Dragnet 2014 - "The IMSI Catcher Caper"

The Wall Street Journal has revealed details of a secret spy program. 

The newspaper says the justice department is collecting data from thousands of cell phones at major airports across the country.

The U.S. Marshals Service operates airplanes with a device (IMSI Catcher) on board that tricks your phone into thinking it is a cell tower.

Phones are programmed to connect automatically to the strongest cell tower signal, which is usually this new device at the airport. When it does, it transmits your unique registration information.

The newspaper says the technology is supposed to locate cell phones linked to criminal suspects, but in the process the government is collecting data on thousands of other people as well. (more)

New App to Detect Fake Cell Phone Towers

This is an Android-based project to detect and avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks.

Both law enforcement agencies and criminals use IMSI-Catchers, which are false mobile towers acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man In the Middle (MITM) attack. (more)

From the No Free Lunch Files

An accused perv landlord charged with secretly filming a woman he’d set up in a rent-free Upper West Side pad pleaded not guilty to several felony counts Monday.

Eli Kadoch, 48, was indicted on 10 counts of unlawful surveillance after allegedly setting up spy cameras in the W. 82nd St. apartment of Aksana Kuzmitskaya, where he allegedly watched her in the nude repeatedly for six months beginning in January.

Kuzmitskaya is suing Kadoch and another landlord, Michel Kadoe — who has not been charged criminally — for allegedly taping her most intimate moments after giving her a rent-free apartment while she worked for them as a maid.

Kuzmitskaya says the secret footage included her showering, having sex and using the bathroom. Cameras sent live feeds to Kadoe and Kadoch’s laptops, the lawsuit says. (more)

Kevin's Security Scrapbook - iPhone / iPad App - FREE

Get the latest
"Spy News from New York"
on your iPhone or iPad. 

The layout is beautiful, and the navigation is intuitive and easy. This is the most convenient way to read Kevin's Security Scrapbook.

Download the app onto your device now.

Why the Valet Needs to be Background Checked, or A Cell Phone Key Machine

Your metal key can be duplicated just by snapping a photo of it with a cell phone.

Leaving your keys unsecured is like writing your passwords on post-it notes. If it can be seen, it can be stolen.

• Have you ever left your keys with a valet or parking garage attendant?
• Does your administrative assistant leave keys for everything in an open desk?
• Every loan a key to a friend, even just for a minute?

If so, you may want to re-key your lock. 

from Wired Magazine...
"My neighbor lives on the second floor of a Brooklyn walk-up, so when I came to his front door he tossed me a pair of keys rather than walk down the stairs to let me in. I opened the door, climbed the stairs, and handed his keys back to him. We chatted about our weekends. I drank a glass of water. Then I let him know that I would be back soon to gain unauthorized access to his home.

Less than an hour later, I owned a key to his front door.

What I didn’t tell my neighbor was that I spent about 30 seconds in the stairwell scanning his keys with software that would let me reproduce them with no specialized skills whatsoever."

Yikes! How did he do it?!?!
In this case, Key.Me made a key using the photos he took.

Spybusters Security Tip # 736: Add your keys to your private-parts list. Show them only to those you trust.

Coca-Cola Guards Best-Kept Secret in US But Not 55 Laptops - An Employee Sues

Coca-Cola is facing a potential class-action lawsuit after one of the people whose personal data was on one of a clutch of laptops stolen from the company says he suffered identity theft as a result of the breach.

Laptops thefts are a common occurrence for most large organizations but the circumstances surrounding the loss of 55 laptops over a six-year period from the drinks giant’s Atlanta office and a bottling firm it acquired were always puzzling.

Made public on 24 January this year, it turned out that an employee, Thomas William Rogers III, had allegedly taken the machines without their loss being realized. The machines contained the records of 74,000 people, all current or former employees, including 18,000 revealing social security numbers. (more)

Moral - Encrypt your laptop data.

Update: A Police Commander's Wife, Their Unlicensed PI Business and Spyware...

CA - A Northern California woman has pleaded guilty to wiretapping a police officer and other people and to possessing spyware.

The U.S. Attorney's Office says Monday that in pleading guilty, Kristin Nyunt admitted that from 2010 to 2012 she used spy software she purchased online.

Federal prosecutors say the 40-year-old woman installed the software on cell phones and computers of several people she spied on, including a police officer. (more) (background)

73,012 Unsecured Security Cameras You Can Watch

A site linked to 73,012 unsecured security camera locations in 256 countries – all because they are using default passwords.

from the website...
"Sometimes administrator (possible you too) forgets to set the default password on security surveillance system, online camera or DVR. This site now contains access only to cameras without a password and it is fully legal. Such online cameras are available for all internet users. To browse cameras just select the country or camera type.

