Maltego - For the PI and Security Director of the Future

via techhive.com...
What Maltego does is quickly and succinctly draws on public data sources to put together a graphical digital footprint...

Click to enlarge.

Maltego is highly efficient at quickly assembling digital crumbs and linking those pieces together, which would be tedious work otherwise. 

Roelof Temmingh (co-creator) used Maltego to search Twitter with coordinates for the vicinity of the NSA's parking lot...

Temmingh pulled up a web of scattered tweets in Maltego. He picked out one person...

Then Maltego combed social networking sites, checking sources such as Facebook, MySpace, and LinkedIn. An identical photo linked the person's Facebook and MySpace page. From there, Maltego spotted more information. After a day of searching, Maltego discovered the person's email address, date of birth, travel history, employment, and education history.

"This is about a day's worth of digging around," Temmingh said. "It's not weeks and weeks."

Other interesting information can come from EXIF (exchangeable image file) data, which is information often embedded in a photograph... (more)

An investigative tool, and vulnerability assessment tool. For cutting-edge PIs, a  competitive advantage. For the average security director, a mini FBICIANSA. ~Kevin

FBI Issues Warning Regarding Android Malware

The FBI's Internet Crime Complaint Center has issued a warning alerting users about malware that targets the Android mobile operating system. 

The intelligence note from the IC3 was issued last week, and highlighted on Monday by Apple 2.0. It noted there are various forms of malware out in the wild that attack Android devices.

Two forms of malware cited byt he IC3 are Loozfon, which steals information from users, and FinFisher, which can give nefarious hackers control over a user's device. 

Loozfon can lure in victims by promising users a work-at-home opportunity in exchange for sending out an e-mail. Visiting a link in the e-mail will push Loozfon to the user's device, allowing the malware to steal contact details from the device's address book.

The FinFisher spyware highlighted by the IC3 allows for a mobile device to be remotely controlled and monitored from anywhere. FinFisher is installed by simply visiting a Web link or opening a text message that disguises itself as a system update. (more)

New Burglar Alarm... not for you, for the burglar.

Criminals no longer need to stake out a home or a business to monitor the inhabitants' comings and goings. Now they can simply pick up wireless signals broadcast by the building's utility meters.

In the US, analogue meters that measure water, gas and electricity consumption are being replaced by automated meter reading (AMR) technology. Nearly a third of the country's meters - more than 40 million - have already been changed. The new time-saving devices broadcast readings by radio every 30 seconds for utility company employees to read as they walk or drive around with a receiver. But they are not the only ones who can tune in, says Ishtiaq Rouf at the University of South Carolina in Columbia, and his colleagues.

The team picked up transmissions from AMR meters - operated by companies that they did not name in their paper - and reverse-engineered the broadcasts to monitor the readings. To do this they needed about $1000 worth of open-source radio equipment and information available through online tutorials. (more)

Bad guy logic leap: When you are not home, you are not using much electricity.

Bike Race Dopes - Another DIY TSCM Failure

via a Blue Blaze Irregular...
On page 218 of the new book, "The Secret Race: Inside the Hidden World of the Tour de France: Doping, Cover-ups, and Winning at All Costs" by Tyler Hamilton and Daniel Coyle, is a description of the TSCM techniques allegedly used by the U.S. Postal Service cycling team against covert audio and video surveillance:
"According to Landis, Postal performed two transfusions to the entire team during the 2004 Tour de France. The first was after the first rest day in a hotel in Limoges. Riders were taken in small groups to a room and told not to speak. For safety, team staffers were stationed at each end of the hallway. To guard against the possibility of hidden cameras, the air conditioner, light switches, smoke detector, and even the toilet were covered with dark plastic and taped off." 

Fun Facts: 
• Many types of "dark plastic" – garbage bags, for example – do not block near-IR light. 
• Many cameras are sensitive to near-IR light.
• Putting dark plastic over camera hiding spots is no guarantee you blinded the camera.
• (more about seeing through black plastic)
~Kevin 

$89.99 Wi-Fi Bug You Control With Your iPhone... from anywhere!

"WeMo Baby conveniently turns your iPad, iPhone, or iPod touch into a baby monitor so you don't have to carry an extra device to keep in touch with your baby. 

It works with your existing Wi-Fi router to wirelessly stream audio from your baby's room to your mobile device." (more)

Why is this scary?
• It will be repackaged into a covert listening device.
• Unlike previous baby-mon mods, this one is digital.
• Its signal hides among legitimate Wi-Fi signals.
• Listen in from anywhere via the Internet.
• Digitally clear audio.
• Pair with a voice activated recorder for "TiVO" spying.
• It can send text messages when it hears audio.

