Saturday, November 24, 2012

Spy College... for your 21st Century careers

At the University of Tulsa school, students learn to write computer viruses, hack digital networks and mine data from broken cellphones. Many graduates head to the CIA or NSA.

Stalking is part of the curriculum in the Cyber Corps, an unusual two-year program at the University of Tulsa that teaches students how to spy in cyberspace, the latest frontier in espionage.

Students learn not only how to rifle through trash, sneak a tracking device on cars and plant false information on Facebook. They also are taught to write computer viruses, hack digital networks, crack passwords, plant listening devices and mine data from broken cellphones and flash drives.

It may sound like a Jason Bourne movie, but the little-known program has funneled most of its graduates to the CIA and the Pentagon's National Security Agency, which conducts America's digital spying. Other graduates have taken positions with the FBI, NASA and the Department of Homeland Security. (more)

From our "Persistence is Futile" file...

Top code-breakers at one of Britain's intelligence agencies, the GCHQ, say they have failed to decipher a message found attached to the leg of a dead Second World War pigeon. (more)

Can YOU crack the code?
RE HHAT VM RIYNZ LXJT MJRBTXAN
Give up? Crack it here. Your code number is 1943.

Student Balks at Stalk (Psst. Just make the tags more stylish.)

A court challenge has delayed plans to expel a Texan student for refusing to wear a radio tag that tracked her movements.

Style is everything in high school.*
Religious reasons led Andrea Hernandez to stop wearing the tag that revealed where she was on her school campus.

The tags were introduced to track students and help tighten control of school funding.

A Texan court has granted a restraining order filed by a civil rights group pending a hearing on use of the tags.

ID badges containing radio tags started to be introduced at the start of the 2012 school year to schools run by San Antonio's Northside Independent School District (NISD). The tracking tags gave NISD a better idea of the numbers of students attending classes each day - the daily average of which dictates how much cash it gets from state coffers. (more)


In other tracking news...

Thursday, November 22, 2012

Holiday Shopping Safety Infographic

Click to enlarge.
Click to enlarge.

Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices


Thanks to protections enshrined in the U.S. Constitution, the government generally can’t snoop through your laptop for no reason. 

But those privacy protections don’t safeguard travelers at the U.S. border, where the U.S. government can take an electronic device, search through all the files, and keep it for a while for further scrutiny – without any suspicion of wrongdoing whatsoever. (more) (pdf guide)

Wednesday, November 21, 2012

The Wall Street Wiretap Sword Of Damocles

Mark Pomerantz, a former federal prosecutor, says the government wants everybody on Wall Street to believe all their conversations are being taped.

Pomerantz tells MarketWatch that the perception of wiretaps being employed in a widespread way is great for deterrence. However, he said he didn’t think they were being employed extensively by federal prosecutors. (more)

Tuesday, November 20, 2012

Researchers Find iOS is Rich Target for Spying Software

Takeaway: The popularity of Apple devices makes them a prime target for spying programs, malware, and simple thievery.

According to a report in TechWeek Europe, researchers have found that spying programs like SpyEra, SpyBubble and StealthGenie are used by attackers much more heavily on devices running iOS. In two samplings of infected devices, Israeli mobile security company Lacoon found that significantly more iOS devices were being targeted over other mobile operating systems (74 % in one sampling and 52 % in a second sampling).

Attackers are, of course, taking advantage of the relative popularity of Apple devices, and are using the spying programs in highly targeted attacks — for example, against business executives — “to watch over personal and business data, letting the attackers view all the victim’s emails, text messages and geo-location information.” (more)

Friday, November 16, 2012

City Hall Fingered for Eavesdropping - Claims 'Inadvertance'

Chicago City Hall officials violated Illinois' strict eavesdropping law when they ‘inadvertently’ recorded conversations with Chicago Tribune reporters without their consent.

The Tribune sent the city a letter Friday demanding that officials stop secretly recording conversations with reporters. The newspaper also requested copies of the recorded conversations.

“This failure was due to inadvertence – not some practice or plan to record interviews without consent,” City Attorney Stephen Patton stated in a letter responding to the Tribune. (more)

What the Well Dressed Spy Wants for Christmas

Upon first glance, it appears to be a standard pair of cuff links.

However, a covert, hidden handcuff key has been engineered in to the design. This concealed hand cuff key will to open almost all Standard Hand cuffs. It’s also designed to hold your French Cuffs closed. A must have for any international SPY or the average citizen looking for some styling carbon fiber inlaid cuff links that happen to open hand cuffs.

