FREE Security "Green" Papers on Laptop, Mobile Phones & Storage Devices

IT Governance is a supplier of corporate and IT Governance related books, toolkits, training and consultancy. They offer a wealth of knowledge and experience. 

Their Green Papers contain information and guidance on specific problems and discuss many issues. Here are two just published this month...

Technical Briefing on Laptop and Mobile Storage Devices

Technical Briefing on Mobile Phones and Tablets

About two dozen more may be found here.

... thus, giving new meaning to a bright idea!

Optogenetics is the process by which genetically-programmed neurons or other cells can be activated by subjecting them to light. Among other things, the technology helps scientists understand how the brain works, which could in turn lead to new treatments for brain disorders.

Presently, fiber optic cables must be wired into the brains of test animals in order to deliver light to the desired regions. That may be about to change, however, as scientists have created tiny LEDs that can be injected into the brain.

The LEDs were developed by a team led by Prof. John A. Rogers from the University of Illinois at Urbana-Champaign, and Prof. Michael R. Bruchas from Washington University. The lights themselves can be as small as single cells and are printed onto the end of a flexible plastic ribbon that’s thinner than a human hair. Using a micro-injection needle, they can be injected precisely and deeply into the brain, with a minimum of disturbance to the brain tissue. (more)

FutureWatch - Mico-sensors to allow downloading of consciousness - knowledge, visuals, ideas, etc..

Small Business Espionage Attacks Up 42%

Smaller companies, their websites and their intellectual property are increasingly being targeted by cyberattacks, a new report on IT security trends says.

Targeted attacks were up 42 per cent in 2012 compared to the year before, and businesses with fewer than 250 employees are the fastest growing segment being targeted, according to the annual internet security threat report issued Tuesday by Symantec...

The type of information being targeted by attackers is also changing — financial information is now losing ground to other kinds of competitive data, the report found. (more)

McConnell's Suspected Bugger Has Hand Out

The man who is suspected of bugging Senate Minority Leader Mitch McConnell’s office has started a legal defense fund aimed at raising $10,000 — and so far, he’s received $185.

Breitbart reported that Curtis Morrison, who’s also a Progress Kentucky volunteer, said in a message about his fund that he’s cooperating with the FBI. But he’s struggling to pay for his legal defense...

A Kentucky Democratic Party operative and the founder of Progress Kentucky outed Mr. Morrison last week as the person who allegedly bugged Mr. McConnell’s office, Breitbart reported. (more)

The Schizo Illinois Eavesdropping Law

There was major development Tuesday in the fight over the state's controversial eavesdropping law. A court decision now allows citizens to record the audio of police officers on the job in public.

Citizens can legally record video of police officers doing their jobs on the public way, as long as you don't interfere, but the Illinois Eavesdropping Act does not permit you to record audio.

If you do, you're still subject to arrest and criminal charges, even though two state court judges in Illinois have declared the law unconstitutional.

It remains a law on the books without clarity though a new agreement just approved by a federal court judge will change things in Cook County. (more)

Weird.

RFID Tracks Jewelry Popularity

Interesting application of RFID technology.

RFID smart shelves can help retailers analyze market demand. 

Beyond sales reports, retailers want to understand which items had the highest shopper interest. For example, while one jewelry item is picked up 100 times and sold 90 time, another jewelry item is picked up 100 times but only sold 10 times. Retail statistics monitoring shopper behavior cannot be accurately counted by man.

However, the RFID Jewelry Smart Shelf Solution developed by Alpha Solutions enables retailers to clearly see data on which types of jewelry are picked up frequently. From the data obtained, discount promotions and programs can be made for the jewelry types that are having trouble selling.

There is a Magazine for Everything... Even Penetration Testing

Kamil Sobieraj, editor of PenTest Magazine introduced me to his publication this week. It was an eye-opener. If you have anything to do with protecting information, you will find this as interesting as I did... 

 PenTest Magazine is a weekly downloadable IT security magazine, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. All aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions are covered.

48 issues per year (4 issues in a month).

A different title is published every week of the month:
• PenTest Regular – 1st Monday
• Auditing & Standards PenTest – 2nd Monday
• PenTest Extra – 3rd Monday
• Web App Pentesting – 4th Monday

...about 200 pages of content per month.