This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera default password." (more)

$92 Million Dollar Surveillance Fence Coming to the US Border...

Don't worry US taxpayers. It's not our fence, we're just the immigrants.

"There's always a way, eh!"

Canada - A massive intelligence-gathering network of RCMP video cameras, radar, ground sensors, thermal radiation detectors and more will be erected along the U.S.-Canada border in Ontario and Quebec by 2018, the Mounties said Tuesday.

The $92-million surveillance web, formally known as the Border Integrity Technology Enhancement Project, will be concentrated in more than 100 “high-risk” cross-border crime zones spanning 700 kilometres of eastern Canada, said Assistant Commissioner Joe Oliver, the RCMP’s head of technical operations.

The network will be linked to a state-of-the-art “geospatial intelligence and automated dispatch centre” that will, among other things, integrate the surveillance data, issue alerts for high-probability targets, issue “instant imagery” to officers on patrol and produce predictive analysis reports. (more)

Weird World Bugging News...

Wait. What!?!?  An eavesdropping organ transplant scandal, 47 wiretapping cops, carte blanche surveillance in the USA, SRG's self-licking surveillance ice cream cone, and a spy shop morphing into a pot shop! Too weird.

Taiwan - Taipei mayoral candidate Sean Lien (連勝文) said yesterday that his opponent Ko Wen-je (柯文哲) should drop out of the election if police are not able to confirm the existence of the alleged eavesdropping devices that Ko's election team claimed they discovered connected to their office phone; Lien added that Ko is only trying to divert attention away from his recent human organ transaction scandal. (more)

Turkey - Malatya Police Department launched an investigation on Wednesday into 47 police officers, who are allegedly affiliated with the Gülen Movement, for unlawful wiretapping charges. According to initial reports, the investigation encompasses the wiretapping of phone conversations during the past four years. (more)

US - A federal regulatory body is discussing a rule change Nov. 5 that would allow the FBI to conduct electronic surveillance of devices wherever they're located. (more)

UK - Security Research Group shares jumped 17% as the electronic surveillance and property services firm accompanied a significant increase in half-year earnings with a bullish full year outlook. Its Specialist Electronics unit, which sells IED detectors to the military and bugging devices to police forces, recorded an operating profit of £274,000, up from £7,000. The division was helped by a £268,000 deal with Australian homeland security services for its ‘SuperBroom’ handheld detectors (ironically, a bug detector). (more)

NV - Medical marijuana businesses are one step closer to opening up shop in the Silver State... MediFarm is closing in on a deal to buy The Spy Shop building in Midtown. (more)

Smart Televisions Highly Susceptible to Hacking via Radio Transmission

Researchers discover a massive security flaw in smart TV’s that allow hackers to intercept data broadcasts, insert malicious code, and transform the TV into an antenna that infects all other Internet-connected devices in the household. 

Once the television is infected, it seeks out all other devices connected to the router.

The attacks are untraceable as no source IP address or DNS server is ever presented, instead, hackers perform a classic “man-in-the-middle” attack using radio transmissions. The hijacking, which was discovered by Yossef Oren and Angelos Keromytis from the Network Security Lab at Columbia University, can be accomplished with as little as a $250 antenna. (more) (video)

Rabbi Accused of Planting Mikvah SpyCams... Bails Out

Moving trucks are scheduled to show up at the Georgetown home of Rabbi Barry Freundel, according to signs posted in front of his home on O Street, not far from the Kesher Israel synagogue that provided the house for its longtime religious leader.
 
Freundel was arrested October 14 and charged with six counts of voyeurism for allegedly hiding video cameras in the synagogue’s mikvah, a ritual bath, to record women as they undressed and showered before entering. Police officers were seen carting computers and hard drives out of Freundel’s house on the day of the arrest.

Freundel, 62, pleaded not guilty and was released on his own recognizance, while police and prosecutors investigate videos and forensic evidence. (more) (back story)

10 Ways to Spy on Competition (Like They’re Spying On You)

Knowing about your competition has always been important in the world of business. With the Internet, this marketing intelligence has never been easier to find out, but it does take discipline and planning...

Actions

1. Follow them. (how-to details in the main article)
2. Mystery shop.
3. Ask a question.
4. Call with a complaint.

 On-line Help

1. Explore ad monitoring tools.
2. Find their backlinks.
3. Track their website traffic.
4. Find out what customers are saying.
5. Determine their social media presence.
6. Track their technology.
7. Explore web site content changes.

