"World domination. The same old dream. Our asylums are full of people who think they're Napoleon. Or God." - James Bond

NV - A Las Vegas tour company has launched a three-day, two-person Las Vegas bonding experience — as in James Bond.

The “Secret Agent 702” tour gives couples a chance to live the adventures of a spy, from soaring in helicopters to driving fast cars to zipping down wire cables.

The cost of being a secret agent: $6,800 for two people.

The package was developed by the Papillon Group, a Southern Nevada air tour operator that offers flights over the Strip, Hoover Dam and southwestern national parks. The tour company is partnering with Andre’s Restaurant and Lounge at the Monte Carlo, the Bank Nightclub at Bellagio, Dream Racing at the Las Vegas Motor Speedway, Flightlinez at Bootleg Canyon, the Light Group and Hotel32.

Secret Agent 702 “transforms mild-mannered Las Vegas visitors into sexy spies looking for the thrill of a lifetime,” company officials said in a release. (more)

The New York City Police Department now has "The most advanced and technological counter-terrorism bureau that anyone has ever seen."

NY - A new crime-tracking system designed jointly by the New York Police Department and Microsoft Corp. will pool existing data from cameras, 911 calls and other technologies to provide crime fighters with a comprehensive view of threats and criminal activity, as well as provide the city with a new revenue source.

The Domain Awareness System will be able to map suspects' movements and provide NYPD investigators and analysts with real-time crime alerts.

...the system will allow NYPD personnel to track a suspect's car, and find out where it's been located in the past days or weeks synthesizing archived video footage and license plate reader data. Other potential uses include mapping criminal history geospatially and chronologically to reveal patterns, and the ability to instantly see suspect arrest records, 911 calls associated with the suspect and related crimes occurring in the area. (more) (60 Minutes video) 
This afternoon the NYPD debuted their "all-seeing" Domain Awareness System, which syncs the city's 3,000 closed circuit camera feeds in Lower Manhattan, Midtown, and near bridges and tunnels with arrest records, 911 calls, license plate recognition technology, and even radiation detectors. Mayor Bloomberg dismissed concerns that this represented the most glaring example of Big Brother-style policing. "What you're seeing is what the private sector has used for a long time," Bloomberg said. "If you walk around with a cell phone, the cell phone company knows where you are…We're not your mom and pop's police department anymore."

NYPD Commissioner Ray Kelly stated that the system, which is currently operational out of the department's Lower Manhattan Security Commission HQ, was developed with a "state of the art privacy policy" and "working with the privacy community," but did not offer specifics. DAS does not have facial recognition technology at this time, but "it's something that's very close to being developed," the mayor said.  

The system was developed with Microsoft and paid for by the city for $30 to $40 million, and has already been in use for six months. The feeds compiled by the system are kept for thirty days, then erased.

The City will receive 30% on the profits Microsoft will make selling it to other cities, although Mayor Bloomberg declined to say if that money would go back into the NYPD. "Maybe we'll even make a few bucks." (more)

Lo-Jack Your Car, Kids, Pets... Anything!

from the manufacturer... 

"Simply give the PocketFinder GPS tracker to a person or attach it to your pet or vehicle and locate the devices from our website or on your smartphone with our iOS® and Android® apps.

PocketFinder features work even while you’re not thinking about them. Best of all, they’re simple to use! Geo-fence zones, speed limits, alerts, history and power features will maximize how much value you get from using the devices." (more)

FutureWatch: Telephones That Spot Scams

Nagoya University and Fujitsu first announced a research partnership in November 2009 aimed at developing automated technology to identify situations where one party might overtrust the other. 

In March of this year, the team announced the successful development of the world's first system capable of analyzing phone conversations and automatically highlighting suspect situations. The system looks for changes in a caller's voice pitch and level, together with keywords often used and repeated in phone scams.

Subsequent verification simulation testing undertaken in collaboration with the National Police Agency of Japan and the Bank of Nagoya found the technology to be over 90 percent accurate in detecting situations of overtrust. Now the research team is about to enter field trials of the system. (more) 

  

q.v. 16 Ways You Can be Phone Scammed

Eavesdropping History - Nixon Resigns

On Aug. 8, 1974, President Richard Nixon announced he would resign following damaging revelations in the Watergate scandal.