Each issue contains...
• News
• Tools testing and reviews
• Articles – advanced technical articles showing techniques in practice
• Book review
• Interviews with IT security experts
(more)

Nice to know there is a smart way to keep up with the bad guys.

Campaign Headquarters Bugged - FBI Investigating

Senate Minority Leader Mitch McConnell (R-Ky.) accused opponents Tuesday of bugging his headquarters and asked for an FBI investigation after a recording from an internal campaign meeting surfaced in a magazine report.

The 12-minute audiotape released by Mother Jones magazine reveals McConnell and his campaign staff at a Feb. 2 meeting lampooning actress Ashley Judd — then a potential Senate candidate — and comparing her to “a haystack of needles” because of her potential political liabilities. Judd has since decided not to run.



“We’ve always said the left will stop at nothing to attack Sen. McConnell, but Nixonian tactics to bug campaign headquarters is above and beyond,” campaign manager Jesse Benton said in a statement. (more)

UPDATE: "It is our understanding that the tape was not the product of a Watergate-style bugging operation. We cannot comment beyond that." – David Corn, Editor, Mother Jones (more)

Note: More than one person is heard speaking on the tapes (above is just an excerpt). Based on this, (and room echoes) the FBI will be able to figure out the location of the microphone. Hope everyone remembers where they were sitting.

Shodan - The Scary Search Engine

Cautionary Tale...
Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet's back channels. It's a kind of "dark" Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet...

It's stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot.

Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

What's really noteworthy about Shodan's ability to find all of this -- and what makes Shodan so scary -- is that very few of those devices have any kind of security built into them. (more)

Free - Computer Security Tools Book

"Open Source Security Tools: A Practical Guide to Security Applications"

Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses.

Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. Seasoned security expert Tony Howlett has reviewed the overwhelming assortment of these free and low-cost solutions to provide you with the “best of breed” for all major areas of information security.

By Tony Howlett. Published by Prentice Hall. Part of the Bruce Perens' Open Source Series.

Offered Free by: informIT

A 600-page PDF, written in 2004, which still contains useful information.

Son Bugs Mom (yawn)... with a Wiretap!

UK - Police have arrested a Lincoln man on suspicion that he bugged his 90-year-old mother’s phone. 

Richard Stamler, 59, was arrested Thursday night for unlawful interception of communications, a felony, Lincoln Police Officer Katie Flood said.

Stamler’s sister called police March 28 to say she found a recording device in the basement of her mother’s home that had been connected to the phone line, Flood said.

The woman played the tape, Flood said, and recognized her brother’s voice reciting date information. The device was set to record any time someone in the house picked up a phone. (more)

Canadian Technical Security Conference (CTSC) - April 23-25, 2013

Canadian Technical Security Conference (CTSC) - April 23-25, 2013

The annual Canadian Technical Security Conference (CTSC) event (Cornwall, Ontario) is a three (3) day professional development and networking opportunity with a local, regional, national and international following of professional technical operators, TSCM specific and test & measurement based equipment manufacturers and service providers. 

The conference is being held at Strathmere, near Ottawa.
GPS Coordinates, Latitude 45.157216, Longitude 75.703858

This annual CTSC conference event is of special interest to local, regional and international technical security professionals from the private sector, corporate security industry, financial sector, oil, gas and mining sector, government, law enforcement and military organizations and agencies. (more) Contact: Paul D Turner, TSS TSI 

This is the conference's 8th year. Every year I hear reports about how worthwhile it is. Every year they schedule it when I am obligated to be elsewhere :(

Burglar Used SpyCams to Case High-Income Homes

The discovery of a hidden camera may help solve a series of break-ins at upscale homes in several North Texas cities.



"This one has already been camouflaged," said Dalworthington Gardens police Det. Ben Singleton, holding what looks like a piece of bark that would go unnoticed in most yards.

It's actually a video camera not much bigger than a matchbox, and it's activated by a motion detector. Such cameras turned up in March planted outside several upscale homes in Dalworthington Gardens.

"I've never seen anything like this," Singleton said. (more)

New Italian Cocktail "The Gepetto" - Thwarted by SpyCam

A retired Italian carpenter has been arrested after his sleuthing wife suspected he was trying to poison her and set about trying to prove it with the help of a spy alarm clock bought on the internet.

Click to enlarge.

The drama began in February in the northern Italian town of Dalmine, where the couple had reportedly lived for almost 40 years. The 61-year-old woman grew suspicious when some water brought to her by her husband created a burning sensation in her mouth.

