The Gales say Belk’s surveillance cameras point into their master bedroom and bathroom.
The cameras were installed in September 2012, but the neighbors have been feuding since 2008 court records say. (more)
 |
| Without laser. With laser. |
Tuesday, December 10, 2013
Surveillance Cameras a Weapon in Neighborhood Feud
Scott and Terri Gale, of Kemah, Tex., are seeking a restraining order against Natalie Belk, who lives directly across the street from them, according to media reports.
The Gales say Belk’s surveillance cameras point into their master bedroom and bathroom.
The cameras were installed in September 2012, but the neighbors have been feuding since 2008 court records say. (more)
I guess taking their case to court is more civil than installing a permanently mounted laser pen aimed at the camera's lens. (snicker) (How to Zap a Camera)
The Gales say Belk’s surveillance cameras point into their master bedroom and bathroom.
The cameras were installed in September 2012, but the neighbors have been feuding since 2008 court records say. (more)
Industrial Espionage Gets Caddy
Michael Kassner via TechRepublic.com...
With all the recent industrial espionage, it was only a matter of time before malware developers would take a look at Computer-Aided Design (CAD) programs as a way to ex-filtrate proprietary documents and drawings from engineering firms...
The first time I read about an AutoCAD malware was last year when ESET.com reported a strange anomaly on their LiveGrid network. It was strange because the malware attacked AutoCAD, but only in Peru of all places.
After some investigation, it was determined the malware ACAD/Medre.A was a worm programmed to send AutoCAD drawings via email to an account (you guessed it) in China. The experts at ESET had this to say:
ACAD/Medre.A is a serious example of suspected industrial espionage. Every new design created by a victim is sent automatically to the authors of this malware...
Something else that ESET pointed out bothered one of my clients when I told them about ACAD/Medre.A: “The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office. The inventor may not know of the security breach until his patent claim is denied due to prior art.”
...a new trojan popped up on Trend Micro’s radar—ACM_SHENZ.A, and it was targeting AutoCAD programs. But with a twist, the malware was benign. Like most trojans, its job was to gain a foothold on the victim’s computer.
Once safely entrenched, ACM_SHENZ.A obtains administrative rights which make it simple for the malware to create network shares for all drives. The malware also opens ports: 137, 138, 139, and 445. Doing so allows access to files, printers, and serial ports.
Obtaining administrative rights also allows the attacker to plant additional malware. It’s this additional malware, experts at Trend Micro suspect will be used to steal drawings and engineering documents...
CAD drawings are now a valid attack vector. (more)
With all the recent industrial espionage, it was only a matter of time before malware developers would take a look at Computer-Aided Design (CAD) programs as a way to ex-filtrate proprietary documents and drawings from engineering firms...
After some investigation, it was determined the malware ACAD/Medre.A was a worm programmed to send AutoCAD drawings via email to an account (you guessed it) in China. The experts at ESET had this to say:
ACAD/Medre.A is a serious example of suspected industrial espionage. Every new design created by a victim is sent automatically to the authors of this malware...
Something else that ESET pointed out bothered one of my clients when I told them about ACAD/Medre.A: “The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office. The inventor may not know of the security breach until his patent claim is denied due to prior art.”
Once safely entrenched, ACM_SHENZ.A obtains administrative rights which make it simple for the malware to create network shares for all drives. The malware also opens ports: 137, 138, 139, and 445. Doing so allows access to files, printers, and serial ports.
Obtaining administrative rights also allows the attacker to plant additional malware. It’s this additional malware, experts at Trend Micro suspect will be used to steal drawings and engineering documents...
CAD drawings are now a valid attack vector. (more)
Monday, December 9, 2013
On "Free" Security Apps...
I came across a new smartphone security app the other day which caught my eye. It promised...
In my mind, I could hear my father saying, "there is no free lunch, if it looks too good to be true..." The years have always proven him correct.
The app's web site had a foreign country URL. Not a big issue. Perhaps it was the only place where the site's name was available. A little more digging and I came up with a company address here in the United States; a residential address. Again, not a big issue. The company is just over a year old, they have no other products, and software development from home is common. Both the Chairman and CEO of the company have names normally associated with a foreign country. I am still not phased. The United States is the world's melting pot.
A question on their FAQ page was the first red flag. "Why do you need my cell phone number to activate the service?" The answer, "we need the number so we can send you the activation code." My question is, why does a free encryption product need an activation code? It sounds like a ploy to identify users. Apparently, enough people felt this was an invasion of their privacy. The next part of the company's answer was that the code would no longer be needed after version x.xx.
The next FAQ was, "Why do you upload my contact book to your servers?" The answer smelled like more dung. Apparently, everything the app does goes through their servers.
On to the fine print.
The product is specifically not guaranteed: not the encryption, not the self-destruction of the messages, photos or videos, nothing. They accept no liability. The are held harmless in the event transmissions are decrypted, deleted, copied, hacked, or intercepted.
Apps cost money to develop. Even allowing for ads, as these folks do, that is not enough money to justify an app this fancy (assuming it fulfills all its claims). There must be another payoff. What's worth money here?
Information.
People who use encryption are a select group; easy to target. For whatever reason, they feel their information is valuable. Hummm, a free security app could be great espionage tool. Let's see what information the company admits to collecting...
"We have the right to monitor..." Boom! What!?!?
And, they collect: IP addresses, email addresses, phone numbers, address books, mobile device ID numbers, device names, OS names and versions. They can know who you are, where you are, and information about everyone you know. Even if you never use this app, if you are in the address book of someone who does, you're now coin of their realm.
"Photos and videos are cashed on servers..." and you can't delete them. They claim they will do this for you after, "a period of time."
Throughout all of this, the user's fire-of-fear is dowsed with, don't worry, it's all encrypted, no one but you can see it, trust me. Right... how about a little trust, but verify. Other security software companies allow vetting. I saw no claims that their code was independently vetted for bugs, back doors, or spyware. And, what about that "We have the right to monitor..." clause? How is that accomplished without a back door?
They, "May collect statistics about the behavior of users and transmit it to employees, contractors and affiliated organizations outside your home country." Yikes. Who are you affiliated with anyway? Please don't tell me, "if I tell you, I will have to kill you."
Here's another kicker. If they sell the company, "user information is one of the assets which would be transferred or acquired by the third party."
This may be a perfectly legitimate app. Maybe I'm paranoid. But, money, power, politics, espionage and blackmail all come to mind. Any government intelligence service, business espionage agent, or organized crime boss could have come up with this as a ruse.
Which brings me to the moral of this story...
Before you trust any security service, vet it thoroughly.
If your OTHBD needle starts to tremble, don't rationalize, move on. ~Kevin
- Free and secure phone calls.
- Send self-destructing messages.
- Recall or remotely wipe sent messages.
- Safely share private photos and videos.
- Photo vault to hide photos and videos.
- Hide text messages, contacts, call logs.
- Private vault for documents, notes and diary.
In my mind, I could hear my father saying, "there is no free lunch, if it looks too good to be true..." The years have always proven him correct.
The app's web site had a foreign country URL. Not a big issue. Perhaps it was the only place where the site's name was available. A little more digging and I came up with a company address here in the United States; a residential address. Again, not a big issue. The company is just over a year old, they have no other products, and software development from home is common. Both the Chairman and CEO of the company have names normally associated with a foreign country. I am still not phased. The United States is the world's melting pot.
A question on their FAQ page was the first red flag. "Why do you need my cell phone number to activate the service?" The answer, "we need the number so we can send you the activation code." My question is, why does a free encryption product need an activation code? It sounds like a ploy to identify users. Apparently, enough people felt this was an invasion of their privacy. The next part of the company's answer was that the code would no longer be needed after version x.xx.
The next FAQ was, "Why do you upload my contact book to your servers?" The answer smelled like more dung. Apparently, everything the app does goes through their servers.
On to the fine print.
The product is specifically not guaranteed: not the encryption, not the self-destruction of the messages, photos or videos, nothing. They accept no liability. The are held harmless in the event transmissions are decrypted, deleted, copied, hacked, or intercepted.
