Spybusters Tip #873 - Eavesdropping on Foscam IP Video Cameras

The following Foscam MJPEG based video cameras (firmware version .54) can be accessed without a password: FI8904W, FI8905E, FI8905W, FI8906W, FI8907W, FI8909W, FI8910E, FI8910W, FI8916W, FI8918W, FI8919W

Foscam will be posting a firmware upgrade on their website to fix this issue. Unfortunately, most users will never know about it. 
 
Test Your Camera - A quick way to verify and confirm if your camera has this issue:
1. Enter your camera's IP address in your web browser. Example: 192.168.1.101
2. When you see the password screen do not enter a User Id and Password. Simply click the OK button. If you see your camera, you have the problem. 

Use this work-around for temporary protection (here), and be sure to upgrade the firmware when it becomes available (here).

Plan to Ban Instant Messaging has Unintended Consequences

Goldman Sachs Group Inc. is planning to ban traders from using some computer-messaging services in a bid to protect proprietary information at the heart of its sales-and-trading operation.

Under a new policy, the Wall Street firm won't allow person-to-person communication over instant-messaging (IM) services created by Bloomberg LP, Yahoo Inc., AOL Inc. and other third-party providers including Pivot Inc., according to a draft of a memo reviewed by The Wall Street Journal.

Goldman is seeking to prevent information from internal conversations from being filtered and disseminated beyond the bank's walls. The planned ban reflects a mistrust of technology developed by messaging-service providers that can make its traders more efficient but also be used to mine private communications for closely guarded intelligence on securities pricing. (more)

FutureWatch: Expect other financial institutions to follow.

Unintended Consequence: Scraping (a Wall Street term for collecting useful tidbits of info) attempts will continue as always, but it won't be easy pickings anymore. Conventional spycraft (bugging and wiretapping) worked before IM came along. It continues to work, and will become the best option again. Technical Surveillance Countermeasures (TSCM) inspections are the most cost-effective defense.

UPDATED - Privacy Journal's Compilation of State and Federal Privacy Laws

This new book includes new privacy laws on: demands for social-media passwords by employers and universities, use of credit reports by employers, new tracking technologies, new state restrictions on use and disclosure of Social Security numbers, plus updated chapters on credit reporting, medical, financial, testing in employment, insurance, government information, and much more, grouped by categories and listed alphabetically by states. Descriptions of state, federal, and Canadian laws are included.

Privacy Journal's Compilation of State and Federal Privacy Laws replaces the 2002 book and all subsequent supplements in one consolidated hard copy edition, 80 pages, ISBN is 9780930072568

It is also available in an electronic edition so that you may store it in your computer and search later by key words and states.

Contact:
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
www.privacyjournal.net

Also available from amazon.com.

JoJo's TSCM Adventure... as told to the court.

NJ - Former city recreation employee Charles Hall III testified Tuesday that Joseph “JoJo” Giorgianni gave him anti-surveillance device to try to detect an FBI bug hidden in the clubhouse next door to JoJo’s Steakhouse on Dec. 23, 2012.

Hall testified on the seventh day of testimony in Trenton Mayor Tony Mack’s trial on bribery and extortion charges in U.S. District Court.

Hall told the court that Giorgianni had him sweep for an FBI listening device to attempt to locate a government bug.

“Nothing really happened,” Hall said. “I don’t know if the device worked at the time.” (more)

Security Alert - Eavesdropping via the Chrome Browser

Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time...
 
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor. 

The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)

Surreptitious Recording in the Future

via The Wall Street Journal...
I've been snapping photos of everything in front of me for the last week. If we've passed, even for a moment, I probably have a picture of your face.

I'm not a spy, but I've been using gear you might associate with 007. New matchbook-size cameras that clip to your tie or shirt let you capture a day's worth of encounters, then upload them to the Internet to be remembered forever.

Why on Earth would anybody want to do that? After trying out two devices that recently began shipping, the $279 Narrative Clip and $399 Autographer, I think the answer for many will be why wouldn't you? (more) 

The reporter, Geoffrey A. Fowler, goes on to say why these are inadequate for spy use, and reflects on the etiquette issues. 

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."  

FutureWatch - We are still in the infancy of documenting our entire lives. The black box of the future could record your life 24/7, with personal data, e.g. health statistics, your five senses and emotional states. Imagine the problems. Would using one become mandatory for law enforcement purposes? In what ways will your black box be valuable to thieves and hackers? Ultimately, who owns your life?

Business Espionage: Bratz Bitch Slaps Barbie Over Spying to the Tune of $1 Billion

MGA Entertainment Inc. (MGA) filed a major trade secret theft lawsuit against Mattel Inc. on over reportedly stealing information at industry trade shows, and is seeking damages of at least $1 billion. This is the latest in a long-running battle between the two competing doll makers.