The woman, who has not been named, sent it off for tests in a laboratory, which, when they came back, revealed the presence of hydrochloric acid.

Perturbed, the woman became even more worried when she found a bottle among her husband's things that had no label on it and was filled with a clear liquid. She sent that off to be analyzed, as well, and was told that it, too, was hydrochloric acid.

Police confirmed that she then took advice from relatives and bought a miniature video-camera-cum-alarm-clock, proceeding to film her husband in the kitchen. (more)

The Era of Women Spies is Returning

White House counterterrorism adviser Lisa Monaco is all poised to head the FBI, following last week's appointment of Julia Pierson as director of the Secret Service and an unnamed CIA agent will be the first woman to lead the agency's clandestine service. 

With these back-to-back developments, the era of women spies seems to have returned. 

Some of them became legends and remained in the history as picturesque creatures, who with their skill, grace, charm or nerve, pulled the strings behind the most delicate political movements of the world. 

Learn more about some of the most famous and sexy spy women...
• Mata Hari
• Virginia Hall
• Hedy Lamarr
• Elizabeth Van Lew • Belle Boyd
• Sarah Emma Edmonds
• Noor Inayat Khan

Amazing Drone Footage - Just for fun - Enjoy Your Weekend

The SkyMotion Video team provided the aerial video services for the 2012 Tourism Partnership of Niagara commercials for the Niagara Falls region shoot - making use of their state of the art remote controlled helicopter drone.



Niagara Falls has of course been filmed countless times in the past using full sized helicopters. However, with this remote controlled helicopter, the shoot was not limited by minimum altitude restrictions, and so was able to achieve shots which were unlike any before. Flying only a couple feet above the water, the camera was able to approach the waterfall edge to give the viewer a true sense of the shear scale of the world famous falls.

However, the Niagara region is not limited to just the falls. The surrounding area is full of beautiful landscapes with quaint towns, and world class vineyards. The area is full of life, and the hope is that these dynamic shots give a real sense of the variety of things offered by not only the falls, but by the region as a whole. (more) (more movies)

PS - The security tie-in's... 
• Law Enforcement - Crime scene documentation and assessment.
• Security Consultants - Security assessment surveys.

Apple's iMessage has DEA Tongue Tied

Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.

Click to enlarge.

An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge...

When Apple's iMessage was announced in mid-2011, Cupertino said it would use "secure end-to-end encryption." It quickly became the most popular encrypted chat program in history: Apple CEO Tim Cook said last fall that 300 billion messages have been sent so far, which are transmitted through the Internet rather than as more costly SMS messages carried by wireless providers. (more)

But... if messages are exchanged between an Apple device and a non-Apple device, they "can sometimes be intercepted, depending on where the intercept is placed." (more)

Security Consultant Alert - IAPSC Annual Conference in Napa, CA

NOTE: It is not too late to register. Be a hero. Take your significant other to Napa for a few days.

The International Association of Professional Security Consultants (IAPSC) Annual Conference is the largest and most exclusive gathering of top security consultants.

Their 2013 conference offers a wide range of topics focused on Security Consulting and Business Profitability, as well as, Technical, Forensic, and IT Security. 

Presenters will discuss security standards, best practices, risk management, promotional uses of media, including webinar development, marketing and communications techniques for consultants, retirement and selling your business, as well as technical and forensic security focused sessions.

Visit the conference website
View the conference program
Download the brochure
Register Now

Not yet an IAPSC Member? 
When you register to attend the conference, ask about special registration offer available exclusively to new members. (more)

I have been attending IAPSC conferences, each year, for about two decades. Every one has been well worth attending. I return to the office with a broader knowledge of security, fresh ideas about improving services to my clients, and recharged mental batteries. If you are on the fence about going, hop off... and into the vineyard. Try it once. You will see what I mean. Be sure to find me and say hello. ~Kevin

AppSec USA 2013 is Coming to NYC

Call for Papers NOW OPEN!
CareerFair
Events (Capture the Flag, Battlebots, Lockpick Village, and more)

AppSec USA is a software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices at the Marriott, NYC. It is hosted by OWASP. (Why you would want to attend.)

What is OWASP?

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. 

Everyone is free to participate in OWASP and all of their materials are available under a free and open software license. 

You'll find everything about OWASP here on or linked from our wiki and current information on our OWASP Blog. 

OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

OWASP is a global group of volunteers with over 36,000 participants. (more)

Blue Bugging - An old topic and growing problem

When you pair your smart phone with your vehicle's audio system and leave that connection open, you may become the target of Blue-bugging.

"They have paired their car and they leave their Bluetooth pairing open and then they get out of the car…they come out of the car and go to a store or something like that and the Bluetooth capability is still on," explains Mike Rohrer with the Arkansas Better Business Bureau.

The BBB advises you switch your Bluetooth into "Not discoverable" mode when you aren't using it…especially in crowded, public places.

Always use at least eight characters in your pin.

When pairing devices for the first time, do it at home or in the office. And download the latest security updates. (more) (video)

There is also a chapter (Bluetooth® Eavesdropping) devoted to the subject of Bluetooth vulnerabilities in, "Is My Cell Phone Bugged?"

Cell Phone Tracking v. Right to Privacy - To be Decided

A secretive technology which lets police locate and track people through their cellphones in alleged violation of the US constitution will be challenged in a potential landmark court case... 

The American Civil Liberties Union hopes to rein in the little known but widespread "stingray" surveillance devices which it claims violate the fourth amendment and the right to privacy.

The group will urge a federal court in Arizona to disregard evidence obtained by a stingray in what could be a test case for limiting the technology's use without a warrant. (more) (much more)

Digital Cameras Easily Turned into Spying Devices

Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them.

But, as proven by Daniel Mende and Pascal Turbing, security researchers... these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices.

Mende and Turbing chose to compromise Canon's EOS-1D X DSLR camera an exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it. ...like uploading porn to the camera, or turning it into a surveillance device. (more) (video presentation - long and boring)

Solution in a nutshell... Before purchasing any Wi-Fi enabled device, make sure it supports encryption.

Range Wars Redux - Animal Welfare Group Drones v. Cattlemen

Australia - Farming bodies have criticized an animal welfare group's plan to use a drone to film farming practices on properties around Australia, with one saying the drone would be shot down.

Animal Liberation has purchased a surveillance drone equipped with a powerful camera. The group says the drone can film from as low as 10 metres above the ground to gather potential evidence of animal abuse.

Click to enlarge

Spokesman Mark Pearson says the practice will not contravene trespass or privacy laws. He says animal welfare is in the public interest...

But the head of the Northern Territory Cattleman's Association, David Warriner, disagrees... Mr Warriner says he expects some farmers would shoot down the drones. (more)

Yo, Warriner! The war already started...
A remote-controlled aircraft owned by an animal rights group was reportedly shot down near Broxton Bridge Plantation Sunday near Ehrhardt, S.C. (more) (much more)

How to Have Safe Specs - Just Say No

Amidst rising concerns about cyber spying and a House Intelligence Committee report last October, Sprint and Softbank have said they will not use any equipment from China-based Huawei Technologies.

The two companies are preparing for a merger, which is being overseen by the US government. The government has asked only to be informed when these two companies buy new equipment and where they buy it.

Mike Rogers, a Michigan Republican who leads the House Intelligence Committee, has confirmed these two companies have made this pledge.

“I … was assured they would not integrate Huawei into the Sprint network and would take mitigation efforts to replace Huawei equipment in the Clearwire network,” said Rogers in a statement on Thursday. (more)

Putin on the Quits

Russian President Vladimir Putin jokingly told members of the All-Russia People's Front, a political movement he started, that he's stopped eavesdropping since he left the KGB, because it's not a nice thing to do, Russia’s RIA reported on Friday. (more) (rimshot)

Better Eyes for Flying Robots - A Runaway Hit

New systems could improve the vision of micro aerial vehicles.

Aerial robotics research has brought us flapping hummingbirds, seagulls, bumblebees, and dragonflies. But if these robots are to do anything more than bear a passing resemblance to their animal models, there is one thing they’ll definitely need: better vision.


In February, at the International Solid-State Circuits Conference (ISSCC) in San Francisco, two teams presented new work (PDF) aimed at building better-performing and lower-power vision systems that would help aerial robots navigate and aid them in identifying objects.
 

Dongsuk Jeon, a graduate student working with Zhengya Zhang and IEEE Fellows David Blaauw and Dennis Sylvester at the University of Michigan, in Ann Arbor, outlined an approach to drastically lower the power of the very first stage of any vision system—the feature extractor.  (more) (A "Runaway" hit from 1984.) 