How to Prevent Corporate Espionage... in a nutshell

Corporate espionage is nothing new... 

The global economy has widened the playing field and raised the stakes for corporate competition and espionage, both defensive and offensive. American companies, big and small, lose billions of dollars a year through corporate espionage... Those who don’t actively pay attention to it and protect their businesses become easy targets for their competitors near and far. (more)

Instant Action Plan
1. Identify Your Information - paper, visual, oral and electronic
2. Guard Your Information - a comprehensive risk management plan
3. Test Your Information - test with simulated attacks on all four dimensions of information
4. Invest in Surveillance - CCTV, access control, and of course, electronic surveillance detection

A good information security consultant will help you with all of this.

Attention all Capitol Hill legislative researchers working on improving economic espionage laws...

The U.S. House of Representatives is considering new legislation concerning economic espionage. (more)

Attention all Capitol Hill legislative researchers...
Here is some background information and a fresh idea worthy of your consideration.

Any questions? Let's talk. ~Kevin

Illinois Eavesdropping Law Judged Unconstitutional

An Illinois judge ruled last week that the state’s eavesdropping law – one of the broadest restrictions on audio recording in the nation – is unconstitutional.

The decision granted a request for dismissal made by Annabel K. Melongo, a 39-year old woman who faced criminal charges under the Illinois Eavesdropping Act. The controversial law criminalizes the audio recording of any communication without the consent of all parties involved, regardless of whether the conversation was intended to be private. Melongo, who is representing herself in court, recorded three phone calls with a clerk at the Cook County Court Reporter’s office in Illinois without consent and posted them on her watchdog website in 2010, incurring six charges of eavesdropping.

The eavesdropping law in Illinois “appears to be vague, restrictive and makes innocent conduct subject to prosecution,” wrote Circuit Court Judge Steven J. Goebel of Chicago in his ruling that was filed on July 26. “[T]he fault of the Statute is that it does not require an accompanying culpable mental state or criminal purpose for a person to be convicted of a felony.” (more)

DIY - Android Cell Phone Spyware Kit Coming Soon

Android continues to prove irresistible to the hacker community, which seems intent on finding ever newer, more innovative ways to exploit security holes in the open source mobile platform.

Now a new threat to Android may be on the horizon: A pair of security researchers are planning to make public next month a modular, open source framework called AFE (Android Framework for Exploitation) that bad guys can use to build and tailor Android malware to suit their tastes...

With AFE, according to the duo's description, a hacker can quickly cobble together malware capable of at least 20 different feats, including retrieving a user's call logs, contact information, and the content of his or her mailbox; swiping SD card contents; sending text messages; viewing browsing habits; recording phone conversations; capturing images with the affected device's camera; running root exploits; accessing the device's GPS location; and remotely dialing any number from the hijacked device.

In addition, the duo have created templates to mask the malware as legitimate apps such as File Explorer, Tic Tac Toe, and a jokes app. Users of the framework can add their own.

"For a basic effort at writing malware, that's not even really trying hard, you can make $10,000 a month," Gupta told SC Magazine. (more)  

...and for the price of a book it can all be thwarted.

Snitch on a Spy Site and Get Booked

If you have insights about spy sites around the country, H. Keith Melton and Robert Wallace want to talk to you.

They are just about to publish their new book, Spy Sites of New York City, and are planning future editions.

Here's the pitch...

U.S. Spies Probably Won’t Blow Up Our Airplanes, TSA Concludes

For years, America’s spies had to take off their shoes before they got on planes, just like the rest of us. 

No more. 

The Transportation Security Administration has quietly enrolled government employees at three of the nation’s intelligence agencies in a program that allows them to pass through airport security with less hassle. (more)

CIA Launches New Museum Gallery

The Central Intelligence Agency launched an enhanced and redesigned online gallery to highlight the Agency’s museum and its holdings.

The enhanced museum virtual gallery provides new content and a fresh look at exhibits few members of the public get the chance to see because they are located at our headquarters compound.

 

The online exhibit shares how some technologies developed for CIA ultimately benefited the public. For example, battery-technology advances led to new and efficient means to power medical devices and consumer goods—like pacemakers and digital cameras—and technology developed to help analyze satellite imagery now aids radiologists in comparing digital x-ray images for the detection of breast cancer. (more)

Mobile users can see the new museum pages here.