MGA claims that throughout a period of years, Mattel instructed its employees to engage in acts of "espionage and fraud" to steal MGA's trade secrets...
The Bratz doll makers claim that for a number of years, Mattel employees used a "Market Intelligence Department" to steal MGA's trade secrets under the aspices of an 11-page "How-to-Steal" manual. Mattel also reportedly set up "spies," who created false identities by printing fake business cards and used Mattel's accounting department to create mocked-up invoices to back up their fictional businesses in to better gain access to MGA's private showrooms. 

MGA also claims that Mattel employees purchased small video recorders (paid for by Mattel) and cameras to photograph and videotape what they saw in private showrooms and industry trade shows. As a result, Mattel obtained highly confidential information about MGA's designs, price lists and marketing plans for unannounced future products in the highly popular Bratz line, according to MGA. (more)

Husband's Intimate Tweets to Other Woman Posted on Net by Wife... and then...

One of India's most prominent politicians, Shashi Tharoor, has been caught in an excruciating cross-border Twitter scandal after his wife posted allegedly intimate text messages between the government minister and a Pakistani journalist on his social media account. 

The latest Twitter tempest for Dr Tharoor, Minister for Human Resources, author and former senior UN official once mooted as a candidate for secretary-general, threatens not only to scuttle a promising political career and a three-year marriage but also expose the politician to further legal scrutiny over a 2010 Indian Premier League cricket bidding scandal that cost him his then job as a junior minister. (more) (background)

This just in... 
Shashi Tharoor's wife was found dead in a luxury hotel room in Delhi after she went public on Twitter... (more)

Wiretap Boast Makes Mr. Harden Criminal (Darwin Award)

The first of my 2014 Darwin Awards goes to...

OR- Daniel Devon Harden, 38, was arraigned Thursday afternoon on allegations of attempted murder, first-degree assault, second-degree assault and unlawful use of a weapon stemming from a stabbing at a Northeast Portland club on Sept. 23...

Portland police solved the case after Harden boasted about the stabbing, which was picked up during an unrelated federal wiretap investigation into a cocaine-trafficking ring, according to court records. (more)

Drone Law News. A license to shoot 'um down! And, a brillant career move.

• Legislation has been introduced in the Missouri House of Representatives that would regulate the use of unmanned aerial vehicles (drones) and protect the privacy rights of citizens. (more)

Click to enlarge.

• Deer Trail, Colorado - Wearing a black duster and a black cowboy hat, Phil Steel walked to the front of the meeting room armed with a Nerf gun and a smile. The U.S. Army veteran was there to pitch his big idea: an ordinance that would legalize and regulate drone hunting inside Deer Trail city limits. If approved, residents could pay $25 to get a drone-hunting license; the town would pay a bounty for every drone bagged. 

Steel had hammered out the 2,800-word ordinance in just four hours. Its key points: 
- When a drone flies into its airspace, Deer Trail will consider it an act of war.
- You can only shoot at drones flying lower than 1,000 feet.
- Unless your life is in danger, you can only fire up to three shots at a drone. (more)
He has already sold more than 60 of his own licenses online.

 •  ND - Rodney Brossart, a North Dakotan cattle rancher, was sentenced to three years in prison, with all but six months suspended, for terrorizing police officers who were trying to arrest him at his property in 2011. The strange case garnered national attention because it was the first time a law enforcement agency had used an unmanned aerial vehicle to assist in carrying out an arrest. (more)

 • With a 34-2 vote, New Jersey’s State Senate approved a bill that provides some of the nation’s strongest protections against drone surveillance. The bill, which went through several incarnations since being introduced last spring, restricts how police, firefighters and other first responders can use drones... It also includes a ban on outfitting them with weapons. bada-bing-bada-no-boom (more)

FutureWatch - Career Alert - Employment Hope for Twitchy Fingered Youth
The Federal Aviation Administration estimates up to 7,500 commercial drones could be flying in national airspace within a few years... Several colleges now offering courses! (more) (more)

The Federal Aviation Administration estimates up to 7,500 commercial drones could be flying in national airspace within a few years
Read more at http://www.toledoblade.com/local/2013/12/25/Ohio-students-eye-drone-jobs-Copy.html#2lCZsJDGZVL0iU62.99

The Federal Aviation Administration estimates up to 7,500 commercial drones could be flying in national airspace within a few years
Read more at http://www.toledoblade.com/local/2013/12/25/Ohio-students-eye-drone-jobs-Copy.html#2lCZsJDGZVL0iU62.99

Supreme Court to Consider if Police Need Warrants to Search Cellphones

The Supreme Court on Friday agreed to hear a pair of cases about whether the police need a warrant to search the cellphones of people they arrest, presenting a major test of the meaning of the Fourth Amendment in the digital age.