FutureWatch: Mosquito-bots custom programmed to deliver injections (stun / drug / poison / etc.) based on recognition algorithms?

FutureWatch Update - Skype Tapping

When we last left Skype...

Was Skype reworked by Microsoft to make it easier to wiretap?

Hey kids, we bought and fixed Skype just for you!

In today's episode... 

Since its acquisition of Skype in May 2011, Microsoft has added a legitimate monitoring technology to Skype, says Maksim Emm, Executive Director of Peak Systems. Now any user can be switched to a special mode in which encryption keys will be generated on a server rather than the user's phone or computer.

Access to the server allows Skype calls or conversations to be tapped. Microsoft has been providing this technology to security services across the world, including Russia.

Group-IB CEO Ilya Sachkov said that the security services have been able to monitor the conversations and location of Skype users for a couple of years now.

"This is exactly why our staff are not allowed to discuss business on Skype," he said. (more)

Security Director Tip of the Month - More Secure Conferencing Calling

Over the years, you have read many posts here about organizations being victimized by eavesdroppers on their conference calls. I am expecting you will see fewer in years to come...

CrowdCall, a specialized conference-calling app available for iOS and Android smartphones and the web. 

Instead of scheduling a dial-in line, e-mailing all parties involved and then hoping everyone calls at the appointed time, CrowdCall's interface lets users choose up to 20 participants from their contacts list and LinkedIn connections and dial them immediately (assuming the contacts have added their phone number to their LinkedIn profiles). When participants answer, they simply push "1" to enter the conference--they don't even need to have the app to participate.

...one feature in particular makes it attractive to small businesses. Because the call originator controls invitations, unauthorized participants can't use dial-in information to access the call, providing a measure of security when discussing sensitive information. (more)

Cell Phone Fingerprinting - GPS Tells WHO You Are

Can you be identified only by where you take your phone? Yes, according to a new study, which finds it's not very hard at all.

While most of us are free to go wherever we want, our daily and weekly movement patterns are pretty predictable. We go to work, to school, to church, to our neighborhood gym, grocery store or coffee shop, and we come home -- all quietly tracked by the GPS in our phone.

Click to enlarge.

And with nothing more than this anonymous location data, someone who wanted to badly enough could easily figure out who you are by tracking your smartphone. Patterns of our movements, when traced on a map, create something akin to a fingerprint that is unique to every person.
 
"Four randomly chosen points are enough to uniquely characterize 95% of the users (ε > .95), whereas two randomly chosen points still uniquely characterize more than 50% of the users (ε > .5). This shows that mobility traces are highly unique, and can therefore be re-identified using little outside information."

Those are the findings of a report by researchers from MIT and elsewhere, published this week in the journal Scientific Reports. (more)

Hello Federal! Give Me No Second Hand

Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. 

But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a “top priority” this year.

Last week, during a talk for the American Bar Association in Washington, D.C., FBI general counsel Andrew Weissmann discussed some of the pressing surveillance and national security issues facing the bureau. He gave a few updates on the FBI’s efforts to address what it calls the “going dark” problem—how the rise in popularity of email and social networks has stifled its ability to monitor communications as they are being transmitted. It’s no secret that under the Electronic Communications Privacy Act, the feds can easily obtain archive copies of emails. When it comes to spying on emails or Gchat in real time, however, it’s a different story. (more)

Bugged Van, Other Man, "I'll kill him"... "Just kidding."

A 44-year-old Howell man is facing felony charges after allegedly installing an eavesdropping device in his wife's van in an attempt to catch her in an extramarital affair.

Livingston County Sheriff Bob Bezotte said Friday that the case came to police attention when the 48-year-old woman's alleged boyfriend, 21, called to ask if installing such devices is illegal. He told police that he felt his privacy had been violated after learning that the device captured him and the wife being "passionate," the sheriff said.

Bezotte said the defendant allegedly threatened to kill the 21-year-old boyfriend and threatened to "make him lose his coaching position." The sheriff (said) the defendant claimed that he was "mad and kidding" when he made the comments. (more)

Zombie Privacy Bills Struggle to Become Laws

Just two days after new legislative reform on e-mail privacy was re-introduced in Congress, another privacy bill was brought back from years past.