P.S. Although this product hasn't launched yet, Murray Associates has a detection solution ready. ~Kevin

Common Problem - Technology Outpaces Spies

Australia's domestic spy agency has revealed there have been intelligence failures in recent years because of changing technology. 

Speaking exclusively to Radio National's Background Briefing program, Australian Security Intelligence Organisation (ASIO) director-general David Irvine says new ways of communicating electronically are white-anting* his agency's surveillance powers.

"We have had not near misses, we have had misses," he said.

"In recent years there have been instances where devices have been used or devices have been used that we didn't know about, and we have missed information. (more) (Audio: Law expert George Williams talks to PM (PM) )

* - An Australian term for the process of internal erosion of a foundation.

Today in Eavesdropping History

On Oct. 20, 1973, in the so-called Saturday Night Massacre, President Nixon abolished the office of special Watergate prosecutor Archibald Cox, accepted the resignation of Attorney General Elliot L. Richardson and fired Deputy Attorney General William B. Ruckelshaus. (more)

Chinese Communications Equipment Maker ZTE Cuts Connection with Surveillance Equipment Maker ZTEsec

Chinese telecoms kit maker ZTE has sold its majority stake in ZTE Special Equipment (ZTEsec) – a company that sells surveillance systems.

The under-fire Shenzhen-based firm said in a little-publicized filing with the Hong Kong Stock Exchange at the end of September that it would “dispose of its 68 per cent equity interests” in ZTEsec. (more)

Apparently not in time to impress Congress. (pdf of report)

Silent Circle Has Launched - An Affordable Secure Communications Package

Their opening salvo...
"We want to fight for your right to privacy. We are pushing back against the tide of surveillance. We don’t like oppressive regimes, indiscriminate wiretapping, big brother, data criminals, intellectual property theft, identity thieves or governments that persecute their citizens for saying or writing their opinions." — Silent Circle

Services:
• Silent Phone
• Silent Text (with a self-destructing feature)
• Silent Eyes (video call encryption)
• Silent Mail (coming soon)
All sold together as Silent Suite for $20.00 per month.


Coming Soon...
"Worldwide Secure Communications with the Secure Business Package brings together the entire Silent Circle suite of products. Not only is this an Encrypted Secure Calling Plan – it's also extremely cost effective compared to today's un-secure VoIP calling plans. The average large domestic carrier basic cell phone plan is about $40 a month with low minutes, low data and un-secure calls. With our Secure Business Package you can have peace of mind that you are communicating securely without worrying about your minutes. In today's market, unlimited calling and data plans with the major cell carriers cost over $120 a month – with our Secure Business Package at $49 per month, on top of a basic carrier plan of around $40 per month, is still much cheaper than today's unlimited carrier plans – and it's SECURE."

ENTERPRISE SOLUTIONS
"In today’s highly-connected International business realm, even small to moderate sized businesses have international employees, offices and partners. Silent Circle was developed and designed to help stop the theft of personal and corporate Intellectual Property, to defeat a critical piece of the Bring Your Own Device (BYOD) issue and to provide a true commercial Software-as-a-Service model for secure communications."

FutureWatch: Like the telephone itself, having one is useless, having two useful. Having millions of subscribers makes it an imperative.

If and when this product scales up, will there be any reason to communicate insecurely? Will the word wiretap join the lexicon graveyard along with galoshes, spitoon and fedora? The answer may depend upon two live-wire words... government regulation. 

For now, anyway, this is great progress. ~Kevin

Future Room Lighting to Double as Light "Wi-Fi"... or eavesdropping device.

VLC transmits data wirelessly using visible light as its medium instead of radio waves... Harold Haas, professor of Mobile Communications at the University of Edinburgh, successfully demonstrated the VLC technology at a TED conference. He streamed a HD video to a screen using a LED light bulb as transmitter.

Haas co-founded PureVLC, a corporate spin-off of the university’s research project, to turn the technology into commercially viable devices. The company is now beta-testing its first product: the Smart Lighting Development Kit (SLDK)...
 
Because the light changes superfast it is invisible to the human eye and can still function as normal lighting.

A standard Ethernet port connects the ceiling unit to a data network. The unit encodes the data onto the current feeding the LEDs. The desktop unit receives the data, decodes it and transfers it to a laptop or desktop computer. It can also send data to the ceiling unit. (more)

Privacy Tip: Turn OFF Advertiser Tracking in iPhone iOS6

In iOS6, tracking for advertisers has been turned ON by default.

