Fight Back Against Stalkers - New iPhone App

Empower yourself to stop being a victim, and take action against a stalker. 

(FREE until 5/24)
Collect information, collate it, and report to authorities in a simple app made for victims of stalking. Made in conjunction with leading criminologists and victim support forums, StopaStalker is your tool to start fighting back.

• Record suspect, vehicle, witness and location details.
• Link to photos in your photo roll, or take photos in-app.
• Record court orders, with iOS calendar reminders.
• Produce PDF reports for authorities, friends and family, and email or AirPrint.
• Backup/Restore from Dropbox so trusted people can access.
• Setup emergency contacts and police numbers to call or SMS from within the app.
• Quick 'Victim Guide' with tips for surviving stalking.

($5.99) (more) 

Many of the requests for eavesdropping detection help I receive have their roots in stalking and harassment. 

Spybuster Tip #092: If stalking and harassment are part of the problem, a search for bugs and taps is not the best first step. Tie the criminal to the crime first. Collect and document your evidence. Talk to an attorney. Then, look for the surveillance devices.

Your Smartphone - The Quickest Route to Your Bank Account

Many consumers simply don't realize how vulnerable their Androids, iPhones and other devices can be. 

An April study by the Federal Reserve Bank of Atlanta said threats are proliferating, ranging from "phishing" -- where consumers click a phony email or text message and are tricked into handing over personal information -- to consumers' reluctance to use security protections they normally have on home computers, like a password...

Organized crime operations see smartphones as the most vulnerable entry point into the electronic financial system, according to the Federal Reserve...

Vikram Thakur, principal security response manager for security software giant Symantec, said attackers can get complete control of a phone simply by getting people to click on a link. Without actually having the phone in their hands, the hackers can access messages, phone calls and personal information. (more)

Spybusters Tip #734: 
• Password protect your phone. Keep it turned on.
• Don't click on anything 'iffy'.
• Keep Bluetooth and Wi-Fi turned off unless needed.
• Avoid sensitive transaction over public Wi-Fi hot spots.

Bug Eyed Drone Used 368 iPhone 4S Cameras

Everyone marveled when the iPhone 4S came equipped with a full high definition video camera. Little did they know that the race to miniaturize cell phone cameras led to quite possibly the spookiest surveillance camera on earth.

Autonomous Real-Time Ground Ubiquitous Surveillance Imaging System, or ARGUS-IS, which we recently covered, is the result of a low budget and 368 cannibalized cell phone cameras, slammed together to create the largest, finest surveillance camera in the world.

Attached to a predator drone, the camera records approximately 1 trillion gigabytes of information in a single day. (more)

Cautionary Tale - Employees Bug Boss for Promotions

China - Three public officers, who allegedly placed hidden cameras in a Party chief's office and then tried to blackmail him, have been held for illegal wiretapping and photographing in Huaihua City in central China's Hunan Province...

Prosecutors said the trio plotted to secretly videotape violations by Hu Jiawu, the local Party chief, and blackmail him for promotions, when they dined in early February 2012. They installed spy gadgets on a water dispenser, replacing the previous dispenser in Hu's office. Between March and October 2012, Li illegally monitored Hu and stored the footages in a removable disk, Southern Metropolis Daily reported yesterday.
Li and Yang again sneaked into Hu's office during the National Day holidays in 2012 and returned the original water dispenser. After Li edited the video, he showed it to Hu on October 17 and threatened to expose him if he did not promote them. (more)

Don't think this couldn't happen to you. This is one reason why periodic inspections for electronic surveillance devices (known as TSCM) are a standard business practice.

Retailers sniffing cell phone Wi-Fi signals at the mall... and future uses.

Technology that allows retailers to track the movement of shoppers by harvesting Wi-Fi signals within their stores is spreading rapidly. 

Giant U.S. retailers including Nordstrom and Home Depot are already using it, as does one of the most popular malls in Singapore. Indeed, Euclid Analytics, one of the better-known companies selling the technology, boasts that it has tracked some 50 million devices in 4,000 locations. (more)

Also, check out Y-Find and TheRetailHQ.

So who cares if Home Depot knows what aisle you are in?

Think ahead...

"We are excited to be working with YFind to help them realize their vision of creating Location-Intelligent cities..." Pete Bonee, Partner at Innosight Ventures

Cities!?!?  
WTF? 
Oh, right. 
The government marketplace is huge, worldwide even.