Remember, assume everything is public these days. Whatever spying you are doing on your competitors, they are probably doing the same on you! (more)

Pest Control Tech Arrested for... Planting Bugs

You can't make this stuff up...
IA - Red Oak Police say 38-year-old Aaron Theodore Johnson was arrested Monday for electronic and/or mechanical eavesdropping, a serious misdemeanor, and felon in possession of a firearm, a class D felony. Johnson is charged in connection with an investigation that began at around 11:10 Monday morning, when police received a complaint from 29-year-old Jessica Hale - regarding a recording device found in her residence...

Upon further investigation, authorities later found a second device in the residence's bedroom. The victim told police that the only person granted access to her residence was a pest control technician. Later in the day, a search warrant was obtained for Johnson's residence in the 2700 block of State Highway 48--which is also the location of RMPKA Pest Control Services. (more) (video report)

Happy Feet: Espionage can look adorable, too.

Just look at a remote-controlled robot disguised as a penguin that interacts with Emperor penguins in Antarctica.

Scientists are using the fake baby penguin on four wheels to get closer to the colony and collect health and population research...



The international team tested the rover, with the chick and without it, and reported in the journal Nature Methods Sunday that both versions caused less anxiety than humans... (more) (dance-a-long)

Get ready for a 'Mystery Science Theater' streaming marathon

Football schmootball. Instead of watching NFL teams throw the pigskin around this Thanksgiving, why not watch a "Mystery Science Theater 3000" marathon with new intros by the series creator? (more)

The Official Spybuster sticker is back!

Our beautiful, 4 inch, heavy vinyl Official Spybuster sticker is back! This was a limited edition give-a-way to our clients in 2011. Use it to let everyone know you support privacy.

4 inch, heavy vinyl

The printing experts at Stickermule now have it for sale in their Marketplace.

If spying by the NSA, FBI, CIA, TSA, GCHQ, MI5, MI6, other government spies, your significant other, or your parents concerns you, sticker it to them. 

If you are in Homeland Security, the NSA, FBI, CIA, GCHQ, MI5, MI6 – protecting us against spies (thank you) – sticker it to them. 

Either way, proudly declare, "I'm mad as Hell, and I am not going to take it anymore!"

Looks great on a white coffee cup.

China Folk Counterespionage Manual

“On the Internet, nobody knows you’re a dog.” Or an American spy. Or a “hostile foreign force.” So says the “China Folk Counterespionage Manual,” a “how to spot a spy” guide circulating on the Internet. 

Click to enlarge.

The manual, whose origin is murky, first emerged several years ago and has recently enjoyed a renaissance in popularity on social media sites. It offers Chinese citizens tips on how to detect spies in their midst. It was even cited in Global Times, a state newspaper, in late August following the detention of Kevin and Julia Garratt, a Canadian couple who ran a cafe in Dandong, on the North Korean border, on suspicion of stealing military secrets. In an infographic, the newspaper described them as examples of possible foreign spies masquerading as “ordinary citizens.”

The manual might be something more suited for a James Bond movie if it weren’t for the government’s own new emphasis on rooting out “foreign spies,” demonstrated on Saturday when President Xi Jinping signed an updated national security law, named the Counterespionage Law. (more)

China Passes a Counterespionage Law

China passed a counterespionage law on Saturday aimed at tightening state security and helping build a “comprehensive’’ national security system, state media reported.

The law will allow authorities to seal or seize any property linked to activities deemed harmful to the country, the Xinhua news agency said.

Authorities can also ask organizations or individuals to stop or modify any behavior regarded as damaging to China’s interests, Xinhua said. Refusal to comply would allow enforcement agencies to confiscate properties.

Possession of espionage equipment, as defined by the state security department, had also been made illegal, Xinhua said. The news agency gave no further details. (more) (more)

This Week in Strange Espionage, Wiretapping and Eavesdropping Cases

ESPIONAGE
FL - In a dispute over a hotel in Palm Beach, Florida, the inn’s majority owner filed a state court suit accusing its ex-manager of taking trade secrets including client lists, business records and financial data, The Palm Beach Daily News reported... The ex-manager, who owns a 1 percent interest in the hotel, allegedly entered the property Oct. 20 and is occupying the premises without permission, according to the newspaper. (more)

WIRETAPPING*
MI - A Ford City man facing felony wiretapping charges for recording a parking dispute outside his home said Tuesday after a second preliminary hearing was postponed that the ordeal is taking its toll on him and his family. (more) (* in the legal sense)
 
EAVESDROPPING
IN - An Indiana judge has shot down a bid by a man with Chicago ties to have criminal charges against him dropped because prosecutors allegedly eavesdropped on a private conversation he had with his attorneys. (John B. Larkin) agreed to a recorded interview with police at the LaPorte County jail... At one point, the authorities took a break and left Larkin in the room with his two defense attorneys, shutting the door behind them. But unknown to Larkin and his lawyers, the recording continued...  
Similar allegations were leveled at LaPorte County prosecutors in a separate murder case earlier this year. (more)

FutureWatch: A Cell Phone Pocket Drone

For the first time a pocket size drone design for consumer and able to travel with user 24/7 where ever, whenever. All your need is your smart phone. (more) 

FutureWatch: Mindreading - Talking to yourself used to be a strictly private pastime...