The new "features" are called:

• identifierForAdvertising (IDFA) which is a cross-app/publisher identifier
• identifierForVendor (IDFV) which is a publisher-specific identifier

You can read more about it here, but this is what you want to know if you don't want to be tracked...

In Settings, navigate to General / About / Advertising, then... flip the switch to ON. 

This is not listed under Privacy. It is tucked away in an unlikely corner. It is ON by default. And, to turn it OFF, you have to turn it ON. Weird, huh? Smell a rat? ~Kevin

Experimental App Sends 3D Photos of Your Office to Spies, Your Home to Burglars*

via MIT Technology Review...
...smartphones are increasingly targeted by malware designed to exploit this newfound power. Examples include software that listens for spoken credit card numbers (Soundminer malware) or uses the on-board accelerometers to monitor credit card details entered as keystrokes (steal keystrokes).

Today Robert Templeman at the Naval Surface Warfare Center in Crane, Indiana, and a few pals at Indiana University reveal an entirely new class of 'visual malware' capable of recording and reconstructing a user's environment in 3D. This then allows the theft of virtual objects such as financial information, data on computer screens and identity-related information. (It even turns of the shutter noise when taking photos.)

Templeman and co call their visual malware PlaceRaider and have created it as an app capable of running in the background of any smartphone using the Android 2.3 operating system. (more)

* Just two scary imagined use for this app.
Want to know more?
We've got their paper right here. 

Losing Face if Book is Thrown at Them

...via seekingalpha.com...
The case was highlighted in an article by Bloomberg titled "Facebook Seeks Dismissal of $15 Billion Privacy Suit". Here is an excerpt of the action:

NATURE OF THE ACTION
1.This class action lawsuit, seeking in excess of $15 billion in damages and injunctive relief brought by, and on behalf of, similarly situated individuals domiciled in the United States who had active Facebook, Inc. accounts from May 27, 2010 through September 26, 2011...

We added the bold type above to highlight who can be part of the "class". We recommend a thorough read of the case to all interested parties to see who may qualify to participate as part of the "class". In our opinion, the legal question posed by this case is potentially more harmful than the other shareholder suits outlined by the Wall Street Journal's article: "Facebook's Next Fight: Suits, and More Suits".

The privacy "wiretapping" lawsuit accuses Facebook of secretly tracking users' Internet activity after they log out of their Facebook accounts. This is done using "cookies" which are activated when a user logs into a Facebook account. These cookies can also be used by hackers in intercepting a user's data which is yet another privacy concern. Facebook has filed a motion to dimiss the suit for lack of establishing a Facebook user's harm. We believe that the value of one's privacy is "priceless". The suit accuses Facebook of violating federal wiretap laws with statutory damages per user of $100 per day per violation, up to $10,000 per user. With over a billion users, let's assume that the court decides that $10,000 is too much to award to each user and asserts the $100 floor per user, this would equate to $100 billion in damages and would wipe out more than all the equity in FB.

While this may seem highly speculative at first blush, according to the Wiretap Act, it's a crime for anyone that is not a party to a communication to be eavesdropping. If a crime in this case is established, Facebook could be ordered to shut down much like Kim Dotcom's Megaupload shutdown which was based on violation of US Copyright laws. In addition, the "wiretapping" lawsuit also charges that Facebook is violating the Stored Communications Act and the Computer Fraud and Abuse Act. Any way you look at this battle, it seems like a high stakes issue for Facebook which is not seriously being weighed by investors.... yet. (more)

He Can Open Your Hotel Room Lock with a Magic Marking Pen

...of course, its no ordinary marker...
Matthew Jakubowski, a security researcher, posted a video on YouTube which shows how anyone can build a pocket-sized device to open the lock on an estimated 4 million hotel rooms.

The magic marking pen exploits an Onity lock vulnerability, used on millions of hotel room doors. (more)

 
As you can see, card-key door locks can be hacked. But did you know, one can open the internal door privacy latch using nothing more than the plastic 'do not disturb' sign hanging on the outside door handle?!?! (Yes, they can come in while you are in the shower.) 

Hotel safes are equally insecure, a paper clip can open some of them, others have commonly known default passcodes. Most also have an Ethernet port which can be hacked, and/or a hidden keyway, which can be picked. All these security loopholes are in addition to the legitimate hotel staff's master keys for opening both doors and safes. 