Apps cost money to develop. Even allowing for ads, as these folks do, that is not enough money to justify an app this fancy (assuming it fulfills all its claims). There must be another payoff. What's worth money here?
Information.
People who use encryption are a select group; easy to target. For whatever reason, they feel their information is valuable. Hummm, a free security app could be great espionage tool. Let's see what information the company admits to collecting...
"We have the right to monitor..." Boom! What!?!?
"Photos and videos are cashed on servers..." and you can't delete them. They claim they will do this for you after, "a period of time."
Throughout all of this, the user's fire-of-fear is dowsed with, don't worry, it's all encrypted, no one but you can see it, trust me. Right... how about a little trust, but verify. Other security software companies allow vetting. I saw no claims that their code was independently vetted for bugs, back doors, or spyware. And, what about that "We have the right to monitor..." clause? How is that accomplished without a back door?
They, "May collect statistics about the behavior of users and transmit it to employees, contractors and affiliated organizations outside your home country." Yikes. Who are you affiliated with anyway? Please don't tell me, "if I tell you, I will have to kill you."
Here's another kicker. If they sell the company, "user information is one of the assets which would be transferred or acquired by the third party."
This may be a perfectly legitimate app. Maybe I'm paranoid. But, money, power, politics, espionage and blackmail all come to mind. Any government intelligence service, business espionage agent, or organized crime boss could have come up with this as a ruse.
Which brings me to the moral of this story...
Before you trust any security service, vet it thoroughly.
If your OTHBD needle starts to tremble, don't rationalize, move on. ~Kevin
Yet Another Step Closer to Eavesdropping on the Brain
Science fiction has long speculated what it would be like to peek inside a person's mind and find out what they are thinking.
Now scientists are one step closer to such technology after forging a new brain monitoring technique that could lead to the development of 'mind-reading' applications.
The breakthrough comes from a Stanford University School of Medicine study that was able to 'eavesdrop' on a person's brain activity as they performed normal functions by utilizing a series of electrodes attached to certain portions of the brain.
The process, called 'intracranial recording', was tested... (more)
The breakthrough comes from a Stanford University School of Medicine study that was able to 'eavesdrop' on a person's brain activity as they performed normal functions by utilizing a series of electrodes attached to certain portions of the brain.
The process, called 'intracranial recording', was tested... (more)
Friday, December 6, 2013
Spy bugs found in Australia and Asia
An Australian surveillance executive whose firm was contracted by several clients to sweep for hidden mobile interceptors and other spying devices in Australia and Asia has found dozens of them.
Les Goldsmith, chief executive of ESD Group, told Fairfax Media his company found about 20 physical bugs when conducting sweeps in Australian business and local government offices, and another 68 in Asia between 2005 and 2011...
"All governments are falling victim to surveillance and some governments are falling victim to it but not saying anything," he said...
Mr Goldsmith’s remarks come as officers from Australia’s domestic spy agency ASIO raided the office of a lawyer who claimed spies bugged the cabinet room of East Timor’s government during negotiations over oil and gas deposits. It also follows news that Ecuador found a bug in its London embassy, where Julian Assange is (sic) staying...
Michael Dever, of Dever Clark + Associates, which conducts bug sweeps for government agencies, said Mr Goldsmith’s numbers were not surprising.
"Australia’s culture is pretty naive about these matters," Mr Dever said. "There’s a prevailing attitude ... among businesses that this is Australia, that this sort of stuff only happens elsewhere. But that’s not the case at all." (can be applied to most businesses in the free world)
Despite this, Mr Dever revealed that his firm had not found any bugs in Australia "in years", but said that this was likely because areas he swept were "generally secure" government or private sector facilities.
"That doesn’t mean that we’re incompetent," Mr Dever said.
"It just means that the types of places [where] we do this work ... are already low-risk anyway because of their security." (more)
A good security recipe has bug detection inspections (TSCM) as a key ingredient. Not only is TSCM a proven deterrent, it is also checks the freshness and effectiveness the other security ingredients. Cook this up right, and like Mr Dever said, your risk will be low.
Les Goldsmith, chief executive of ESD Group, told Fairfax Media his company found about 20 physical bugs when conducting sweeps in Australian business and local government offices, and another 68 in Asia between 2005 and 2011...
"All governments are falling victim to surveillance and some governments are falling victim to it but not saying anything," he said...
Mr Goldsmith’s remarks come as officers from Australia’s domestic spy agency ASIO raided the office of a lawyer who claimed spies bugged the cabinet room of East Timor’s government during negotiations over oil and gas deposits. It also follows news that Ecuador found a bug in its London embassy, where Julian Assange is (sic) staying...Michael Dever, of Dever Clark + Associates, which conducts bug sweeps for government agencies, said Mr Goldsmith’s numbers were not surprising.
"Australia’s culture is pretty naive about these matters," Mr Dever said. "There’s a prevailing attitude ... among businesses that this is Australia, that this sort of stuff only happens elsewhere. But that’s not the case at all." (can be applied to most businesses in the free world)
Despite this, Mr Dever revealed that his firm had not found any bugs in Australia "in years", but said that this was likely because areas he swept were "generally secure" government or private sector facilities.
"That doesn’t mean that we’re incompetent," Mr Dever said.
"It just means that the types of places [where] we do this work ... are already low-risk anyway because of their security." (more)
A good security recipe has bug detection inspections (TSCM) as a key ingredient. Not only is TSCM a proven deterrent, it is also checks the freshness and effectiveness the other security ingredients. Cook this up right, and like Mr Dever said, your risk will be low.
Wednesday, December 4, 2013
World's Smallest Night Vision HD DV Digital Camera for under $50.00
For the PI on your shopping list who has everything...
Features:
Specifications:
Package Contents:
Features:
- The Night Vision DC DV Smallest Camera
- Night Vision LEDs
- Take photo, Record Video and Audio under different conditions
- Record the special moment at any time
- Dimensions: 4.5 x 2.8 x 1.7 cm
Specifications:
- Pinhole 12.0M Lens
- Image Resolution: 4032 x 3024 pixel
- Color Video Resolution: 1920 x 1080 pixel
- FPS: 24 frames per second
- Image file format: JPEG
- Video file format: AVI (MJPG)
- Audio file format: WAV
- Color Video and Audio
- Built-in Rechargeable 260mAh Li-ion battery
- Recording Time: Approx. 60 minutes
- Memory Card: Support Micro SD/SDHC Card/TF Card
- Weight: 41 gram
- Dimensions: 45 x 28 x 17 mm
Package Contents:
- 1 piece The Night Vision DC DV Smallest Camera
- 1 piece USB Charging/Data Cable
- 1 piece Handy Strap (more)
Tuesday, December 3, 2013
A Corporate Espionage Story
A cautionary tale...
Years ago, a restaurant owner told me how he collected the names, addresses, and phone numbers of a local competitor's customers. He had a friend put a box for a free drawing (not related to his restaurant) on the competitor's checkout counter. The contest was completely legitimate (people did win the promised prizes) and the rival gave his permission to place the box. He just didn't know entry forms would be given to the owner of a competing restaurant. With the information from the contest entries, the original restaurant owner could send coupons to many of his competitor's customers.
The individual in this example used a low-tech attack, but the story illustrates the basic concept behind all corporate espionage — gaining a competitive advantage. (more)
Moral—Business espionage is not just IT-based. All the old tricks still work, and are still used. If you are only locking the IT door, expect them to come in through the windows, chimney and sewer pipes. We can help.
Years ago, a restaurant owner told me how he collected the names, addresses, and phone numbers of a local competitor's customers. He had a friend put a box for a free drawing (not related to his restaurant) on the competitor's checkout counter. The contest was completely legitimate (people did win the promised prizes) and the rival gave his permission to place the box. He just didn't know entry forms would be given to the owner of a competing restaurant. With the information from the contest entries, the original restaurant owner could send coupons to many of his competitor's customers.
The individual in this example used a low-tech attack, but the story illustrates the basic concept behind all corporate espionage — gaining a competitive advantage. (more)
Moral—Business espionage is not just IT-based. All the old tricks still work, and are still used. If you are only locking the IT door, expect them to come in through the windows, chimney and sewer pipes. We can help.
