Monday, July 6, 2015

Italian Surveillance Company Hacked, or "What goes around, comes around."

An Italian surveillance company known for selling malicious software used by police bodies and spy agencies appears to have succumbed to a damaging cyberattack that sent documents and invoices ricocheting across the Internet.

Hacking Team’s Twitter account appears to have been hijacked late Sunday, posting screenshots of what were purported to be internal company emails and details of secret deals with various world governments.

“Since we have nothing to hide, we’re publishing all our emails, files and source code,” an apparent message from the attacker or attackers said Sunday. At the same time a massive file, several hundred gigabytes in size, was leaked online. more

The Rise of Workplace Spying

A growing number of companies are using technology to monitor their employees' emails, phone calls, and movements. Here's everything you need to know:

How are employees being tracked?

In almost every way...

When did companies start snooping?

Bosses have always kept a close eye on employees. Henry Ford famously paced the factory floor with a stopwatch, timing his workers' motions in a bid for greater efficiency. He also hired private investigators to spy on employees' home lives to make sure personal problems didn't interfere with their work performance...  

Does this boost efficiency?
Yes, according to the data...

Who does the actual monitoring?
It's all done automatically: Software programs scan employees' email accounts and computer files and alert supervisors to anything inappropriate...

What else are they looking for?
Some companies search for evidence that employees might be thinking about quitting...

Can employees stop this tracking?

Generally, no. Most employee contracts give management free rein to do what it wants with data gathered from office-issued equipment, but some surveilled workers are fighting back...

Listening in at the water cooler.

If you find the idea of your boss reading your emails creepy, how about having your location, tone of voice, and conversation length monitored throughout the working day? Boston-based analytics firm Sociometric Solutions has supplied some 20 companies with employee ID badges fitted with microphone, location sensor, and accelerometer... more

Brazen Snoop Goes to Digital Extremes for Game Scoop

Lousy security, but “great food.”

That was a parting shot from a snoop who slipped into a London digital gaming company, hung out there for the day, ate a free lunch — then spilled details online about a new game the firm is developing.
The security breach last week at Digital Extremes, the city’s largest gaming company, underlines the perils of the open workplace that sets tech companies apart from many businesses, one observer said.

“This case illustrates the risk for any technology company of having an open environment and how vulnerable they can be to corporate espionage,” independent technology analyst Carmi Levy said. “There is a risk, when a stranger walks into an office, of losing trade secrets . . . They have to prevent that.” more

One Way to Silence Your On-Air Competition - Sue them for wiretapping!

Philippines - A municipal councilor in Aklan has sued a broadcaster for wiretapping after he allegedly taped a private conversation without the official’s consent. 

In a complaint filed before the provincial prosecutor’s office on July 3, Augusto Tolentino, a councilor of the capital town of Kalibo, accused Ma-ann Lachica of violating Republic Act 4200 (Anti-Wiretapping Act), punishable with imprisonment from six months to six years.

In his complaint, Tolentino, a veteran broadcaster who currently hosts a radio program, accused Lachica of recording a conversation of the official with broadcaster Rolly Herrera at the session hall of the municipal building in September 2014. more

Sunday, July 5, 2015

How Hackable is Your Life (infographic)

If you're reading this, there's 69 percent chance you will become a victim of hacking at some point in your lifetime. And if you think protecting yourself is as easy as changing a couple passwords and installing some anti-virus software, you're 100 percent wrong.

Luckily, the paranoia-inducing infographic below will whip you into shape, stat. Find out how hackers gain access to your information, all the scary things they can do with it, and what you can do to protect yourself.

more

Thursday, July 2, 2015

Man Tapes Upstairs Neighbor with Pole-Mounted Spycam - Claims "Investigative purposes"

MD - Imagine living on the third floor of your condominium building and glancing outside to find a camera looking back. That is exactly what a woman told police she saw, and now her downstairs neighbor is facing multiple criminal charges.

According to police, Donald Beard, 60, repeatedly attached a camera to a long metal pole. Beard would then walk onto his second floor balcony... and hoist the pole, camera rolling, to spy on the woman who lived upstairs.