*WARNING: The use of this product may result in you being shot.*


Don’t Break the law. 

You are not Bond'ed. (more) (more weird cufflinks)

Thursday, November 15, 2012

Scientific Breakthrough Gives Paranoids Another Thing to Worry About

Click to enlarge.
A tiny ear-powered device extracts energy from an ear and transmits information wirelessly to a nearby radio. (more)

2012 China Report Released... no surprises.

The U.S.-China Economic and Security Review Commission was created by Congress to report on the national security implications of the bilateral trade and economic relationship between the United States and the People's Republic of China.

"This Report conveys our findings from the past year, along with providing recommendations to Congress about how best to respond to some of the problems we have identified."
2012 REPORT TO CONGRESS
 
Excerpts:

"Travelers to China sometimes report Chinese officials tampering with their electronic devices upon entry or exit. Customs or border enforcement entities may perform or enable such activities."

"Some corporate entities in China may engage in, support, or benefit from cyber espionage. The prevalence of stste-owned or -controlled enterprises in the telecommunications and IT sectorsin China mean that such activities would often constitute state sponsorship."


Just coincidence?
 

Wednesday, November 14, 2012

This Week in Spy News

The chairman of Stow College in Glasgow has resigned after a row over a recorded conversation on a device branded a "spy-pen". (more)
 

Outdated laws have created loopholes that allow government and law enforcement agencies to request information and conduct electronic surveillance without warrants. The piece of legislation at the heart of the issue is the Electronic Communications Privacy Act, passed in 1986. (more)
 

Ex-British spy, turning 90, happily living in Russia... 
The spy, George Blake, betrayed British intelligence starting in the 1950s; he was found out in 1961 and sentenced to 42 years in prison. But he escaped five years later using a rope ladder made of knitting needles, made his way to the Soviet Union and has been living out his last years serenely in a cottage outside Moscow. (more)

Two Simple Spy Tricks That David Petraeus Could Have Used To Hide His Affair...

Does the head of the world's top spy agency really think he can hide behind a Gmail account and a pseudonym? Apparently so. Even bumbling Boris Badenov from "Rocky and Bullwinkle" would have known better. (more)

The Maryland Transit Administration is bugging buses in Baltimore, and the bugged buses are what’s bugging civil rights advocates. Buses already have cameras, but ten buses now have microphones that are supposed to add to security by recording what’s said between passengers and the drivers. (more)

How to Stop Spies from Digging Up Your Personal Information...

The spies in our lives aren't like the ones in movies—they take the form of a suspicious lover, obsessive coworker, or jealous "friend." While you can't distrust everyone you meet and lead a happy life, you can protect your personal information from falling into the wrong hands. Here's how to guard yourself from spies without slipping into a state of constant paranoia. (more)

The chairman of Pirelli, Marco Tronchetti Provera, will go to trial
over a long-running probe into alleged use of Telecom Italia data to snoop on Italy's elite, a judicial source said on Monday. (
more)

How to Snap Top Secret Photos Without Anyone Noticing...

Ever needed to snap a picture in a quiet building without anyone noticing? Or maybe you need to document misbehavior without getting caught? Taking snapshots on the sly isn't easy, but a few tricks can help you capture a moment without another soul noticing. (more)
 

Steampunk Spy-Fi: Real-life gadgets perfect for a Victorian Era James Bond...
What if the majesty of On Her Majesty's Secret Service was Queen Victoria? (more)

In France, a Mission to Return the Military's Carrier Pigeons to Active Duty...

Grounded After Modern Communication Devices Soared, Birds May Offer Low-Tech Solutions; No Round Trips (more)

Email Security - The Petraeus Case

...via
There's no such thing as a truly 'anonymous' email account, and no matter how much you try to encrypt the contents of the email you are sending, little fragments of data are attached by email servers and messaging companies. It's how email works and it's entirely unavoidable...which first led the FBI on a path that led up to the very door of Petraeus' office door in Langley, Virginia.

Ultimately, only Google had access to the emails. Because it's a private company, it does not fall under the scope of the Fourth Amendment. If the U.S. government or one of its law enforcement agencies wanted to access the private Petraeus email account, it would have to serve up a warrant.

In this case, however, the Foreign Intelligence Services Act (FISA) would not apply. Even the Patriot Act would not necessarily apply in this case, even though it does allow the FBI and other authorized agencies to search email. However, in this case, above all else, the Stored Communications Act does apply -- part of the Electronic Communications Privacy Act.