Spybuster Tip # 845 - Don't Plug Your iPhone/Pad into Hotel Docking Stations

“Apple accessories, especially dock stations and alarm clocks become more and more popular. Nowadays, it is common to find such devices in hotel rooms,” wrote French security consultant and pentester Mathieu Renard. But can we really trust them? What if an alarm clock could silently jailbreak your iDevice while you sleep? “Wake up, Neo,” warned Renard. “Your phone got pwnd!”

At Hackito Ergo Sum 2013, an international security and hacking conference recently held in Paris, Renard presented iPown: Hacking Apple accessories to pwn iDevices. He started by looking at what an attacker would consider to be the most interesting Apple services before describing “how they can be exploited in order to retrieve confidential information or to deploy the evasi0n jailbreak.” (more)

Especially true when visiting countries with reputations for spying on foreign visitors. ~Kevin

Big Week for Spy News - Seems Everyone is Being Caught

A U.S. diplomat disguised in a blond wig was caught trying to recruit a Russian counterintelligence officer in Moscow, Russia's security services announced Tuesday, claiming the American was a CIA officer. (more)

In an outraged letter to U.S. Attorney General (AG) Eric Holder, the Associated Press, one of the nation's largest news organizations, accuses the U.S. Department of Justice (DOJ) of a potentially serious violation of freedom of the press. According to the letter from Gary Pruitt, records from 20 phone lines -- including personal phones of AP editors/columnists and AP business phone numbers in New York; Hartford, Connecticut; and Washington -- were subpoenaed in a "massive and unprecedented" attempt to monitor on the press. (more)

In a new twist of the Bloomberg spying scandal a former company employee has revealed journalists allegedly spied on the Federal Reserve chairman Ben Bernanke and former Treasury Secretary Tim Geithner through the news terminals. (more)

Designed to steal intellectual property, cyber espionage and attacks increased 42 percent in 2012 compared to the prior year, reveals a new report entitled, 'Internet Security Threat Report' (ISTR) of Symantec Corporation (more)

Top IRS Officials Knew of Tea Party Spying Months Before Denial (more)

Private Investigators Convene in Atlantic City Next Month

On June 26th, private investigators from across the country will be on their way to Atlantic City for the East Coast Super Conference, presented by PI Magazine and hosted by the New Jersey Licenced Private Investigators Association (NJLPIA). 

The conference includes 17 presentations from guest speakers Diane Dimond, Joe Pistone, F. Lee Bailey, and more, including a presentation on the real undercover life of Donnie Brasco. A full exhibitor hall and many activities for attendees and their families will be available. Located at the Tropicana Casino and Resort, the conference will also have door prizes, including 1 week in Aruba! (more) (video)

CONTEST (ENDED) - Who Is This Man?

We have a winner! Congratulations!!
Answer below.

Clues...
• Born 1897.
• Died 1973.
• Expert wiretapper. 
• Good high speed driver. 
• Sharpshooter.
• Last known occupation: Security Officer, National Airlines, Miami, FL.
• Initials: PWR
• Co-author of a book about the part of his career for which he is famous. Claimed his boss was portrayed on TV as too flattering.

Excellent prize of our choice from the Spybusters Countermeasures Compound vault. ~Kevin 

This is Paul Wenzel Robsky, the last of The Untouchables.

Birth: Oct. 16, 1897, Illinois, USA
Death: Nov. 1, 1973, Miami-Dade County, Florida, USA
 

Paul was the only child of Theodore and Martha (Ellis) Robsky. He grew up in Galesburg, Illinois. Martha died when Paul was just a child. He married Louise B Bargeron and they had a daughter, Ena. Paul and Louise were later divorced and he married Helene R. Frame in Jan 1956.
 
Paul served in the military from Nov 7, 1917 until March 22, 1927. By 1928, he was a Prohibition Agent hunting bootleggers in the hills around Greenville, South Carolina. He was well known for his fast driving and sharpshooting skills. He made such an impression that in 1930, he was handpicked to join a band of lawmen in Chicago who became known as The Untouchables. He was an expert at wire-tapping and Elliot Ness called him "a good man to have around when more than ordinary courage was needed." Paul spent his last years in Florida and was the last living of The Untouchables.

His news photo, shown above, is available here...
http://www.tribunephotos.com/HJS-617-BS-Photo-Robsky-Wire-Tapping-Expert/dp/B00CD5URR6

His book, The Last of the Untouchables is also still available, as is the 1957 edition of The Untouchables, by Eliot Ness and Oscar Fraley.

Privacy Journal Book - Compilation of State and Federal Privacy Laws 2013

Privacy Journal announced their Compilation of State and Federal Privacy Laws 2013 is now available for sale. This new book replaces the 2002 book and all subsequent supplements in one consolidated hard copy edition, 80 pages, ISBN is 9780930072568.

