MIT's Crytophone Round-Up

Ever since Edward Snowden came forward with a trove of secret documents about the National Security Agency, business has been booming for Les Goldsmith, CEO of ESD America.

Goldsmith’s company sells a $3,500 “cryptophone” that scrambles calls so they can’t be listened in on. Until recently, the high-priced smartphone was something of a James Bond–style novelty item. But news of extensive U.S. eavesdropping on people including heads of state has sent demand from wary companies and governments soaring. “We’re producing 400 a week and can’t really keep up,” says Goldsmith...

For the most part, consumers haven’t joined the security rush. According to Gartner, a firm that tracks technology trends, few have even purchased antivirus software for their phones. Sales of mobile security software are about $1 billion a year, a fraction what’s spent on desktops, even though mobile devices now outnumber PCs.

Yet secure communication products could eventually have mass appeal as consumers tire of being tracked online. Some of the most successful apps of the past year have featured self-destructing messages or anonymous bulletin boards. (more)

Officer 'Bugged Force Office' Without Permission

UK - A Greater Manchester Police officer has been accused of bugging a force room without authorization, as the police watchdog begins an investigating a range of allegations.

The Independent Police Complaints Commission (IPCC) is investigating whether a GMP detective chief inspector bugged the office and whether their actions “put public safety at risk”. The force has confirmed the bugging took place, the watchdog said. (more)

"And there are plenty more court orders where that came from."

A South Korean intelligence agency official was arrested on charges of forging official documents for the spy agency's pursuit of an espionage case against a North Korean defector, prosecutors said Sunday. (more)

Spouse Spying a Sin... unless, of course, you have a good reason.

Kuwaiti religious scholar has said that checking a spouse's cell phone or computer without his or her permission amounts to committing a sin.

Ajeel Al Nashmi, the head of the Gulf Cooperation Council (GCC) Scholars' League, said that from the religious perspective, a spouse must not access his or her spouse's mobile phone or computer without his or her authorization, Gulf News reported.

He added that neither the wife nor the husband may spy on each other or check each other's emails or messages without a proper permission, and whoever does it is a sinner. 

The only exception is when there is strong and reasonable suspicion about unacceptable behavior, he said. (more)

Zuckerberg Calls Obama Over Spying

Facebook Inc Chief Executive Mark Zuckerberg blasted the U.S. government's electronic surveillance practices on Thursday, saying he'd personally called President Barack Obama to voice his displeasure. 

"When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government," Zuckerberg said in a post on his personal Facebook page.

"I've called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform," the 29-year-old Zuckerberg continued. (more)

Japan Vows to Tackle Corporate Spying

Japan vowed on Thursday to fight industrial espionage after domestic media reported technology and information from local companies, including chipmaker Toshiba Corp, had been leaked to rivals from other countries.

"Safeguarding Japan's cutting-edge technology and preventing leaks are extremely important," Chief Cabinet Secretary Yoshihide Suga told reporters. "The government as a whole will respond to ensure that such a thing doesn't occur again."

Suga declined to discuss specific cases but several media outlets said police had arrested a former engineer at a Toshiba affiliate on suspicion of improperly providing technical data to South Korea's SK Hynix Inc.

The Nikkei newspaper also reported on Thursday that police had arrested in 2012 an unspecified number of people in Yokohama and Aichi for alleged leaks of industrial secrets to Chinese companies. (more)

So, the question is not what's in your wallet, but what's on your key ring...

via Futility Closet...
After observing security measures at a number of organizations, University of California psychologist Robert Sommer reflected that a person’s status seems to be tied to his keyring:


S is a person’s status within the organization, D is the number of doors he must open to perform his job, and K is the number of keys he carries. A janitor who can open 20 doors but must carry 20 keys has a status of 1; he’s outranked by a secretary who can open only two doors but can do it with a single key. A staff scientist who can open six doors or cupboards using two keys has status 3, and the lab director might open 15 doors with three keys, giving him a status score of 5.

They’re all outranked by the president of the company, who never has to carry keys at all, since there’s always someone around to open doors for him. “With a K of zero and a high D,” Sommer concluded wryly, “his status rank in the company reaches infinity.”

(“Keys, Kings and Kompanies,” from The Worm Runner’s Digest, 3:1 [March 1961], 52-54)

Chinese-Made Bugs in Demand in Vietnamese City

Bugging devices smuggled in from China are widely sold in Ho Chi Minh City though lawyers say their use is illegal. 

Also available on eBay.