On Thursday, three members of the House (two Republicans and a Democrat) and two bipartisan senators introduced the GPS Act, which would require law enforcement to obtain a probable cause-driven warrant before accessing a suspect’s geolocation information. The bill had originally been introduced nearly two years ago by the same group of legislators. 
  
The new GPS bill as it stands (PDF) contains exceptions for emergencies, including "national security" under the Foreign Intelligence Surveillance Act, but otherwise requires a warrant for covert government-issued tracking devices. The proposed penalty for violating this new provision could come with fines and/or five years in prison.
(more)

From the Security Scrapbook Archives - 2003

Here is what the Security Scrapbook looked like 10 years ago... (Some links are now dead.)

"They're GR-R-REAT!®"When the CIA's secret gadget-makers invented a listening device for the Asian jungles, they disguised it so the enemy wouldn't be tempted to pick it up and examine it: The device looked like tiger droppings. The guise worked. ... The CIA's Directorate of Science and Technology is celebrating its 40th anniversary by revealing a few dozen of its secrets for a new museum inside its headquarters near Washington. Keith Melton, a leading historian of intelligence, calls it "the finest spy musuem you'll never see." It is accessible only to CIA employees and guests admitted to those closed quarters.
http://www.securityfocus.com/news/7721
See the e-poop at...
https://www.cia.gov/about-cia/cia-museum/experience-the-collection/index.html#!/artifact/17


 
SPECIAL SECTION -- The Jacko Show
...but not good for the gander-er.Last week, Jackson and his lawyer learned they were secretly videotaped by a camera hidden aboard the plane when Jackson traveled from Las Vegas to Santa Barbara to turn himself in. The discovery triggered an FBI investigation and a lawsuit by Jackson against the charter jet company. (Charter companies might record passenger cabin video to document any damage done by... oh say... rock stars who might party too hearty and cause damage.)
http://www.iol.co.za/index.php?click_id=22&art

It's Plain View Doctrine, not Plane View Doctrine, Jimmy.A man claiming to be a news and photo agency reporter was arrested after Jackson's security staff found him aboard the entertainer's private plane while Jackson was surrendering to authorities.
http://washingtontimes.com/national/20031127-102246-4233r.htm

NSS...Sheriff's officials said several wireless microphones discovered outside their headquarters could be the latest of several attempts by journalists to surreptitiously get information on the Michael Jackson molestation case. The devices were found in a brushy area where Sheriff's Department employees frequently take breaks and where reporters are not normally allowed. Officials did not say when they discovered the microphones.
http://www.local6.com/news/2671587/detail.html

I always feel like
Somebody's watching me
Can I have my privacy (...and Moon Walk stage left)
Michael Jackson thinks authorities may be spying on him in his own home. The Gloved One is said to be so fearful that his Neverland ranch has been bugged, he's even looking at his teddy bears suspiciously. A Jackson insider tells us the singer believes that law-enforcement officers may have planted electronic surveillance devices in his mansion last month when they spent 12 hours searching the grounds for evidence that he molested a 12-year-old boy. "He ordered a sweep of the entire place," said the source. "They're even running the teddy bears through radio-frequency sensors to see if there might be transmitters inside."
http://www.nydailynews.com/front/story/142156p-125978c.html
http://tinyurl.com/xz1s (Somebody's Watching Me - lyrics)

The plot thickens...COURT TV anchor Diane Dimond, who reported on the first days of the Michael Jackson sex case a decade ago, is the latest to be caught up in a Hollywood phone-bugging scandal. Dimond said yesterday that authorities have informed her that wiretaps on her phone from 1994 are part of evidence seized by the FBI last year from the computer of Hollywood private eye Anthony Pellicano. Dimond was a reporter for "Hard Copy" in 1993 in the first days after the story broke of a youngster accusing Jackson of sexually molesting him. Pellicano worked for Jackson's attorney, Harold Weitzman. (Have a feeling we'll hear more about Mr. Pellicano?)
http://www.nypost.com/entertainment/10576.htm


SPECIAL SECTION -- "Teach your children well..."

In the 1960's...Children were influenced by spy movies, TV shows and associated toys in a positive way. The 'spies' rarely spied. They were heros. They fought against evil-doers. They did "good." (Secret Agent / Danger Man, The Man from U.N.C.L.E., I Spy, James Bond - 007, Mission Impossible, The Prisoner, The Saint, The Avengers...)

By the 1980's...The spies' toys had become the heros. Eavesdropping, snooping and general spying had become "cute."