This new book includes new privacy laws on demands for social-media passwords by employers and universities, use of credit reports by employers, new tracking technologies, new state restrictions on use and disclosure of Social Security numbers, plus updated chapters on credit reporting, medical, financial, testing in employment, insurance, government information, and much more, grouped by categories and listed alphabetically by states. Descriptions of state, federal, and Canadian laws are included.

There is an electronic edition that you may store it in your computer and search later by key words and states. $51 for both hard copy and pdf version ordered at the same time. Pdf only, $26.50. Hard copy only, $35 (includes shipping). Or, Discounts for five or more units ordered at one time.

The NSA Spy's Guide to Searching the Internet - DECLASSIFIED

Want to learn how to search like a spy? 
This 600+ page tome will help you do it.

Untangling the Web, A Guide to Internet Research – has just been declassified, to satisfy a Freedom of Information Request. Download the irony here.

Government Surveillance Ratchets Up

The Obama administration, resolving years of internal debate, is on the verge of backing a Federal Bureau of Investigation plan for a sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services, according to officials familiar with the deliberations. (more)

Meanwhile...

Is the government recording and listening to your every phone call and probing every email for dangerous ideas? 

Probably—if certain insiders are to be believed. According to one former FBI agent, the US government may indeed keep a massive database where all domestic communications are recorded and stored....

From CNN interview transcripts:
 
(Ex-FBI) CLEMENTE: …We certainly have ways in national security investigations to find out exactly what was said in that conversation. 

(CNN) BURNETT: So they can actually get that? We can know what people are saying, that is incredible. 

(Ex-FBI) CLEMENTE: …Welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not. (more)
And, where would you store all that chit-chat?

"The Utah Data Center, code-named Bumblehive, is the first Intelligence Community Comprehensive National Cyber-security Initiative (IC CNCI) data center designed to support the Intelligence Community's efforts to monitor, strengthen and protect the nation... NSA is the executive agent for the Office of the Director of National Intelligence (ODNI) and will be the lead agency at the center." (more)

The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” (more)

Emergency Wristwatch for Spies... and Maybe Your CEO

Traveling in dangerous places? 
No cell phone service?
You may want one of these...

The Emergency II is equipped with a microtransmitter alternately operating on two separate frequencies over a 24-hour period. It transmits a first digital signal on the 406 MHz frequency intended for satellites and lasting 0.44 seconds every 50 seconds; as well as a second analog signal on the 121.5 MHz homing and rescue frequency, lasting 0.75 seconds every 2.25 seconds.



The development of this dual frequency transmitter specifically designed for the Emergency II was a major technical challenge, essentially due to its dimensions that had to be adapted to the wrist. Conducted in cooperation with an institute specializing in aerospace, defense and industry, it notably involved creating a new circuit exclusively dedicated to this instrument in order to be able to transmit on two frequencies and to do so within an extremely compact volume. 

The result is a record in terms of both miniaturization and guaranteed reliability, which lays down new benchmarks reaching well beyond the sphere of watchmaking. (more)

Price?
About US$18,600.00, if you go for the titanium bracelet instead of a rubber strap.
Hey, how much is your life worth?

FutureWatch - The Latest in TSCM-ware

A Princeton University team has successfully merged electronics and biology to create a functional ear that can “hear” radio frequencies. The tissue and antenna were merged via the use of an “off-the -shelf” 3D printer, and the results have the potential to not only restore but actually enhance human hearing in the future...

 

The ear itself consists of a coiled antenna within a cartilage structure, with two wires leading from the base and winding around the helical “cochlea” – the area of the ear that senses sound. The signal registered by the antenna could be connected to a patient's nerve endings in a similar way to a hearing aid, restoring and improving their ability to hear. (more & more)

New York Times - Quote of the Day - Tapped Out On Taps

"I'm so jaded at this point that I'm not surprised. And from my perspective, let them all wear wires. Let's catch everybody. Maybe if we clean out the whole system, we can move forward." 
~STATE SENATOR TONY AVELLA, a Queens Democrat, on the disclosure that a second state legislator had been secretly recording conversations with colleagues.

Secrets of The Dead - Uncensored recordings of Nazi elite

Sixty years after an MI19 bugging operation of German POWs, Secrets of The Dead brings hours of chilling and totally uncensored recordings of Nazi elite to life through intense, full-dialogue dramatic reconstructions.