Few CPR Their Firmware Against Printer Hack Attacks

Despite staged malware attack seven months ago, one in four HP laser jet printers still have default password settings.

Using freely available information and a budget of $2,000 (£1,280), professor Salvatore Stolfo and researcher Ang Cui from Columbia University's appropriately named Intrusion Detection System Laboratory used the printer's remote firmware update to install potentially crippling malware that could even be targeted to destroy the device itself. 

While HP did challenge what turned out to be aspects of the way the demonstration was reported, the company took the conclusions seriously, acting quickly and with "diligence" to issue more than 56 firmware updates.

However, seven months later... only 1–2% (of printers connected to the Internet) have been updated. Of those, one in four is still using default password settings for printer updates.

...other brands may be just as vulnerable...

The key flaw comes because printers now have capabilities that let them receive documents from the cloud – in effect, emails. 

...perhaps the "the safest bet is just not to be connected to the internet in the first place." (more)

The Strange Case of the Bugging Billboard

Australia - Police are investigating rumours that the offices of the Greater Shepparton City Council, in northern Victoria, have been bugged.

Police say they have six recordings in their possession and the council is urging anyone with information to come forward.

An electronic billboard facing Shepparton's busiest intersection is saying information about councillors is about to be publicly leaked. (more)

Can't wait to see how this turns out.

The USB Stick-it-to-ya - Bad Practical Joke or Brilliant Security?

Imagine this...
You come into the possession of a USB memory stick. You think it has valuable information on it. Not your information, but valuable nonetheless.

You're smart enough to know it might contain spyware so you plug it into an isolated computer where spyware can do no harm. Then... Fab-a-dab-a-ZAP! Fizzle. Smoke. WTF?!?!

Your USB port is fried.

You inspect the stick more closely and pop open the cover. Someone has soldered all four of the output pins together! Grrr, a 100% short circuit. 

Bad practical joke or brilliant security? You decide.

Did the owner safeguard the information (the solder can be removed quite easily) in case of accidental loss, or did the owner just set you up for a nasty surprise?

Removing the solder and analyzing the information on the stick might yield the answer.

Why do I mention this? 

1. It is another reason to avoid USB sticks from untrusted or unknown sources.

2. It's a true story.

~Kevin

The Top Two Things Business Spies Really Hate

The majority of information losses are caused by people, not electronic eavesdropping. Your employees are your weak links. They are tripped up by social engineering attacks, and their own poor security practices. They are also your first line of defense. You need them on your side to fix the problem.

Don't start by accusing them. 

What if your loss is a concerted business espionage attack? What if your office is bugged? What if your cell phone is infected with spyware? Think of the damage a false accusation would cause. Morale and law suits top a long list of possible collateral damage.

An electronic surveillance detection sweep (aka TSCM) is the best first step. Work with a specialist who can also identify your other information security loopholes. Eliminate the eavesdropping and espionage possibility first.

Once you have cleared your organization of bugs and wiretaps, and plugged the info-leak vulnerabilities, think ahead. Be proactive. Follow up with security awareness training.

Resources:

Security Awareness Training: Aujas, KnowBe4, WJM Enterprises, SANS™ Institute, and more.

Electronic Surveillance Detection and Business Counterespionage Consulting: Contact me for a referral to a competent specialist who suits your needs. ~Kevin

Cyber-Spy Malware Eavesdrops on Corporate, Government Targets Worldwide

More than 200 unique families of malware have been used to eavesdrop on corporate and government employees, including attacks on the Japanese government, according to the results of a study of cyber-espionage activities released on July 25.

Click to enlarge.

Unlike the massive botnets used by cyber-criminals to steal cash, such as the "Gameover" Zeus botnet, the espionage botnets typically consist of hundreds of compromised computers rather than tens or hundreds of thousands.

Most of the activity traces back to China, but some spying does not, including espionage carried out by a private security company that advertised “ethical” hacking courses, according to Joe Stewart, director of malware research at managed security provider Dell Secureworks, which carried out the investigation. In total, Stewart identified more than 1,100 domain names used in the attacks and registered by online spies. (more)

Cell Phones - The Remote Track Hack

A GPS weakness could allow hackers to remotely track smartphone users, or even completely take over mobile devices, University of Luxembourg researcher Ralf-Phillip Weinmann reported last night at Black Hat.