A shopkeeper named Duong in an alley in District 3 offered a Thanh Nien reporter two bugging devices smaller than a matchbox for VND900,000 (US$43).

“They can hear clearly within a 15-30 meters radius,” he said, offering a 12-month guarantee.

One needs to buy a prepaid SIM card, an unregistered one which is also widely available illegally so that it cannot be traced, insert it into the device, and call to activate it, he said.

A call to that SIM card then will pick up sounds from around the device.

Another bug costing VND1.6 million automatically sends signals to one’s phone number when there is any noise in the vicinity.
 
But their prices vary largely around the city...
A company, only identified as N.N., rents an office building in Vo Van Tan Street to provide bugging services. 

Tai, a representative, said a full package of calls, messages, history of web browsing and online chats, images from a ’s mobile phone, and the location of the target costs VND10 million a year and VND3-4 million the second year. 


He said it only takes 15 minutes to install a software on the target’s mobile phone. An Internet connection is needed to activate the software, and once that is done all information from the phone is sent to the customer’s email. A contract is signed to offer a guarantee, he said. 

Several companies like Tai’s operate in the city, labeling themselves as detective agencies. (more)

Wiretapped Doctor Sues Med Center $5 Million+

GA - A trial date was set for September 15, 2014 in a highly publicized lawsuit alleging wiretapping and racketeering against Tanner Medical Center. An amended lawsuit, filed in the Superior Court of Carroll County by law firm Gary Bunch, P.C. on behalf of prominent Atlanta physician Randy Warner, seeks monetary damages in excess of $5 million.

According to the lawsuit, Tanner Medical Center, a subsidiary of Tanner Health System, eavesdropped on a private telephone conversation of Warner and used the contents of that conversation to "coerce and functionally blackmail" him. In addition, the suit claims that Tanner interfered with Warner's business relationships and engaged in wire fraud, mail fraud and a pattern of racketeering that damaged Warner... (more)

Scientists Create a Real 'Cone of Silence'

Metamaterials are already being used to create invisibility cloaks and "temporal cloaks," but now engineers from Duke University have turned metamaterials to the task of creating a 3D acoustic cloak. 

In the same way that invisibility cloaks use metamaterials to reroute light around an object, the acoustic cloaking device interacts with sound waves to make it appear as if the device and anything hidden beneath it isn't there.

Steven Cummer, professor of electrical and computer engineering, and his colleagues at Duke University constructed their acoustic cloak using several sheets of plastic plates dotted with repeating patterns of holes. The plastic sheets, which were created using a 3D printer, were stacked on top of each other to form a device that resembles a pyramid in shape. 
 
The geometry of the sheets and the placement of the holes interact with sound waves to make it appear as if the device and anything sitting underneath it isn't there. (more)

The Comprehensive Guide to Facebook Privacy Settings

via techlicious.com...
The first thing you have to realize about Facebook: Nothing you put there is truly private.

Yes, you can control how users see or don’t see your profile. But every time you like a product or even look at a page, the company itself is taking note. This doesn’t mean that some day Facebook will malevolently release your every click to the world. But it does mean that Facebook is not your private diary, and what you do on the website gets collected and catalogued. That's worth keeping in mind whenever you use the service.

So let’s go over the various settings you can change to ensure pictures of your wacky jaunt to Vegas don’t end up at the top of your boss's news feed... (more)

Georgia On Their Mind

Georgia - NGOs are launching the campaign It Concerns You once again. After undertaking moves in terms of the election system in 2013, the current campaign aims at combating illegal eavesdropping and surveillance.

The organizers of the campaign demand creating a legal base against the action and systemic guarantees. According to them, the situation has not changed after the change of the government and the coalition leadership still owns a mechanism to eavesdrop on 21,000 people simultaneously.

Under the leadership of the previous government, special black boxes were installed at the headquarters of the mobile operators that enabled the Interior Minister of Georgia to eavesdrop on thousands of people. After the Georgian Dream coalition came to power, thousands of such illegal recordings and videos were destroyed. However, the black boxes still remain at the offices and the lever is still in hands of the MIA. (more)

Greek Eavesdropping News

Greece - Former PASOK minister Michalis Karchimakis, who is being charged in connection with a wiretapping scandal that showed the telephones of former Prime Minister Costas Karamanlis and his cabinet were being listened to, has been released on one million euros bail and ordered not to leave the country. (more)

And, in other Greek eavesdropping news...
 