Hearing these shocking conversations will be like taking a time machine back into psyche of Hitler's Germany. For more, visit http://www.pbs.org/wnet/secrets/

Jam Da Cam - Stick it to Da Hacker Man

CamJAMR is a reusable plastic film sticker that fits over camera lenses installed on computers, tablets and smart phones. Web developer Josh Luft, 24...

To thwart any unwanted spying, Luft, who creates websites in Somers, first put Post-It notes over his computer’s web camera. The sticky papers kept falling off, so Luft began researching materials until he settled on a plastic film similar to the removable plastic films that cover screens on new cellphones.

Luft’s website, CamJAMR.com, sells the sticker packages of 12 lens covers for $4.99. The covers have various sizes to fit computer and cellphone cameras. The stickers leave no residue on the lenses, he said.

Today: Hackers 2, FBI 0

A federal magistrate judge has denied (PDF) a request from the FBI to install sophisticated surveillance software to track someone suspected of attempting to conduct a “sizeable wire transfer from [John Doe’s] local bank [in Texas] to a foreign bank account.”

Back in March 2013, the FBI asked the judge to grant a month-long “Rule 41 search and seizure warrant” of a suspect’s computer “at premises unknown” as a way to find out more about these possible violations of “federal bank fraud, identity theft and computer security laws.” In an unusually public order published this week, Judge Stephen Smith slapped down the FBI on the grounds that the warrant request was overbroad and too invasive. In it, he gives a unique insight as to the government’s capabilities for sophisticated digital surveillance on potential targets. 

According to the judge’s description of the spyware, it sounds very similar to the RAT software that many miscreants use to spy on other Internet users without their knowledge. (more)

Google Glass Hacked - Everything You See and Hear Transmitted to Anyone

Google's Glass wearable computer have been hacked so video and audio can be transmitted online to anyone.

Hackers have been able to remotely watch and hear everything a wearer does, and today warned 'nothing is safe once your Glass has been hacked.'

Although Glass does not go on sale to the public until next year, the attack raises major security and privacy questions over Google's plans for the device. (more)

Computer Expert Hacked Neighbors’ Wi-Fi - Spied on Hundreds

Spain - A pedophile computer expert spied on hundreds of his neighbors by hacking into their Wi-Fi and taking control of their webcams, Spanish police said. 

The 34-year-old is accused of recording thousands of hours’ worth of intimate material — which included numerous sexual encounters of his unsuspecting victims. 

He then posted some of the footage online. (Darwin Award)

Police say he cracked modem passwords to access PCs. He then installed a Trojan virus — letting him watch via the webcam exactly what the laptop owner was doing. (more)

"When spycam hits your eye, like a big pizza pie, that's-a-boring..."

Yet another strange use for spycams...

...or...
New from the Science Channel... if you like "How It's Made", you'll love "Watch It Made!"

KGB Hotel Listening Post Now a Tourist Museum

Estonia - Old Town Tallinn in Estonia feels like it should be on top of a wedding cake, the old city walls, church steeples, narrow cobblestone streets, and pastel colors putting forth a true Medievil vibe...

There are many hotels located within the Old Town walls to choose from, but if you want a true taste of KGB history during your visit, consider the Sokos Hotel Viru just outside Old Town. Opened in 1972, it's the largest hotel in Estonia with over 500 rooms, and during Soviet occupation, the KGB had an office on the top floor (the 23rd floor, which did not have a button on the elevator).

They always denied their presence, but they bugged the guests, literally. 

The KGB tapped 60 rooms, installed mics in the plates in the dining room, instructed elevator attendants to keep track of guests’ comings and goings, and drilled holes through hotel room walls to take photographs and keep a watch on suspected guests, which included visiting journalists and Finnish visitors who would hold meet and greets with their families in the lobby (the visiting Fins weren’t allowed to visit their family in their homes under Soviet Law). Even if you don’t stay the night, be sure to pop in for a drink and to check out the museum that allows you to tour the former KGB offices. (more)

Spybuster Tip # 523: Twitter Password Security Test

WARNING

The link below is a clever gag.
Similar sites are password collection scams.

If you take the test on any of them, don't enter real information.

http://www.ismytwitterpasswordsecure.com/

FutureWatch: Trojan Horse Wi-Fi's and More - In Your Mail

This promotion is legitimate.
But, imagine this small, inexpensive technology as an espionage tool...

Microsoft is putting in real WiFi hardware hotspots inside some copies of the latest issue of Forbes magazine. The unique Office 365 promotion was revealed in a post on the Slickdeals.net message board. The WiFi router, when activated, offers 15 days of free WiFi service via T-Mobile's network on up to five devices at once.