Instead of directly using GPS satellites, most mobile devices receive much faster assisted GPS (A-GPS) signals from cellular networks to determine approximate location. However, Weinmann discovered that these A-GPS messages are transmitted over a non-secure internet link, and could be switched for messages from an attacker. Weinmann demonstrated this vulnerability on several Android devices... (more)

Security Alert: Malware Via Email... From YOUR Printer!

In these high-tech times, scanners and photocopiers aren't just dumb machines sitting in the corner of the office.

They are usually connected to the corporate network, and - in some cases - can even email you at your desk to save you having to wear out your shoe leather.

And it's precisely this functionality that we have seen cybercriminals exploiting today, pretending that their malicious emails in fact come from an HP scanner inside your organization.

If you see a file like this one, beware...

hp_page-1-19_24.07.2012.exe

Clearly that's not a scanned-in image - it's executable code. ...be on your guard.

If you are one of the many people seeing this malware attack in your email today, please do not click on the attachment even if you are waiting for a scanned-in document to be sent to you. Instead, simply delete the email and your computer will be safe. (more)

SpyCam Story #662 - This Week In SpyCam News

SpyCam stories have become commonplace and the techniques used, repetitive. We continue to keep lose track of the subject for statistical purposes, but won't bore you with too many details. Links supplied.

General

OH - Cop without pants arrested for unspecified voyeurism. Cover up.

NY - Apple store spycam'er gets exposure. Life 'intimates' art. 

OH - Mr. Nicely indited on video voyeurism charges. No relation to Mr. Rogers.

OH - Couple visits for weekend. Man spycam's host. Wife and host snatch cell.

Canada - Landlord spycam'ing renters.

UK - "recording another person doing a private act for the purpose of sexual gratification"

Hotels

FL - Man cams Hooters International Swimsuit contestants changing in hotel. Busted.

CA - Hotel worker resigns after admitting hiding a spycam in a public bathroom. Walks.

Showers & Changing Rooms

AR - Old Navy changing room spycam'er nailed at Starbucks. Police checking phone.

SC - KOA campground showers target of man with cell phone cam.

IN - Another guy with a cell phone in a dressing room.

LA - Pencam in women's showers at gym. Judge approves class action suit.

UK - Man found guilty of voyeurism in a swimming pool changing room.

Bathrooms

WA - Fish hatchery manager/bathroom spycam'er sentenced. Employees smelled something...

ID - Teen caught spycaming restroom uses skateboard as weapon when confronted. Dude? 

FL - Another guy hiding a cell phone in the bathroom.

UK - Man admits to putting cell phone in cafe's women's bathroom air freshener.

The Tanning Guys...

AR - New charges in the tanning man bedroom spycam case.

FL - Sets up tanning booth in his barn. Charges $2. Now headed to prison.

Off their meds...

RI - X-Ray tech sees license lifted for taking exam room video of 16-year old girl.

OH - Ultrasound tech convicted of spycam'ing females at workplace. Three charges dismissed.

Canada - Female nursing home employee skates on phone voyeurism. Not covert enough.

AR - Medical center cell phone spycam'er pleads guilty.
NV - Hospital worker get 1-year for filming co-workers in bathroom.

"Trusted Agents"

MS - Traveling preacher accused of videotaping women without them knowing visits court.

LA - Youth group sleepover spycam'er with 40 counts sought reduced bail. Denied.

Wales - Former scoutmaster, school custodian convicted for locker room spying.

ID - Ex-teacher jailed - Spycam'ed high school girls showering during FFA convention.

OH - Attorney school theater accused of voyeurism challenges search warrant.

Upskirters

WA - 14-year old girl stings bathroom phone spycam'er with her phone. He's washed up.

ID - Bottom-shelf shopper arrested for "upskirt" shooting in multiple stores. Think neckbolts.

WA - Two guys upskirting in stores nabbed.

SC - Police seek drug store upskirter suspect. See him on the store's surveillance video.

OH - Man wanted for upskirtering ten in Ohio found in Puerto Rico.

Explanation: Modern Day Peeping Toms: How Technology Encourages Voyeurism

Oh, did I mention our voyeurism detection services are being requested more and more often? 