The Latest Spy Trick - Infecting Computers... using sound!
Abstract of the Abstract—No network, no wireless, no access, no problem. If the computer has a microphone and speaker, you can sweet talk it into letting you have your way with it.
Abstract—Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication. We adapt the communication system to implement covert and stealthy communications by utilizing the near ultrasonic frequency range. We further demonstrate how the scenario of covert acoustical communication over the air medium can be extended to multi-hop communications and even to wireless mesh networks. A covert acoustical mesh network can be conceived as a botnet or malnet that is accessible via nearfield audio communications. Different applications of covert acoustical mesh networks are presented, including the use for remote keylogging over multiple hops. It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered. Finally, countermeasures against covert acoustical mesh networks are discussed, including the use of lowpass filtering in computing systems and a host-based intrusion detection system for analyzing audio input and output in order to detect any irregularities. (the full paper)
Spy Speak - 21st Century Jargon Glossary
via The Guardian...
The NSA files leaked by Edward Snowden are full of intelligence services jargon.
Decode the language...
Blackfoot
Name of an operation to bug the French mission to the UN.
Blarney
See Upstream.
Boundless Informant
The National Security Agency's internal analytic tool that allows it to monitor surveillance country by country and program by program.
Bruneau (or Hemlock)
The codenames given to the Italian embassy in Washington by the NSA.
Bluf
Stands for "bottom line up front" – a request from NSA analysts to collect less data from the Muscular program (see below) because it is of no intelligence value.
Bullrun
The NSA's efforts to undermine encryption technology that protects email accounts, banking transactions and official records. The UK has a similar programme, with both codenamed after civil war battles: Bullrun for the NSA and Edgehill for GCHQ.
Cheesy Name
A GCHQ program that selects encryption keys that might be vulnerable to being cracked.
Dishfire
Database that stores text messages, for future use.
DNI (digital network information)
Data sent across computer networks, such as web page requests, emails, voice over IP. (Formally, any information sent as "packets").
DNR (dialled number records)
The metadata around phone calls, including the sending and receiving of phone numbers, call time and duration.
Dropmire
A surveillance method that involves bugging encrypted fax machines. Used to spy on the European Union embassy in New York.
Edgehill
See Bullrun.
FISA court
The foreign intelligence surveillance court, a secret US court which oversees surveillance under the FISA Act.
Fairview
See Upstream.
Five Eyes
Britain, the US, Canada, Australia and New Zealand – the club of English-speaking countries sharing intelligence.
GCHQ
Government Communications Headquarters, the UK intelligence agency focusing on signals and communications intelligence.
Genie
An NSA surveillance project to remotely implant spyware into overseas computers, including those in foreign embassies.
Humint
Short for "human intelligence", refers to information gleaned directly from sources or undercover agents. See also Sigint.
Keyhole
Code for images gathered by satellites.
Klondyke
The mission to snoop on the Greek embassy in Washington.
Mainway
The database where the NSA stores metadata of millions of phone calls for up to a year.
Marina
The database where the NSA stores metadata of millions of internet users for up to a year.
Metadata
The "envelope" of a phone call or email, which could include the time, the duration, the phone numbers or email addresses, and the location of both parties.
Muscular
Program to intercept Google and Yahoo traffic, exposed by the Washington Post.
Noforn
"Not for foreign distribution" – a classification of some of the Snowden slides.
NSA
The National Security Agency, the US agency, responsible for collecting and analysing intelligence, plus cybersecurity.
Oakstar
See Upstream.
Operation Socialist
The name of a GCHQ cyber-attack on Belgium's main telecoms provider, Belgacom.
Perdido
The codename for the bugging of EU missions in New York and Washington.
Polar Breeze
A technique for tapping into nearby computers.
Powell
The operation to snoop on the Greek UN mission.
Prism
A programme to collect data from internet companies including Google, Microsoft, Facebook and Apple.
Rampart-T
Spying efforts against leaders of China, Russia and several eastern European states.
Royal Concierge
A GCHQ surveillance project to track foreign diplomats' movements by monitoring the booking systems of high‑class hotels.
Sigint
Short for "signals intelligence", or information gathered through the interception of signals between people or computers. See also Humint.
Snacks
The NSA's Social Network Analysis Collaboration Knowledge Services, which analyses social hierarchies through text messages.
Stormbrew
See Upstream.
Tempora
A GCHQ programme to create a large-scale "internet buffer", storing internet content for three days and metadata for up to 30.
Tor
Free software allowing users to communicate anonymously.
Tracfin
Database storing information from credit card transactions
Turbulence, Turmoil and Tumult
Data analysis tools used by the NSA to sift through the enormous amount of internet traffic that it sees, looking for connections to target.
Upstream
Refers to bulk-intercept programs, codenamed Fairview, Stormbrew, Oakstar and Blarney, to intercept data in huge fibre-optic communications cables.
Verizon
One of America's largest telecoms providers, from which the NSA collects the phone records (metadata) of millions of customers.
Wabash
The codename given to the bugging of the French embassy in Washington.
XKeyscore
An NSA program that allows analysts to search vast databases of emails, online chats and browsing histories of millions of individuals, with no prior authorisation. (more)
The NSA files leaked by Edward Snowden are full of intelligence services jargon.
Decode the language...
Blackfoot
Name of an operation to bug the French mission to the UN.
Blarney
See Upstream.
Boundless Informant
The National Security Agency's internal analytic tool that allows it to monitor surveillance country by country and program by program.
Bruneau (or Hemlock)
The codenames given to the Italian embassy in Washington by the NSA.
Bluf
Stands for "bottom line up front" – a request from NSA analysts to collect less data from the Muscular program (see below) because it is of no intelligence value.
Bullrun
The NSA's efforts to undermine encryption technology that protects email accounts, banking transactions and official records. The UK has a similar programme, with both codenamed after civil war battles: Bullrun for the NSA and Edgehill for GCHQ.
Cheesy Name
A GCHQ program that selects encryption keys that might be vulnerable to being cracked.
Dishfire
Database that stores text messages, for future use.
DNI (digital network information)
Data sent across computer networks, such as web page requests, emails, voice over IP. (Formally, any information sent as "packets").
DNR (dialled number records)
The metadata around phone calls, including the sending and receiving of phone numbers, call time and duration.
Dropmire
A surveillance method that involves bugging encrypted fax machines. Used to spy on the European Union embassy in New York.
Edgehill
See Bullrun.
FISA court
The foreign intelligence surveillance court, a secret US court which oversees surveillance under the FISA Act.
Fairview
See Upstream.
Five Eyes
Britain, the US, Canada, Australia and New Zealand – the club of English-speaking countries sharing intelligence.
GCHQ
Government Communications Headquarters, the UK intelligence agency focusing on signals and communications intelligence.
Genie
An NSA surveillance project to remotely implant spyware into overseas computers, including those in foreign embassies.
Humint
Short for "human intelligence", refers to information gleaned directly from sources or undercover agents. See also Sigint.
Keyhole
Code for images gathered by satellites.
Klondyke
The mission to snoop on the Greek embassy in Washington.
Mainway
The database where the NSA stores metadata of millions of phone calls for up to a year.
Marina
The database where the NSA stores metadata of millions of internet users for up to a year.
Metadata
The "envelope" of a phone call or email, which could include the time, the duration, the phone numbers or email addresses, and the location of both parties.
Muscular
Program to intercept Google and Yahoo traffic, exposed by the Washington Post.
Noforn
"Not for foreign distribution" – a classification of some of the Snowden slides.
NSA
The National Security Agency, the US agency, responsible for collecting and analysing intelligence, plus cybersecurity.
Oakstar
See Upstream.
Operation Socialist
The name of a GCHQ cyber-attack on Belgium's main telecoms provider, Belgacom.
Perdido
The codename for the bugging of EU missions in New York and Washington.
Polar Breeze
A technique for tapping into nearby computers.
Powell
The operation to snoop on the Greek UN mission.