The act allows for any electronic data to be read if it has been stored for less than 180 days. In this case, the law was specifically designed -- albeit quite some time before email became a mainstream communications medium -- to allow server- or computer-stored data to be accessed by law enforcement.

However, a court order must be issued after the 180 days, and in this case it was...


Once it knew Ms. Broadwell was the sender of the threatening messages, the FBI got a warrant that gave it covert access to the anonymous email account. And that's how they do it. (more)

Saturday, November 10, 2012

Watergate's Next Watergate

A history professor hopes that a federal court's recent order to release long-sealed Watergate documents will shed light on the motivations behind the infamous 1972 scandal and help set an example for how to unseal court records.

Federal District Judge Royce Lamberth in Washington, D.C., on Friday ordered the National Archives and Records Administration to review and release some of the documents within a month. The order came in response to Texas A&M history professor Luke Nichter's 2009 informal request to Lamberth to unseal a trove of documents relating to the 1973 trials of Watergate conspirators G. Gordon Liddy and James McCord.

Nichter's letter said that some of the sealed materials "purportedly will demonstrate that exposing a prostitution ring was the real motivation for the break-in." Liddy had alleged a similar theory in the mid-1990s, although he claimed that motive was unknown to him when he orchestrated the break-in. (more) (previous report)

Get Alerts from your Local Police & 5,000 other Public Safety Agencies

One thing Hurricane Sandy taught us was truth beats rumors. Sign up for the truth... 

"This service, NIXLE, delivers trustworthy and important neighborhood level public safety and community event notifications instantly sent to you by cell phone text message, email and web. There is NO spam or advertising and the service is available at no cost.

Register at
www.nixle.com. This service is simple to use, reliable and trusted.

Stay connected to your world, from the public safety alerts that are relevant to you, to the important neighborhood advisories you want to know about and other valuable community information."

More iPhone Security Tips

Important Points
• iPhone / iPad / iPod muggings are common.
• Reduce risk...
-- Minimize usage while in very public places.
-- Use iOS's security features...
---- for tracking a stolen device and remote wiping of data.
---- for preventing thieves from: turning off tracking, accessing data and accounts.
• If theft occurs, go to the police first, not the phone company. 
-- Police will try to track. 
-- Carrier will shut off service.
• Seal the SIM card with serial numbered security tape to detect tampering.

Setting tips via Martin Williams...
1. Select Settings.
2. Click General.
3. Select Restrictions.
4. Set a Restrictions passcode.
5. Click Enable Restrictions.
6. Look for Deleting Apps and toggle the switch from On to Off. This will mean that no one can delete an app such as Find My iPhone without your Restrictions passcode.
7. Scroll down the list of options until you reach the Privacy section, here you’ll find a link to Locations Services, click it.
8. Select Don’t Allow Changes. This will mean it is impossible for a robber to disable the Find My iPhone application from broadcasting your GPS. You will now need manually to approve all new apps to access your location data.
9. Go back to the main Restrictions menu and select Accounts, changing this setting to Don’t Allow Changes. This makes it impossible for a mugger to disconnect your iCloud account that connects to Find My iPhone.
10. If your iPhone is stolen, it is only going to transmit its location for as long as a SIM card is inserted and is active.

Friday, November 9, 2012

Government Strength Mobile Spyware

In the secretive world of surveillance technology, he goes just by his initials: MJM. His mystique is such that other security professionals avoid using wireless Internet near him...

MJM -- Martin J. Muench -- is the developer of Andover, U.K.-based Gamma Group’s FinFisher intrusion software, which he sells to police and spy agencies around the world for monitoring computers and smartphones to intercept Skype calls, peer through Web cameras and record keystrokes...

Of Gamma’s products, FinFisher has become the flashpoint. It represents the leading edge of a largely unregulated trade in cybertools that is transforming surveillance, making it more intrusive as it reaches across borders and spies into peoples’ digital devices, whether in their living rooms or back pockets...

...researchers including Claudio Guarnieri of Boston-based security risk-assessment company Rapid7; Bill Marczak, a computer science doctoral candidate at the University of California Berkeley; and Marquis-Boire, whose day job is working as a security engineer at Google Inc., found computers that appeared to be command servers for FinSpy in at least 15 countries.

They also documented FinSpy’s ability to take over mobile phones -- turning on microphones, tracking locations and monitoring e-mails...