The court has long allowed warrantless searches in connection with arrests, saying they are justified by the need to find weapons and to prevent the destruction of evidence.  

The question for the justices in the new cases is whether the potentially vast amounts of data held on smartphones warrant a different approach under the Fourth Amendment, which bars unreasonable searches.

The lower courts are divided. (more) (more) (GEICO Pig don't care.)

Obama on Digital Spying: Hey, Companies Do It, Too

In a much-anticipated speech, President Barack Obama took to the podium to introduce changes he aims to make to the National Security Administration's surveillance operations... Those in the business community may have been surprised that the president took a moment to remind Americans that spying isn't just a government practice.

Here's what the President said about corporate data tracking:
"Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes; that's how those targeted ads pop up on your computer or smartphone." (more)

Why does this remind me of my mother saying, "So, if George jumped off the roof would you do it too?"

Eye Spy - Scraping Info From Corneas

Advances in photography are rapidly making indirect spying possible. Reflections off of corneas, or any reflective surface, can be gleaned with off-the-shelf cameras and lenses. 

Have a look...
You may want to close the blinds in your office. (more)

Surreptitious Workplace Recording - Jailer v Jailer

NJ - Federal prosecutors say the deputy director of the Hudson County jail used a website to illegally wiretap some of his fellow employees.

Kirk Eady turned himself in today and made his initial court appearance, where bail was set at $100,000 unsecured bond and he was order to surrender any firearms. Eady has been suspended without pay, Hudson County spokesman James Kennelly said today. Eady earns $120,000 annually...

Prosecutors say that between March and July 2012, Eady used a publicly available website to place telephone calls to four Hudson County jail employees. The website allowed Eady to conceal the telephone numbers from where the calls originated and also call and record two people simultaneously.

The site also made it appear that those people, and not Eady, originated the call. (more)

Kevin's Security Tip of the Day

With all the data breaches in the news recently, you may wonder if your information was plundered. Find out at Have I Been Pawned? Mine has:(

If so, it's time to scurry around and change your on-line passwords.

Need help?
Password generators.
Password managers.
Password strength testers.

Make sure your new passwords are not on this list...
The Top 500 Worst Passwords of All Time

How to Create Easy to Remember Secure Passwords...
You can create a memorable, secure password starting with a simple phrase. We call these "passphrases". For example, let's use a quote from Ogden Nash:

"Happiness is having a scratch for every itch."

If we use the first letter of each word, and substitute 4 for "for", we get:

Hihas4ei

This is a reasonably strong password but we can improve it a bit by adding some special characters:

#Hihas4ei:

Associating Web Sites...
We can use our new password on several different websites by adding a suffix with a mnemonic link to a particular site. Let's use the first letter and the next two consonants in the site name.

Just to add a bit more randomness we'll alternate upper-case and lower case, and if the first character in the site name is a vowel we'll start with upper-case. To mix things up a bit more we'll use the same rule to decide whether to add the site mnemonic to the left side or the right side.
#Hihas4ei:AmZ    for Amazon
fBk#Hihas4ei:    for Facebook
#Hihas4ei:YtB    for YouTube
(more)

Your Automobile is Very Likely Spying on You

...but Republicans and Democrats in the U.S. Senate are uniting to put a stop to unfettered snooping via the "black boxes," or "event data recorders," placed in your car by automakers. 

Is your car spying on you? If the vehicle is a fairly new model it probably is, thanks to a "black box" that collects data about what’s going on in your car. And there’s no off switch or way to opt out. By September all new cars sold in the United States will be required to have black boxes, or as they’re more formally called, "event data recorders."

"The amount of data that they record is vast. And it's not capped," said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation (EFF).

That’s just one way new technology installed in automobiles is invading our privacy. At the 2014 Consumer Electronics Show (CES) last week, Google and a handful of automobile manufacturers, including Audi, GM, Honda and Hyundai, announced a partnership designed to bring the Android mobile platform to vehicles. Those devices are capable of broadcasting your location, Web pages you may have looked at, stores you shopped in and much much more. Chevrolet, for example, showed off a camera mounted on the windshield that records the driver’s point of view and a microphone in the cabin records any noises made in the car.
 
...Consider what Ford’s top sales guy James Farley said at a CES event: "We know everyone who breaks the law. We know when you’re doing it. We have GPS in your car, so we know what you’re doing." Farley quickly retracted his impolitic remarks, but they give you insight into how seriously some automakers take your privacy. (more)

Is your car bugged?
See if you are on the list.
If so, read this. 
~Kevin

Infographic - The Relative Cost of Surveillance

Ashkan Soltani, a privacy and security researcher who has been working with the Washington Post on the Snowden files, has published a graphic that illustrates how technology has greatly reduced the barriers to performing surveillance. Soltani included the graph in a paper published in the Yale Law Journal...

Click to enlarge.