Around 10 p.m. one night... the victim looked outside her living room window and saw a metal pole swinging back-and-forth. A camera was attached, recording her every move. She immediately called police...

While searching Beard's computers, external hard drives, flash cards, cell phones, tablets, cameras, and other electronic devices, detectives say they uncovered 16 individual videos of the victim. One clip showed the middle-aged women topless.

As for a motive, Beard reportedly told police his unique surveillance mission was "for investigative purposes", claiming his neighbor was spending time with married men and he wanted to catch her in the act...

Police say Beard also kept an audio journal of the victim's daily activities.  more video

Employee Security Awareness Training: Keeping Your Data Safe

"Human Error is among the most common causes of data loss and security breaches."

Develop a compelling security awareness training that improves employee behavior. Join this FREE webinar and learn about best practices on securing your data from sophisticated attacks. Security experts from Smarttech and Security Innovation will place a great emphasis on:
  • Hacker Tools and Types of Attacks
  • Why Employees Are the Perfect Target
  • How a Breach Can Hurt Your Organization
  • Mitigation Strategies and Tools 
Date: Thursday, July 9
Time: 10-11 AM EDT

Presenters:
Ronan Murphy
CEO, Smarttech

Ed Adams
CEO, Security Innovation

Registration 

Wednesday, July 1, 2015

Corporate Espionage: not your typical sports-“gate”

Generally when one refers to “competitors” in the context of protecting trade secrets, it is in regard to business competitors, not competing sports teams...

Recently, however, the worlds of sports and trade secret protection collided on the baseball diamond when the St. Louis Cardinals were accused of hacking into the Houston Astros’ internal computer network and stealing proprietary information. According to the New York Times, Cardinals employees gained access to the Astros’ “internal discussions about trades, proprietary statistics and scouting reports,” which the Astros no doubt would prefer to keep private. Specifically:

Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager, who had been a successful and polarizing executive with the Cardinals until 2011. more

Saturday, June 27, 2015

The Sticker on Your Smartphone Battery is Not a Spy

A video showing an NFC-clad sticker on a battery in a smartphone has gone viral today. This video suggests that this smartphone was using an NFC sticker to "record every photo of yours on your battery."

What we're going to need to do right now is get very serious and very clear about this situation. Your battery - and the NFC antenna that may or may not be attached to it - is not stealing your photos and sending them to our estranged government overlords. It's just not. more

What's Dumber than the Coach Spying on his Team?

(Admitting it?)

In Internet lingo, Mike Krzyzewski is actually a "creeper."

The Blue Devils head coach confessed to ESPN.com that he has set up a secret Twitter account so he can monitor what his players are up to.

This was Krzyzewski's response when asked if he's on social media:

"I follow guys. I don't want to be on Twitter because I don't care. I don't want their opinions. I don't need to show that I have X amount of followers. But I follow a lot of people on Twitter, under an alias. I tell my guys, 'I'm following you.' Then if I see something, you text them, you gotta watch. But there are a lot of cool things that they do. I do like that they do it." more

Bugging Devices Found in 2 CHP Deputies’ Offices in Parliament

Turkey - Security at Parliament found bugging devices in the parliamentary offices of the main opposition Republican People's Party (CHP) deputies Mustafa Balbay and Özgür Özel on Thursday and Friday.

Deputies who took their oaths in Parliament following their election in the June 7 general election began to move into their new rooms in Parliament. CHP İzmir deputy Balbay also moved into his room and an ordinary security search was conducted. During the search, security officers received strong signals from the frame of a photo of Mustafa Kemal Atatürk, the founder of modern Turkey.

Parliament security recorded the findings of the search and decided to request assistance from the police to search the room again with more advanced devices.

After Balbay's room, a bugging device was also found in the former office of the new CHP parliamentary group chairman, Özel. Security officers found the bugging device installed in an electrical socket in the room. Speaking to reporters about the device, Özel said no one had being using the room before him, and added that he will request that Parliament's security officers search all the parliamentary offices being used by CHP deputies. more

Exit Interiew, or why we love the 4th of July

A raft of recent executions and forced disappearances in North Korea linked to the secret wiretapping of high-ranking officials has prompted members of the leadership to abandon their homes, according to sources inside the country.