On Oct. 12, U.S. law enforcement officials warned smartphone users to protect themselves against FinFisher, calling it malware, or malicious software.

“FinFisher is a spyware capable of taking over the components of a mobile device,” the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and National White Collar Crime Center, said in a Website alert to the public. “FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.”

FinSpy Mobile can infect almost every kind of device, including Apple Inc.’s iPhones and smartphones running Google’s Android or Microsoft Corp.’s Windows systems, according to a pamphlet Muench provides. (more)

Thursday, November 8, 2012

Meet the Superheroes Fighting for Your Right to Mobile Privacy

Five years into the smartphone era, the threats to user privacy have never been higher.  

The complex and mostly unregulated privacy concerns of the mobile ecosystem have driven many users to take their privacy into their own hands, whether that means deleting apps that ask for too much information or turning off location services.

However, the fight over mobile privacy is just really starting to take shape. We wanted to get a beat on where that fight is now, and about what – if truly anything – privacy advocates think will change the future of mobile towards a more user controlled experience... (more)

A Salute to Our Native American Code Talkers

George Smith, one of the Navajo code talkers who helped the U.S. military outfox the Japanese during World War II by sending messages in their obscure language, has died, the president of the Navajo Nation said.

"This news has saddened me," Ben Shelly, the Navajo president, said in a post Wednesday on his Facebook page. "Our Navajo code talkers have been real life heroes to generations of Navajo people."

Smith died Tuesday, Shelly said, and the Navajo Nation's flag is flying at half-staff until Sunday night to commemorate his life.


Several hundred Navajo tribe members served as code talkers for the United States during World War II, using a military communications code based on the Navajo language. They sent messages back and forth from the front lines of fighting, relaying crucial information during pivotal battles like Iwo Jima.

Military authorities chose Navajo as a code language because it was almost impossible for a non-Navajo to learn and had no written form. It was the only code the Japanese never managed to crack.

The Navajo code talkers participated in every assault the U.S. Marines carried out in the Pacific between 1942 and 1945.

The code talkers themselves were forbidden from telling anyone about the code -- not their fellow Marines, not their families -- until it was declassified in 1968.

Now in their 80s and 90s, only a handful of code talkers remain. (more)

Security Quote of the Day

"Protecting classified information depends, today more than ever, on the security awareness of employees. They can literally make or break your security program." NSI, Security NewsWatch

How to Surf the Web in Secret


via Brad Chacos...

They say no one can hear you scream in space, but if you so much as whisper on the Web, you can be tracked by a dozen different organizations and recorded for posterity. 

Simply visiting a website can allow its operators to figure out your general physical location, identify details about your device information, and install advertising cookies that can track your movements around the web. (Don't believe me? Check this out.)

Not everyone likes the idea of having his or her entire digital lives scraped, analyzed and (in countries with restrictive regimes) controlled outright by third parties. 


So please consider the following tools and tips, which will hide your IP address and have you surfing the web in blissful anonymity in no time. (more)

Checklist...
• Use a second web browser.
• Set it to anonymous / private mode.
• Have it wipe all cookies when closed.
• Use a web-based proxy. (Proxify, Anonymouse, Hide My Ass, or one from Proxy.org)
• Better... Use a virtual private network (VPN) like The Onion Router (aka TOR).
• Send your email anonymously via
Anonymouse or Hide My Ass.

Monday, October 29, 2012

Seeing Through Shower Curtains and Other Light Scattering Materials

via Gizmodo.com...
Taking a shower while secure in the knowledge that no one can see through the curtains may soon be a thing of the past. Researchers Ori Katz, Eran Small and Yaron Silberberg of the Weizmann Institute of Science, Rehovot, Israel, have developed a method for de-scattering light to form coherent images in real time. 
In other words, they have found a way to look through shower curtains, frosted glass and other image-blurring materials. The technique may one day aid scientists in seeing through living tissue or around corners. (more)

And, I have found their research. ~Kevin

Thursday, October 25, 2012

Maltego - For the PI and Security Director of the Future

via techhive.com...
What Maltego does is quickly and succinctly draws on public data sources to put together a graphical digital footprint...

Click to enlarge.
Maltego is highly efficient at quickly assembling digital crumbs and linking those pieces together, which would be tedious work otherwise. 

Roelof Temmingh (co-creator) used Maltego to search Twitter with coordinates for the vicinity of the NSA's parking lot...

Temmingh pulled up a web of scattered tweets in Maltego. He picked out one person...