The cost comparison involves the several location surveillance techniques of physical pursuit by foot and in vehicles, location tracking using a radio beeper, a GPS device, or a cell phone.

A few examples for understanding the chart:
• Tracking a suspect using a GPS device is 28 times cheaper than assigning officers to follow him.
• Tracking a suspect using cell phone data is 53 times cheaper than physical covert pursuit.
• Tracking a cell phone is twice as cheap as using a GPS device. (more)

...and now, your moment of spy palindrome and Zen...

Nurse, I spy gypsies, run!

...and a chaser story... 

New Zealander Nancy Wake fought fearlessly for the Allies in World War II, first for the French resistance and later as a spy for Britain’s Special Operations Executive.

Parachuted into the Auvergne in April 1944, she was hanging from a tree when a resistance fighter told her, “I hope that all the trees in France bear such beautiful fruit this year.”

She said, “Don’t give me that French sh_t.”

..."More!" I hear you say...

In November 2006, 23-year-old David Fearn of Staffordshire changed his name to James Dr. No From Russia With Love Goldfinger Thunderball You Only Live Twice On Her Majesty’s Secret Service Diamonds Are Forever Live and Let Die The Man With the Golden Gun The Spy Who Loved Me Moonraker For Your Eyes Only Octopussy A View to a Kill The Living Daylights Licence to Kill GoldenEye Tomorrow Never Dies The World Is Not Enough Die Another Day Casino Royale Bond. 
It’s the longest name in deed poll history. (more)

Huawei Defends Against Whitehall Bugging Claims

UK - Huawei, the Chinese telecoms company that came under suspicion of spying for the Chinese government, has been forced to defend its security records after reports that Government departments believed its technology could be bugged.

Reports at the weekend alleged that three Whitehall departments ordered that video conferencing devices supplied by Huawei should be removed, due to concerns about possible security vulnerabilities in the equipment. (more)

Eavesdropping Software Products Sold in the Open

Viet Nam - (Smartphone) software products have become so smart that they not only allow eavesdropping on normal calls or SMS, but the calls and SMS applied OTT apps as well.

There are four eavesdropping software products mostly popular in Vietnam, namely Amaza Tracker, Spyphone, Copyphone, Mobile Spy. They are originated from other countries, compatible to most of the popular operation systems now, from Android, iOS to Windows Phone, BlackBerry. Especially, the products have been updated regularly to be suitable to the mobile phones of the latest generations...

More dangerously, with the advanced technologies, some spyware products can allow to watch the messages and free calls on Line, Viber, WhatsApp, Facebook, Yahoo. Meanwhile, the majority of the popular products can be compatible with Android and iOS based smart phones.

The information can be copied in files, and then sent to the emails of the eavesdroppers. (more)

British Spies – Licensed to Speed

British spies are to be given a "license to speed", allowing the likes of James Bond to drive fast with impunity in the name of national security.

Transport minister Robert Goodwill was to announce the motoring law changes on Monday, which will hand spooks the same exemption as the police, fire service and ambulance drivers.

Officers in the MI5 and MI6 domestic and foreign intelligence agencies will be able to break the speed limit on surveillance and covert operations once they have completed a training course in high-speed driving. (more)

Business Extortion via Electronic Eavesdropping Bugs and Spyware

China - Police have arrested a divorced man and his mistress for subjecting his ex-wife to months of illegal surveillance, intimidation and extortion to gain control of half of her company, local media reported Friday.

The suspects, surnamed Zhu and Liu, spent almost a year spying on their victim, surnamed Wei, by installing monitoring software on her computers and bugging her home, her car and her luggage in a plot to destroy her reputation, according to a report in the Xinmin Evening News. By the time they were caught, the pair had cost Wei's company more than 100 million yuan ($16.5 million) in lost business.

Police said more and more illegal surveillance cases have emerged as technology has advanced, according to the report. Last year, Shanghai police arrested about 190 suspects for the illegal trade or use of surveillance equipment, seizing 500 pieces of equipment and more than 100 million pieces of personal information. (more)

Government Begins Responding to Spying Objections

Maryland legislators will consider a package of laws to curb electronic surveillance by police, requiring a search warrant to use drones, email, cellphone towers or license plate readers to track people.

Measures sponsored by a bipartisan pair of senators come amid a national debate over government surveillance after revelations about the extent to which the National Security Agency collects information on U.S. citizens. (more) 

Obama to unveil spying reforms on 17th January
 White House spokesman Jay Carney said that Obama's remarks would show the "outcomes of the work that has been done on the review process."