Due diligence makes sense to businesses like: hotels, gyms, swimming pools, country clubs, educational institutions, clothing retailers, and all businesses offering private areas to their employees and guests.

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

We can not guarantee you will never be on the wrong end of a voyeurism law suit. However, we are sure our services will pay for themselves many times over when damages are assessed. These days, if you're in business, you must proactively protect your employees and the visiting public's privacy. ~Kevin

Outdated Law Clouds Wi-Fi Eavesdropping Privacy Rights

If you don’t protect your Wi-Fi connection with a password, does that mean it’s legal to tap your Internet and monitor what you’re doing?

The key part of the federal anti-wiretap law was written in the 1980s, long before anyone contemplated using Wi-Fi networks, so the answer isn’t clear. In fact, legal experts say, it’s possible that how well you’re protected by the law would depend on what channel your Wi-Fi router is set to. (more) (spybusters link)

Apps: Know Your Rights & Protect Your Rights

Reporters Committee FirstAid app

The Reporters Committee FirstAid app was designed to help journalists who need quick answers to legal issues that arise while covering the news. It is meant as a quick solution during an urgent situation, such as when a judge or other official is keeping you from a hearing or a meeting, or a police officer is threatening you with arrest.

FirstAid also provides quick access to their hotline for any media law issues, either by phone or email. 

Click to enlarge.

The Reporters Committee and this app are available for journalists of all varieties, whether you work for a national news organization or a neighborhood news blog. They never charge for our assistance. (more)

Android app allows citizens to record and store video and audio of police encounters, includes guide to citizens’ rights  

Citizens can hold police accountable in the palms of their hands with “Police Tape,” a smartphone application from the ACLU of New Jersey that allows people to securely and discreetly record and store interactions with police, as well as provide legal information about citizens’ rights when interacting with the police.




The Android “Police Tape” app records video and audio discreetly, disappearing from the screen once the recording begins to prevent any attempt by police to squelch the recording. In addition to keeping a copy on the phone itself, the user can choose to send it to the ACLU-NJ for backup storage and analysis of possible civil liberties violations.

A version awaiting approval from Apple will be available later this summer in the App Store for iOs to audio record encounters with police. (more)

eBlaster Shatters Crystal - $20,000 Loss

The ex-wife of a wealthy businessman must pay him $20,000 for installing spyware on his computers and using it to illegally intercept his emails to try to gain an upper hand in their divorce settlement, a federal judge in Tennessee ruled.

U.S. Magistrate Judge William Carter ordered Crystal Goan to pay ex-husband James Roy Klumb $20,000 for violating federal and state wiretap laws when she used Spectorsoft's eBlaster spyware to intercept Klumb's email. (more)

Happy Birthday CIA

On July 26, 1947, President Truman signed the National Security Act, creating the Department of Defense, the National Security Council, the Central Intelligence Agency and the Joint Chiefs of Staff. (more)

$50 Hacking Device Opens Millions of Hotel Room Locks

If you're staying at hotel, it might be a good idea to check the manufacturer of your door lock. A black hat hacker has unveiled a method that allows a fairly simple hardware gadget to unlock door locks manufactured by Onity.

Mozilla software developer Cody Brocious recently discovered two vulnerabilities within Onity's locks. Brocious was able to exploit said vulnerabilities with a device that cost him $50 to build. The schematics for the device are open source and available on the Web. Brocious will present his findings at the Black Hat Security Conference in Las Vegas on Tuesday night.

Onity tells PCWorld that it is aware of Brocious' work, but has declined to comment until it reviews additional information on the hack itself. (more)
 

Chilling thought...

Framing hotel staff for murder
"Given the ability to read the complete memory of the lock, it is possible to gain access to the master key card codes. With these -- in combination with the sitecode for encryption -- it is possible to create master cards which will gain access to locks at the property.

Let's look at a hypothetical situation:
• An attacker uses the before-mentioned vulnerabilities to read the memory of the lock
• Attacker uses the site-code and master key card codes to generate one or more master cards
• Attacker uses a master card to enter a room
• Attacker murders the victim in the room
• Attacker escapes

During the course of investigation, it's quite possible that the criminal investigators may look at the audit report for the lock, to see who entered the door at what time. Upon doing so, they will see a specific member of the staff (as the key cards are uniquely identified in the ident field) using a master key card to gain access to the room near the time of death.