Some people recognized this and raised editorial warning flags..."In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood are unwittingly being cultivated." - from the article, You'd Better Watch Out! This is the Year of Spying Kits for Kids, Gary T. Marx, The Los Angeles Times, 1988.
http://www.spybusters.com/The_spying_problem_worsens.html

By the 21st century..."Competitive Intelligence" had become an established job description. Corporate eavesdropping and espionage inspections had become a routine necessity for survival. And Murray Associates (http://www.spybusters.com) celebrated 25 years in business with one specialty - eavesdropping auditing.

Today...Kiddy eavesdropping, snooping and general spying toys are now theme-corporations, e.g. Wild Planet's Spy Gear, Undercover Girl and Girl Tech. Even the venerable "Discovery Channel" offers twelve children's spy toys for sale, including a "Night Spy Dart Launcher" for "ages 5+" !!!

Logical Conclusion...Toys teach.
We reap what we sow.


ODDBALL

Bored?
Call a pay phone on the observation deck of the Eiffel Tower, Paris, France and see who answers. +33 (0)1 47 53 75 68
http://www.payphone-project.com/

Really Really Bored?There were two old men, one a retired professor of psychology, and the other a retired professor of history. Their wives had talked them into a two week stay at a hotel in the mountains. They were sitting around on the porch of the hotel watching the sun set. The history professor said to the psychology professor, "Have you read Marx?"
To which the professor of psychology said,
"Yes, I think it's the wicker chairs!"

(more)

World's Smallest Video Cameras

Typical applications are medical endoscopy, dental imaging, surgical robots, guide wire visualization, intubation equipment visualization, disposable equipment ...and some spy applications to be sure. 

(more)

P.S. The one on the coin is a 3-D camera!

Criminals Spy Ops in Mexico

via a Blue Blaze irregular...
"I thought this might interest you. The Mexican drug cartels continue to exploit and develop their SIGINT capabilities. The criminals who specialize in surveillance against the police are called "Hawks" or "Falcons" and generally perform both physical surveillance of patrol units and radio monitoring. This particular group was arrested for monitoring police radio calls and giving gang members early warning of significant movement and potential raids in Veracruz." (more)

More background...
"Years ago I was hearing some RUMINT that a major European communication company (that also supplies the US Military) was selling high tech radio equipment to Mexican drug cartels." (more) (more)

"Hey kids, hack it for your Uncle Sam!"

Bored with classes? 

Carnegie Mellon University and one of the government’s top spy agencies want to interest high school students in a game of computer hacking.

Their goal with “Toaster Wars” is to cultivate the nation’s next generation of cyber warriors in offensive and defensive strategies. The free, online “high school hacking competition” is scheduled to run from April 26 to May 6, and any U.S. student or team in grades six through 12 can apply and participate.

 

David Brumley, professor of computer science at Carnegie Mellon, said the game is designed to be fun and challenging, but he hopes participants come to see computer security as an excellent career choice. (more)

P.S. Registration is now open!

Casino CCTV Commandeered in $32 Million Sting

Australia - Thieves have infiltrated Crown casino's surveillance system to pull off a $32 million sting.

A foreign high roller who was staying at Crown has been implicated in the rip-off, in which the venue's security cameras were used to spy for him. 

 
 (more) (as predicted)

Spy Camera Glasses - Austin Powers is Thrilled

Question Mark & the Mysterians may sue... 

from the manufacturer...
"Ankaka launches Innovative Spy Camera Glasses Espionage. The high tech spy gadget manufacturer Ankaka is back!

This time they bring people the Spy Camera Glasses espionage-spy-camera-sunglasses; Very stylish and comfortable to use, this latest make of high quality spy gadgets enables people to walk around with no worries as people spy on their subject..." (more) (video)

CUT! 
Enough already. This insults the word covert. It's time to stop applying the word "spy" to everything. (grab your glasses and sing-a-long)

Chinese Launch Espionage Investigation Against Coca-Cola

Chinese authorities have opened an espionage investigation against Coca-Cola Co. for allegedly making illegal maps of restricted areas in China, according to a South China Morning Post report Thursday. 

"What we can say for now is that many subsidiaries of Coca-Cola are involved and this happens in many provinces," the report quoted an unidentified Chinese official as saying, adding that the Ministry of State Security was involved in the probe. 