Since assuming control of North Korea following the death of his father and predecessor Kim Jong Il in December 2011, regime leader Kim Jong Un has carried out a near-continuous series of high-level purges, including his own uncle last year.

The practice has sparked a debate among residents of the capital Pyongyang about what has led to the executions and disappearances, with the consensus being that the homes of the officials had been wiretapped by North Korea’s formidable State Security Department. more

Tuesday, June 23, 2015

Radio Bug in a Pita Steals Laptop Crypto Keys

The list of paranoia-inducing threats to your computer’s security grows daily: Keyloggers, trojans, infected USB sticks, ransomware…and now the rogue falafel sandwich.

Researchers at Tel Aviv University and Israel’s Technion research institute have developed a new palm-sized device that can wirelessly steal data from a nearby laptop based on the radio waves leaked by its processor’s power use.

Their spy bug, built for less than $300, is designed to allow anyone to “listen” to the accidental radio emanations of a computer’s electronics from 19 inches away and derive the user’s secret decryption keys, enabling the attacker to read their encrypted communications. And that device, described in a paper they’re presenting at the Workshop on Cryptographic Hardware and Embedded Systems in September, is both cheaper and more compact than similar attacks from the past—so small, in fact, that the Israeli researchers demonstrated it can fit inside a piece of pita bread.

“The result is that a computer that holds secrets can be readily tapped with such cheap and compact items without the user even knowing he or she is being monitored,”
says Eran Tomer, a senior lecturer in computer science at Tel Aviv University. “We showed it’s not just possible, it’s easy to do with components you can find on eBay or even in your kitchen.” more / research paper

Imagine these being built into restaurant and hotel room table tops.

Sunday, June 21, 2015

Espionage in the Sports World

A lawsuit accuses a Sporting Innovations co-founder of corporate espionage.

Sporting Innovations, which develops technological applications for professional sports teams and entertainment groups, fired its co-CEO, Asim Pasha, June 16 and then took him to court a day later. The company says he spent the last year there using its resources to prepare the launch of a competing business.

The firm, affiliated with the owners of Major League Soccer's Sporting Kansas City, filed suit June 17 in the U.S. District Court of Western Missouri, accusing Pasha and his son, Zain Pasha, of colluding with a New York company to create a similar enterprise and misappropriating Sporting Innovations' proprietary business information in the process. The 28-page filing also accuses Pasha of running up "tens of thousands" of dollars in charges on company-issued credits cards to fund personal expenses. more

Cardinals Hack Astros - Baseball Spygate

More details are emerging about the federal investigation into whether Cardinals employees may have hacked into the Houston Astros database. 

The latest revelations come from an unnamed law enforcement official who is reportedly familiar with the FBI’s investigation into the Cardinals. That official told Yahoo Sports that the computer used to allegedly hack into the Astros network was located in a Jupiter, Florida house. Jupiter is of course where the Cardinals hold spring training.

The law enforcement official also told Yahoo Sports that a number of Cardinals employees used the house and that the data stolen during the alleged hacking provided insight regarding the Astros opinions on players and the teams trade talks. The New York Times initially broke the story about the alleged hacking investigation on Tuesday. more

How The Simpsons Predicted Major League Hacking

via uproxx.com
It appears as though The Simpsons knew the St. Louis Cardinals would get caught hacking all along. In this episode “Brother’s Little Helper,” Bart Simpson takes behavioral medicine after repeatedly acting out at school. As a result, he turns into a paranoid conspiracy theorist and believes Major League Baseball is spying on his town using satellites.



His theory turns out to be true, after he shoots down an MLB satellite towards the end of the episode. The Cardinals’ Mark McGwire appears and informs the town that Major League Baseball was spying on them “pretty much around the clock.”