That's no longer the case – researchers have eavesdropped on our internal monologue for the first time. The achievement is a step towards helping people who cannot physically speak communicate with the outside world.

"If you're reading text in a newspaper or a book, you hear a voice in your own head," says Brian Pasley at the University of California, Berkeley. "We're trying to decode the brain activity related to that voice to create a medical prosthesis that can allow someone who is paralyzed, or locked in, to speak."

When you hear someone speak, sound waves activate sensory neurons in your inner ear. These neurons pass information to areas of the brain where different aspects of the sound are extracted and interpreted as words.

In a previous study, Pasley and his colleagues recorded brain activity in people who already had electrodes implanted in their brain to treat epilepsy, while they listened to speech. The team found that certain neurons in the brain's temporal lobe were only active in response to certain aspects of sound, such as a specific frequency. One set of neurons might only react to sound waves that had a frequency of 1000 hertz, for example, while another set only cares about those at 2000 hertz. Armed with this knowledge, the team built an algorithm that could decode the words heard based on neural activity alone (PLoS Biology, doi.org/fzv269). (more)

Texas Oil - Target of Business Espionage

TX - “...look at the Eagle Ford Shale and the billions of dollars that's bringing into the Texas economy, the bad guys see that,” said FBI San Antonio Special Agent in Charge Christopher Combs...

Christopher Combs nailed it in this interview.

...they are also looking to snatch company secrets. "It's corporate espionage, there’s no question about it," said Combs. “Foreign governments or foreign companies are looking for any competitive advantage. Whether it's the widget that you use to drill, or it's a process that you use to track inventory better. They're really looking at the company as a whole to find out every little thing that you do that makes you a better company on the world market."...

“We also worry about foreign governments placing people in companies where they really want to find out the secrets," said Combs. ... "They'll take an individual and maybe spend years to work that individual into a particular position in the company, so that they can gather those secrets and bring them overseas," Combs said. Combs also warned about disgruntled U.S. employees who want to take revenge on their companies. "It's not just the threats coming in from the outside, but what information is going from the inside out," he said. 

It's a warning to companies, no matter the industry, to keep an eye out. “It has to be a holistic perspective where you are looking at the people who work in your corporation, your internet and security, and how you conduct business, whether it's here in the country or overseas,” said Combs. (more)

Compilation of State and Federal Privacy Laws now comes with a 2014 Supplement

Includes new privacy laws on demands 

for social-media passwords by employers and universities, use of credit reports by employers, new tracking technologies, new state restrictions on use and disclosure of Social Security numbers, plus updated chapters on credit reporting, medical, financial, testing in employment, insurance, government information, and much more, grouped by categories and listed alphabetically by states. Descriptions of state, federal, and Canadian laws are included.

Describes and gives legal citations for more than 800 state and federal laws affecting the confidentiality of personal information and electronic surveillance, grouped in categories like banking, medical, credit, school records, wiretapping, tracking technologies, ID theft, Social Security numbers, telephone, and employment testing and more. 

Compilation of State and Federal Privacy Laws 2013 edition is now available with a 2014 supplement included.

T-Mobile Adds New Encryption to Their Network

T-Mobile seems to have made good on its parent company's (Deutsche Telekom) promise, from last year, to upgrade its 2G networks to a stronger encryption standard 

after the Snowden revelations forced many firms (especially abroad) to take a better look at their security and the security of their customers.

The new encryption standard is called A5/3 and should be much harder to crack, while the old one was called A5/1 and could be cracked even by a single PC back in 1999. In 2008, passive surveillance of the "encrypted" 2G network was already possible.

T-Mobile aims to stop this sort of surveillance with the new A5/3 encryption standard, although it won't be able to stop targeted attacks by IMSI Catchers, which are devices the police, FBI and potential criminals may be using to eavesdrop on phone conversions and texts over a certain local area. (more)

Guess Who's Making the Next Secure Cell Phones

The Scientific and Technological Research Council of Turkey (TÃœBITAK) intends to start producing mobile phones that are protected from wiretapping, Turkish Minister of Science, Industry and Technology Fikri Isik was quoted by Al Jazeera Turk TV channel as saying.