Among the issues was the use of hand-held GPS devices to collect sensitive geographic information in Yunnan province, the report said. 

It quoted a Coca-Cola statement Wednesday as saying the company was "cooperating fully" with the investigation, and that GPS devices involved used "digital map and customer logistic systems commercially available in China." (more)

How to keep dragons at bay... (click)

Pwn Pad - Use it IT, Before it is used against IT

The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. - Wired Magazine

The Pwn Pad - a commercial grade penetration testing tablet which provides professionals an unprecedented ease of use in evaluating wired and wireless networks.

The sleek form factor of the Pwn Pad makes it an ideal product choice when on the road or conducting a company or agency walk-through. This highspeed, lightweight device, featuring extended battery life and 7” of screen real estate offers pentesters an alternative never known before. (more)

TOOLKIT INCLUDES:
Wireless Tools
Aircrack-ng
Kismet
Wifite-2
Reaver
MDK3
EAPeak
Asleap-2.2
FreeRADIUS-WPE
Hostapd
Bluetooth Tools:
bluez-utils
btscanner
bluelog
Ubertooth tools Web Tools
Nikto
Wa3f Network Tools
NET-SNMP
Nmap
Netcat
Cryptcat
Hping3
Macchanger
Tcpdump
Tshark
Ngrep
Dsniff
Ettercap-ng 7.5.3
SSLstrip v9
Hamster and Ferret
Metasploit 4
SET
Easy-Creds v3.7.3
John (JTR)
Hydra
Medusa 2.1.1
Pyrit
Scapy

The Return of the Invisible Anythings

"We propose a method for removing marked dynamic objects from videos captured with a free-moving camera, so long as the objects occlude parts of the scene with a static background." Max Planck Institute for Informatics (more)

Political propaganda videos will never look the same...

(Supplementary video. Takes time to load.)

The Ratters - men who spy on women through their webcams

The woman is visible from thousands of miles away on a hacker's computer.  

The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman's screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun...

Women who have this done to them, especially when the spying escalates into blackmail, report feeling paranoia. One woman targeted by the California "sextortionist" Luis Mijangos wouldn't leave her dorm room for a week after Mijangos turned her laptop into a sophisticated bugging device. Mijangos began taunting her with information gleaned from offline conversations...

For many ratters, though, the spying remains little more than a game. It might be an odd hobby, but it's apparently no big deal to invade someone's machine, rifle through the personal files, and watch them silently from behind their own screens. "Most of my slaves are boring," wrote one aspiring ratter... (more) (sing-a-long)

That's "old news".
The story really begins here...
The hack follows the path of most hacks. It started as a challenge, became video voyeurism, and evolved into blackmail. Hackers eventually smell money in their hacks. 

While you read about "ratters" today, today's hacker-criminals are sniffing in deep pockets - businesses. Eavesdropping on corporate meetings and watching executive computer screens makes more sense financially. Next year the media will be printing stories about that. Meanwhile, you have them scooped.

Q. So, why don't we notice?
A. “The more cameras we see in our environment, the less we see them.” 

When electronic cameras were new, you noticed them. Now they are everywhere. You pay no attention. The same is true with microphones. The weird logic continues... If one isn't noticing cameras and microphones, one tends to either think they don't exist, or are not being manipulated as surveillance devices.

Many business executives know better. They know the reality of business espionage and electronic surveillance. Their mental Achilles Heel... If you don't see where your stolen conversations, strategies, ideas, etc. are going, well they are probably not going anywhere. Think of that the next time you go car shopping, and they all look like Tesla's... or vice versa. Then, call me.

Wiretapping - Silvio Berlusconi Sentenced to One Year in Prison... or not!

Former Italian Prime Minister Silvio Berlusconi was convicted in a wiretapping case in Milan Thursday and sentenced to a year in jail.

The wiretapping charge — related to the 2006 battle for control of a major Italian bank — is one of three corruption rulings the hard-partying Berlusconi faces this month.

A Milan court is also set to rule on charges he engaged a minor in prostitution, and an appeals tribunal will decide whether to uphold a four-year sentence for tax fraud. (more)

Or nots...
• Berlusconi is unlikely to serve jail time - Italian law doesn’t require prison sentences to be carried out until the appeals process exhausted, which can take several years.
• Berlusconi could become Prime Minister again.

The Pepsi Spycam

Enjoy it for the Spycam...