Théodore Jacques Ralli (Greek, 1852-1909) Eavesdropping 55.5 x 37 cm. Sold for £62,400 (US$ 103,675)

The French Connection

French magistrates bugged the phones of former president Nicolas Sarkozy, his lawyer and two former ministers, Le Monde newspaper claimed on Friday. The news comes after raids on the lawyer's home and office in a new investigation into alleged influence-peddling. (more)

This is why people are sitting on their cell phones in Turkey...

Turkey’s telecommunication authority has revealed that more than half a million people were wiretapped in the last two years.

Turkey’s Telecommunications Directorate (TİB) has been preparing a report on wiretapping amid reports that calls of several politicians, journalists and businessmen had been tapped.

A total of 257,545 people were wiretapped in 2012, and 252,062 people were wiretapped in 2013, according to the report. Over the two years, some 1.1 million phone calls of 509,516 people were tapped.

A total of 217,863 court decisions were made for wiretappings in that period.

Minister of National Defense İsmet Yılmaz said the numbers had gotten out of hand. (more)

The businessman who sits on his cell phone to avoid wiretapping...

Turkey - The other day, a friend of mine told me this anecdote about his meeting with a famous constructor.

“We took our seats. I put my mobile on the table. He gave me my mobile and said ‘Take this and sit on it.’ I did not understand. ‘What am I going to sit on?’ I asked. ‘Sit on the telephone. This is how I do it. That way they cannot listen,’ he said. He sat on his own telephone. I just put it in my pocket, without him seeing. He was relieved and only then could we continue to speak.” As you might understand, we are now passing through a period of time when people sit on their phones. (more)

Hummm... Maybe there is a market for... stay tuned for my solution.

PI Job Opportunity - Spy Agency Hires PIs to do its Snooping

New Zealand - It might be an organization dedicated to snooping - but the nation's spy agency has still forked out $50,000 to hire private investigators.

Details released under the Official Information Act show that during the past three years the Government Communications Security Bureau has paid contractors to investigate two matters. Director Ian Fletcher said they were "personnel-related issues".

The investigations ran concurrently and lasted five months, costing $46,009.

Mr Fletcher declined to give further details - and would not reveal the outcome of the investigations "in order to protect the privacy of the persons involved". (more)

Former Soviet Spy Chief Claims Putin Regime is an ‘Intelligence Agency Dictatorship’

The highest ranking defector to flee from the old Soviet bloc has a message to share about Vladimir Putin — he’s still a KGB agent at heart and that mindset is heavily influencing his tactics for furthering Russia’s interests.

Ion Mihai Pacepa was the head of the Romanian communist regime’s foreign intelligence service before he defected to the West in 1978. Due to the threats on his life, Pacepa refuses to appear in public, but he has communicated his message to the co-author of his most recent book ”Disinformation: Former Spy Chief Reveals Secret Strategies for Undermining Freedom, Attacking Religion, and Promoting Terrorism.”...

“About five years ago, Pacepa was warning me about Putin. He’s saying Putin is former KGB, Putin has surrounded himself with KGB people everywhere, it is now in essence an ‘intelligence agency dictatorship’,” Rychlak, a professor at the University of Mississippi School of Law, told TheDC. (more)

Dendroid Spying RAT Malware Found on Google Play

A new Android malware toolkit called Dendroid is being offered for sale by its creators, and at least one of the malicious APKs created with it has managed to fool Google Play's Bouncer...
The malicious APKs can purportedly intercept, block, and send out SMSes; record ongoing phone calls; take pictures, record video and audio by using the device's camera and microphone; download pictures the device owner has already made, as well as his or her browser history and bookmarks; and extract saved login credentials and passwords for a variety of accounts. 

"Dendroid also comes bundled with a universal 'binder application.' This is a point-and-click tool that a customer can use to inject (or bind) Dendroid into any innocent target application that they choose with minimal effort," the researchers added.
"This means that all a wannabee malware author needs in order to start pumping out infected applications is to choose a carrier app, download it and then let Dendroid’s toolkit take care of the rest."
Sold for $300 (in crypto currencies), the toolkit comes with a warranty that the malware created with it will remain undetected.
The researchers have discovered one app created with Dendroid that managed to get included and offered on Google Play by leveraging anti-emulation detection code that fools Google Play's Bouncer, the automated app scanning service that analyzes apps by running them on Google’s cloud infrastructure and simulating how they will run on an Android device. The app has since been removed from the market. (more)

Why this is important...
It means that any jerk with $300 and some computer skills can turn any other app into your worst nightmare. BTW, it can be detected. q.v. SpyWarn™ — coming soon.