"Turkey also intends to establish production and export smartphones protected from wiretapping to neighboring countries."

The minister did not mention the specific date of the production and the cost of the project. (more)

Not surprising. Turkey has had some serious cell phone eavesdropping problems over the past few years. Many at high levels of government.

Book: Staying Safe Abroad - A must-have for any traveler these days.

Edward Lee spent 30 years keeping travelers safe while a Regional Security Officer at the U.S. Department of State. 

He condensed his knowledge and experience into a handy book. If you travel, you need this book.

via amazon.com...
"Staying Safe Abroad" was written to help foreign travelers operate safely abroad in an ever-increasing risky world, where crime, terrorism, natural disasters and political unrest are realities that travelers can face every day, depending on their destination. "Staying Safe Abroad" will educate both novice and seasoned travelers on the risks they will face abroad and how to mitigate those risks by knowing how to make good response choices.

Former Ford Motor Co. PR Chief Accuses Company of Bugging

Ford Motor Co.'s former head of public affairs said the Dearborn automaker bugged his phone during the 2001 Firestone tire crisis. 

The Detroit News reports Jason Vines said that after he was fired along with then-CEO Jacques Nasser in October 2001, a Ford security official told him his car and phone had been bugged.

The longtime public affairs official wrote all about the incident in his new book, "What Did Jesus Drive? Crisis PR in Cars, Computers and Christianity." It will be published Nov. 1 by Waldorf Publishing. (more)

Weird NJ: Is Spy House America's 'most haunted house?'

It's a lone white wooden building that stands with its back to the windswept shore of the Sandy Hook Bay in the Port Monmouth section of Middletown, NJ.

Its official name is the Seabrook-Wilson Homestead, but most people know it much better as The Spy House. Though its true history belies many of the legends that have circulated for years about this old property, that has not dissuaded some believers in the paranormal from dubbing it "the most haunted house in America." (more)

BTW - At $78 million, Dracula's Castle among top haunted mansions is for sale.

Forget the Drones, Here Comes Spy Turtle

Justice Department's National Security Division Tackles Economic Espionage

The Justice Department has reorganized its National Security Division to combat the increasing threat of state-sponsored economic espionage and theft of corporate America’s secrets. 

Cyber isn't the only door to the goods.

“Nation states day in and day out intrude” into U.S. computer networks, Assistant Attorney General John Carlin told reporters today. “Committing intrusions for economic benefit by nation states … is not something that’s going to be accepted.”

The reorganization lets Carlin, who was confirmed in April after nearly a year as acting head of NSD, put his stamp on a division that has been jockeying for turf and recognition since it was created in 2006 as part of the national security reforms after the Sept. 11, 2001 terrorist attacks. 

As a law enforcement matter, it means bringing an “all-tools” approach to combating cyber attacks and economic spying, Carlin said. (more)

Extra credit reading for Mr. Carlin, Anita M. Singh, and staff... (more) (more)

Home of the Stingray Bans its Warrentless Use

Thanks to the Florida Supreme Court and a drug dealer, Sunshine State police can no longer track unsuspecting citizens through their cellphones without a warrant.

That’s welcome news to those concerned about local law enforcement’s use of advanced surveillance technology, sometimes supplied by military contractors, to monitor cellphone locations and incoming and outgoing phone numbers.

Public records obtained by the American Civil Liberties Union show the practice has been widespread and mostly under the radar. (more)

Spy Phone Labs Sues Google for 2 Million

Spy Phone Labs of Wayne, N.J., claims in its complaint that its app (Spy Phone) was downloaded more than 1.1 million times in its first year on the Google Play marketplace, where most smartphone apps for the Android operating system are sold. 

But downloads plummeted to 260,000 in the second year, after Spy Phone complained to Google about trademark infringement by competing products and the app maker was twice suspended from Google Play, the suit claims...

The Spy Phone app allows the location of the phone to be monitored remotely, and allows a remote user, such as a parent, to see the phone numbers of persons exchanging calls or messages with the phone’s user. The app also allows Internet usage on the phone to be monitored remotely. While the app is available for free, Spy Phone generates revenue from ad sales on the website where users download information about the phone’s usage, the suit says. (more)

White House Fence Jumper Bugged About Bugs

Latest White House intruder wanted to talk to president about spy devices, father says...