Then, he socks a few dingers. People love dingers. more

Saturday, June 20, 2015

The Dr. MegaVolt Documentary is Coming

Five years in the making!  Mega volts spewed into the atmosphere! The Dr. MegaVolt documentary is about to zap out. The world premier screening... (drum roll)

"Dr Megavolt: From Geek to Superhero"
Comic-Con International Independent Film Festival 
Saturday July 11, 2015 2:35pm - 4:05pm,
Grand Ballroom D, Manchester Grand Hyatt San Diego

Meet Dr. Austin Richards, aka Dr MegaVolt, a Ph.D. in physics who has been performing in a metal Faraday suit with Tesla coils since March 1997. This documentary chronicles Dr MegaVolt's high-voltage adventures.

This is a new 71 minute long feature film from writer/producer/director Victoria Charters. The film is currently being submitted to various film festivals. It will be commercially available soon.

I received my advance copy of the movie and watched it last night. Not only is it technically interesting (all things Tesla are cool), but there is a surprising amount of human interest, drama and intrigue.

Disclaimer: So why am I hyping something that has nothing to do with spying? #1 this is a great flick. #2 they mentioned me in the credits.

Friday, June 19, 2015

Handy Bluetooth Store and Forward Mini Microphone (OK, who said bug?)

A new device is aiming to do for audio recording what the GoPro did for video recording. The Instamic is a small, self-contained, high-quality sound recorder. It is aimed at musicians, filmmakers, journalists, bloggers and other people who need a simple and effective means of capturing sound.


There are two versions of the Instamic: the Go and the Pro. Both offer mono and dual mono recording, with the Pro boasting stereo recording as well. The Pro is also waterpoof up to 5 ft (1.5 m) for a maximum three hours (in accordance with IP68), whereas the Go is only splash-proof. Other than those differences, the models are pretty much identical.

They each provide ultra-low power digital signal processing, with a sample rate of 48 kHz and a 24-bit bitrate. Their microphones capture between the frequencies of 50 and 18,000 Hz, with a reasonable signal-to-noise ratio of 67 dB and and maximum sound pressure level of 120 dB. more

Sunday, June 14, 2015

This Month's Spy World Fails

A former police intelligence chief is required to serve up to 860 years in prison in a wiretapping case, in which he has been found guilty of wiretapping 48 people, including several government officials, journalists, judiciary personnel and businessmen. more  

China's ex-security chief Zhou Yongkang has been jailed for life - the most senior politician to face corruption charges under Communist rule. more

Pigeon arrested and jailed after police believe it’s a Pakistani spy. The would-be feathered James Bond was taken to a police station by a 14-year-old, after he discovered a mysterious note attached to the animal – which was written in Urdu and listed a Pakistani phone number. more

The former chief of the feared spy agency responsible for kidnapping, torturing and killing thousands during Chile's military dictatorship has accumulated 500 years in prison sentences. more

Paris court sentences Gilbert Chikli to prison in absentia for bamboozling 33 banks and companies in France out of millions by passing himself off as a CEO or intelligence agent. more (FutureWatch - Coming to a theater near you.)

Accused spy Thomas Rukavina killed himself Friday evening in his Plum home, but the federal probe involving industrial trade secrets, Chinese espionage and possible co-conspirators here and abroad continues. more

A Russian citizen who worked in Manhattan as a banker asked a federal judge June 11 to toss out charges that he participated in a Cold War-style Russian spy ring. Lawyers for Evgeny Buryakov, who remains in jail after his arrest in January, said the case should be disallowed despite an avalanche of video and audio recordings of his alleged spying activities collected by prosecutors. more

Care to reconsider your dream of becoming a spy?


Spycatching Give-Ups

East Timor has officially dropped its case against Australia before the UN's International Court of Justice, after Canberra returned sensitive documents relating to a controversial oil and gas treaty. more

Germany has dropped an investigation into alleged tapping of Chancellor Angela Merkel's phone by the US National Security Agency (NSA). more

Three Polish government ministers and the speaker of parliament resigned June 10 over a high profile eavesdropping scandal just four months ahead of a general election which polls show could usher the conservative opposition into power. more

This Week's Questions from the Media

Q. How did you come to be in PI?
A. A long time ago, I interviewed Jackie Mason for my college radio station and phrased a similar question to him. He stopped me and said, "don't ask how, ask why, that's what's interesting." I never forgot it.