Prism
A programme to collect data from internet companies including Google, Microsoft, Facebook and Apple.
Rampart-T
Spying efforts against leaders of China, Russia and several eastern European states.
Royal Concierge
A GCHQ surveillance project to track foreign diplomats' movements by monitoring the booking systems of high‑class hotels.
Sigint
Short for "signals intelligence", or information gathered through the interception of signals between people or computers. See also Humint.
Snacks
The NSA's Social Network Analysis Collaboration Knowledge Services, which analyses social hierarchies through text messages.
Stormbrew
See Upstream.
Tempora
A GCHQ programme to create a large-scale "internet buffer", storing internet content for three days and metadata for up to 30.
Tor
Free software allowing users to communicate anonymously.
Tracfin
Database storing information from credit card transactions
Turbulence, Turmoil and Tumult
Data analysis tools used by the NSA to sift through the enormous amount of internet traffic that it sees, looking for connections to target.
Upstream
Refers to bulk-intercept programs, codenamed Fairview, Stormbrew, Oakstar and Blarney, to intercept data in huge fibre-optic communications cables.
Verizon
One of America's largest telecoms providers, from which the NSA collects the phone records (metadata) of millions of customers.
Wabash
The codename given to the bugging of the French embassy in Washington.
XKeyscore
An NSA program that allows analysts to search vast databases of emails, online chats and browsing histories of millions of individuals, with no prior authorisation. (more)
Monday, December 2, 2013
Jalta Hotel opens its 1950s anti-nuclear bunker and listening post to the public
If you were a VIP who stayed at Prague’s Jalta Hotel between 1958 and 1989, your room was bugged and your phone was tapped. Behind its attractive 1950s façade, the hotel has been hiding a secret – there was a 24-hour underground spying operation that listened in on guests.
From an anti-nuclear bunker 20 meters below Wenceslas Square, communist officials monitored the hotel’s foreign guests with a large bank of listening equipment that only a select few ever knew existed. None of the hotel staff were allowed to go into or even talk about the basement. And while communism ended in 1989, the bunker remained in the possession of the Ministry of Defense until 1998, when they finally declassified its existence and turned it over, as is, to the hotel.
Anti-nuclear Bunker and Cold War Museum
When: Mon. and Wed. or Tue. and Thu (alternating weeks) 5–8 p.m.
Where: Jalta Hotel, Wenceslas Square 45/818
Reservations required: call 222 822 111 or e-mail concierge@hoteljalta.com
Tickets: 75 Kč or 3 euros
Anti-nuclear Bunker and Cold War Museum
When: Mon. and Wed. or Tue. and Thu (alternating weeks) 5–8 p.m.
Where: Jalta Hotel, Wenceslas Square 45/818
Reservations required: call 222 822 111 or e-mail concierge@hoteljalta.com
Tickets: 75 Kč or 3 euros
Eavesdropping Helped Win the American Revolution
The ongoing scandal involving the NSA and eavesdropping on phone and email conversations around the globe, of friend and foe alike, might have you thinking the organized espionage business is relatively recent here. Not true.
It’s older than the country itself. It played a major role in winning our independence from Britain and its birth came about because of something that happened in New Jersey... (more)
It’s older than the country itself. It played a major role in winning our independence from Britain and its birth came about because of something that happened in New Jersey... (more)
The Patroits — Still Being Accused of Spying
Houston defensive end Antonio Smith questioned how New England knew what the Texans were going to do on defense after a 34-31 win by the Patriots on Sunday.
Smith told reporters after the game Houston had some new wrinkles in its defense this week and it was “miraculous” how the Patriots changed their offense to key on the defense.
“Either teams are spying on us or scouting us,” he said. “I don’t know what it is.”
The NFL fined New England coach Bill Belichick $500,000 and the team $250,000 and took away a first-round pick in the 2008 draft for videotaping New York Jets signals during a game on Sept. 9, 2007. Belichick said he thought that was allowed and apologized for what he said was a mistake in his interpretation of the rule prohibiting it. (more) (Why Is Sports Crime Different?)
Smith told reporters after the game Houston had some new wrinkles in its defense this week and it was “miraculous” how the Patriots changed their offense to key on the defense.
“Either teams are spying on us or scouting us,” he said. “I don’t know what it is.”
The NFL fined New England coach Bill Belichick $500,000 and the team $250,000 and took away a first-round pick in the 2008 draft for videotaping New York Jets signals during a game on Sept. 9, 2007. Belichick said he thought that was allowed and apologized for what he said was a mistake in his interpretation of the rule prohibiting it. (more) (Why Is Sports Crime Different?)
Saturday, November 30, 2013
New Spy Camera Takes 3D Photos in Almost Complete Darkness
Spies operating under the cover of darkness might find that their job is about to get easier as U.S. scientists have developed a camera that can take photographs of objects and people that are only very dimly lit.
The camera works by reconstructing 3D images from photons reflected from barely visible objects.
The technology could be used in next generation spy cameras... (more)
The technology could be used in next generation spy cameras... (more)
EU Takes Aim at Industrial Espionage
Brussels is taking aim at industrial espionage with proposals to tighten laws so businesses can better safeguard their “trade secrets” from prying rivals.
The reforms put forward by Michel Barnier, the EU single market commissioner, aim to bolster defences against unlawful acquisition of information that is commercially valuable and secret but not covered by a patent...
Trade secrets range can range from anything from technical processes for making bathplugs, to innovative marketing strategies, valuable customer lists, or recipes for market-beating cakes or pies.
Unlike a book or trademark or patented technology, the holder of a trade secret has no exclusive right to it. Rivals seeking to close a competitive gap can legally reverse engineer the information. The proposed reforms, unveiled on Thursday, only target methods for obtaining information that are illegal, such as espionage, bribery or theft.
Mr Barnier said: “Cybercrime and industrial espionage are unfortunately part of the reality that businesses in Europe face every day. We have to make sure our laws move with the times and that the strategic assets of our companies are adequately protected against theft and misuse.” (more)
The reforms put forward by Michel Barnier, the EU single market commissioner, aim to bolster defences against unlawful acquisition of information that is commercially valuable and secret but not covered by a patent...
Trade secrets range can range from anything from technical processes for making bathplugs, to innovative marketing strategies, valuable customer lists, or recipes for market-beating cakes or pies.
Unlike a book or trademark or patented technology, the holder of a trade secret has no exclusive right to it. Rivals seeking to close a competitive gap can legally reverse engineer the information. The proposed reforms, unveiled on Thursday, only target methods for obtaining information that are illegal, such as espionage, bribery or theft.
Mr Barnier said: “Cybercrime and industrial espionage are unfortunately part of the reality that businesses in Europe face every day. We have to make sure our laws move with the times and that the strategic assets of our companies are adequately protected against theft and misuse.” (more)
Thursday, November 28, 2013
Columbia Engineers Make World’s Smallest FM Radio Transmitter
A team of Columbia Engineering researchers...
led by Mechanical Engineering Professor James Hone and Electrical Engineering Professor Kenneth Shepard,
has taken advantage of graphene’s special properties—its mechanical
strength and electrical conduction—and created a nano-mechanical system
that can create FM signals, in effect the world’s smallest FM radio
transmitter. The study is published online on November 17, in Nature Nanotechnology. (more) (what was transmitted)
Wednesday, November 27, 2013
U.N. - End Excessive Electronic Spying
A U.N. General Assembly committee on Tuesday called for an end to excessive electronic surveillance and expressed concern at the harm such scrutiny, including spying in foreign states and the mass collection of personal data, may have on human rights.
The U.N. General Assembly's Third Committee, which deals with human rights issues, adopted the German and Brazilian-drafted resolution by consensus. It is expected to be put to a vote in the 193-member General Assembly next month.
"For the first time in the framework of the United Nations this resolution unequivocally states that the same rights that people have offline must also be protected online," German U.N. Ambassador Peter Wittig told the committee.