The first time Dominic Adesanya tried to speak to President Obama about the spying devices supposedly stashed in the Adesanya home, his father said Adesanya hopped on a Megabus and headed to Washington, where he had a run-in at the White House...

Dominic Adesanya dropped out of school and for the past year he has been worried about cameras hidden in the family’s house or people spying on him, his father said.

He has torn up the home, cutting through drywall and crawling through the attic, looking for the devices, his father said. (more)

FutureWatch - Carhacking

As high-tech features like adaptive cruise control, automatic braking and automatic parallel parking systems make cars smarter, it's also making them more vulnerable to hackers – a risk that an automotive security researcher says carmakers appear to be ignoring.

"There's no culture of security," said Chris Valasek, director of vehicle security research at the computer security consulting firm IOActive, in a keynote speech at the SecTor IT security conference in Toronto this week....

In recent years, security researchers at the University of Washington showed they could hack a car and start it either via the systems used for emissions testing or remotely using things like Bluetooth wireless connectivity or cellular radio to start the car.
Read more about the study

Others showed they could hack a car remotely via a cellular-based car alarm system to unlock the doors and start the engine.

Valasek himself and his research partner Charlie Miller, a security engineer at Twitter, have been starting to experiment with remote attacks after demonstrating that a laptop inside the car can be used to disable brakes and power steering and confuse GPS and speedometers.

Hackers hijack car computers and take the wheel (more)

Rainy Weekend Fun - Make a Paper Boomerang for Indoor Throwing

via futilitycloset.com 
Mathematician Yutaka Nishiyama of the Osaka University of Economics has designed a nifty paper boomerang that you can use indoors. A free PDF template (with instructions in 70 languages!) is here.

 

Hold it vertically, like a paper airplane, and throw it straight ahead at eye level, snapping your wrist as you release it. The greater the spin, the better the performance. It should travel 3-4 meters in a circle and return in 1-2 seconds. Catch it between your palms.

Ask the Consultant - Spycam Question Received this Week

"Have you ever been called upon by a client to check for unauthorized or hidden cameras?
And to that end, is there some technology available to security professionals (not what the Secret Service uses) that can identify wireless cameras?" 

Yes. The video voyeurism craze had prompted requests from corporate clients, country clubs, private schools and religious institutions (usually in response to an incident), and occasionally pro-actively, for due diligence purposes.

DIY detecting cameras in situ can be accomplished in several ways...

Spycam finds courtesy Murray Associates.

1. Physical inspection - If you know where a spycam is likely to be looking (bathroom, bedroom, office, etc.), stand there and do a 360º turn. The camera will be in your line-of-sight (take into account mirrors).
2. Look for the lens - This may be accomplished with this device, or with this app. Neither solution is 100% effective, however.
3. If the device is not recording internally, but broadcasting a FM radio-frequency signal, there are these detectors 1 2 . Neither solution is 100% effective, however.
4. If the camera is transmitting to the Internet via Wi-Fi (popular with the baby monitors), detection options 1 & 2 are the best bet for the amateur sleuth. A professional TSCM team will be able to conduct a Wi-Fi analysis to absolutely detect the transmitter.
5. Thermal imaging is also very effective for finding "live" cameras (as opposed to the battery powered ones that just snap photos upon sensing movement). This has become affordable this year with the introduction of this iPhone add-on.
6. Call us. In addition to Wi-Fi analysis, we also use Non-Linear Junction Detection (NLJD), more sensitive thermal imaging, and spectrum analysis detection techniques.

You may also want to read this.

by Kevin D. Murray CPP, CISM, CFE

...which left us wondering about the clowns in business and government who spy.

A new study finds that more Americans fear spying from corporations than the government (but only slightly). 

In total, 82 percent of Americans fear corporations, while 74 percent fear the government.

The data comes from a new Chapman University survey of everything that freaks Americans out. In addition to Internet fears, around 65 percent of Americans also fear public speaking — meaning that more Americans are concerned about Internet privacy than speaking in public.

Interesting, but unrelated: 20 percent of Americans are at least somewhat afraid of clowns. (more)

Why the IT Guy Can't Protect Your Information

• Most “computerized” information is available
  elsewhere long before it is put into a computer.
• Hacking is only one tool in the spy's kit.
• Data theft is the low-hanging fruit of the business
  espionage world. Pros use bucket trucks.
• Traditional spying is invisible. Hacking leaves trails.
  Result... IT guy gets budget. Company is still a sieve. 

Go Holistic
Close All Loopholes

Loophole 1: Information Generation
    People generate information. They talk, discuss, plan. The human voice contains the freshest information.
    Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices, labs, conference and boardrooms on a scheduled basis. TSCM works.
Ford Motors found voice recorders hidden in seven of their conference rooms this summer.

