the apparatus in the lecture theatre began to tap out a message. At first, it spelled out just one word repeated over and over. Then it changed into a facetious poem accusing Marconi of "diddling the public". Their demonstration had been hacked...

The stream of invective ceased moments before Marconi's signals from Poldhu arrived. The demo continued, but the damage was done: if somebody could intrude on the wireless frequency in such a way, it was clearly nowhere near as secure as Marconi claimed. And it was likely that they could eavesdrop on supposedly private messages too. 

Fleming, fired off a fuming letter to The Times of London. He dubbed the hack "scientific hooliganism", and "an outrage against the traditions of the Royal Institution". He asked the newspaper's readers to help him find the culprit. 

He didn't have to wait long. Four days later a gleeful letter confessing to the hack was printed by The Times. The writer justified his actions on the grounds of the security holes it revealed for the public good. Its author was Nevil Maskelyne, a mustachioed 39-year-old British music hall magician. (more)

VoIP Phone Eavesdropping Prevention Tips

via Mike Chapple, Network Security

Every organization considering a Voice over Internet Protocol (VoIP) telephone system deployment hears the same dire warnings: “Routing voice calls over a data network exposes calls to eavesdropping.” 

While it’s certainly true that any telephone call carries a certain degree of eavesdropping risk, is it true that VoIP calls have an inherently higher degree of risk? In this tip, we explore the ins and outs of VoIP eavesdropping.

VoIP eavesdropping is possible
First, it’s important to be clear about one thing: It is absolutely possible to eavesdrop on a VoIP telephone call. It’s also possible to eavesdrop on a telephone call placed using the traditional public switched telephone network (PSTN). The difference lies in the tools and skill set needed to conduct the eavesdropping. (more)

Is encryption alone, the answer?

Eavesdrop on the boss to aid promotion chances? Probably not a good idea, especially if your boss is the police commissioner.

 S. Korea - On Wednesday a Cyber investigation team at Daejeon Metropolitan Police Agency sought a warrant for the arrest of “Jeong,” a 47-year-old superintendent at the same agency, on suspicion of secretly installing a recording program on the agency commissioner’s computer and recording his conversations and telephone calls.

Jeong is suspected of entering the commissioner’s office, on the seventh floor of the DMPA headquarters building, in the evening of December 14, installing recording and remote control software on a computer connected to an outside network and setting it up to automatically create recorded files, then using the computer in his own office to connect to that of the commissioner and downloading 320 files recorded up to December 17. “It appears that Jeong, who was promoted to the position of superintendent in 2006, did this in order to learn of the newly-appointed commissioner’s tendencies and personal relationships when Jeong became a candidate for promotion to senior superintendent next year.”

Police stated that, on December 16, the commissioner found it strange that his computer ran slower. He gave an order to his secretary’s office to inspect it. The main body of the computer was replaced, but Jeong entered the commissioner’s office again on the same evening and installed the remote control and other software again. (more)

Security Quote of the Day - Smartphones, the Next Target

“We’ve gotten to that perfect crossing point where all of the things which have prevented criminals from leaping into the wireless space have been eroded,” —Gareth Maclachlan, COO of security firm AdaptiveMobile

The bottom line: It’s now easier than ever for spammers to make money off wireless devices. 

Why the concern?

 “If I can infect your device by getting you to download an app, or push you to a link that cracks your phone and infects your OS, I can get your phone to make extra calls to a premium rate number which I own, or send an premium SMS or short code I’m renting through a shell company, and start taking money out of your pocket,” he says.

Criminal groups release malicious apps that get devices to send out calls and texts to premium numbers without the user’s knowledge. The charges may go unnoticed or a customer may contest the fees and the operator has to eat the charge, leaving the spammers with a neat profit. (more)

Security Tips from the book: Is My Cell Phone Bugged?

• Don't jailbreak your smartphone.

• Password protect your smartphone.

• Don't click on links sent by email spammers.

• Never loan your phone.

• Don't load an app unless you appsolutely need it, and know it is safe.

VoIP Phone Tap Taps

Tapping a VoIP phone line isn't difficult... via Janitha

Here's a quick background on what's going on. In 10/100 twisted pair ethernet networks, only two of the four pairs of wires are actually used for data transmission. From a computer's perspective, the orange pair is for RX and the green pair is for TX. The passive splice tap works by connecting a sniffer's RX to either the RX or TX of the wire being sniffed. By having two RX interfaces on the sniffer, you can capture full duplex traffic on the wire.

Recipe
Before starting, you will need the ingredients for a passive splice tap. Two punch down type 8P8C (aka RJ45) IDC connector jacks, A punch-down tool, Two regular pass-though ethernet cables, a sharp knife, clear tape, and an alibi. You also need a laptop to log the data with two ethernet interfaces (two usb to ethernet adapters will do the job). Now for the instructions.

First take the cable you want to tap and cut the casing long ways a few inches to expose the 4 pairs of wires inside. Isolate the green and the orange pair of twisted wires.



Next, take one of the jacks and find the orange and orange-white connectors (will look like two blades with a gap between). Put the jack perpendicular to the orange pair of wires. Now punch down the orange wire in to the orange connector, and the orange-white wire in to the orange-white connector. Take the another jack and repeat the process, but this time punch the green wire in to the orange connector, and the green-white in to the orange-white connector.



At this point, the tap it physically done. Yes, It's that simple. Now connect each of the jacks to the ethernet interfaces on the laptop using the two regular ethernet cables. The sniffer laptop will be like 'wtf mate' and fail at auto negotiating a link since only the RX wires are hooked up. So bring the two interfaces up manually in promiscuous mode (if in *nix, use ifconfig with the promisc switch).

Finally fire up wireshark or your favorite packet sniffer. If you are using wireshark, select capturing on the 'Any' interface as we want to capture data on both ethernet adapters at the same time. If the sniffer app does not have an 'any' interface, simply start two instances and capture the two interfaces separately. Further more, you can bond the two interfaces so you can treat the full-duplex as a single interface if you have that much free time.

Or, you can make one of these.

Why do I mention it?

Because I too often hear, "Can they really tap a digital phone?"

A Merry Christmas, Valentine - Good Work

UK - A Norfolk animal rights campaigner is taking turkey producer Bernard Matthews to court claiming she was harassed and intimidated by the company.

Wendy Valentine of Hillside Animal Sanctuary, Frettenham, also claims her car was "bugged" by security firm Richmond Day and Wilson Limited (RDW), which was working for the firm.

Bernard Matthews has confirmed its use of RDW but "emphatically denies" Ms Valentine's allegations.

Hillside Animal Sanctuary investigators went undercover at one of Bernard Matthews' turkey farms in 2006 and filmed two poultry workers using a bat to play baseball with the birds. Two people were later prosecuted...The following year, staff were again videoed abusing turkeys at Bernard Matthews, by undercover workers from Hillside.

A spokesperson for Hillside said: "We felt we had no option but to resort to legal proceedings after Hillside's founder, Wendy Valentine, had her car bugged with an electronic tracking device earlier this year." (more)