5 Apps for Spying on your Spouse

Americans have good reason to wonder if there is such a thing as privacy anymore. After former National Security Agency contractor Edward Snowden revealed that the U.S. government monitors calls, emails and texts, many people might think twice about what they share online. But that same technology is being used for another purpose: “There are a growing number of apps that will spy on your husband or wife and keep tabs on your kids,” says Theodore Claypoole, privacy attorney and co-author of “Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family.”

These apps may raise moral and legal questions too. The most invasive can be downloaded onto a phone and will quietly forward emails, calls and texts. 

It’s a criminal offense under the Computer Fraud and Abuse Act of 1965 to access a computer—including modern computers like tablets and smartphones—without authorization. But if ownership of the smartphone in question is under someone else’s name—say, a spouse, a parent or an employer—it’s a legal gray area, Claypoole says. “That raises the question of whether the user has a reasonable expectation of privacy,” he says. “If you own your husband or wife’s smartphone and you’re paying your child’s phone bill, it could be a moral issue rather than a legal one.” (more)

Bugging at Riga International Airport Being Investigated

Latvia - The wire-tapping scandal at Riga International airport is being investigated by Security Police. This whole situation has created a great deal of concern for Latvian politicians. During a recent closed meeting of the Saeima National Security Committee, they attempted to determine if there are any recordings of conversations that could compromise officials and sponsors of political parties whose names have surfaced during the investigation...
 
Even though the actual meeting was closed and information classified, Pietiek managed to uncover that politicians are concerned over the news that Riga airport’s VIP lounge was being monitored as well. Officials often use this are of the airport to meet in an informal environment to discuss matters away from prying eyes. (more)

FutureWatch: Germans Sweep Parliament for Bugs and Tapped Phones

The German parliament building may be soon checked for bugs and eavesdropping landlines to ensure privacy. Berlin is ramping up security amid a scandal over electronic surveillance by the US National Security Agency.

A plan to secure the Bundestag complex was prepared by the Federal Office for Information Security (BSI) and approved by the IuK, the parliamentary commission on information technology and communications, Der Spiegel magazine reported on Monday citing its sources. It is to be presented to MPs later this week.

One of the prime areas of interest for the BSI is posed by supposedly secure rooms, which are meant to be used for negotiations of officials related to confidential matters. The office wants to ensure that they are actually free of bugs, the report says.

They also want to check landlines in the building, because they can be used for remote eavesdropping on the parliament. (more)

The amazing part of the story is that TSCM inspections are apparently not routine.

Two All Beef Paddies, Special Sauce, Let Us Cheese the Spycam!

Ireland - MCDONALD’S has defended the use of a hidden camera in the bathroom of a Dublin restaurant.

The primitive device, hidden in a smoke alarm in men’s bathroom in its Temple Bar branch, is pointed towards the sink area.

This leaves urinals and cubicles out of view.

A statement from McDonald’s noted that means the camera is “fully compliant with all appropriate legislation and guidelines in this area”.

Data Protection laws state that there are circumstances in which a camera can be installed in a bathroom. (more)

Mobile Malware Sees ‘Exponential’ 614 Percent Growth

Chinese cybercriminals are increasingly targeting mobile users as they develop ever more sophisticated hacking tools, according to new research from security firm Trend Micro.

Its Mobile Cybercriminal Underground Market report revealed that Chinese hackers are using a variety of in-depth malware and malicious code programs to target users both at home and in the West, with mobile malware kits available to buy from as little as 100 yuan (around £10) on the black market.

“The barriers to launching cybercriminal operations are less in number than ever,” the report stated. “Toolkits are becoming more available and cheaper; some are even offered free of charge.” (more)

Turkish Watergate - First Audio Eavesdropping Tapes - Now Video

Turkey’s Prime Minister Recep Tayyip Erdogan, whose government has been ensnared by a series of anonymously leaked audio tapes of purported corruption, said his administration may face a new threat from covertly recorded video recordings.

“In these incidents, there is not just wiretapping, there is also filming,” Erdogan said in Ankara yesterday, according to state-run Anatolia news agency. “It’s even been stretched to the extreme of filming extramarital affairs, invading a family’s privacy and totally ignoring moral values.”