The United States, Britain, Australia, Canada and New Zealand - known as the Five Eyes surveillance alliance - supported the draft resolution after language that had initially suggested foreign spying could be a human rights violation was weakened to appease them. (more)
"For the first time in the framework of the United Nations this resolution unequivocally states that the same rights that people have offline must also be protected online," German U.N. Ambassador Peter Wittig told the committee.
The United States, Britain, Australia, Canada and New Zealand - known as the Five Eyes surveillance alliance - supported the draft resolution after language that had initially suggested foreign spying could be a human rights violation was weakened to appease them. (more)
TUMs Solves Wireless Security Headache. Warning: explanation gives headache.
Researchers at the Technische Universität München (TUM) have proven that wireless communications can be made more secure through a novel approach based on information theory."
The method is counter-intuitive and involves information theory and zero capacity channels. "The scheme uses two physical channels – that is, frequency bands in a wireless system – that are inherently useless, each being incapable of securely transmitting a message," says TUM.
Intuitively, combining one zero-capacity with another zero-capacity should result in zero capacity. “But in this case,” Schaefer explains, “it’s as if we’re getting a positive result from adding zero to zero. We find that we are able to ‘super-activate’ the whole system, meaning that combining two useless channels can lead to a positive capacity to transmit confidential messages securely.”
Superactivation is not unknown in quantum theory. It's the combining of zero capacity quantum channels to produce a channel with positive capacity; but is not yet applicable to current technology. But what Boche and Schaefer have achieved "is," says Boche, "the first example of super-activation – where zero plus zero is greater than zero – in classical communication scenarios.”
Huh?
Intuitively, combining one zero-capacity with another zero-capacity should result in zero capacity. “But in this case,” Schaefer explains, “it’s as if we’re getting a positive result from adding zero to zero. We find that we are able to ‘super-activate’ the whole system, meaning that combining two useless channels can lead to a positive capacity to transmit confidential messages securely.”
Superactivation is not unknown in quantum theory. It's the combining of zero capacity quantum channels to produce a channel with positive capacity; but is not yet applicable to current technology. But what Boche and Schaefer have achieved "is," says Boche, "the first example of super-activation – where zero plus zero is greater than zero – in classical communication scenarios.”
Huh?
Tuesday, November 26, 2013
Protesters Capture Government Surveillance Van
The Security Service of Ukraine, the nation’s intelligence agency, have its white mini-van back, courtesy of the Berkut anti-riot police officers.
Demonstrators seized the van during a protest rally on the evening of Nov. 25, suspecting that it contained sophisticated equipment for eavesdropping on telephone conversations of protest leaders.
The taking of the van prompted clashes last night between police and protesters. After a 30-minute standoff, punctuated by fighting, the demonstrators recovered evidence from the van and the police reclaimed it.
Opposition lawmaker Mykola Kniazhytsky posted a picture of a passport, car tag numbers and what he said were technical listening devices found in the van on his Facebook page. Opposition leaders promised to analyze the recordings and release their findings.
Equipment believed to be listening devices found in the white mini-van that SBU officers were using while parked near European Square.
That left officials trying to explain what the van was doing at the protest site...
License plates that protesters say they found inside a van used by SBU officers that was parked near European Square...
According to eyewitnesses, protesters overtook the van, prompting hundreds of riot police to descend on the scene, triggering the violent clashes. An SBU officer in the van eventually escaped with police help, while the leaders of the demonstration took to the stage in triumph after police backed off about 9 p.m. (more) (video footage)
Demonstrators seized the van during a protest rally on the evening of Nov. 25, suspecting that it contained sophisticated equipment for eavesdropping on telephone conversations of protest leaders.
The taking of the van prompted clashes last night between police and protesters. After a 30-minute standoff, punctuated by fighting, the demonstrators recovered evidence from the van and the police reclaimed it.
Opposition lawmaker Mykola Kniazhytsky posted a picture of a passport, car tag numbers and what he said were technical listening devices found in the van on his Facebook page. Opposition leaders promised to analyze the recordings and release their findings.
Equipment believed to be listening devices found in the white mini-van that SBU officers were using while parked near European Square.
That left officials trying to explain what the van was doing at the protest site...
License plates that protesters say they found inside a van used by SBU officers that was parked near European Square...
According to eyewitnesses, protesters overtook the van, prompting hundreds of riot police to descend on the scene, triggering the violent clashes. An SBU officer in the van eventually escaped with police help, while the leaders of the demonstration took to the stage in triumph after police backed off about 9 p.m. (more) (video footage)
Indonesia Posts Truth About Government Spying
Indonesia's former spy chief has said intelligence agencies tapping the phones of national leaders is "normal", and dismissed as an overreaction Jakarta's furious response to reports Australia spied on the president's calls. (more)
Monday, November 25, 2013
Smart TVs Lie to You
So-called "smart TVs" have hit the marketplace, essentially turning TVs into computers that let watchers search for videos, install applications or interact with ads. But that connectivity may be a two-way street, as manufacturer LG investigates claims that its line of smart TVs is collecting data on its customers.
According to an LG corporate video, "LG Smart Ad analyses users' favorite programs, online behavior, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men or alluring cosmetics and fragrances to women."
But what happens when your online behavior trends just a bit naughtier than clothes or cosmetics? Meghan Lopez talks to RT web producer Andrew Blake about spying smart TVs and other trending tech topics in this week's Tech Report. (more)
In other news...
LG has admitted it continued collecting data on viewing habits even after users had activated a privacy setting designed to prevent it.
The TV manufacturer has apologized to its customers and said it would issue an update to correct the problem. (more)
But what happens when your online behavior trends just a bit naughtier than clothes or cosmetics? Meghan Lopez talks to RT web producer Andrew Blake about spying smart TVs and other trending tech topics in this week's Tech Report. (more)
In other news...
LG has admitted it continued collecting data on viewing habits even after users had activated a privacy setting designed to prevent it.
The TV manufacturer has apologized to its customers and said it would issue an update to correct the problem. (more)
DIY Surveillance in India Shows Eye-Popping Growth
India's electronic surveillance market - currently at Rs 10 billion ($160,393,125.35 USD) — is growing at a rate of 25% per year as a growing number of people opt for DIY surveillance.
Cameras are being installed everywhere — outside buildings to prevent burglaries, in cars to keep track of whether the chauffeur is giving unauthorized lifts, inside homes so that people can keep an eye on everything from nannies to grannies. Even the pet dog has a watchful eye on him, as does the teen.
When it comes to security, privacy concerns go out the window - the one with the CCTV attached. (more)
Cameras are being installed everywhere — outside buildings to prevent burglaries, in cars to keep track of whether the chauffeur is giving unauthorized lifts, inside homes so that people can keep an eye on everything from nannies to grannies. Even the pet dog has a watchful eye on him, as does the teen. When it comes to security, privacy concerns go out the window - the one with the CCTV attached. (more)
Not to be Out-Spooked by the NSA...
The FBI is expected to reveal Thursday that because of the rise of Web-based e-mail and social networks, it's "increasingly unable" to conduct certain types of surveillance that would be possible on cellular and traditional telephones.
FBI general counsel Valerie Caproni will outline what the bureau is calling the "Going Dark" problem, meaning that police can be thwarted when conducting court-authorized eavesdropping because Internet companies aren't required to build in backdoors in advance, or because technology doesn't permit it.
Any solution, according to a copy of Caproni's prepared comments obtained by CNET, should include a way for police armed with wiretap orders to conduct surveillance of "Web-based e-mail, social networking sites, and peer-to-peer communications technology." (more)
FBI general counsel Valerie Caproni will outline what the bureau is calling the "Going Dark" problem, meaning that police can be thwarted when conducting court-authorized eavesdropping because Internet companies aren't required to build in backdoors in advance, or because technology doesn't permit it.
Any solution, according to a copy of Caproni's prepared comments obtained by CNET, should include a way for police armed with wiretap orders to conduct surveillance of "Web-based e-mail, social networking sites, and peer-to-peer communications technology." (more)
Shop Owner Installs Surveillance Cameras to... watch the police!?!?
A Miami convenience store owner is fed up with his employees and
customers being allegedly harassed by police. So he installs
surveillance video to get evidence against the local cops. (more)
Help The OSS Society Pass a Law (It's easy.)