The White House said on Thursday that the president was nearing the end of his soul searching about US spying reforms as he met lawmakers who oversee the intelligence community. (more) 

FBI Director James Comey recently told reporters that the federal government's spying on American citizens via the National Security Agency is the "way the founders intended." (more)

CA - Sen. Ted Lieu (D-Torrance) and Sen. Joel Anderson (R-San Diego) introduced the Fourth Amendment Protection Act to prohibit any state support of the NSA. “State-funded public resources should not be going toward aiding the NSA or any other federal agency from indiscriminate spying on its own citizens and gathering electronic or metadata that violates the Fourth Amendment,” Lieu said in a press release. (more)

Interesting Spy Stories Today

Private Eye Sky Spies
Click-bait, or cold reality? The headline for Robinson Meyer’s article in the Atlantic about three Silicon Valley start-ups and their plans to make money off satellite photography of the earth is “Silicon Valley’s New Spy Satellites.” Very soon, it’s likely that it will be substantially easier to buy recent, high-resolution imagery of the Earth’s surface... the message they send together is simple: We’re all spies now. (more)

What Will Anna Chapman Do Next? Former spy Anna Chapman, who was sent back from the United States to Russia in a major spy swap in 2010, is going to present her own clothing line at a fashion show in the Turkish resort of Antalya. (more) (Anna's adventure timeline)
 
500 Years of History Shows that Mass Spying Is Always Aimed at Crushing Dissent (more)

Boycott Of RSA Security Conference Builds In Wake Of NSA Spy Scandal (more)

Amateur Spies - Surgeon Accused of Spying on Ex with Software

TX - A pioneer in cancer research is facing a second degree felony charge in an alleged plot to spy on his ex-wife while they were going through their divorce.

According to prosecutors, Dr. Steven Curley plotted with a computer expert to install a program called eBlaster. (more)

IA - ...the Iowa City landlord found guilty last year of spying on his tenants (six counts) through bathroom peepholes in 2012, has motioned for a new trial... (speed bump) ...The city’s Housing and Inspections Services office says the city’s housing code doesn’t address cases such as this, therefore Miller is able to continue to own and manage the properties. (more) 

PA - Forty-three years after the mysterious theft of up to 1,000 documents from an FBI office outside Philadelphia, three former political activists are publicly confessing to the brazen burglary, calling it an act of “resistance” that exposed “massive illegal surveillance and intimidation.”... Members of the burglary team, armed with little more than a crowbar and wearing  suits and ties, then walked off undetected with suitcases stuffed with sensitive bureau files that revealed a domestic FBI spying operation known as COINTELPRO. (more)

Canada - A St. Albert man who surreptitiously took pictures of young girls in change rooms at five Alberta recreational facilities... was sentenced to two years in prison Tuesday. (more)

FL - A St. Augustine man and former Putnam County deputy (and St. Johns County reserve deputy) accused of using his cellphone to record a tanning room at the U.S. 1 South World Gym was sentenced Tuesday to 300 days in jail... a woman reported that a gym employee put a cellphone in the closet of the tanning room to record people getting in and out of the booth... (more)

The Point
Anyone can be a spy. The technology is cheap, and easy to use. Just add motivation. 

FutureWatch
This will become a real workplace issue in 2014. 
And now, a very creepy moment of spy Zen...

NSA Can Now Bug iPhones (yawn)

Reports have surfaced that the US National Security Agency can now turn iPhones into eavesdropping tools.

That’s the word from security expert Jacob Appelbaum, who told a hacker conference in Germany that the NSA can plant iPhone malware called Dropout Jeep, which gives American intelligence agents the ability to turn the gadget into a listening post using the iPhone camera and microphone. Also, it has a spyware function that can retrieve contact information, read through text messages and emails, and listen to voicemails. (more)

(Yawn.) Spyware for smartphones has been around for years. You can purchase it with a few keystrokes. 

Don't worry about the NSA. They could probably care less about you. Worry about your employer, disgruntled employee, or significant other. 

Then, if the question, "Is my cell phone bugged?" pops into your mind, buy a good book, or app, and find out what to do about it.

The Annabel Melongo Eavesdropping Case - 8 Years and Counting

The Annabel Melongo saga continues in the Illinois Supreme Court Tuesday, Jan. 14, marking the eighth year the case has been tied up in litigation.
 
Melongo was (also) indicted for eavesdropping, as a grand jury accused her of illegally recording conversations with a Cook County court reporter.

The indictment accused Melongo of:

(1) Eavesdropping without consent:

“…in that she knowingly and intentionally used an eavesdropping device, to wit: an audio recording device, for the purpose of recording a conversation, to wit: recording a conversation conducted by telephone between Annabel K. Melongo and Pamela Taylor of the Cook County Court Reporter’s Office, and without the consent of all parties to such conversation and without authorization provided by Article 108A or Article 108B of the ‘Code of Criminal Procedure of 1963,’ approved August 13, 1963, as amended.” (more)

Note to Clients: I will send you a private report this month about covert recording in the workplace, and what to do about it. You really don't want to be tied up in 8-year-long court battles.