In short, your hotel room is easy pickings when it comes to a concerted espionage attack. 

One of our many travel recommendations for our clients is:
• Don't trust hotel security. 
• Keep your confidential information with you at all times. 

Want to know more? 
Become park of our client family.
~Kevin

Growing Prevalence of Industrial Espionage Threaten Automakers

According to Automotive News, industrial espionage in the United States has been steadily rising in multiple sectors. In fact, the U.S. Immigration and Customs Enforcement Homeland Security Investigations (ICE HSI) have opened 1,212 intellectual property rights cases for the 2011 fiscal year. Compared to 2009, cases have increased by nearly 66 percent. 

Given the high-octane environment that is the auto industry, cloak and dagger activities are especially prevalent. In particular, auto giants including GM, Ford and Toyota have endured stolen intellectual property more than most...

Addressing a need to prevent acts of espionage to continue, the Office of the National Counterintelligence Executive declared that countermeasures must be put in place due to the exponentially growing proliferation of smartphones and various mobile devices. (more)

All Quiet in the Chinese Front: We Await the Jury

• The House Intelligence Committee will release a report Monday, following its probe into espionage charges against the two telecommunications-gear makers. 

• Also, "60 Minutes" will air its investigation into the company on Sunday.

The House Intelligence Committee investigating national security threats posed by two Chinese telecommunications-gear makers is set to release a report Monday that seems likely to ratchet up pressure.

The committee held a three-hour hearing last month, during which lawmakers repeatedly criticized Huawei and ZTE for being vague in answering questions about whether their networking equipment could be used to snoop on American companies and individuals. At the end of the hearing, committee Chairman Mike Rogers (R-Mich.) expressed some consternation that the companies hadn't been more forthcoming in addressing his concerns. (more)

Sneak Peak... (excellent clip from Chairman Mike Rogers (R-Mich.)

All Quiet in the Russian Front: Stop Light Company Stopped

TX - If their website is any indication, Arc Electronics was apparently into a lot of things besides spying.

Sure, espionage is exciting and interesting and all, but bills have got to be paid. Those traffic lights aren't going to construct themselves -- though Arc sure as hell weren't selling anything to the city...

Federal court hearings regarding Arc's alleged spying begin today before U.S. District Judge George Hanks.

The charges involve illegally sending microelectronics to the Russian government, Russian military, and intelligence agencies. But while all that was allegedly going down, Alexander Fishenko, the company's owner, had a rather elaborate faux operation humming at a nondescript strip mall in southwest Houston.

Alex James, a receptionist at neighboring Modern Performance, said he never saw anyone coming in and out of their mutual alley and had no idea what was happening inside Arc Electronic. (more)

Facebook Logic - What harm can a little spying do?

A federal court in May 2012 hit Facebook with a $15 billion lawsuit after it was found that the social network was tracking customers after they logged out of its system. The court filing claims that Facebook is violating federal wiretap laws.

The Menlo Park company is now asking that the case be dismissed because the defendants behind the case have failed to specify how they were harmed by the error in Facebook’s judgement. (more)

Spy Gear & Divorce

Techniques once accessible only to governments or corporations are now trickling down to daily use. It's part of a broader transformation of modern privacy in which even the most personal spheres of people's lives—home, friendships, intimacy—can be exposed for examination without knowledge or consent. Lawyers say the technology is turning divorces into an arms race... 

World's smallest voice recorder. Holds 300 hrs. of voice. How it's made.

Amateur spies have widening options. LandAirSea sells a GPS Tracking Key—a matchbox-size, magnetized gizmo that can stick to cars—for $179 online... Software can be purchased for many smartphones that can track their location. Computer software that copies instant messages and emails can cost less than $100 and be installed without any special know-how. An array of tiny recorders makes eavesdropping easy.

Regulators have a tough time policing the sale of these kinds of devices, since they have legitimate uses by employers or parents... (more)

Workplace SpyCams: The Accounting Firm

WI - The reported vice president of a Wisconsin accounting firm was charged with four felonies for allegedly using a camera pen to spy on women in the office restroom. 

Click to enlarge.

Last month, a woman working in an office building in the Milwaukee suburb of Glendale went to the bathroom and noticed a pen slide under the door, according to the criminal complaint and reported by the Menomonee Falls Patch. Suspecting that the pen was a camera, the woman looked online and spotted a camera pen for sale that looked similar. She then contacted the Glendale police.