Then Maltego combed social networking sites, checking sources such as Facebook, MySpace, and LinkedIn. An identical photo linked the person's Facebook and MySpace page. From there, Maltego spotted more information. After a day of searching, Maltego discovered the person's email address, date of birth, travel history, employment, and education history.

"This is about a day's worth of digging around," Temmingh said. "It's not weeks and weeks."

Other interesting information can come from EXIF (exchangeable image file) data, which is information often embedded in a photograph... (more)


An investigative tool, and vulnerability assessment tool. For cutting-edge PIs, a  competitive advantage. For the average security director, a mini FBICIANSA. ~Kevin

FBI Issues Warning Regarding Android Malware

The FBI's Internet Crime Complaint Center has issued a warning alerting users about malware that targets the Android mobile operating system. 

The intelligence note from the IC3 was issued last week, and highlighted on Monday by Apple 2.0. It noted there are various forms of malware out in the wild that attack Android devices.

Two forms of malware cited byt he IC3 are Loozfon, which steals information from users, and FinFisher, which can give nefarious hackers control over a user's device. 


Loozfon can lure in victims by promising users a work-at-home opportunity in exchange for sending out an e-mail. Visiting a link in the e-mail will push Loozfon to the user's device, allowing the malware to steal contact details from the device's address book.

The FinFisher spyware highlighted by the IC3 allows for a mobile device to be remotely controlled and monitored from anywhere. FinFisher is installed by simply visiting a Web link or opening a text message that disguises itself as a system update. (more)

Sunday, October 21, 2012

New Burglar Alarm... not for you, for the burglar.

Criminals no longer need to stake out a home or a business to monitor the inhabitants' comings and goings. Now they can simply pick up wireless signals broadcast by the building's utility meters.

In the US, analogue meters that measure water, gas and electricity consumption are being replaced by automated meter reading (AMR) technology. Nearly a third of the country's meters - more than 40 million - have already been changed. The new time-saving devices broadcast readings by radio every 30 seconds for utility company employees to read as they walk or drive around with a receiver. But they are not the only ones who can tune in, says Ishtiaq Rouf at the University of South Carolina in Columbia, and his colleagues.

The team picked up transmissions from AMR meters - operated by companies that they did not name in their paper - and reverse-engineered the broadcasts to monitor the readings. To do this they needed about $1000 worth of open-source radio equipment and information available through online tutorials. (more)


Bad guy logic leap: When you are not home, you are not using much electricity.

Bike Race Dopes - Another DIY TSCM Failure

via a Blue Blaze Irregular...
On page 218 of the new book, "The Secret Race: Inside the Hidden World of the Tour de France: Doping, Cover-ups, and Winning at All Costs" by Tyler Hamilton and Daniel Coyle, is a description of the TSCM techniques allegedly used by the U.S. Postal Service cycling team against covert audio and video surveillance:

"According to Landis, Postal performed two transfusions to the entire team during the 2004 Tour de France. The first was after the first rest day in a hotel in Limoges. Riders were taken in small groups to a room and told not to speak. For safety, team staffers were stationed at each end of the hallway. To guard against the possibility of hidden cameras, the air conditioner, light switches, smoke detector, and even the toilet were covered with dark plastic and taped off.


Fun Facts: 
• Many types of "dark plastic" – garbage bags, for example – do not block near-IR light. 
• Many cameras are sensitive to near-IR light.
• Putting dark plastic over camera hiding spots is no guarantee you blinded the camera.
• (more about seeing through black plastic)
~Kevin 

$89.99 Wi-Fi Bug You Control With Your iPhone... from anywhere!

"WeMo Baby conveniently turns your iPad, iPhone, or iPod touch into a baby monitor so you don't have to carry an extra device to keep in touch with your baby. 

It works with your existing Wi-Fi router to wirelessly stream audio from your baby's room to your mobile device." (more)

Why is this scary?
• It will be repackaged into a covert listening device.
• Unlike previous baby-mon mods, this one is digital.
• Its signal hides among legitimate Wi-Fi signals.
• Listen in from anywhere via the Internet.
• Digitally clear audio.
• Pair with a voice activated recorder for "TiVO" spying.
• It can send text messages when it hears audio.

P.S. Although this product hasn't launched yet, Murray Associates has a detection solution ready. ~Kevin

Common Problem - Technology Outpaces Spies

Australia's domestic spy agency has revealed there have been intelligence failures in recent years because of changing technology. 