Such circumstantial evidence, placing a staff member in the room at the time of death, could be damning in a murder trial, and at least would make that staff member a prime suspect. While other factors (e.g. closed circuit cameras, eyewitnesses, etc) could be used to support the staff member's case, there's no way we can know whether or not the audit report is false."

On the other hand... Brocious's work has just given hotel workers a "Get out of jail" card.

Info-leaks Topple CEO

The chief executive and chief operating officer of Nomura Holdings are stepping down to take responsibility for their company’s involvement in a series of leaks of inside information. 

Chief Executive Kenichi Watanabe

Chief Executive Kenichi Watanabe and Chief Operating Officer Takumi Shibata are planning to resign following admissions that Nomura salespeople allegedly gave information on share offerings to customers before it was public, a person familiar with their thinking said. (more)

FutureWatch - The End of Privacy, Contraband & Cancer?!?!

via gizmodo.com...
Hidden Government Scanners Will Instantly Know Everything About You From 164 Feet Away

Within the next year or two, the U.S. Department of Homeland Security will instantly know everything about your body, clothes, and luggage with a new laser-based molecular scanner fired from 164 feet (50 meters) away. From traces of drugs or gun powder on your clothes to what you had for breakfast to the adrenaline level in your body—agents will be able to get any information they want without even touching you.

And without you knowing it. The technology is so incredibly effective that...

...But the machine can sniff out a lot more than just explosives, chemicals and bioweapons. The company that invented it, Genia Photonics, says that its laser scanner technology is able to "penetrate clothing and many other organic materials and offers spectroscopic information, especially for materials that impact safety such as explosives and pharmacological substances."

...Genia Photonics has 30 patents on this technology, claiming incredible biomedical and industrial applications—from identifying individual cancer cells in a real-time scan of a patient, to detecting trace amounts of harmful chemicals in sensitive manufacturing processes. (more)

See What 6 Months of Your Phone Data Reveals

Green party politician Malte Spitz sued to have German telecoms giant Deutsche Telekom hand over six months of his phone data that he then made available to ZEIT ONLINE. We combined this geolocation data with information relating to his life as a politician, such as Twitter feeds, blog entries and websites, all of which is all freely available on the internet.

Click to enlarge.

By pushing the play button, you will set off on a trip through Malte Spitz's life. The speed controller allows you to adjust how fast you travel, the pause button will let you stop at interesting points. In addition, a calendar at the bottom shows when he was in a particular location and can be used to jump to a specific time period. Each column corresponds to one day. (more)

The Incredible Tale of the Spying Broken Heart Surgeon

A Connecticut heart surgeon has been ordered by a civil jury to pay $2 million to his ex-girlfriend after admitting to planting cameras in her home.

"And this year's award goes to..."

Dr. William V. Martinez, a divorced father of nine, admitted to planting surveillance cameras in the home of D'Anna Welsh, a physician's assistant at Hartford Hospital. He also said he planted a tracking device in her car.

The Hartford Courant reported Welsh and Martinez dated from sometime in 2001 to February 2007, when Martinez broke up with Welsh.

Later that year, a plumber discovered "suspicious" equipment embedded in a crawl space beneath the floor of Welsh's home. She first called the police. Then she called Martinez, who admitted to planting the equipment in her home.

"Martinez further admitted to [her] that he had been viewing video of her bedroom and that he had also been eavesdropping from his car via audio devices he installed in her home," says the civil complaint.

At the time Welsh did not press charges. However a year later, Martinez mentioned details of Welsh's life to her that he had no way of knowing about, leading her to believe he was still spying on her, the newspaper said.

Martinez was charged in criminal court with eavesdropping and voyeurism in 2008, and agreed to two years of accelerated rehabilitation.

Welsh, still uneasy, hired a security firm to sweep her home in January 2010, the newspaper said. She filed a civil suit against Martinez in July 2010 after the firm discovered a camera hidden inside her TV. (more)

New Mobile Malware Threat Revealed at Black Hat

Mobile malware is viewed as a growing threat, particularly on the Android platform. To protect Android users and prevent malicious applications from being uploaded to Google Play, Google created an automated malware scanning service called Bouncer.