In any case, if you get one of these Forbes magazine ads, keep in mind that the router still needs to be charged; it apparently lasts up to three hours on a single charge. (more)

BTW, for your techie types, it uses a Mediatek chip (RT5350), "The world's smallest wireless router-on-a-chip."

Hiding electronic gadgets in the mail is not a new idea. 

Many years ago, a company hollowed out a book, planted a computer mouse inside, and mailed it to top executives. 

We detected one of these books during a weekend sweep. It was on an executive's desk, in the unopened mail.  

Was it a bug?  
Was it a bomb? 

No, just a insensitive marketing gag. 

Apparently, the company is no longer in business.

FutureWatch: This will happen again, but next time it might be a bug ...or, a bomb. 

Regularly scheduled TSCM inspections can find these things lurking in your office.

How to Bug an Entire Country - Drop Poop & Rocks

During the Cold War, both sides liberally used the “bug”--the remote listening device--to surreptitiously get wind of what the other side was up to by listening in on a room, a building, or, in the case of East Berlin, an entire city.

Click to enlarge

But in America’s cooling war in Afghanistan, U.S. forces may undertake what could be the biggest bugging operation of all time, planting sensors all over the entire country that could feed the U.S. military intelligence from inside that country for the next two decades. It’s the rough equivalent of bugging an entire country.


The palm-sized devices at the U.S. military’s disposal aren’t listening devices per se, but they would detect anyone moving nearby and report the movement back to an intelligence outpost, letting special operators know when a remote mountain pass or a known smuggling trail is being utilized. Some of the sensors could be buried, others disguised as rocks or other geological artifacts. 

CIA monkey poop sensor - Vietnam era.

The point is, they would be littered all across Afghanistan’s landscape, a lingering legacy of a decade-long conflict that would last 20 years more. (more)

Interesting Security Technologies - Sunpass Bug & Butterfly Authentication

Doug Blakeway, President & CEO, Nanotech Security Corp., reveals new surveillance technologies in the company's Annual Report...

(from their subsidiary) "The CTR-1300 JOEY, a disguised Variable Power Audio Transmitter Utilizing a new LiPo internal battery and incorporated into the Garage Door Opener, EZ Pass, and Sunpass as disguises."

and, the latest in anti-counterfeiting technology...

Click to enlarge.

"Nanotech is developing what it sees as a highly sophisticated and commercially viable nanotechnology for use in anti-counterfeiting as well as product and document authentication. It will potentially be used to authenticate a huge range of items, including currency, legal documents and commercial products.
 
The specialized optical features are comprised of arrays of hundreds of millions of nano-holes–implanted directly onto various substrates and which emit unique light signatures that we believe cannot be reproduced by a counterfeiter.  

KolourOptics® is the trade name for this revolutionary authentication feature which produces nano-scale surface structures similar to those found on the wings of the iridescent blue Morpho Butterfly.
 
The features can be directly applied to banknotes and other valuable documents and products and will produce light signatures are both “overt” (visible to the naked eye) and some that are “covert” (machine readable only)." (more)

Spouse Spying Increase Seen By 92% of Divorce Attorneys

In this new age of technology, spy gadgets are no longer just for actors in James Bond movies. Studies show more spouses are using spy equipment to catch the other red-handed.


The American Academy of Matrimonial Lawyers says in the past three years 92 percent of divorce attorneys saw an increase in evidence from text messages, emails and GPS trackers. In fact in 2011, a Minnesota man was thrown in jail for installing a GPS on his wife's car as he searched for proof she was cheating.

Latest in Government Work Clothes - Immunity Suits

...documents show that the Justice Department secretly agreed to provide AT&T and other participating providers with so-called “2511 letters” that granted them immunity for activity that might otherwise have violated federal wiretapping laws. (more)

Spy Stories Behind "Peggy Sue" and "Winnie the Pooh"

U.S. country star Jerry Naylor revealed he used his international fame as cover to work as a secret agent for the CIA... Naylor, 74, who replaced Buddy Holly in the Crickets, says he was recruited on more than 100 occasions to spy for America under his guise as a touring singer. (more)

The man who created Winnie the Pooh was a First World War spy, top secret files reveal. The papers — rescued from a skip — prove AA Milne worked for a covert arm of military intelligence in a propaganda war against the Germans. They uncover the secret double life of the man behind Tigger, Christopher Robin and Piglet — and should have been burned. (more)

Verizon's Tilt-Shift-Focus on Espionage

Ninety-six percent of cyber espionage cases targeting intellectual property and business trade secrets were attributed to “threat actors in China,” while the remaining four percent were unknown, according to the “2013 Data Breach Investigations Report," which is issued by Verizon, a large U.S. telecom firm...