Loophole 2: Information Transmission
    People communicate. They phone, fax, email, hold teleconferences — over LAN, Wi-Fi and cables.
    Traditional wiretapping and VoIP/Wi-Fi transmission intercepts are very effective spy tools. TSCM sweeps discover attacks.

Loophole 3: Information Storage
   People store information all over the place; in unlocked offices, desks, and file cabinets. Photocopiers store all print jobs in memory. TSCM surveys identify poor storage, and the perimeter security gaps which put storage at risk.

Loophole 4: Information Handling
    People control information. Educate them. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Enforce them.

    Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.

by Kevin D. Murray CPP, CISM, CFE

Excellent Article on Web Surfing Privacy

The Best Browser Privacy Tools (That Don't Make Life More Difficult)

Watergate - Ben Bradley Dies at 93

Ben Bradlee, the former top editor of The Washington Post who oversaw the paper's coverage of the Watergate scandal, has died, the newspaper said Tuesday.
He was 93.

Yo, Jimmy. You know how to use this thing?

Newly released documents definitively show that local law enforcement in Washington, DC, possessed a cellular surveillance system—commonly known as a "stingray"—since 2003. 

However, these stingrays literally sat unused in a police vault for six years until officers were trained on the devices in early 2009.

"It's life imitating The Wire," Chris Soghoian, a staff technologist at the American Civil Liberties Union, told Ars. "There's an episode in Season 3 where [Detective Jimmy] McNulty finds a [stingray] that has been sitting on the shelf for a while." (more)

Traveling to China? Have an iPhone? Clear Your Cloud First

Chinese authorities just launched “a malicious attack on Apple” that could capture user names and passwords of anyone who logs into the iCloud from anywhere in the country, the well-respected censorship watchdog GreatFire.org reports. 

With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud.

China has an estimated 100 million iPhone users in China, and all of them could be vulnerable, GreatFire reports, thanks to a “man in the middle” attack that tricks users into believing they are logging into a secure connection, when they are actually logging into a Chinese government-controlled site instead. (more)

A Police Commander's Wife, Their Unlicensed PI Business and Spyware...

Woo-woo-woo-woo-woo-woo, nyunt, nyunt, nyunt!
A Monterey County woman was charged with wiretapping a police officer and possessing "illegal interception devices,” according to the Northern California District Attorney’s office. The District Attorney said that Kristin Nyunt, age 40, allegedly intercepted communications made by a police officer on his mobile phone.

Nyunt is the ex-wife of former Pacific Grove Police Commander John Nyunt, and she has already been sentenced to eight years and four months in prison after pleading guilty in July to five counts of identity theft, two counts of computer network fraud, one count of residential burglary, and two counts of forgery. 

In the latest charges [PDF], the District Attorney accused Nyunt of using illegal spyware including MobiStealth, StealthGenie, and mSpy to intercept "sensitive law enforcement communication” in real time. Nyunt allegedly placed the spyware on a police officer’s phone surreptitiously, although court documents do not detail how or why...

...between 2010 and 2012, Nyunt and her husband operated an unlicensed private investigator business called Nyunt Consulting and Investigative Services Corporation and used access to their customers’ devices and information to later commit identity theft. (more)

Staples Suspects Hackers - That Was Easy

Staples, the nation’s largest office supply retailer, said Monday it is investigating a "potential issue" involving credit card data at its stores.

Staples spokesman Mark Cautela said in an email that the retailer has contacted law enforcement to help with its investigation.

"We take the protection of customer information very seriously and are working to resolve the situation," Cautela said in an email. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis." (more) (now-hack-the button)

Business Phone VoIP Hack - Phreaking Expensive

Bob Foreman’s architecture firm ran up a $166,000 phone bill in a single weekend last March. But neither Mr. Foreman nor anyone else at his seven-person company was in the office at the time... (hackers) routed $166,000 worth of calls from the firm to premium-rate telephone numbers in Gambia, Somalia and the Maldives...

The scheme works this way, telecommunications fraud experts say: Hackers sign up to lease premium-rate phone numbers, often used for sexual-chat or psychic lines, from one of dozens of web-based services that charge dialers over $1 a minute and give the lessee a cut...

Hackers then break into a business’s phone system and make calls through it to their premium number, typically over a weekend, when nobody is there to notice. With high-speed computers, they can make hundreds of calls simultaneously, forwarding as many as 220 minutes’ worth of phone calls a minute to the pay line...