What is The OSS Society?
The Office of Strategic Services Society celebrates the historic
accomplishments of the OSS during World War II, the first organized
effort by the United States to implement a centralized system of
strategic intelligence and the predecessor to the US intelligence and
special operations communities. It educates the American public
regarding the continuing importance of strategic intelligence and
special operations to the preservation of freedom in this country and
around the world.
Why pass a law?
The OSS was the World War II predecessor to the U.S. intelligence and special operations communities. It was founded and led by the legendary General William "Wild Bill" Donovan, the only American to receive our nation's four highest military honors, including the Medal of Honor. President Roosevelt called General Donovan his "secret legs."
When General Donovan died in 1959, President Eisenhower said: "What a man! We have lost the last hero."
It's time to honor the "last hero" and all the heroes of the OSS with the Congressional Gold Medal. (more)
Click each link below to show support...
S. 1688 and H.R. 3544: A bill to award the Congressional Gold Medal to the members of the Office of Strategic Services (OSS), collectively, in recognition of their superior service and major contributions during World War II.
The Office of Strategic Services Society celebrates the historic
accomplishments of the OSS during World War II, the first organized
effort by the United States to implement a centralized system of
strategic intelligence and the predecessor to the US intelligence and
special operations communities. It educates the American public
regarding the continuing importance of strategic intelligence and
special operations to the preservation of freedom in this country and
around the world.Why pass a law?
The OSS was the World War II predecessor to the U.S. intelligence and special operations communities. It was founded and led by the legendary General William "Wild Bill" Donovan, the only American to receive our nation's four highest military honors, including the Medal of Honor. President Roosevelt called General Donovan his "secret legs."
When General Donovan died in 1959, President Eisenhower said: "What a man! We have lost the last hero."
It's time to honor the "last hero" and all the heroes of the OSS with the Congressional Gold Medal. (more)
Click each link below to show support...
S. 1688 and H.R. 3544: A bill to award the Congressional Gold Medal to the members of the Office of Strategic Services (OSS), collectively, in recognition of their superior service and major contributions during World War II.
Bond Car Submarines at Auction
The sale price was below the auction house's initial estimate price of 650,000 to 950,000 pounds — perhaps because the vehicle (a distinctively-shaped white Lotus Esprit) cannot be driven on the road, although it is said to be a fully operational submarine. (more)
Friday, November 22, 2013
REPORT: Corporate Espionage Against Nonprofit Organizations
How common is corporate espionage against nonprofits?
Most of the cases of corporate espionage we know about in recent years have been uncovered by accident. There has been no comprehensive, systematic effort by federal or state government to determine how much corporate espionage is actually occurring, and what tactics are being used. It is likely that corporate espionage against nonprofits occurs much more often than is known.
Who actually conducts the espionage?
When a nonprofit campaign is so successful that it may impair a company’s profits or reputation, companies may employ their own in house espionage capabilities, or they may retain the services of an intermediary with experience in espionage...
The intermediary may hire a private investigations firm that either has multiple espionage capacities or that specializes in the particular kind of intelligence needed – such as human intelligence and the infiltration of nonprofits, or electronic or physical surveillance. These private investigations firms may subcontract out espionage to experienced operatives, which gives corporations access to specialized talent while further increasing the level of plausible deny-ability...
Corporations may also hire the services of experienced nonprofit infiltrators who may pose as volunteers, to scout out workplaces and to steal documents left unattended or unguarded. Corporate spies may also plant bugs to obtain and transmit verbal communication. Both offices and homes may be targeted for the gathering of physical intelligence. (more)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Most of the cases of corporate espionage we know about in recent years have been uncovered by accident. There has been no comprehensive, systematic effort by federal or state government to determine how much corporate espionage is actually occurring, and what tactics are being used. It is likely that corporate espionage against nonprofits occurs much more often than is known.
 |
| Get the "T" |
When a nonprofit campaign is so successful that it may impair a company’s profits or reputation, companies may employ their own in house espionage capabilities, or they may retain the services of an intermediary with experience in espionage...
The intermediary may hire a private investigations firm that either has multiple espionage capacities or that specializes in the particular kind of intelligence needed – such as human intelligence and the infiltration of nonprofits, or electronic or physical surveillance. These private investigations firms may subcontract out espionage to experienced operatives, which gives corporations access to specialized talent while further increasing the level of plausible deny-ability...
Corporations may also hire the services of experienced nonprofit infiltrators who may pose as volunteers, to scout out workplaces and to steal documents left unattended or unguarded. Corporate spies may also plant bugs to obtain and transmit verbal communication. Both offices and homes may be targeted for the gathering of physical intelligence. (more)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Recent Technological Innovations Have Completely Changed the Game of Espionage
According to the FBI, competitors criminally seek economic intelligence by aggressively recruiting employees and conduct economic intelligence through bribery, cyber attacks, theft of property, dumpster diving and wiretapping.
They also establish seemingly-innocent business relationships between foreign companies and U.S. industries to gather economic intelligence, including trade secrets.
Technologies Used for Espionage
Many of the technologies now used for espionage are just updated versions of previous technology: smaller, lighter and orders of magnitude more powerful.
They also establish seemingly-innocent business relationships between foreign companies and U.S. industries to gather economic intelligence, including trade secrets.
Technologies Used for Espionage
Many of the technologies now used for espionage are just updated versions of previous technology: smaller, lighter and orders of magnitude more powerful.
- Spying Equipment
- Spy Cameras
- Lock Picks
- Computer Hacking
- Network Intrusion
- Video Pen Cameras
- Miniature Cameras
- Mobile Phone Spy Gadgets
- Call Recorders
- SIM Card Readers
- Stun Guns Looking Like Cell Phones
- Telebugs
- Bionic Ear Boosters
- Voice Changers
- Audio Jammers
- Wireless Video Cameras
- Pinhole Video Cameras
- Google Glass type sunglasses, or glasses that record video, pictures and sound
- Asset Tracking Devices
- GPS Tracking Devices
- Cellphone Detectors
- Bug Detectors
- Thermal Vision
- Surveillance Cameras (more)
Wednesday, November 20, 2013
Mass Surveillance Is Big Business: Corporations Are as Good at Spying as Governments
Data is the currency of surveillance, and it's not just the NSA and GCHQ looking to cash in. As a newly released cache of documents and presentation materials highlights, the private surveillance industry is booming. More shocking is that many firms claim in their own corporate PowerPoints that they've got capabilities that rival that of the government giants.
The document trove, called the Surveillance Industry Index (SII) and released by Privacy International, and contains 1,203 documents from 338 companies in 36 countries, all of which detail surveillance technologies...
Of course, that world isn't open to average consumers, which is why SII—and previously, Wikileaks' Spy Files, among others—is eye-opening. What's even more concerning than systems that guarantee "complete data inflow from all networks" is who's buying it. And while all the brochures I've read so far are careful to specify that surveillance tech is only for legal data collection, "legal" is a very fluid term worldwide...
There's a very good reason that the UN High Commissioner called privacy a human right earlier this year: The vast tools available to people with enough money and network access are more capable of accessing private information than ever before...
"There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there on the sale of conventional weapons," Matthew Rice, a research consultant with Privacy International, told The Guardian. (more)
The document trove, called the Surveillance Industry Index (SII) and released by Privacy International, and contains 1,203 documents from 338 companies in 36 countries, all of which detail surveillance technologies...
Of course, that world isn't open to average consumers, which is why SII—and previously, Wikileaks' Spy Files, among others—is eye-opening. What's even more concerning than systems that guarantee "complete data inflow from all networks" is who's buying it. And while all the brochures I've read so far are careful to specify that surveillance tech is only for legal data collection, "legal" is a very fluid term worldwide...
There's a very good reason that the UN High Commissioner called privacy a human right earlier this year: The vast tools available to people with enough money and network access are more capable of accessing private information than ever before...