“Verizon doesn't explain how they determine that an event is state-sponsored, nor how they distinguish between legitimate attacks originating from China and those which use compromised servers in Chinese IP space,” said Jeffrey Carr, CEO of Taia Group, a cyber-security firm. “Hence, any conclusion that they try to draw about the government of China has to be taken with a great degree of skepticism.”
Carr said he believes a lot of the espionage originating in China could “actually be the work of non-state actors working in the Chinese IP space.” (more) 

Keep in mind this report is from a telecommunications company. It is a tilt-shift-focus photo. The center of attention is their product – data-motion. Non-IT methods of espionage are out of focus. 

The result is a distorted reality field with micro-bickering over "who" is to blame, instead of what can be done about it.

Wake up. Pockets are being picked. "Who" doesn't matter. Keeping your intellectual wallet safe matters. 

Successful counterespionage requires a clear, sharp, holistic vision. Beware the tilt-shift folks who focus on IT alone. They miss all the end runs. Budget for a 360º lens. ~Kevin

New Book - "Eavesdropping, Surveillance and Espionage"

New Book
 "...examines the escalating security and privacy threats from spy cameras, audio bugs, telephone bugs, GPS trackers, GSM listening devices, surveillance software, smart-phone compromises and other high-tech technologies that are actively marketed to civilians. Modern security professionals must grasp the magnitude of these emerging threats, how they are identified and the counter-measures by which they are neutralized."

The press release explains...

"Eavesdropping, Surveillance And Espionage: Threats, Techniques and Countermeasures is a comprehensive introduction to TSCM specifically for law enforcement, private investigators, homeland security, key military personnel, foreign service and diplomatic staff, intelligence operatives, private security contractors, TSA, security advisors and other security professionals in the private and public sectors.

Authored by Norbert Zaenglein, author of Disk Detective, Secret Software and the Covert Bug Book, the new TSCM book fills a much needed gap in security awareness related to civilian surveillance capabilities, a development that impacts military, government, diplomatic venues, homeland security, corporations, businesses and the general public.

The essential new security manual explains how mass production of sophisticated surveillance technology pattered after law-enforcement and intelligence-grade spy devices has marshaled the once secretive spy trade into civilian circles with far-reaching implications and consequences." (preview)

Note: Only available at http://www.modernprivacy.info/

Detecting and Preventing Eavesdropping - U.S. Government Advice

(A long, but worthwhile read.)

Detecting and Preventing Eavesdropping

Any indication that an adversary or competitor is using illegal means to collect information should alert you to the possibility, at least, that listening devices might be planted in your office or home. There are a number of specific warning signs that you may be the target of eavesdropping. Of course, if eavesdropping is done by a professional, and done correctly, you may not see any of these signs.

One of the most common indicators of eavesdropping is that other people seem to know something they shouldn’t know. If you learn that an activity, plan, or meeting that should be secret is known to an adversary or competitor, you should ask yourself how they might have learned that.

An eavesdropper will often use some pretext to gain physical access to your office or home. It is easy for an outsider to gain access to many office buildings by impersonating a technician checking on such things as the air conditioning or heating. The only props needed are a workman’s uniform, hard hat, clipboard with some forms, and a belt full of tools. If challenged, the imposter might threaten not to come back for three weeks because he is so busy. In one version of this technique, the eavesdropper actually causes a problem and then shows up unrequested to fix it. In other words, you must verify that anyone performing work in or around your office was actually requested and is authorized to do this work. If a worker shows up without being asked, this suggests an attempted eavesdropping operation and should be reported immediately to your security office. Even when the work is requested, outside service personnel entering rooms containing sensitive information should always be accompanied and monitored.

Gifts are another means of infiltrating a bug into a target office. Be a little suspicious if you receive from one of your contacts a gift of something that might normally be kept in your office -- for example, a framed picture for the wall or any sort of electronic device. Electronic devices are especially suspicious as they provide an available power supply, have space for concealing a mike and transmitter, and it is often difficult to distinguish the bug from other electronic parts. Have any gift checked by a technical countermeasures specialist before keeping it in a room where sensitive discussions are held.

Unusual sounds can be a tip off that something is amiss. Strange sounds or volume changes on your phone line while you are talking can be caused by eavesdropping. However, they can also be caused by many other things and are relatively common, so this is not a significant indicator unless it happens repeatedly. On the other hand, if you ever hear sounds coming from your phone while it is hung up, this is significant and definitely should be investigated. If your television, radio, or other electrical appliance in a sensitive area experiences strange interference from some other electronic device, this should also be investigated if it happens repeatedly.