Speaking to local reporters after the release of audio tapes that the opposition said placed Erdogan at the center of a bribery scheme, the premier lashed out at the tactics. (more)

Kuwait Minister Warns on Eavesdropping Device Sales

KUWAIT -- Maximum penalties will be taken against any telecommunication company trading in eavesdropping devices, warned Minister of Communications Essa Al-Kanderi on Wednesday. Offenders will be referred to the public prosecution, the minister warned further, during a debate at the National Assembly. Some MPs charged during the discussions that a number of companies "possess" listening bugs, in violation of the Constitution and State Laws. (more)

County Jail Official Retires Amid Wiretap Charges

NJ - The deputy director of the Hudson County jail, who is facing federal charges he used a website to illegally wiretap fellow employees, has put in his retirement papers, officials said.

The retirement papers of Kirk Eady, 45, of East Brunswick, are dated retroactively to Feb. 1, Hudson County spokesman Jim Kennelly said.

Eady turned himself in to federal authorities on Feb. 15 after being charged with intentionally intercepting the wire, oral or electronic communications of others, according to a criminal complaint. (more)

Update - Rayney Phone Bugging Case

Australia - Former Perth barrister Lloyd Rayney will be making an application to put a permanent hold on charges of bugging his wife's phone, a court has heard. Rayney is accused of intercepting the calls of his wife Corryn in the lead up to her death in 2007. (more)

Previously reported in 2007...
She bootscoots. He taps. What could possibly go wrong? 
The Continuing Saga of the Rayney Wiretap 
Update - Rayney ‘phone’ man in key talks

Bogus Boris Netflix App

Android phones and tablets from four different manufacturers are arriving with malware “pre-installed” – a bogus version of Netflix which sends password and credit card information to Russia, according to app security specialist Marble Security.

David Jevans, CTO and founder of the company said that he was alerted to the problem by a company testing his product, software to help organizations manage mobile devices, after it repeatedly flagged Netflix as malicious, according to PC World’s report.

Jevans’ team analysed the app, and found that it was bogus, using tools including one that analyzed the app’s network traffic for signs of communication with known malicious servers. Jevans says, “This isn’t the real Netflix. You’ve got one that has been tampered with, and is sending passwords and credit card information to Russia.” (more)

A Black Eye for Blackphones

Australian law enforcement agencies are increasingly unable to monitor the communications of some of the country's most powerful criminals due to the rising prevalence of uncrackable encrypted phones. 

The phones are linked to a series of the underworld killings that rocked Sydney, several senior law enforcement officials told the ABC on condition of anonymity.

The phones are sold by dozens of companies worldwide and have legitimate uses.

But the law enforcement officials say thousands of the phones have been obtained by Australian criminals and they are using them to commit serious crimes, including murder. (more) (video report)

Interesting article, but... one half of my brain is saying wouldn't the LE's want criminals to think these phones are secure? And, once the general public views encryption as a criminal tool, the politicians would be free to pass laws restricting communications encryption so then only the outlaws (and selected others) would use it... kind-of-like gun silencers.

Or, maybe I've been "Snowed-in" over the long winter and have become cynical.

Crypto Bug Leaves Linux, Hundreds of Apps Open to Eavesdropping

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates ... indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. 

Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers. (more)

Chevron Wins Suit Fighting $9.5 Billion Ecuador Judgment - The Spy Pen Helped

Back in 2009, I posted this: Spy Pen May Kill $27 Billion Lawsuit. A little later: The Chevron Secret Recordings Case Continues. Chevron claimed that the Ecuadorian legal system was corrupt and they were not getting a fair hearing. 

They backed up their claim with covert videos showing the bribery and corruption. For a while they hosted the videos on their website, while saying they had nothing to do with the making of them.

The videos were made with nothing more than a cheap spy pen and video wristwatch bought from a SkyMall catalog. 

Now, a $9.5 Billion lawsuit is $0.00. If this doesn't prove the power of spy gadgets, nothing does. 

Got any cheap spy gadgets hanging around your offices? You don't know, do you? Call me.

Here is how the lawsuit ended today...
A federal judge ruled in favor of Chevron Corp. on Tuesday in a civil racketeering case, saying a record $9.5 billion environmental judgment in Ecuador against the oil giant was "obtained by corrupt means."

U.S. District Judge Lewis Kaplan found that New York lawyer Steven Donziger and his litigation team engaged in coercion, bribery, money laundering and other criminal conduct in pursuit of the 2011 verdict.
The decision barred Mr. Donziger and his two Ecuadorean co-defendants from profiting from the verdict.