With that in mind... The short story is I had a high school interest in radio-electronics. During college, I took a summer job in law enforcement which involved surveillance electronics. Really interesting! I switched majors from mass media to criminal justice. I obtained employment as a private investigator with Pinkertons Inc. (where I got to use surveillance equipment and concoct custom surveillance solutions). I advanced to become the director of their commercial investigations department in NJ, and then director of their electronic countermeasures department worldwide. In 1978, I opened my own firm specializing in electronic countermeasures (aka Technical Surveillance Countermeasures or TSCM). "How," was just a pinball path of following my interests and being ready to take advantage of opportunities that came my way. "Why," because I am inquisitive, fascinated by technology, and most of all, I like helping people solve their problems.

Q. What kind of services do you/company offer?
A. • TSCM; detecting electronic surveillance devices for business and government.
• Counterespionage consulting; providing advice to help detect and deter business espionage.
• Training; specialized training for keeping the workplace free from video voyeurism.
• Smartphone spyware detection and prevention; a book, an Android app, an iPhone app and a smartphone anti-spyware security kit.

Q. What is your day-to-day routine like?
A. There is nothing routine about my day except that every day is a work day. I'm not sure whether this is a factor of being in one's own business, or this particular business demands it. We are available to our clients 24/7, including holidays and weekends. Vacations are taken during slow periods, usually 7-10 days, once or twice a year. The days are divided into two types, office days and field days, when my team and I are conducting inspections for our clients. On office days the work includes: report writing, invoicing, marketing, servicing instrumentation, working on research projects for clients, bookkeeping, creation of books, training, apps, etc.

Q. How has technology affected your day to day, if at all, in recent months/years?
A. My business is heavily technology oriented. Technology change always affects what we do, how we do it, and what new countermeasures we need to develop to keep ahead-of-the-curve. People mistakenly believe that technology changes the things on which we focus. Wrong. It adds to them. All prior espionage techniques still work, and are still used. Spies just have more tricks in the black bag these days.

Q. What is the biggest misconception about being a PI?
A. (Laughter) Pretty much everything you see on TV and the movies. Having worked in all aspects of private investigations before settling into my specialization, I can generalize and say... "Private investigations has a very long flash to bang ratio." That is to say, any investigation involves long periods of quiet work before the last 5% of excitement. That being said, the extremely well-worth-the-wait excitement reward is an intense bit at the end. The greater reward is the satisfaction of having helped someone. That part lasts, and accumulates.

Q. Is there a particular issue facing your industry as a group that you’re concerned with right now?

A. Yes. Video voyeurism in the workplace is the hottest issue around right now. The problem started gaining logarithmic traction about 10-15 years ago. In the past year, the epidemic hit critical mass. I began receiving "what can we do" calls from my clients, similar to the flood of calls about cell phone spyware which prompted the book, app and security kit. At first, places like small businesses, private schools and country clubs called us in to conduct inspections. Once our larger clients began to call, it became obvious that sending us to check restrooms and changing rooms at all their locations (around the world in some cases) was impractical. The solution was to develop an on-line training course for their local security and facilities people.

Q. Why do you think video voyeurism reached critical mass in the last year?
A. Two factors...
1. Over the years, spy cameras have evolved from cheap low-resolution devices, to inexpensive, well-made, high-resolution devices.

2. Voyeurs have also evolved. The early video voyeurs targeted areas over which they had full control, e.g. their bedrooms, bathrooms. Emboldened by these successes, they began to include semi-controllable area targets, e.g. significant others' bedroom and bathrooms, and we also started to see media reports about landlords spying on their tenants.

Keep in mind, any media report about video voyeurism represents a failed (discovered) attack; the majority of video voyeurs are successful.

The next target expansion happened when these people began to coagulate on-line, swapping video files, war stories, and how-to tutorials on YouTube.

Now, emboldened by previous successes, camaraderie, better technology, and honed tradecraft, their hunting grounds expanded to business locations with public expectation-of-privacy areas – restrooms, changing rooms, locker rooms / showers, tanning salons, etc. Huge mistake.