Speaking exclusively to Radio National's Background Briefing program, Australian Security Intelligence Organisation (ASIO) director-general David Irvine says new ways of communicating electronically are white-anting* his agency's surveillance powers.

"We have had not near misses, we have had misses," he said.

"In recent years there have been instances where devices have been used or devices have been used that we didn't know about, and we have missed information. (more) (Audio: Law expert George Williams talks to PM (PM) )


* - An Australian term for the process of internal erosion of a foundation.

Saturday, October 20, 2012

Today in Eavesdropping History

On Oct. 20, 1973, in the so-called Saturday Night Massacre, President Nixon abolished the office of special Watergate prosecutor Archibald Cox, accepted the resignation of Attorney General Elliot L. Richardson and fired Deputy Attorney General William B. Ruckelshaus. (more)

Wednesday, October 17, 2012

Chinese Communications Equipment Maker ZTE Cuts Connection with Surveillance Equipment Maker ZTEsec

Chinese telecoms kit maker ZTE has sold its majority stake in ZTE Special Equipment (ZTEsec) – a company that sells surveillance systems.

The under-fire Shenzhen-based firm said in a little-publicized filing with the Hong Kong Stock Exchange at the end of September that it would “dispose of its 68 per cent equity interests” in ZTEsec. (more)

Apparently not in time to impress Congress. (pdf of report)

Tuesday, October 16, 2012

Silent Circle Has Launched - An Affordable Secure Communications Package

Their opening salvo...
"We want to fight for your right to privacy. We are pushing back against the tide of surveillance. We don’t like oppressive regimes, indiscriminate wiretapping, big brother, data criminals, intellectual property theft, identity thieves or governments that persecute their citizens for saying or writing their opinions." Silent Circle


Services:
Silent Phone
Silent Text (with a self-destructing feature)
Silent Eyes (video call encryption)
Silent Mail (coming soon)
All sold together as Silent Suite for $20.00 per month.


Coming Soon...

"Worldwide Secure Communications with the Secure Business Package brings together the entire Silent Circle suite of products. Not only is this an Encrypted Secure Calling Plan – it's also extremely cost effective compared to today's un-secure VoIP calling plans. The average large domestic carrier basic cell phone plan is about $40 a month with low minutes, low data and un-secure calls. With our Secure Business Package you can have peace of mind that you are communicating securely without worrying about your minutes. In today's market, unlimited calling and data plans with the major cell carriers cost over $120 a month – with our Secure Business Package at $49 per month, on top of a basic carrier plan of around $40 per month, is still much cheaper than today's unlimited carrier plans – and it's SECURE."

ENTERPRISE SOLUTIONS
"In today’s highly-connected International business realm, even small to moderate sized businesses have international employees, offices and partners. Silent Circle was developed and designed to help stop the theft of personal and corporate Intellectual Property, to defeat a critical piece of the Bring Your Own Device (BYOD) issue and to provide a true commercial Software-as-a-Service model for secure communications."

FutureWatch: Like the telephone itself, having one is useless, having two useful. Having millions of subscribers makes it an imperative.


If and when this product scales up, will there be any reason to communicate insecurely? Will the word wiretap join the lexicon graveyard along with galoshes, spitoon and fedora? The answer may depend upon two live-wire words... government regulation

For now, anyway, this is great progress. ~Kevin

Monday, October 15, 2012

Future Room Lighting to Double as Light "Wi-Fi"... or eavesdropping device.

VLC transmits data wirelessly using visible light as its medium instead of radio waves... Harold Haas, professor of Mobile Communications at the University of Edinburgh, successfully demonstrated the VLC technology at a TED conference. He streamed a HD video to a screen using a LED light bulb as transmitter.

Haas co-founded PureVLC, a corporate spin-off of the university’s research project, to turn the technology into commercially viable devices. The company is now beta-testing its first product: the Smart Lighting Development Kit (SLDK)...
 
Because the light changes superfast it is invisible to the human eye and can still function as normal lighting.

A standard Ethernet port connects the ceiling unit to a data network. The unit encodes the data onto the current feeding the LEDs. The desktop unit receives the data, decodes it and transfers it to a laptop or desktop computer. It can also send data to the ceiling unit. (more)

Privacy Tip: Turn OFF Advertiser Tracking in iPhone iOS6

In iOS6, tracking for advertisers has been turned ON by default.

The new "features" are called:
  • identifierForAdvertising (IDFA) which is a cross-app/publisher identifier
  • identifierForVendor (IDFV) which is a publisher-specific identifier
You can read more about it here, but this is what you want to know if you don't want to be tracked...