The case in New York stems from a 2003 lawsuit filed by a group of Ecuadorean villagers from the Lago Agrio region over decades-old pollution from oil exploration in the Amazon rain forest by Texaco Inc., which Chevron acquired in 2001. The decision could hamper efforts to enforce the 2011 judgment by pursuing Chevron's assets in Canada and elsewhere. (more)

G-Men Chase Sprint'er Over Inflated Wiretap Billing

Sprint Corp. overcharged the Federal Bureau of Investigation, the Drug Enforcement Administration and other law-enforcement agencies by more than 50% to facilitate eavesdropping on phone calls, the U.S. Justice Department alleged in a lawsuit filed Monday.

The suit accuses Sprint of inflating the bills it submitted to federal law-enforcement agencies for wiretaps and other surveillance services to cover capital expenditures necessary to respond to the requests—something prohibited by federal law and Federal Communications Commission rules, according to the complaint filed in federal court in San Francisco.

Sprint covered up the fact that the extra charges were included in the bills paid by the FBI and others by disguising them as regular surveillance costs, the suit alleges. As a result, the federal government overpaid Sprint by $21 million over a period of three and a half years.
Sprint said it didn't break the law and will fight the charges. (more)

Florida Cops’ Secret Weapon: Warrantless Cell Phone Tracking

Police in Florida have offered a startling excuse for having used a controversial “stingray” cell phone tracking gadget 200 times without ever telling a judge: the device’s manufacturer made them sign a non-disclosure agreement that they say prevented them from telling the courts. (more)

Business Espionage: Rival CEO Posed as Exec to Get Secrets

The CEO of a sporting goods chain who once appeared on the TV show "Undercover Boss" pretended to be an executive from a rival company in an effort to get confidential information, according to a lawsuit.

Artist's conception. Not a real executive spying.

Dick's Sporting Goods claims in a lawsuit filed Feb. 20 in Mercer County Court that Mitchell Modell, CEO of Modell's Sporting Goods, showed up at a Dick's store in Princeton in February saying he was a Dick's senior vice president.

Dick's alleges Modell told employees he was to meet the Dick's CEO there and persuaded workers to show him the backroom of the store and to answer questions about the business. Modell gathered information about online sales, including a "ship from store" program that gets products to customers' doors quickly, the lawsuit said. (more)

Security Director Alert: Like electronic eavesdropping, business espionage via social engineering is one of the more common spy tricks. In addition to TSCM, make employee awareness about social engineering part of your counterespionage strategy. This story makes an excellent talking point.

If Your are Calling the FBI or Secret Service, ...

...don't get the phone number from a Google Maps listing.

Don't trust Google Maps, warns former map-jacker after he was ironically called a 'hero' by the feds he wiretapped.

The incident in question involves an individual posting their own phone number as a Secret Service field office phone number on Google Maps. When unsuspecting citizens utilize this incorrect third party phone number to contact the Secret Service the call is directed through the third party system and recorded. This is not a vulnerability or compromise of our phone system. Virtually any phone number that appears on a crowdsourcing platform could be manipulated in this way.

The Secret Service encourages the general public to visit their website at www.secretservice.gov to obtain accurate contact information for our field offices. (more) (video)

Anonymous Instant Messaging - Coming Soon

The Tor Foundation is moving forward with a plan to provide its own instant messaging service. Called the Tor Instant Messaging Bundle, the tool will allow people to communicate in real time while preserving anonymity by using chat servers concealed within Tor’s hidden network.

In planning since last July—as news of the National Security Agency’s broad surveillance of instant messaging traffic emerged—the Tor Instant Messaging Bundle (TIMB) should be available in experimental builds by the end of March, based on a roadmap published in conjunction with the Tor Project’s Winter Dev meeting in Iceland.

TIMB will connect to instant messaging servers configured as Tor “hidden services” as well as to commercial IM services on the open Internet. (more)

How the Avaya Phone on Your Desk Can Be Turned Into A Bug

Security researchers have designed a stealthy eavesdropping attack that sounds like it's straight out of a James Bond movie. It starts with a booby-trapped document that compromises an unpatched laser printer, which in turn converts a popular Internet phone into a covert bugging device.

The proof-of-concept attack exploits currently unpatched vulnerabilities in the Avaya one-X 9608, a popular model of phone that uses the Internet rather than a standard phone line to make and receive calls. Researcher Ang Cui, a Ph.D. candidate at Columbia University and chief scientist at Red Balloon Security, declined to provide many details on the vulnerabilities until users have had time to install a patch that Avaya is expected to release soon. He did say the weaknesses allow devices on the same local network to remotely execute code that causes the device to surreptitiously record all sounds within earshot and transmit them to a server controlled by attackers. He demonstrated a similar bugging vulnerability last year in competing Internet phones designed by Cisco Systems, which has since patched the underlying bugs...