In the past year or so, enough video voyeurs have been caught in corporate venues (Walmart, Starbucks, for example) to make this a legal "foreseeability" issue, with sexual harassment in the workplace implications. The dollar losses — employee morale, business goodwill, reputation and lawsuits — tipped the scales. Invading the corporate landscape was the final straw. With big money at stake, businesses beginning to fight back.

Saturday, June 13, 2015

Book: HOW TO CATCH A RUSSIAN SPY: The True Story of an American Civilian Turned Double Agent

How an American slacker caught a Russian spy at a New Jersey Hooters

Naveed Jamali, a smart, young New York techie, somehow spent three years going toe to toe with a Russian intelligence officer who thought he was developing an asset, even though all the while Jamali was quietly collaborating with U.S. federal agents.

The fast-paced, occasionally stressful, often hilarious and invariably self-involved story of how it all went down is the subject of “How to Catch a Russian Spy.more

And we call this plank in the platform, Stasi.

via Steve Benen...
When I first heard yesterday that Republican presidential hopeful Ben Carson wants to spy on U.S. government workers, I thought this was some kind of joke. 

It sounded like a satirical way of poking fun at the right-wing neurosurgeon’s strange political views.

But as msnbc’s Jane C. Timm reported, Carson actually shared his thoughts on a “covert division” yesterday.
Republican presidential contender Ben Carson said Wednesday that if elected next year he might implement a “covert division” of government workers who spy on their coworkers to improve government efficiency.
The pediatric neurosurgeon-turned-candidate told a crowd of Iowa Republicans he is “thinking very seriously” about adding “a covert division of people who look like the people in this room, who monitor what government people do.”
The idea, apparently, would be to help motivate government employees to work as effectively as possible, fearing that their co-workers are spying on them. more

Three Major Chinese Airlines to Provide In-Flight WiFi Services

Three major Chinese airlines, including China Eastern Airlines, China Southern Airlines and Air China, have been approved to provide in-flight Wi-Fi services. 

China Eastern Airlines has become the first Chinese carrier to provide Wi-Fi services on both domestic and international flights... The services are expected to be offered in a month as the airline clears up several formalities ahead of the launch.

Oh, by the way...

"Through wifi access, we will offer a variety of internet services which are free for passengers. The service charges will be shared and paid by the airline and its business partners," said Zhang Chi with China Eastern Airlines.

Spybusters Tip #815 - From our "There is no free lunch" file... You might want to keep your phone in airplane mode.

Why Are Chipmunks Wearing Mini Spy Microphones?

Miniature Russian spyware is infiltrating an underground Canadian community.

The perpetrators? Scientists studying how eastern chipmunks communicate. For the first time, the team has outfitted the little striped animals with collars bearing inch-long (2.8 centimeters) microphones, the world's smallest digital recording device, according to Guinness World Records.

Using these espionage tools, the team recorded, analyzed, and decoded constant chipmunk chatter, instead of relying on static microphones that had previously limited scientists in understanding the secret lives of wildlife.

So far, the hardy microphones, deployed on chipmunks in southern Quebec's Green Mountains Nature Reserve, have provided unprecedented data on how and when chipmunks call, which is helping reveal the burrowing rodents' individual personalities. more w/video

Wednesday, June 10, 2015

Spy Virus Linked to Israel Targeted Hotels Used for Iran Nuclear Talks

When a leading cybersecurity firm discovered it had been hacked last year by a virus widely believed to be used by Israeli spies, it wanted to know who else was on the hit list. It checked millions of computers world-wide and three luxury European hotels popped up. The other hotels the firm tested, thousands in all, were clean.

Researchers at the firm, Kaspersky Lab, weren't sure what to make of the results. Then they realized what the three hotels had in common. Each was targeted before hosting high-stakes negotiations between Iran and world powers over curtailing Tehran's nuclear program. more

Spybuster Tip # 732: Know what else is going on in your hotel before you make the decision to use their Internet service.