In Settings, navigate to General / About / Advertising, then... flip the switch to ON. 

This is not listed under Privacy. It is tucked away in an unlikely corner. It is ON by default. And, to turn it OFF, you have to turn it ON. Weird, huh? Smell a rat? ~Kevin

Experimental App Sends 3D Photos of Your Office to Spies, Your Home to Burglars*

via MIT Technology Review...
...smartphones are increasingly targeted by malware designed to exploit this newfound power. Examples include software that listens for spoken credit card numbers (
Soundminer malware) or uses the on-board accelerometers to monitor credit card details entered as keystrokes (steal keystrokes).

Today Robert Templeman at the Naval Surface Warfare Center in Crane, Indiana, and a few pals at Indiana University reveal an entirely new class of 'visual malware' capable of recording and reconstructing a user's environment in 3D. This then allows the theft of virtual objects such as financial information, data on computer screens and identity-related information. (It even turns of the shutter noise when taking photos.)

Templeman and co call their visual malware PlaceRaider and have created it as an app capable of running in the background of any smartphone using the Android 2.3 operating system. (more)


* Just two scary imagined use for this app.
Want to know more?
We've got their paper right here

Friday, October 12, 2012

Losing Face if Book is Thrown at Them

...via seekingalpha.com...
The case was highlighted in an article by Bloomberg titled "Facebook Seeks Dismissal of $15 Billion Privacy Suit". Here is an excerpt of the action:

NATURE OF THE ACTION
1.This class action lawsuit, seeking in excess of $15 billion in damages and injunctive relief brought by, and on behalf of, similarly situated individuals domiciled in the United States who had active Facebook, Inc. accounts from May 27, 2010 through September 26, 2011...


We added the bold type above to highlight who can be part of the "class". We recommend a thorough read of the case to all interested parties to see who may qualify to participate as part of the "class". In our opinion, the legal question posed by this case is potentially more harmful than the other shareholder suits outlined by the Wall Street Journal's article: "Facebook's Next Fight: Suits, and More Suits".

The privacy "wiretapping" lawsuit accuses Facebook of secretly tracking users' Internet activity after they log out of their Facebook accounts. This is done using "cookies" which are activated when a user logs into a Facebook account. These cookies can also be used by hackers in intercepting a user's data which is yet another privacy concern. Facebook has filed a motion to dimiss the suit for lack of establishing a Facebook user's harm. We believe that the value of one's privacy is "priceless". The suit accuses Facebook of violating federal wiretap laws with statutory damages per user of $100 per day per violation, up to $10,000 per user. With over a billion users, let's assume that the court decides that $10,000 is too much to award to each user and asserts the $100 floor per user, this would equate to $100 billion in damages and would wipe out more than all the equity in FB.

While this may seem highly speculative at first blush, according to the Wiretap Act, it's a crime for anyone that is not a party to a communication to be eavesdropping. If a crime in this case is established, Facebook could be ordered to shut down much like Kim Dotcom's Megaupload shutdown which was based on violation of US Copyright laws. In addition, the "wiretapping" lawsuit also charges that Facebook is violating the Stored Communications Act and the Computer Fraud and Abuse Act. Any way you look at this battle, it seems like a high stakes issue for Facebook which is not seriously being weighed by investors.... yet. (more)

Thursday, October 11, 2012

He Can Open Your Hotel Room Lock with a Magic Marking Pen

...of course, its no ordinary marker...
Matthew Jakubowski, a security researcher, posted a video on YouTube which shows how anyone can build a pocket-sized device to open the lock on an estimated 4 million hotel rooms.

The magic marking pen exploits an Onity lock
vulnerability, used on millions of hotel room doors. (more)

 
As you can see, card-key door locks can be hacked. But did you know, one can open the internal door privacy latch using nothing more than the plastic 'do not disturb' sign hanging on the outside door handle?!?! (Yes, they can come in while you are in the shower.) 

Hotel safes are equally insecure, a paper clip can open some of them, others have commonly known default passcodes. Most also have an Ethernet port which can be hacked, and/or a hidden keyway, which can be picked. All these security loopholes are in addition to the legitimate hotel staff's master keys for opening both doors and safes. 

In short, your hotel room is easy pickings when it comes to a concerted espionage attack. 

One of our many travel recommendations for our clients is:
• Don't trust hotel security. 
• Keep your confidential information with you at all times. 