Facebook Sued Under Federal Wiretapping Law For Mining Private Messages

Facebook faces a potential class action lawsuit (“Matthew Campbell v. Facebook Inc.”) for allegedly violating the US Electronic Communications Privacy Act and California privacy and unfair competition laws. At issue is the company’s alleged practice of scanning private Facebook messages (first discovered in 2012) for URLs and then using that information as part of its ad targeting data. (more)

Trending TV: Spies are hot, again

Secret agents are lurking everywhere on TV in 2014. 

From "The Avengers" to "Mission Impossible" to "24," spy thrillers always have been a TV staple, but with the National Security Agency under fire for spying on everyday Americans and others, espionage stories seem all the more resonant these days. Here's a look at several current or upcoming spy shows and several old favorites that can be seen online... (more)

The 2014 Privies - Dubious Achievements in Privacy Law

Recognizing Stupid Privacy Laws 
by Stewart Baker, Former government official now practicing law

It’s time to recognize just how stupid privacy law is getting. And what better way than by acknowledging the most dubious achievements of the year in privacy law? (more)

My favorite - Judge Uncovers Wiretap Plot with 425 Million Co-Conspirators
(Scroll down to Category 3 - "Dumbest Privacy Cases of the Year")

Slack Wiretapping Sentence Imposed for Slack Attack on Slack

WV - A former West Virginia sheriff convicted of hacking his now ex-wife's work computer was sentenced to probation Thursday after she made an emotional plea for leniency.

Former Clay County Sheriff Miles Slack exchanged a long hug with Lisa Slack, his friends, and relatives after U.S. District Judge John T. Copenhaver sentenced him to one to two years' probation and fined him $1,000 for wiretapping...

Federal prosecutors say Slack secretly installed a keystroke logger on a computer in the county magistrate court in April where his wife worked. They were married at the time. Slack admitted he intended to monitor her activity.

Slack could have been sentenced to up to five years in prison. (more)

Mobile Devices Will Pose The Biggest Risk In 2014, Survey Says

IT professionals are troubled by the risk of data leakage associated with employee smartphones and are focusing on bolstering endpoint security, according to a new study.

Mobile devices will pose the biggest threat in 2014, according to a survey of 676 IT and IT security professionals conducted recently by the Ponemon Institute. About three-quarters of those surveyed cited the risk posed by mobile devices as their biggest concern, up from just 9 percent in 2010.

Meanwhile, targeted attacks, designed with custom malware that can maintain a lengthy presence on corporate systems, is close behind as a troubling trend, the survey found. About 40 percent of those surveyed said their firm was the victim of a targeted attack in the past year, according to the survey, which was commissioned by vulnerability management vendor Lumension Security. (more)

Riga International Airport Officials - "We bought what?!?!"

Latvia - Management officials of Riga International airport were not aware of the fact that they had used budget money to buy a device that had allegedly allowed the airport’s security listen in on employees’ telephone conversations.

Security Police has launched an investigation about this possible crime.

After learning of the possible wiretapping into employees’ telephone conversations, the Board of the airport dismissed the head of its Security Department Raimonds Lazdins and two other employees. Equipment meant for wiretapping was found in the airport. (more)

NSA Lawsuit Ruling

Washington – A federal district judge ruled on Monday that the National Security Agency program that is systematically keeping records of all Americans’ phone calls most likely violates the Constitution, describing its technology as “almost Orwellian” and suggesting that James Madison would be “aghast” to learn that the government was encroaching on liberty in such a way.

The judge, Richard J. Leon of Federal District Court for the District of Columbia, ordered the government to stop collecting data on the personal calls of the two plaintiffs in the case and to destroy the records of their calling history. But Judge Leon, appointed to the bench in 2002 by President George W. Bush, stayed his injunction “in light of the significant national security interests at stake in this case and the novelty of the constitutional issues,” allowing the government time to appeal it, which he said could take at least six months.

“I cannot imagine a more ‘indiscriminate’ and ‘arbitrary’ invasion than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval,” Judge Leon wrote in a 68-page ruling. “Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment,” which prohibits unreasonable searches and seizures. (more)

A Flashlight that Follows Your Path... in addition to lighting it.

The Android flashlight app, Brightest Flashlight!

GoldenShores Technologies, LLC, is using the onboard GPS to make money on a free app by selling the anonymized user data it collects. And, the amount is not trivial; over one million people have downloaded the flashlight app.

The reason this information finally surfaced was because the Federal Trade Commission (FTC) became involved, eventually issuing an official complaint against Goldenshores Technologies (PDF)... (more)

Camera Vendor Admits to Police Headquarters Bugging Mistake

Listening devices in Edison police headquarters secretly recorded officers, attorneys, civilians...
 