A week later, another woman allegedly saw the same pen slide under the bathroom door. She likewise reported the incident to police, and the officers checked hidden cameras that they had set up outside the bathroom. According to the complaint, the cameras showed James Pirc, 46, sliding something under the door. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."    

SpyCam Story #663 - This Month In SpyCam News

SpyCam stories have become commonplace and the techniques used, repetitive. We continue to keep lose track of the subject for statistical purposes, but won't bore you with too many details. Links supplied.

School Daze...

NJ - Locker room spycam defense?!?! - it never endangered the welfare of any child. 

VA - Registrar's Office spycam defense - hormone imbalance.

OH - School teacher charged - spycam'ing two female teachers in teachers-only bathroom.

WA - High School sleepover spycam'er pleads guilty.

CA - U of T - iPhone spotted in bathroom stall - man charged with voyeurism and mischief.

Charges Laid...

CT - Busted - bedroom spycam'er filmed four female partners.

CA - Dusted - House guest finds video camera recording in a powder room.

LA -  Trusted - Bedroom cam & bathroom cam transmitted wireless to recorder.

MT - Adjusted - Former jailer who spycam'ed a pool changing room charged with burglary.

UK - Lusted - Ex-council member charged - leisure centres, holiday camp and dance studio. 

Men at Work...
UK - Employee used a camera disguised as a pen to film female staff in the toilets.

WA - Playhouse dressing room spycam - closing argument - not for sexual gratification.

GA - Judge finds 'peeping preacher' guilty on 13 counts of video voyeurism.

FL - Mirror ripped from the fitting room wall reveals two hidden cameras, one still recording. 

ID - Man charged - iPhone, recording, hidden in a tissue box in the employee restroom. 

CA - Owner placed camera in his hardware store staff washroom.

CT - Subway employee placed under sink camera in unisex bathroom. 

LA - Gynecologist charged - secretly photographedthe genitals of his patients... 186 times

Only You Can Pervert...

FL - Park employee kept eye on bathroom with iPhone - victim chases, snags plate, nailed.

WA - Park employee arrested, accused of recording a teenage girl in a park restroom. 

Darwin Awards to...

CT - Man admits to 4 photos of woman in next shower... 2 turned out to be of his own hand.

UK - Man uses USB stick camera to film woman - proof - shot himself while setting it up.

IN - Man hides iPod in girlfriend's bathroom - proof - shot himself while hiding it.

UT - Wife finds upskirt pix on husband's cell - calls cops - proof - shot himself while filming.

OH - Spycam'er uses clock radio, camera hidden within - poof - shot himself... with a gun!

The Tanning Guys...

AR - 16-year-old boy was arrested - cam'ed a woman after she got out of a tanning bed. 

AR - Man charged - cam'ing girls using his tanning bed, then tampering with the evidence.

AR - Tanning salon manager booked on suspicion of voyeurism.

(Arkansas and tanning salon pervs. Weird.)

IN - Fox in henhouse - Stephan Fox pleaded guilty to taping women in tanning salon.

Canada Recruits Spies - via YouTube

The Canadian Security Intelligence Service has released a series of recruitment videos onto YouTube, videos that feature testimonials from real-life spies. 

The clips were posted last week, but released without any publicity...

In the clips, each of which lasts a minute or two, CSIS intelligence officers are shown striding purposefully to urgent (but fictional) assignments, as orchestral music plays and time-lapse video speeds up street scenes. (more) (videos)

Put a GPS in a Candy Bar - Sales Skyrocket

The candy company launched the “We Will Find You” campaign in the United Kingdom where GPS tracking devices were placed inside six candy bars.  

Once the winning candy bar wrapper is opened, the tracking device will go off and Nestle officials will be able to find the exact location of the customer.

“This will alert a secret control room who will scramble a crack team of highly trained individuals,” the commercial states. “They will board a helicopter, find the special bar and give the owner 10,000 pounds ($16,145).”

The six tracking devices will be placed in Kit-Kat, Aero and Yorkie bars in the U.K. (more)

What could possibly go wrong? Hummm... The guys in the warehouse borrow the guard's metal detector and scan pallet-loads of product. 

Seriously, if they have their act together, the bars are not going through the usual distribution chain. They are being placed on the shelf at the very last minute and the camera crew is waiting in the stock room. Brilliant promotion, however.

Business Espionage: Papal Butler's Trial Begins

The pope's once-trusted butler went on trial Saturday for allegedly stealing papal documents and passing them off to a journalist in the worst security breach of the Vatican's recent history — a case that embarrassed the Vatican and may shed some light on the discreet, internal workings of the papal household... 