Tuesday, June 9, 2015

Drones and Counter-Drones

As regular readers know, the Security Scrapbook follows drone development. Our Canadian Blue Blaze Irregular checks in:

Kevin, This is making a big splash in the news today out our way... Despite the relatively short flight time (it can be worked on) this would have been greatly appreciated by many of the people we’ve met. Usually they would have had great fun if it were available in their past life. Another ‘interesting’ toy. All kinds of possibilities. ~WM



And now, the drone antidote...

Counterespionage Tip # 529 - Encryption as a Legal Defense

We strongly encourage companies possessing or transmitting personally identifiable information (PII), protected health information (PHI), financial or other sensitive data, including trade secrets, to use encryption. Why? Because, if employed properly, it is both effective and legally defensible.

Why should you use it?

You should use encryption because it gives you legal protection. Few laws specifically require encryption. HIPAA generally doesn’t. State statutes don’t. Nor does the Gramm Leach Bliley Act’s Safeguard’s Rule. Yet if you are not encrypting PII, PHI, or financial data, you are putting yourself at risk. Those laws expect you to take reasonable precautions. And using encryption, and using it properly, is a reasonable precaution when it comes to dealing with sensitive data. HIPAA, for example, provides that encryption should be used where “the entity has determined that the specification is a reasonable and appropriate safeguard in its risk management of the confidentiality, integrity and availability” of the information or else implement an “equivalent alternative measure if reasonable and appropriate,” and document why encryption wasn’t the best choice. more

The Post-it Note Attack Finally Makes it into an HBO Script

A post-it note with a password written on it, posted on the computer, or somewhere nearby. It's one of the most common information security slip-ups that I see. This icon of stupidity has finally made it into an HBO script (courtesy of Silicon Valley). Even hackers treat this with disdain...

Friday, June 5, 2015

NSA Spy Cam Blocker

That little front facing camera on your laptop or tablet... 

can be a window for the world to see you - whether you know it or not! Stop hackers and the NSA with this simple camera blocker. Safe and practical. more

Spy - The Movie

In the mood for a spy movie this weekend?


"Melissa McCarthy made her bones as a scene-stealing supporting player, but her starring vehicles have only occasionally made the most of her comic gifts. Until now, that is: critics say Spy is an inspired, uproarious spoof of espionage thrillers loaded with self-effacing performances and sharp jabs at workplace sexism." more

Let's YTRAP, mate!

A new kind of party craze has many Australians scrambling for invitations. 

Crypto parties, where people gather to learn online encryption, are attracting everyone from politicians, to business people, to activists.

Two years after US spy agency contractor Edward Snowden leaked documents from the National Security Agency exposing mass global internet surveillance, there is rapidly growing interest in protecting online activity.

There have been crypto parties in Brazil, Germany and the UK, and more than a dozen have already been held in Australia.

Apps like Wickr, Confide and WhatsApp have taken encryption out of the geek lab and to the masses. more

Better grab their car key, too.

...security giant G4S will confiscate smartphones from shareholders and journalists at its AGM in London after activists used them to film their violent removal by security staff at last year’s event.

The blanket ban, which includes staff and board members, comes a year after activists, who bought shares to attend the meeting, staged filmed interventions. The footage later appeared in the UK media.

A spokesman for G4S told the Guardian newspaper: “Last year we had a large number of protesters who were effectively staging demonstrations in the meeting and they were filming it.

“The intention is not to suppress the legitimate free speech of people but it is just simply to maintain some degree of security for our people in the meeting. That is the rationale.” more

Wednesday, June 3, 2015

Hero4 Minicam Easily Forced into Spycam Servitude by "Criminals"

A security firm has warned it is "too easy" for criminals to take control of GoPro cameras which could then be used to spy on their owners.

Pen Test Partners showed the BBC how it could gain access to a Hero4 camera that appeared to be turned off, to secretly watch or eavesdrop on users, or to view and delete existing videos.

The attack relied on victims setting simple passwords which could be guessed by software within seconds.

GoPro said its security was adequate. more

Cody Labs - One Smart Espionage-Savvy Company

Pharmaceutical company Cody Laboratories Inc. occupied its new $3.7 million. 11,000-square-foot warehouse Monday after a ribbon-cutting that drew Gov. Matt Mead and other dignitaries.