NJ - Private conversations, including legally protected attorney-client discussions, have been secretly recorded inside Edison police headquarters, prompting calls for state and federal investigations and stoking new tensions in a department long wracked by internal strife.

The conversations were picked up by dozens of audio-enabled surveillance cameras installed throughout the building in January.

At the time, Police Chief Thomas Bryan assured Edison’s mayor and business administrator, along with wary union officials, that microphones on the cameras would be disabled to guard against an invasion of privacy, the officials said. Officers learned otherwise last weekend... (more)

NSA News Flash

* Judge: NSA Phone Spying 'Almost Certainly' Unconstitutional 
* Ruling Deals a Blow to NSA Records-Collection Methods 
* Lengthy Federal Court Process Still Ahead for NSA Spying 
(MORE TO COME)

Opinion - IT Should Ban Google Glass Before It's Too Late

IT Should Ban Google Glass Before It's Too Late

Google's soon-to-be-publicly-available wearable technology exposes your company to problems ranging from illegal wiretapping and surveillance to a wild spectrum of inappropriate uses.  

Columnist Rob Enderle writes that you should do yourself a favor and ban Google Glass before it is even available to your employees. (more)

Coach with The Bush School Accused of Spycam'ing Female Students

WA - A Seattle private school has put a coach and substitute teacher on administrative leave after he was arrested and charged with voyeurism.

Jason Paur, a 43-year-old teacher with The Bush School, was arrested in British Columbia Tuesday while on a school sponsored ski team trip.

Pauer is accused of putting a video camera in a room where female students were staying. Police have also charged him with possessing child porn and breaking and entering. (more)

Fargo - A homespun spycam story.

ND - Police from two separate cities are investigating KVLY-KXJB reporter Mellaney Moore after the station aired her hidden camera story about local school security.

Jerry Lundegaard, town car salesman, upon hearing the news.

According to Moore’s story, she entered three schools, one in West Fargo, one in Fargo and one in Moorhead, MN, to test school security. “She had a hidden camera and was not stopped by any school official.”

The Forum of Fargo-Moorhead reports police in Moorhead, MN, and West Fargo are now looking into whether she should face charges. “The concern we had was that they were specifically doing something that wasn’t lawful,” Moorhead police Lt. Tory Jacobson told The Forum. (more)

Business Espionage - "Corn ain't just chicken feed, Bubb"

Two Chinese agricultural scientists face charges after they were caught trying to smuggle a variety of seeds — stolen from a biopharmaceutical plant in Kansas — into China, Reuters reports.

After a tour of agricultural facilities and universities in the Midwest and Arkansas, the two Chinese nationals were caught with the seeds as they boarded a plane for home, the report says. 

(In a separate, but parallel espionage case, "Investigators found ears of corn stashed in an Illinois self-storage unit, dozens of bags of corn kernels stuffed under the seat of a car, and hundreds of pictures of corn fields and production facilities.")

Don’t be fooled because they’re “just” seeds. The unidentified victim of the theft had invested about $75 million in patented technology to create the seeds, the report says. (more)

...thus bringing back traditional spycraft.

Governments around the world may be compelled to wall off their Internet systems as nations and companies move to protect sensitive data amid increasing cybercrime and espionage, Kaspersky Lab Chief Executive Officer Eugene Kaspersky said.

Cybercrime is increasing and secret documents released by former U.S. National Security Agency contractor Edward Snowden have heightened technology company concern about espionage. Some governments and corporations may even scrap information-technology systems in some cases, moving critical data back to paper, Kaspersky said. (more)

Interpretation

• Hacking is easier than traditional spycraft.  
• Computerization = low-hanging fruit for the business espionage and criminal crowds. 
• Throwing security budgets to the IT folks is not effective enough. 
• Solution... keep your secrets off the web, and out of the computers. 
• Anticipate... Traditional spycraft (bugging, tapping, intrusions, moles, etc.)
• Arm yourself... Put a counterespionage consultant on your team.

The Road to Farewellville

A police department in Battle Creek, Michigan is being sued by one former officer and two currently employed cops who say their superiors secretly installed a surveillance camera in the woman’s locker at a local precinct...

According to the claim, Inspector Maria Alonso of the department’s Internal Affairs Division was told in late 2012 that there had been instances of theft occurring in the women’s’ locker room of the Battle Creek Police Department. Upon approval of her superiors, Alonso installed a surveillance camera in the room sometime the following January and used evidence obtained by it to allegedly implicate a plaintiff in the case of robbing co-workers by rifling through their lockers.

Plaintiff Laurie Gillespie was shown the video shortly after and, according to the complaint, was depicted in the clip “going through at least two open lockers” while in uniform... She was ultimately terminated less than two months later. (more)

Data Security and Breach Notification Act of 2013 & Information Security Tips

American IT departments' decisions could inadvertently put organizations at risk of an information security breach if they don't have sufficient protocols for the disposal of old electronic devices...
Despite the many public wake-up calls, most American organizations continue to be complacent about securing their electronic media and hard drives...