The compromise begins with a booby-trapped document that when printed executes malicious code on certain models of HP LaserJet printers that have not been patched against a critical vulnerability. Once compromised, the printers connect to attack servers, creating a means for outside hackers to bypass corporate firewalls. The attackers then use the printers as a proxy to enumerate and connect to other devices in the corporate network.

Once an Avaya 9608 phone is discovered, the attackers can inject code into it that infects its firmware. The compromise, which survives reboots, activates the phone's microphone without turning on any lights or otherwise giving any indication that anything is amiss. The infected phones can be set up to record conversations only after attacker-chosen keywords are detected. Recorded conversations can be sent through a corporate network onto the open Internet, but the malware also has a secondary method for exfiltration that bypasses any devices that block suspicious network traffic. In the event that such devices are detected, the malware can turn a phone's circuit board into a radio transmitter that sends the recorded conversations to a receiver that's anywhere from several inches to 50 feet away, depending on environmental variables.
 
The larger point is that bugs in electronics firmware are notoriously easy to exploit, as a small sample of recent stories shows. Even if a target isn't using the phones or printers featured in the demonstration, chances are good that the target is using some constellation of devices that are susceptible to remote hijacking. And besides, many organizations fail to apply firmware updates, so even if a patch has been released, there's a good chance that it will never get installed on many vulnerable devices. (more)

Security Director Alert: Make sure software patching is a priority on the IT department's list. Start with this list for HP printers.

"Black" Smartphones Come of Age

The launch of not one, but two, "Black phones" 
this past week may lead people to think that secure cell phones are a hot new item. 

Hot, yes. New, no. Many other secure smartphones, not to mention a plethora of apps, have existed for years. Mostly, these phones have been sold to governments and have commanded high prices. Now, as the demand heats up, prices are dropping. 

Want a government-level secure, encrypted smartphone at a reduced price? (You know you do. Even if only to attract attention.) 

Cryptophone™ today announced. "...special prices on the first two phones of any order placed this week." (more)

Eavesdropping News of the Day

IL - Warren Township High School board member Liz Biondi claimed at a meeting this week that "someone in the district" has wiretapped her telephone. Biondi made the accusation while bantering with John Anderson, board president at Gurnee-based Warren District 121. She did not respond to emailed questions Thursday on why Warren officials would eavesdrop on her or whether she has evidence supporting the wiretap claim. (more)
 
Alert - Unless you want a public sex tape, you should probably stop using any kind of digital machine to record your intimate acts. The latest leak from Edward Snowden shows how the NSA and the British equivalent Government Communications Headquarters collaborated to intercept webcam images from innocent Internet users. (more)
 
Turkey - Prime Minister Recep Tayyip Erdoğan has hit back against unprecedented accusations of corruption after the leak of incriminating phone conversations, accusing both prosecutors and police of spying for another country. (more)

Scotland - Michelle Mone's bra firm ordered to pay former director £16k after bugging pot plant in his office. (more)

Boeing to Launch its Own Black Phone

The world's biggest aerospace company is jumping into the business of making high-security smartphones.

Boeing Co. filed plans this week with the Federal Communications Commission for a smartphone dubbed Boeing Black, which is designed for defense and security customers and won't be available to average consumers. The phone is based on a modified version of Google Inc.'s Android operating system...

Boeing is being stealthy about the project. Without publicly announcing the product, the company posted a description on its website. It said the modular construction of the phone's 5.2-inch-tall body would allow users to attach devices that add such features as advanced location tracking, solar charging, satellite transceivers and biometric sensors.

In Monday's FCC filing, Boeing detailed plans to keep the phone's technology secret, saying it will be sold "in a manner such that low-level technical and operational information about the product will not be provided to the general public."

The filing documents also said the phone, which is about 50% heavier than Apple Inc.'s iPhone 5s and twice as thick, is designed to effectively self-destruct if tampered with: "Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable." (more)

New Tiny Ultrasound Camera Sees What's in Your Heart ...really

Developed by a team at the Georgia Institute of Technology, the device consists of a 1.5-mm-wide disc-shaped head, from which trails 13 tiny joined cables. The idea is that it will be inserted into a patient's coronary blood vessels or heart, snaking its way through while being pushed or pulled from outside the body via an integrated 430-micron-wide guide wire, all the while using the cables to transmit ultrasound imagery.