Illegal entry to your office or home to install an eavesdropping device sometimes leaves telltale signs, especially if done by an amateur. Evidence of improper entry with nothing being taken is suspicious. Installing an eavesdropping device sometimes involves moving ceiling tiles, electrical outlets, switches, light fixtures, or drilling a pinhole opening in the wall or ceiling of the target room (drilling in from the other side of the wall or ceiling). This can leave a small bit of debris, especially white dry-wall dust that should not be cleaned up. It should be reported to the security office.

In summary, protection against the installation of eavesdropping devices requires:

• Alert employees.
• Round the clock control over physical access by outsiders to the area to be protected.
• Continuous supervision/observation of all service personnel allowed into the area for repairs or to make alterations.
• Thorough inspection by a qualified technical countermeasures specialist of all new furnishings, decorations, or equipment brought into the area.

What to Do if You Suspect
You Have Been Bugged

If you suspect you are bugged, do not discuss your suspicions with others unless they have a real need to know. Above all, do not discuss your suspicions in a room that might be bugged. Do not deviate from the normal pattern of conversation in the room. Advise your security officer promptly, but do not do it by phone. The bug may be in the telephone instrument. Do it in person, and discuss the problem in an area that you are confident is secure.

These security measures are important to ensure that the perpetrator does not become aware of your suspicions. A perpetrator who becomes aware you are suspicious will very likely take steps to make it more difficult to find the device. He may remove the device or switch it off remotely.

1. Never try to find a bug or wiretap yourself. What’s the point? If you are suspicious enough to look, you already know you should not have any sensitive conversation in that room. If there is a bug there, do-it-yourself approaches probably will not find it. If you look and don’t find it, that certainly shouldn’t give you any sense of confidence that you can speak freely in that room. Don’t be misled by what you see on television, in the movies, or in spy-shop catalogs. Detecting bugs is difficult even for the professionals who specialize in that work.

Technical Security Countermeasures
A Technical Security Countermeasures (TSCM) survey, also known as a "sweep," is a service provided by highly qualified personnel to detect the presence of technical surveillance devices and hazards and to identify technical security weaknesses that could facilitate a technical penetration of the surveyed facility. It consists of several parts.

• An electronic search of the radio frequency (RF) spectrum to detect any unauthorized emanations from the area being examined.
• An electronically enhanced search of walls, ceilings, floors, furnishings, and accessories to look for clandestine microphones, recorders, or transmitters, both active and quiescent.
• A physical examination of interior and exterior areas such as the space above false ceilings and heating, air conditioning, plumbing, and ventilation systems to search for physical evidence of eavesdropping.
• Identification of physical security weaknesses that could be exploited by an eavesdropper to gain access to place technical surveillance equipment in the target area.

During the survey, TSCM team members may enter office areas where employees are working. Employees should be advised in writing, not orally, that a technical security inspection is being conducting and that they should not discuss it in the office before, during, or after the survey. (Note: Most private sector surveys are conducted after normal business hours.)

Contact me for additional information on conducting a professional technical information security survey, which is more through than the standard TSCM sweep. ~Kevin

(original government post)

Interesting Question About Jamming Bugs & SpyCams

Q. "Looking for a bug jammer that will block out all bugs video or audio near my doorway looking at the rj4000 from the bug jammer store wondering if what they say is true they claim it will block 1 g bugs and 1.2 g bugs with a jamming frequency between 900 to 1000 mhz and 1100 mhz to 1300mhz for bugs"

A. Good thing you asked.  

You really don't want to solve your problem this way.

Here's why...
• Jamming is illegal in the U.S. http://www.fcc.gov/encyclopedia/jammer-enforcement
"seizure of unlawful equipment" " subjects the operator to possible fines, imprisonment, or both"

• Your imported purchase runs the risk of being confiscated by Customs before it even reaches you.

• The RF jammer RJ4000 ALSO jams 2.4 GHz Wi-Fi and 1.5 GHz GPS signals. Your neighbors will complain.

Estimated area of noticeable interference. Actual jamming area is less.

But, yes, it will probably do what they say, assuming the bug/spycam transmitter is less powerful than the jammer's transmitter.

Best advice: Think of an alternate way to solve your concerns. ~Kevin

Sand Sized Gyroscopes to Track You Anywhere

Mini-gyroscopes developed to guide smartphones and medical equipment...
Prof. Koby Scheuer of Tel Aviv University`s School of Physical Engineering is now scaling down this crucial sensing technology for use in smartphones, medical equipment and more futuristic technologies.