Congress is hoping to hold businesses accountable for the protection of confidential information with the introduction of the Data Security and Breach Notification Act of 2013, which will require organizations that acquire, maintain, store or utilize personal information to protect and secure this data. (q.v.)

Mitigation tips:

• Think prevention, not reaction.
• Put portable policies in place for employees with a laptop, tablet or smartphone to minimize the risk of a security compromise while traveling;
• Protect electronic data. Ensure that obsolete electronic records are protected as well. (Remember, all that data was somewhere else before it became electronic data. Protect that too.)
• Create a culture of security. Train all employees on information security best practices... Explain why it's important, and conduct regular security audits (including TSCM) of your office to assess security performance. (more)

Santa App Lets You Spy Back

A new app is letting family spy on Santa and his friendly elves. The free app, created by two Michigan entrepreneurs, is called Santa Spy Cam.

What do Elves pass, if not gas?

Santa Spy Cam uses magic only found at the North Pole to help parents get video of St. Nick and his friendly elves when they visit your house.

Now, what's fun about the app is it captures these special moments when kids are asleep.
How does it work? Well, the Santa Spy Cam has a built in sensor that flips on in your own home when Santa or his elves are nearby. 

"Fully approved by The North Pole Clandestine Services Bureau (NPCSB) to capture live-action video of Elves as they visit your home during the holiday season. And of course, the big visit, by the big man on Christmas Eve, Santa Claus." (more)

I just tested it. 
Works remarkable well. 
You get three free scenes; others at 99 cents each. 
~Kevin

Hong Kong PI's are Parents Eyes

China - Rich mainland parents are paying thousands of Hong Kong dollars to private investigators to spy on their children studying in Hong Kong, including PhD students and kindergarteners...

Philic Man Hin-nam, founder and director of Global Investigation and Security Consultancy, an all-woman detective agency, said that mainland student cases accounted for about 40 per cent of the more than 100 requests made by parents last summer for information on their children...

"Many mainland students studying in Hong Kong are single children from rich families," Liu of Wan King On Investigations said, "Those parents attach great importance to their children's behavior." (more)

New Android threats could turn some phones into remote bugging devices...

Researchers have recently uncovered two unrelated threats that have the potential to turn some Android devices into remotely controlled bugging and spying devices.

The first risk, according to researchers at antivirus provider Bitdefender, comes in the form of a software framework dubbed Widdit, which developers for more than 1,000 Android apps have used to build revenue-generating advertising capabilities into their wares...

What's more, Widdit uses an unencrypted HTTP channel to download application updates, a design decision that allows attackers on unsecured Wi-Fi networks to replace legitimate updates with malicious files. (more)

'That thing they said they're not doing? They're totally doing" - Jon Stewart

Last week The National Reconnaissance Office launched a new satellite called NROL-39 from Vandenberg Air Force Base in California, and a lot of people noticed a picture of a massive octopus straddling the earth.

"The Daily Show With Jon Stewart" has some fun with the spy logo, the choice of which drew ridicule in light of the many leaks about mass government surveillance from ex-NSA contractor Edward Snowden. 

After playing a game of 'That Thing They Said They're Not Doing? They're Totally Doing" — which involves showing clips of the U.S. government denying spying allegations only to confirm them later — Stewart went after the logo that boasts: "Nothing Is Beyond Our Reach." (more)


In 1955 an octopus taking over Earth was just science fiction. 
Perhaps the logo artist remembered this.

GSM A5/1 Encryption Comes to German Cell phones

Deutsche Telekom is the first network operator in Germany to deploy the A5/3 encryption standard for voice transmission in its mobile phone network. This means conversations are better protected against wiretapping, even in the GSM network... The GSM network previously implemented the A5/1 encryption standard, which experts have cracked... Telekom is not limiting rollout of the A5/3 encryption standard to Germany, either: the new technology has already been implemented in Macedonia, Montenegro, Poland and the Czech Republic. More countries will follow. (more)

$15. Girl Tech IM-ME Pager Turned Into - a Spectrum Analyzer; a Police Radio Jammer...

This isn’t something we’d encourage our readers to do, but it’s pretty fascinating that a seemingly innocuous toy has such power. 

The IM-ME is a small electronic toy made by Girl Tech that’s intended to be used as a sort of imitation cell phone, allowing users to send wireless messages to each other. 

Unfortunately, a hacker named Travis Goodspeed discovered that you can use the hardware to roam frequencies freely and even decode the metadata that prefixes radio communications, allowing a listener to identify both parties on the call. 

You can also use the thing as a spectrum analyzer and many other unintended purposes... such as jamming. (more) (video on P25)