Security was relaxed, with the guards at the tribunal entrance mostly concerned that none of the press or public brought in any recording devices: They even checked pens to make sure they couldn't record, and sequestered cell phones into safe boxes. (more)

Mobile malware up 2,180% - Threats to mobile devices rocket and set to rise further.

Between Q1 2011 and Q2 2012 ABI Research found that unique malware variants grew by 2,180 percent reaching 17,439. 

And these threats are set to increase significantly.

"With the increasing popularity of smartphones, mobile threats are on the rise. This has implications for security at the corporate level as well as for individual privacy," says Michela Menting, senior cyber security analyst. 

"The mobile application security market is rife with vendors offering their wares. The priority now for end-users is understanding the issue at hand and finding the right offering that best suits their needs," said Menting. (more) (SpyWarn)

Lawsuit: Failure to Proactively Prevent Spying

A coffee shop staged a failed cover-up after a lawyer planted spy cameras in its restrooms, a class of customers claim in court.

Lead plaintiff Roderick Smith says he discovered a spy camera in the restroom of a Coffee Bean and Tea Leaf in Encino last year, and that personal injury attorney Mark Daniel Wenzel planted another camera a week later.

Corporate owner International Coffee & Tea LLC failed to "proactively prevent" this spying, according to the complaint in Superior Court...

Detectives allegedly identified Wenzel as the culprit because the spy cam's own footage captured him during the installation process.

"The police sent pictures of defendant Wenzel to all the Coffee Bean shops in the area, and weeks later, in or about November of 2011, defendant Wenzel was apprehended by the police on a visit to the Coffee Bean located at the intersection of Woodley and Ventura at 16101 Ventura Boulevard in Encino, California, where another hidden recording device was also uncovered," the complaint says.

Meanwhile Coffee Bean superiors allegedly told staff to keep the incident to themselves. (more)

Dedicated spycam'ers plant multiple devices — in this case, at least three before the case was solved.

All businesses need to "proactively prevent spying" (especially optical spying). Schools, country clubs and companies dealing with the public use our services on a regular basis. Contact us.

Proactive inspections are cheap insurance. Inaction leads to lawsuits and lost customer goodwill.

U.S. Government Surveillance Stats - Up 361%, 2009-2011

U.S. law enforcement surveillance of email and other Internet communication has skyrocketed in the last two years, according to data obtained by the American Civil Liberties Union... 

Early Pen Register

The number of so-called pen register and trap-and-trace orders obtained by federal law enforcement agencies has increased 361 percent between 2009 and 2011, the ACLU said. The U.S. Department of Justice released the data to the ACLU after the civil rights group sued the agency under the Freedom of Information Act. (more)

Outrageous - Anyone else would have landed in prison.

Companies agree to stop spying, taking secret photos on rented home computers
 

The US Federal Trade Commission has reached a settlement with seven computer rental companies and a software firm over what the agency said was flagrant computer spying on customers of the rental stores.

In a statement Wednesday, the FTC said that DesignerWare LLC and seven rent-to-own computer stores agreed to cease using malware-like monitoring software to track rental PCs and from using information gathered by the spying software for debt collection purposes.

According to the FTC, the software captured screenshots of confidential and personal information, logged users' keystrokes, and in some cases took "webcam pictures of people in their homes, all without notice to, or consent from, the consumers."

The settlement stems from what an FTC complaint (PDF link) says was a years-long campaign of electronic spying by PC rent-to-own firms against customers using PC Rental Agent, a remote monitoring application made and marketed by DesignerWare that can disable or remotely wipe a rented computer, but also monitored a user’s online activity and physical location using a feature called "Detective Mode." (more) (sing-a-long)


P.S. It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.

Forensically Find Fake Photos Fast - Further Discussion

As most readers of the Security Scrapbook know, I do not sell products, nor do I profit in any way from items brought to your attention. The sole purpose when mentioning a product is to inform and educate. Sometimes, my readers provide additional insights and information. This helps all of us.

The other day I posted, "Fourandsix Technologies, Inc. has introduced their first product, FourMatch, which instantly distinguishes unmodified digital camera files from those that may have been edited." Wow! Cool stuff. Gimme, gimme.

Reality Check...
While this statement is technically accurate, one reader cautions that the company's other marketing information may lead one to expectations the product can not fulfill.

Read the review by Jim Hoerricks, and the response by Kevin Connor of Fourandsix Technologies, Inc.. Their discussion is very useful and illuminating, especially if you are in need of this technology.