At Black Hat, Nicholas Percoco and Sean Schulte, security researchers from Trustwave, will reveal a technique that allowed them to evade Bouncer's detection and keep a malicious app on Google Play for several weeks.

The initial app uploaded to Google Play was benign, but subsequent updates added malicious functionality to it, Percoco said. The end result was an app capable of stealing photos and contacts, forcing phones to visit Web sites and even launch denial-of-service attacks.

Percoco would not discuss the technique in detail ahead of the Black Hat presentation, but noted that it doesn't require any user interaction. The malicious app is no longer available for download on Google Play and no users were affected during the tests, Percoco said. (more) (more)

Hey kids, we bought and fixed Skype just for you!

Skype has denied reports that recent changes to its architecture would make calls and messages easier to monitor by law enforcement.

Skype, a worldwide Internet-based voice and video calling service Microsoft acquired last year for $8.5 billion, said Tuesday the changes to its peer-to-peer infrastructure were done to improve the quality of service.

What it did was move "supernodes" into datacenters, Skype said. Supernodes act as directories that find the right recipient for calls. In the past, a user's computer that was capable of acting as a directory was upgraded from a node to a supernode. A node is the generic term for computers on a network. (more)

Attention Getting Security Awareness Information & Posters

Creative security awareness content is difficult to come by, but there is a ton of it at NoticeBored.

NoticeBored is a subscription service. Every month they supply a new module; a fresh batch of awareness materials for businesses staff, managers and IT professionals. Each module covers a different information security topic. 

TSCM inspections with their vulnerability assessments are a core element of the information security strategy, but employee education is equally important. 

Creating your own educational materials is a chore. Fortunately, there is no need to reinvent the wheel. (more)

Egypt Ex-Spy Chief Died of Rare Disease

Egypt's former intelligence chief Omar Suleiman died from a rare disease affecting the heart and kidneys, according to the U.S. clinic where he was undergoing medical tests at the time.

Suleiman, who died at age 76, was fallen Egyptian president Hosni Mubarak's last deputy and one of his most trusted advisers. He stepped briefly into the limelight when he was made vice president days before Mubarak was ousted in a popular uprising last year. 

"General Omar Suleiman ... passed away due to complications from amyloidosis, a disease that affects multiple organs including the heart and kidneys," the Cleveland Clinic said in a statement. (more)

Bugging History - May 13, 1966

Photo Tag: The extent of the business in snooping devices is indicated by the growth in contrivances to detect wiretaps and "bugs". Some merely warn the intended victim, while others jam or scramble the snooping. This telephone de-bugging meter discovers any transmitter (bug) in the phone or in the lines leading to it. De-bugging devices are bought mostly by business executives who suspect espionage by competitors. (AP Photo/Robert Kradin) (more)

It was never unusual for news reporters to get the facts wrong when reporting on business espionage, bugging or general electronic snooping. It still isn't unusual. The photo actually shows how a carbon microphone from the common phone of the day could easily be replaced by one which also transmitted the voice via radio. 

Due to the simple installation, it was generally referred to as a "drop-in bug". To the untrained eye, both looked legitimate, but your ear could tell! The internal carbon granules inside the microphone sounded like sand when shaken. In order to build the bug inside the housing, the carbon had to be emptied out to allow space for the electronics and micro-mic. Those bugged mics were silent when shaken.

Another photo from the same era, shows two ways to tap a phone: the drop-in bug, and the big suction cup induction coil near the earpiece. Both seem crude by today's standards.

Most modern handsets are sealed units. Dropping anything in them is problematic. There are still a few, however, that are screwed together. 

Here are two examples of what you shouldn't see if you open one of these...

Inspecting today's telephones require more than a trained eye, because there may not be anything to see. 

Conversations from VoIP phones travel as computer bits which may be collected far from the phone instrument. In fact, some VoIP phones transmit room audio even when they are supposedly hung up.

Other business telephone systems have many eavesdropper-friendly features built right into them, no extra hardware needed. Just program the features correctly and listen-in.

Think your phone system is bugged or tapped? Give me a call. ~Kevin

Michael Murdock's Atomic Powered Surveillance Bot

Click to enlarge

Created by Michael Murdock of Sabor Design Studios. Visit him at, Sabor Designs. (more)