Its head is built around a single silicon chip, which is equipped with a dual-ring array of 56 ultrasound transmit elements and 48 receive elements. Much of the processing of the ultrasound data is performed onboard the chip itself, meaning that less information has to carried outside the body – this is why it requires no more than 13 cables, allowing its consolidated "umbilical cord" to stay skinny and flexible enough to easily move through blood vessels. (more)

Off-Hook Telecoms Call for Attorneys' Fees - Disconnected

AT&T, Verizon and other telecoms cannot recover attorneys' fees after ducking claims that they overcharged for electronic surveillance, a federal judge ruled.

Former New York Deputy Attorney General John Prather had filed the lawsuit on behalf of the U.S. government, claiming that AT&T, Verizon, Qwest Communications International and Sprint Nextel overcharged federal, state and city governments for services under the Communications Assistance to Law Enforcement Agencies Act (CALEA), which requires the companies to provide the government with electronic surveillance of their customers in exchange for reasonable expenses.

Prather claimed to have "observed eavesdropping charges increase tenfold after CALEA despite changes in technology that should have made it easier for Telecoms to provide wiretaps, and believed that the Telecoms were overcharging for wiretaps." (more)

Wiretapping Case Costs South Bend, IN almost $1 Million... so far

Summary: Former police communications director KarenDePaepe was fired in 2012 in the wake of an investigation into whether she and Chief Boykins violated the federal Wiretap Act by recording certain telephone conversations between Metro Homicide Commander Tim Corbett, officers Steve Richmond, David Wells and Brian Young and Young’s wife Sandy Young.
Timeline of the case.
TV report.

Brazil, Europe Plan Undersea Cable to Skirt Spying

Brazil and the European Union agreed on Monday to lay an undersea communications cable from Lisbon to Fortaleza to reduce Brazil’s reliance on the United States after Washington spied on Brasilia.

At a summit in Brussels, Brazilian President Dilma Rousseff said the $185 million cable project was central to “guarantee the neutrality” of the Internet, signaling her desire to shield Brazil’s Internet traffic from U.S. surveillance. (more)

Shhhh... Apparently, they missed reading this, this 1918 experiment and this modern day story. Not to mention... Operation Ivy Bells, Operation Tempora and Glimmerglass.

Computer Allegedly Bugged by Ethiopians

A Maryland man is suing the Ethiopian government after it was discovered that it infected his computer with spyware, wiretapped his calls made via Skype, and monitored his family’s computers for months.

"We have clear evidence of a foreign government secretly infiltrating an American's computer in America, listening to his calls, and obtaining access to a wide swath of his private life," said Electronic Frontier Foundation staff attorney Nate Cardozo. 

"The current Ethiopian government has a well-documented history of human rights violations against anyone it sees as political opponents. (more)

Turkish Watergate - Surprise - The Guard Gets Blamed for Bugging the Place

Turkey - A police officer only known as S.D., allegedly responsible for placing a bugging device in Prime Minister Recep Tayyip Erdoğan's study inside his Ankara residence, has reportedly been working as a bodyguard for Saudi Arabian businessman Yasin al-Qadi, the Taraf daily claimed on Tuesday.

“It has come out that S.D., who has been accused in connection with the bugging device discovered in Prime Minister Erdoğan's Ankara house, was assigned to protect Yasin al-Qadi,” Emre Uslu wrote in his Taraf column, which was also the daily's headline story.

Four covert listening devices, as Erdoğan explained in December 2012, had been discovered in the office of his Subayevleri home in Ankara, without detailing exactly when the devices had been found, adding that an investigation was being launched. (more)

Netflix New Drone Delivery Service

Another nail in the Post Office's Coffin...
 
Sorry, this just couldn't wait until April 1st.

Going Down - Goldman Elevator Eavesdropper Exposed

The author of the anonymous Twitter feed purportedly recounting conversations in the elevators of Goldman Sachs has been unmasked as a former bond executive living in Texas who has never worked at the bank. The revelation hasn't affected John Lefevre's six-figure book deal with Simon & Schuster based on the feed @GSElevator. (more)

"My ankle bracelets are so good, I wear one myself!"

CA - FBI agents arrested a Mexican tycoon named Jose Susumo Azano Matsura at his Coronado, Calif. home on Wednesday as part of a political bribery investigation based on captured emails, seized banking records, and covertly recorded conversations.

The unfolding scandal is soaked in irony: Azano is a surveillance evangelist whose company won a secret, no-bid contract with the Mexican military for computer and mobile phone hacking and spying technology in 2011. He is chairman of a company called Security Tracking Devices SA de CV, and he is now chained to a tracking device—on house arrest. (more)