...telecom experts advise people to turn off call forwarding and set up strong passwords for their voice mail systems and for placing international calls. (more)

A Royal Sting Spybusting Trick You Can Use

Kate Middleton reportedly thinks that someone is keeping a close eye on the day-to-day happenings of the palace. 

The reports have suggested that there is an over enthusiastic photographer or someone who is getting to know all the royal secrets.

"Middleton's paranoid that someone inside the palace is leaking her secrets. It's her worst nightmare," a source told Life &Style magazine...

The report added that the royal couple is taking required step to have a very private life. "They're trying desperately to find out who's spying on them by giving out false information to different people. If any of that information comes out, they'll know who's responsible." (more)

Business Espionage via Crowd Sourcing

Crowd sourcing any part of your secret project can blow your cover and evaporate your competitive advantages. Take your marketing materials for example. Just requesting help on a crowd source web site can alert the competition to your plans.

via frankie.bz...
Two weeks ago I discovered through a crowd sourcing portal for graphic design that a competitor of my client is preparing to launch a whole new product line. They where pitching for a “name” and “logo design” for a range of products.

I informed my client about the pitch and ask them if they knew something about the new product line. They didn’t and neither did the market – a scoop so to say. The information in the pitch was valuable to my client since it contained a very good description about the features of the new product line and when it will be launched. Therefore the client informed its sales force and they are now prepared to answer questions of their clients.

What can we learn from this experience?

• Do not crowd source design of “secret” products – especially if the pitch can be seen without any registration
• Do not describe your product in the project brief – send the description to an interested designer after he has signed a non disclosure agreement
• Do not link directly to your competitors site – I’ve found out about the pitch because I’ve seen hundreds of visitors coming from a non-industry related site
• Do prohibit your employees to blog, twitter, Facebook about a new product
• Use a project code name that does not relate to your industry or product
• Do not use Cloud-Services for your product development - unless you are sure that none of the information can be made available to the public

How can you use crowd sourcing and the internet for spying on your competitors?

• Visit crowd sourcing portals on a regular basis and search for projects related to your industry and competitors
• Use Google Alerts not only to monitor the web activity of your firm and brands, but also of your competitors
• Use crowd sourcing traditionally by letting the crowd search through social networks, forums and the web for information about your competitors
• Sign up and monitor the support forums of your main competitors (if they have one). If they don’t have one try to open a user-to-user support forum for your competitors products – and see what happens.

1958 - The Hollow Coin Spy Case

CIA Archives: The Hollow Coin - Espionage Case of Rudolf Abel (1958) 

Vilyam (Willie) Genrikhovich (August) Fisher (Вильям Генрихович Фишер) (July 11, 1903 — November 16, 1971) was a noted Soviet intelligence officer. He is generally better known by the alias Rudolf Abel, which he adopted on his arrest. His last name is sometimes given as Fischer; his patronymic is sometimes less exactly transliterated as Genrikovich. 

The Hollow Nickel Case (also known as The Hollow Coin), refers to the method that the Soviet Union spy Vilyam Genrikhovich Fisher (aka Rudolph Ivanovich Abel) used to exchange information between himself and his contacts, including Mikhail Nikolaevich Svirin and Reino Häyhänen. 

On June 22, 1953, a newspaper boy (fourteen-year-old newsie Jimmy Bozart), collecting for the Brooklyn Eagle, at an apartment building at 3403 Foster Avenue in Brooklyn, New York, was paid with a nickel (U.S. five cent piece) that felt too light to him. When he dropped it on the ground, it popped open and contained microfilm inside. The microfilm contained a series of numbers. 

He told the daughter of a New York City Police Department officer, that officer told a detective who in two days told an FBI agent about the strange nickel. After the FBI obtained the nickel and the microfilm, they tried to find out where the nickel had come from and what the numbers meant...

Chinese Phone Turns Smart Spy

China-based leading smartphone manufacturer Xiaomi, which recently marked a successful entry into the Indian market, is allegedly a security threat. It has been accused by the Indian Air Force (IAF) of sending user data to remote servers located in China -- a charge that amounts to spying...

Xiaomi MI Hongmi 1280x720 MIUI V5

Field Reports

• F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company’s budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) and numbers from address book and text messages back to Beijing.

• A Hong Kong-based mobile phone user claims to have tested the Redmi Note smartphone and found it was automatically connected to an IP address hosted in China. The data transmitted included photo in media storage and text messages also.

According to the PhoneArena report, looking up the website of the company owning the IP address in the range 42.62.48.0-42.62.48.255 reveals that the website owner is www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun hi-tech district of Beijing.

Therefore, the IAF in its alert to all of its Commands has stated that air warriors and their family members are advised to refrain from using these devices. (more)