"There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there on the sale of conventional weapons," Matthew Rice, a research consultant with Privacy International, told The Guardian. (more)
Tuesday, November 19, 2013
Business Espionage - IKEA Snooping Investigation Continues
French police are questioning top executives of the Swedish furniture chain IKEA after allegations that the company illegally used police files to spy on staff and customers.
The arrests of the chief executive officer of IKEA France, Stefan Vanoverbeke, his predecessor, and the chief financial officer, come after more than a year and a half of investigations.
Police searched the company’s head office outside Paris 11 days ago. (more)
The arrests of the chief executive officer of IKEA France, Stefan Vanoverbeke, his predecessor, and the chief financial officer, come after more than a year and a half of investigations.
Police searched the company’s head office outside Paris 11 days ago. (more)
Monday, November 18, 2013
Snooping on Credit Cards with Shopping Carts
Researchers at the University of Surrey, UK have successfully used readily available and inexpensive electronic components, combined with a shopping cart antenna, to eavesdrop on NFC and HF RFID contactless communication.
The shopping cart did not perform as well as a small inductive loop antenna (that could be concealed with the electronics in a backpack) but neither are likely to arouse suspicion.
The researchers say that the eavesdropping distance can be as much as 100cm but is dependant on the strength of the magnetic field generated by the victims device.
Companies like VISA, Mastercard and Google who have already developed platforms for contactless payments can now add eavesdropping to the existing security threats of skimming and relay attacks. Original paper here (PDF).
The researchers say that the eavesdropping distance can be as much as 100cm but is dependant on the strength of the magnetic field generated by the victims device.
Companies like VISA, Mastercard and Google who have already developed platforms for contactless payments can now add eavesdropping to the existing security threats of skimming and relay attacks. Original paper here (PDF).
Sunday, November 10, 2013
Seattle, where a java junkie hanging on a light pole won't be alone.
If you're walking around downtown Seattle, look up: You'll see off-white boxes, each one about a foot tall with vertical antennae, attached to utility poles. If you're walking around downtown while looking at a smartphone, you will probably see at least one—and more likely two or three—Wi-Fi networks named after intersections: "4th&Seneca," "4th&Union," "4th&University," and so on.
That is how you can see the Seattle Police Department's new wireless mesh network, bought from a California-based company called Aruba Networks, whose clients include the Department of Defense, school districts in Canada, oil-mining interests in China, and telecommunications companies in Saudi Arabia.
The question is: How well can this mesh network see you? (more)
The question is: How well can this mesh network see you? (more)
Vegas, where a drunk hanging on a light pole won't be alone.
What happens in Vegas stays... with the authorities?
Las Vegas is installing Intellistreets, which are street lights that have many talents -- including the ability to record sound and shoot video. (video report)
Las Vegas is installing Intellistreets, which are street lights that have many talents -- including the ability to record sound and shoot video. (video report)
Economic Espionage: Competing For Trade By Stealing Industrial Secrets
In September 2012 FBI agents in Kansas City, Missouri, arrested two Chinese nationals, Huang Ji Li and Qi Xiao Guang, after they paid $25,000 in cash for stolen trade secrets pertaining to an American company’s manufacture of cellular-glass insulation, or foam glass.
Huang trespassed onto the company’s flagship plant in Sedalia, Missouri, 3 months prior and asked suspiciously detailed questions about the facility’s manufacturing process for the insulation. It also is believed he approached an employee at the company’s corporate headquarters in Pittsburgh, Pennsylvania, just days before seeking to build a foam-glass factory in China.
A judge sentenced Huang to 18 months in prison and a $250,000 fine in January 2013 and Qi, Huang’s interpreter, to time served, a $20,000 fine, and deportation. During sentencing, company officials estimated the value of the targeted trade secrets at $272 million.
The threat of economic espionage and theft of trade secrets to U.S.-based companies is persistent and requires constant vigilance. Even after Huang was arrested, pled guilty, and was sentenced, investigators believed the company’s trade secrets still were at risk for targeting by would-be competitors. (more)
A judge sentenced Huang to 18 months in prison and a $250,000 fine in January 2013 and Qi, Huang’s interpreter, to time served, a $20,000 fine, and deportation. During sentencing, company officials estimated the value of the targeted trade secrets at $272 million.
The threat of economic espionage and theft of trade secrets to U.S.-based companies is persistent and requires constant vigilance. Even after Huang was arrested, pled guilty, and was sentenced, investigators believed the company’s trade secrets still were at risk for targeting by would-be competitors. (more)
Corporate espionage: The spy in your cubicle
Corporate espionage from a German perspective...
At a trade fair, the head of a company discovers a machine developed by his own employees - but at the stand of a competitor, where the new item is proudly displayed. Looking through his company's inventory, he sees four new printers, even though he in fact ordered five. And to top things off, he's having problems with the state prosecutors, who say his firm is implicated in a bribery charge. His company, in short, has fallen victim to industrial espionage - three times over.
Since 2001, some 61 percent of German companies have fallen prey to these or similar crimes. In 2013, by comparison, just 45 percent of German firms were entangled in such an affair. Those were the conclusions of a study conducted by business consulting giant PricewaterhouseCoopers (PCW) together with Martin Luther University in Halle-Wittenberg (MLU). For the study, more than 600 German companies, each with at least 500 employees, were examined every two years...
...in the areas of "industrial espionage, economic espionage and the leaking of work and business secrets," there have been frighteningly high numbers of suspected cases. And there could be far more, the analyst added, since being spied upon doesn't necessarily mean that you know it's happening. Corruption ends with prosecutors knocking at the door; an inventory check usually clears up theft. But with spying, "Nothing is gone." (more)
Part of the Security Scrapbook's reason for being is that last sentence. Tracking some of the business espionage stories per year indicates the size of the problem.
Example: If 1% of business espionage is discovered, and 1% of discovered business espionage becomes news, then 50 business espionage news stories equals 500,000 business espionage attacks — 499,950 of which were successful. Adjust the percentages to suit yourself, but you get the idea.
The point is, you won't know when your intellectual and strategic pockets are being picked. Especially, if you are not checking regularly.
Call me. I can help.
At a trade fair, the head of a company discovers a machine developed by his own employees - but at the stand of a competitor, where the new item is proudly displayed. Looking through his company's inventory, he sees four new printers, even though he in fact ordered five. And to top things off, he's having problems with the state prosecutors, who say his firm is implicated in a bribery charge. His company, in short, has fallen victim to industrial espionage - three times over.
Since 2001, some 61 percent of German companies have fallen prey to these or similar crimes. In 2013, by comparison, just 45 percent of German firms were entangled in such an affair. Those were the conclusions of a study conducted by business consulting giant PricewaterhouseCoopers (PCW) together with Martin Luther University in Halle-Wittenberg (MLU). For the study, more than 600 German companies, each with at least 500 employees, were examined every two years......in the areas of "industrial espionage, economic espionage and the leaking of work and business secrets," there have been frighteningly high numbers of suspected cases. And there could be far more, the analyst added, since being spied upon doesn't necessarily mean that you know it's happening. Corruption ends with prosecutors knocking at the door; an inventory check usually clears up theft. But with spying, "Nothing is gone." (more)
Part of the Security Scrapbook's reason for being is that last sentence. Tracking some of the business espionage stories per year indicates the size of the problem.
Example: If 1% of business espionage is discovered, and 1% of discovered business espionage becomes news, then 50 business espionage news stories equals 500,000 business espionage attacks — 499,950 of which were successful. Adjust the percentages to suit yourself, but you get the idea.
The point is, you won't know when your intellectual and strategic pockets are being picked. Especially, if you are not checking regularly.
Call me. I can help.
Friday, November 8, 2013
Private Investigator + Software Firm = Cell Phone Spyware Arrest
India - The Central Crime Branch (CCB) police arrested two persons, who allegedly used a software to collect confidential and personal data of cellphone users, for detective purposes...
The preliminary investigation has revealed that several mobile numbers of clients all over India have been snooped upon over the past year, the police said.
[The] firm was allegedly involved in using snooping software on Android and Blackberry based mobile phones. The firm was allegedly monitoring phone calls and messages of people, on behalf of their clients for detective purposes...