P.S. The answer to the last "What's wrong with this picture?" (Rolling Stones album cover) is... "Former Rolling Stones’ bassist Bill Wyman was digitally removed from the cover..."

Next up...

What's wrong with this picture?

(Off topic) The Jetsons Turn 50 - What Became Reality?

FutureWatch
It's hard to believe, but George Jetson, his boy Elroy, daughter Judy, Jane, his wife -- and Astro, everyone's favorite space dog -- are now 50 years old.  

The show was futuristic in its own right: When it bowed in the early 60's, it was the first color show to ever air on ABC. But it was the quirky technological advances that the Hanna Barbera show imagined human beings using -- from robot maids to flying cars -- that really formed the backdrop of the show and kept viewers interested.

In honor of The Jetsons' 50th anniversary, we decided to take a look to see how far we've come. And based on where we are so far, by 2062, the year the show is set in, we may just achieve all that the show's writers envisioned and then some. One thing that's massively important to us today and wasn't reflected that way on the show is our powerful mobile phone technology and the importance to us of how small those devices have become, as well as what they permit -- constant access to the internet (not conceived back then) and a variety of useful apps. (more)

Forensically Find Fake Photos Fast

Fourandsix Technologies, Inc. has introduced their first product, FourMatch, which instantly distinguishes unmodified digital camera files from those that may have been edited. 

Fourandsix Technologies was co-founded last year by Kevin Connor, a 15-year veteran of the Adobe Photoshop team, and Hany Farid, a pioneering scientist in image forensics. Dr. Farid’s extensive research led to the development of FourMatch software, which provides compelling evidence for the authenticity of an image, while also serving as an efficient triage step for identifying photos that may require closer scrutiny.

...Increasingly, photographic evidence has been challenged in court as being unreliable. Similarly, media companies have faced embarrassment when running news photos that later were revealed to be falsified. (more)

Really interesting... Their Photo Tampering throughout History page. 
Example...

What's wrong with this picture?

Open Your Mouth and You're Nailed

Slate had an interesting article about how law enforcement can identify you via VoiceGrid Nation created by a company called SpeechPro in the United States, but which operates as a “Speech Technology Center” in Russia... 

This image shows how VoiceGrid works and here’s some other info gleaned via their documentation. Voice matching technology can “automatically separate the voices within a two-person dialog and send each voice individually for matching” and is being used as “part of a comprehensive plan to best leverage existing and new audio data.” Even without considering the NSA surveillance via intercepting calls, the whitepaper gives numerous examples of passive sources for voice recognition data that has “already been collected.” These include voicemail, recordings made while speaking to commercial service providers such as banks, cell phone companies, and cable TV companies, as well as 911 calls, suspect interviews and court recordings.

The company’s technology uses three methods for voice matching and an algorithm that automatically compares “voice models against voice recording obtained from different sources such as cell phones, land lines, covert recordings and recorded investigative interviews.” When combined, there is a 90% voice match to identification accuracy within 15 seconds. However, according to VoiceGrid’s “key figures,” it only takes:

· 3 seconds is the minimum required speech pattern for analysis.

· In 5 seconds, it can search/match in 10,000 voice samples.

· 10 seconds is the average time for feature extraction.

· Executes up to 100 simultaneous searches.

· Accommodates up to 1,000 active users.

· Stores up to 2,000,000 samples.

(more)

Thus, making all other PIs reach for a Kleenex®.

Two private investigators claim David Miscavige, the leader of the Church of Scientology, paid them $12million over the course of 24 years to spy on his former rival, along with other enemies.

The top-secret program gave Paul Marrick and Greg Arnold about $500,000 a year and sent them across the world in pursuit of Pat Broeker, who was briefly head of the church before being forced out, the men say. They are now suing the church after the paychecks stopped rolling in. (more)

Spy Rock Explodes Near Nuke Site

A MONITORING device disguised as a rock has been found near an underground Iranian nuclear enrichment plant.

Western intelligence sources told The Sunday Times the device exploded when it was disturbed by Iranian troops.

They tried to move the rock, setting off its self-destruct mechanism. (more)

IT Poobahs... "iPhone now as secure as BlackBerry"

For a long time BlackBerry was the de facto choice for businesses looking for a secure mobile device.

But BlackBerry appears to be losing its security advantage over the iPhone in the eyes of IT leaders, and in doing so giving up its last remaining advantage over Apple handsets in enterprise.