Want to know more? 
Become park of our client family.
~Kevin

Tuesday, October 9, 2012

Growing Prevalence of Industrial Espionage Threaten Automakers

According to Automotive News, industrial espionage in the United States has been steadily rising in multiple sectors. In fact, the U.S. Immigration and Customs Enforcement Homeland Security Investigations (ICE HSI) have opened 1,212 intellectual property rights cases for the 2011 fiscal year. Compared to 2009, cases have increased by nearly 66 percent. 

Given the high-octane environment that is the auto industry, cloak and dagger activities are especially prevalent. In particular, auto giants including GM, Ford and Toyota have endured stolen intellectual property more than most...

Addressing a need to prevent acts of espionage to continue, the Office of the National Counterintelligence Executive declared that countermeasures must be put in place due to the exponentially growing proliferation of smartphones and various mobile devices. (more)

Saturday, October 6, 2012

All Quiet in the Chinese Front: We Await the Jury

• The House Intelligence Committee will release a report Monday, following its probe into espionage charges against the two telecommunications-gear makers. 

• Also, "60 Minutes" will air its investigation into the company on Sunday.

The House Intelligence Committee investigating national security threats posed by two Chinese telecommunications-gear makers is set to release a report Monday that seems likely to ratchet up pressure.


The committee held a three-hour hearing last month, during which lawmakers repeatedly criticized Huawei and ZTE for being vague in answering questions about whether their networking equipment could be used to snoop on American companies and individuals. At the end of the hearing, committee Chairman Mike Rogers (R-Mich.) expressed some consternation that the companies hadn't been more forthcoming in addressing his concerns. (more)


Sneak Peak... (excellent clip from Chairman Mike Rogers (R-Mich.)

All Quiet in the Russian Front: Stop Light Company Stopped

TX - If their website is any indication, Arc Electronics was apparently into a lot of things besides spying.

Sure, espionage is exciting and interesting and all, but bills have got to be paid. Those traffic lights aren't going to construct themselves -- though Arc sure as hell weren't selling anything to the city...

Federal court hearings regarding Arc's alleged spying begin today before U.S. District Judge George Hanks.

The charges involve illegally sending microelectronics to the Russian government, Russian military, and intelligence agencies. But while all that was allegedly going down, Alexander Fishenko, the company's owner, had a rather elaborate faux operation humming at a nondescript strip mall in southwest Houston.

Alex James, a receptionist at neighboring Modern Performance, said he never saw anyone coming in and out of their mutual alley and had no idea what was happening inside Arc Electronic. (more)

Facebook Logic - What harm can a little spying do?

A federal court in May 2012 hit Facebook with a $15 billion lawsuit after it was found that the social network was tracking customers after they logged out of its system. The court filing claims that Facebook is violating federal wiretap laws.

The Menlo Park company is now asking that the case be dismissed because the defendants behind the case have failed to specify how they were harmed by the error in Facebook’s judgement. (more)

Spy Gear & Divorce

Techniques once accessible only to governments or corporations are now trickling down to daily use. It's part of a broader transformation of modern privacy in which even the most personal spheres of people's lives—home, friendships, intimacy—can be exposed for examination without knowledge or consent. Lawyers say the technology is turning divorces into an arms race... 

World's smallest voice recorder. Holds 300 hrs. of voice. How it's made.
Amateur spies have widening options. LandAirSea sells a GPS Tracking Key—a matchbox-size, magnetized gizmo that can stick to cars—for $179 online... Software can be purchased for many smartphones that can track their location. Computer software that copies instant messages and emails can cost less than $100 and be installed without any special know-how. An array of tiny recorders makes eavesdropping easy.

Regulators have a tough time policing the sale of these kinds of devices, since they have legitimate uses by employers or parents... (more)

Workplace SpyCams: The Accounting Firm

WI - The reported vice president of a Wisconsin accounting firm was charged with four felonies for allegedly using a camera pen to spy on women in the office restroom. 

Click to enlarge.
Last month, a woman working in an office building in the Milwaukee suburb of Glendale went to the bathroom and noticed a pen slide under the door, according to the criminal complaint and reported by the Menomonee Falls Patch. Suspecting that the pen was a camera, the woman looked online and spotted a camera pen for sale that looked similar. She then contacted the Glendale police.

A week later, another woman allegedly saw the same pen slide under the bathroom door. She likewise reported the incident to police, and the officers checked hidden cameras that they had set up outside the bathroom. According to the complaint, the cameras showed James Pirc, 46, sliding something under the door. (more)


Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."