Working in collaboration with Israel`s Department of Defense, Prof. Scheuer and his team of researchers have developed nano-sized optical gyroscopes that can fit on the head of a pin — and, more usefully, on an average-sized computer chip — without compromising the device`s sensitivity... Measuring a millimeter by a millimeter (0.04 inches by 0.04 inches), about the size of a grain of sand, the device can be built onto a larger chip that also contains other necessary electronics...

Nano-gyroscopes integrated into common cellphones could provide a tracking function beyond the capabilities of existing GPS systems. "If you find yourself in a place without reception, you would be able to track your exact position without the GPS signal," he says.
There are benefits to medical science as well... (more)

Pentagon’s Spies Pimp Their Phones

The Pentagon has big plans for its spy agency. But first it’s going to upgrade its secret agents’ cellphones.

That’s the gist of a recent request for information from the cryptic Virginia Contracting Activity (or VACA), the public face for the Defense Intelligence Agency’s secretive contract business. According to the request, the DIA is looking for a company with the “ability to work and store classified information at the SECRET Collateral Level” to design custom “cellular phone point-to-point communication systems.” In other words, a private communications link. (more)

Top Wi-Fi Routers Easy to Hack, Says Study

The most popular home wireless routers are easily hacked and there's little you can do to stop it, says a new study by research firm Independent Security Evaluators.

Thirteen popular routers were tested and found vulnerable to hacks in a new study by research firm Independent Security Evaluators.

The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

Click to enlarge.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a "moderately skilled adversary with LAN or WLAN access." It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken over from the local network, with four of those requiring no active management session. Eleven of the 13 can be taken over from a Wide-Area Network (WAN) such as a wireless network, with two of those requiring no active management session. (more)

How to Hack-proof Your Wireless Router
(Maybe not hack-proof but at least hack-resistant.)

DoD Inspector General v. Army Commercial Mobile Devices (CMD)

There are lessons for your organization in this report. 
Insert your organization's name where you see the word "Army".

Click to enlarge.

"The Army did not implement an effective cybersecurity program for commercial mobiles (sic) devices. If devices remain unsecure, malicious activities could disrupt Army networks and compromise sensitive DoD information." (full report)

If you travel with a cell phone, tablet and/or laptop...

...this should interest you...

35,000. That’s how many business travelers depart the United States every day. With them goes over 40,000 cell phones, more than 50,000 laptops, and nearly 500,000 pages of business documents holding privileged information. When you travel abroad, your company is at risk. 

Among Enemies tells you how to protect yourself.

Luke Bencie has traveled to more than 100 countries over the past 15 years on behalf of the U.S. intelligence community, as well as for the private defense industry. 

While abroad, he has experienced, firsthand and sometimes painfully, the threat of espionage and the lengths to which foreign intelligence services and other hostile global competitors will go to steal American business secrets. 

Mr. Bencie currently serves as the managing director of Security Management International, LLC, a security-consulting firm in the Washington, D.C. area.

Sen. Mitch McConnell's "Bug" - Recorded Acoustical Leakage

The center of political intrigue and an FBI investigation in Kentucky's U.S. Senate race is the otherwise inconspicuous second floor hallway of the Watterson West office building in Louisville.

...behind plain, black doors is Sen. Mitch McConnell's campaign headquarters.

It is in this hallway on February 2 that two members of the Progress Kentucky SuperPAC allegedly recorded a private campaign strategy meeting underway inside an office on the other side of one of those plain, black doors, according to Jacob Conway a member of the Jefferson County Democratic Party's Executive Committee.

"You have about a half an inch gap right there where a recording device or a microphone could have been inserted," Benton said, pointing to the bottom of the door...

With the campaign's permission, WHAS11 tested whether an iPhone voice memo program could successfully record a conversation by placing the phone's mouthpiece at the bottom door opening.

Playback of the test recording confirmed that it captured the voices of campaign workers meeting behind the door. The workers had been advised of the recording test...

Some legal analysts suggest that if the closed door meeting could be heard from the hallway, the recording might not be a crime. During the WHAS11 visit, some voices could be heard, without electronic assistance, from the hallway. (more)

Imagine, two guys in the hallway listening under the door. Eavesdropping doesn't get any more basic than that. Spying tricks haven't changed, there are just more of them these days. All the old tricks still work. 

If they had their offices inspected by a TSCM team they would have been notified about the acoustical leakage vulnerability... in time to protect themselves.