Since the iPhone launched in 2007 Apple has been slowly increasing security of iOS devices: adding 256-bit, hardware-based encryption for data stored on the device, widespread VPN support and limiting access that each app has to files and hardware resources on the phone. That’s in addition to its screening of all software on the app store and centralized control provided by third party mobile device management software. (more)

An App that Zaps Crime?

via the app maker...
"If there’s one thing that scares criminals above all else, it’s a witness to their actions. And that’s exactly why IWITNESS is the perfect crime deterrent.

With IWITNESS on your smartphone:
Record. Capture audio and video of any incident.
Send. Transmit what you’ve captured to a secure server accessible to law enforcement – an action no perpetrator can reverse.
Alert. Automatically call 911. Plus, send your exact location and an instant notification to friends or family members. 

IWITNESS features:
• Audio and video recording
  (Check your local laws about audio recording. You don't want the criminal to sue you.)
• Real-time tracking of location via GPS
• Data sent to a secure off-premises server location
• Automatically dials 911
• Notifies trusted contacts when you feel endangered
• Emits flashing light and sounds an alarm
(Note: This is not a free app.)

Wells Fargo Fires Employee Who Committed 10-Cent Fraud in 1963

68-year-old Richard Eggers really should have known that the sordid details of his dark, criminal past would eventually creep into the present and jeopardize his career. In 1963, the Iowa resident gave new meaning to the term “money laundering” when he tried to insert a cardboard cutout of a dime into a laundromat machine. Local law enforcement caught wind of the stunt and arrested him for fraud.

Eggers, who was a teenager at the time of his arrest, turned his life around and until recently worked as a customer service representative at Wells Fargo bank. But under new federal employment regulations, Wells Fargo fired Eggers upon learning of his criminal record, ABC affiliate WOI-TV reports. The regulations were instated to weed out workers with histories of fraud and identity theft to better protect the company’s customers.

But wait, you might be thinking, aren’t these rules meant to weed out senior executives whose missteps can cost customers millions of dollars — not customer services reps guilty of decades-old pranks? Good question. But apparently, a rule’s a rule. As Wells Fargo spokesperson Angela Kaipust told WOI-TV:

“We don’t have discretion to grant exceptions in situations like this. Once we find out someone has a criminal history of dishonesty or breach of trust we can no longer employ them.” (more)

Lawyer and Her PI Indicted in Bug Planting Scheme

CA - A Bay Area divorce lawyer has been indicted in connection with a scheme to plant eavesdropping devices in the cars of her clients’ spouses, federal prosecutors announced Tuesday. 

Chris Butler

Mary Nolan, the San Ramon lawyer, hired Christopher Butler, a private investigator, to install the listening equipment to help her clients in divorce and child custody cases, according to a six-count indictment made public Tuesday. 

Butler has admitted that he arranged for beautiful women — he called them “decoys”— to ply the husbands of Nolan’s clients and others with alcohol. Once the women got the men behind the wheel, Butler called police to report they were driving under the influence. (more)

Cell Phone Hackers Show Off at Pwn2Own Contests

via Ryan Naraine at zdnet.com
"This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) devices and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents.

For many, this is not practical advice. After all, your mobile device is seen as an extension of the computer and there is a legitimate need to access work e-mail on iPhone/iPad, Android and BlackBerry smart phones. However, whether you are a businessman, a celebrity or the average consumer, it's important to start wrapping your mind around the idea of separating work from play on smart phones and tablets."

...a skilled hacker can beam an exploit via NFC to automatically open a maliciously rigged document on your Android device. A few exploitation tricks later and it's game over. On iPhone, which is widely hailed as the most secure mobile OS platform, WebKit continues to be a security nightmare and a popular target for hackers building drive-by download exploits. There are still ways to bypass Apple's code signing and sandboxing mitigations. (more)

Brussels - Spy Capital of the World

The head of Belgium's state security service, Alain Winants, said in an interview published Monday, that Brussels currently sees more spy activity than almost any other city in the world. 

Spying on the secrets of Belgium chocolate making.

"We are not speaking in the dozens, we are speaking in the hundreds, several hundreds" of foreign intelligence officers and agents in Brussels, he told the Brussels-based website Euobserver in what is said to be his first interview with the international media.

"In Belgium, espionage, Russian espionage and from other countries, like the Chinese, but also others,is at the same level as the Cold War ... We are a country with an enormous concentration of diplomats, businessmen, international institutions - NATO, European institutions. So for an intelligence officer, for a spy, this is a kindergarten. It's the place to be," Winants was quoted saying. (more)