Once the software is installed and whenever user starts using the mobile, all data pertaining to his calls including conversation recordings / messages / e-mails, chats, picture and videos on the mobile phone would be automatically uploaded to a server hosted somewhere else using the target mobile phone’s GPRS data.
Even the exact geographical movements of the target in terms of latitude and longitude would be recorded and sent to the server in real time. The clients of detective agencies would be provided with a login username and password to view the data and movements of target’s mobile phone on a web browser and Google maps. (more)
The preliminary investigation has revealed that several mobile numbers of clients all over India have been snooped upon over the past year, the police said.
Once the software is installed and whenever user starts using the mobile, all data pertaining to his calls including conversation recordings / messages / e-mails, chats, picture and videos on the mobile phone would be automatically uploaded to a server hosted somewhere else using the target mobile phone’s GPRS data.
Even the exact geographical movements of the target in terms of latitude and longitude would be recorded and sent to the server in real time. The clients of detective agencies would be provided with a login username and password to view the data and movements of target’s mobile phone on a web browser and Google maps. (more)
Thursday, November 7, 2013
More Kinds of Corporate Spies Target More Kinds of Trade Secrets
Efforts to steal trade secrets from U.S. companies continue at a high level and are hitting new targets, in spite of major efforts to stop such industrial espionage. Losing trade secrets hurts the economy by discouraging investments in the research critical to growth. Some new players are getting into the fray, and the attacks hit a huge variety of businesses from high tech to high fashion.
Plans for a fighter jet are an obvious target for corporate and other kinds of spies, but experts say industrial espionage also has been aimed at high fashion designers and toymakers, innovative steel makers, food and beverage companies, clean energy research and wind turbine makers. Corporate spies also are seeking information about the management practices that guide successful businesses. (think boardroom bugging) (more)
Plans for a fighter jet are an obvious target for corporate and other kinds of spies, but experts say industrial espionage also has been aimed at high fashion designers and toymakers, innovative steel makers, food and beverage companies, clean energy research and wind turbine makers. Corporate spies also are seeking information about the management practices that guide successful businesses. (think boardroom bugging) (more)
Secret Agent Suits - Odds Are You Live to See Tomorrow
"We offer our clients a bullet-proof suit to keep them safe during their travels to dangerous places for work. We wanted to create a lightweight garment that not only looks professional, but can also act as reliable body armor. The idea was to create a stylish and discreet alternative to wearing a bulky bullet proof vest underneath a suit. This way, our clients, wouldn’t have to worry about looking awkward during meetings, and they can travel to work feeling comfortable, safe, and confident.
This past year, Garrison Bespoke worked alongside suppliers for the US 19th Special Forces in developing the custom bulletproof suit. Using nanotechnology, it’s comprised of the same carbon nanotubes designed for the US troops’ uniforms in Iraq. Yet, the patented suit material is a lot thinner and flexible; fifty percent lighter than Kevlar (the material commonly used in bullet-proof gear). The entire suit acts like a shield, with nanotubes in the fabric hardening to block force from penetrating through.
The Garrison Bespoke bullet proof suit was made to fulfill three important expectations: First, to be modern and stylish. Second, to be light and comfortable. And, third, to be reliable and safe. After putting the suit to test, we can proudly say that all expectations have been met." (more)
Prices start around $20,000.00.
This past year, Garrison Bespoke worked alongside suppliers for the US 19th Special Forces in developing the custom bulletproof suit. Using nanotechnology, it’s comprised of the same carbon nanotubes designed for the US troops’ uniforms in Iraq. Yet, the patented suit material is a lot thinner and flexible; fifty percent lighter than Kevlar (the material commonly used in bullet-proof gear). The entire suit acts like a shield, with nanotubes in the fabric hardening to block force from penetrating through.
The Garrison Bespoke bullet proof suit was made to fulfill three important expectations: First, to be modern and stylish. Second, to be light and comfortable. And, third, to be reliable and safe. After putting the suit to test, we can proudly say that all expectations have been met." (more)
Prices start around $20,000.00.
Hacker Who Helped Catch Cheating Lovers in FBI's Sights
Among the five people added this week to the FBI's list of "most wanted" cyber criminals is a former San Diego college student who developed an $89 program called "Loverspy" or "Email PI." Sold online from his apartment, the program was advertised as a way to "catch a cheating lover" by sending the person an electronic greeting card that, if opened, would install malicious software to capture emails and instant messages, even spy on someone using the victim's own webcam.
The case of Carlos Enrique Perez-Melara, 33, is noteworthy because he appears to have made relatively little money on the scheme, unlike others on the FBI list who were accused of bilking millions of dollars from businesses and Internet users worldwide. But Perez-Melara, a native of El Salvador who was in the United States on a student visa in 2003 when he sold the spyware, allegedly helped turn average computer users into sophisticated hackers who could stalk their victims...
In addition to hacking-for-hire services, there is an established commercial market for snooping software that domestic violence advocates warn can also be used to stalk victims. Software such as ePhoneTracker and WebWatcher, for example, are advertised as ways to monitor kids' online messages and track their location. For $349 a year, Flexispy of Wilmington, Del., promises to capture every Facebook message, email, text and photo sent from a phone, as well as record phone calls. These services generally would be legal only if the person installing the software also owned the device or were given consent by the owner. (more)
 |
| Click to enlarge. |
In addition to hacking-for-hire services, there is an established commercial market for snooping software that domestic violence advocates warn can also be used to stalk victims. Software such as ePhoneTracker and WebWatcher, for example, are advertised as ways to monitor kids' online messages and track their location. For $349 a year, Flexispy of Wilmington, Del., promises to capture every Facebook message, email, text and photo sent from a phone, as well as record phone calls. These services generally would be legal only if the person installing the software also owned the device or were given consent by the owner. (more)
The Current State of Cyber Security in Latin America
Latin America is experiencing tremendous growth—unfortunately the growth in question relates to cyberattacks. “If you look at Peru, you see 28 times as much malware in 2012 as in 2011; Mexico about 16 times; Brazil about 12 times; Chile about 10; and Argentina about seven times,” said Andrew Lee, CEO of ESET. These tremendous growth rates are expected to continue in the coming years, Lee noted.
Tom Kellermann, vice president of cybersecurity at Trend Micro, a network security solutions company. He discussed a report that Trend Micro released jointly with OAS called Latin American and Caribbean Cybersecurity Trends and Government Responses.
Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said. (more)
Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said. (more)
NSA Spy Scandal - The Final Word?
Get Over It: America and Its Friends Spy on Each Other
"All history teaches us that today's allies are tomorrow's rivals." John le Carré
With the French saying they are shocked—shocked!—to discover that America is spying on them, and the long-monitored German chancellor, Angela Merkel, reportedly in a state of outrage, this may be a good time to explain why it is considered so necessary. Why monitoring "foreign-leadership intentions" is a "hardy perennial" in U.S. espionage practice, as National Intelligence Director James Clapper put it during congressional hearings this week. And why most of what is done today, one way or another, is likely to go on.
...the NSA may be reined in. But one way or another, the spying will go on. (more)
This story was written by, Michael Hirsh, chief correspondent for National Journal. Alternate ends to the NSA story don't seem plausible. Think back to the Church Committee hearings and Secretary of War, Henry L. Stimson... "Gentlemen do not read each other's mail."
Stimson's views on the worth of cryptanalysis had changed by the time he became Secretary of War during World War II, before and during which he, and the entire US command structure, relied heavily on decrypted enemy communications. (wikipedia)
"All history teaches us that today's allies are tomorrow's rivals." John le Carré
...the NSA may be reined in. But one way or another, the spying will go on. (more)
This story was written by, Michael Hirsh, chief correspondent for National Journal. Alternate ends to the NSA story don't seem plausible. Think back to the Church Committee hearings and Secretary of War, Henry L. Stimson... "Gentlemen do not read each other's mail."
Stimson's views on the worth of cryptanalysis had changed by the time he became Secretary of War during World War II, before and during which he, and the entire US command structure, relied heavily on decrypted enemy communications. (wikipedia)
Subscribe to:
Posts (Atom)