James Klessens, CEO of Forward Cody, an economic development agency, said the company is helping Cody keep Wyomingites in Wyoming.

“If you want to see the warehouse you better come yesterday because after today nobody in the general public is going to gain access to that building,” Klessens said. He indicated that as a pharmaceutical company Cody Labs has to worry about corporate espionage and defending trade secrets, making them an enormously private company. more

Free Spycam Detection Advice on the Net (Worth exactly what you paid for it.)

How to Detect Hidden Spy Cam in Dressing Room
There are camera which are smaller in size that could capture HD videos and possibly hides its presence from Human eye. So conduct this simple test to check whether you are really "Private" with no hidden cameras monitoring.
  • Enter trial room with your mobile phone and ensure mobile signal to make calls.
  • Try to make call inside the private room, if there is a "Hidden Camera" you cannot make calls due to interference of fiber optics during signal transfer which blocks mobile callls. (sic)
  • Making calls without any interference is the sign of Camera free room.
Note: There exist some problem with the above test in low signal areas - Entering closed cabin with low mobile signal will further vanish the meagre (sic) signal earlier available, hence result in out of coverage. more

This is total nonsense of course, but sadly, many trusting souls will believe it. If you really need to make sure your "expectation of privacy" areas are free from spy cameras, may I suggest spycamdetection.training.

Bionic Ear Comes with Wireless Microphone and Control App

Soundhawk is an ear-worn "smart listening system," which the company is very careful to describe as ... well, anything but a hearing aid...
There are two parts: the "scoop" (that's it on the right, above) which is the listening device that you put in your ear, and the "wireless mic," which you can (optionally) place near someone who's talking to you in a noisy environment. The wireless mic can either rest on a table or clip onto something like a shirt or jacket. And you can easily switch between modes using one of the buttons on the earpiece. Using the scoop alone, the audio enhancement is quite good.

...it all connects to your smartphone via Bluetooth Low Energy. The companion app lets you choose among four different listening modes (indoors, outdoors, driving and restaurants), each of which you can customize for brighter or fuller audio, as well as the level of the boost. There's also an output volume control.

There's also the potential for some serious eavesdropping here, if you tuned the settings for that... our closed-door simulations allowed us to understand faint whispers from across a bedroom. The next time you're whispering a secret to a friend, watch out for people wearing Soundhawks in the area. They might be able to hear you. more

Why do I mention it?
So you will know what you're up against.

Saturday, May 30, 2015

Antalya Police Tears Down its Office Walls, Paranoid About Bugging

Turkey - The police intelligence unit in Turkey’s primary holiday resort province Antalya has torn down its own walls in a search for a bugging device according to a tip, fueling the debate on government wiretapping.

The search was reported to have been conducted sometime in the past 8 months and apparently had not uncovered any device. The incident is likely to be regarded as indicative of the extent Turkey’s wiretap saga has reached.

Police intelligence forces who were detained and released over eight months ago were once again detained earlier in the week, in one of the latest episodes of the raids to target the police force over illegal wiretapping allegations.

Since the dated December 17, 2013 corruption probe which implicated the government, “illegal wiretapping” cases has resulted in the mass purge of the police force with hundreds of hundreds being imprisoned. Critics have slammed the government for arbitrarily using the allegations as a pretext to politicize the force. more

Friday, May 29, 2015

China Didn't Invent Industrial Espionage

The U.S. Justice Department last week charged six Chinese scientists for stealing trade secrets and engaging in industrial espionage on behalf of China. 

A separate case, announced Friday, involved the former chairman of the physics department at Temple University, a China-born U.S. citizen who allegedly passed along semiconductor technology while working at an unnamed American company.

Such cases often are held up as evidence of China’s perfidy and unscrupulous dealings in the global economy. But before getting into high dudgeon mode, the U.S., and for that matter, almost every Western nation, might wish to remember their own, no-holds-barred campaigns to swipe industrial secrets.

In fact, one of the first cases involved the theft of industrial secrets from China. In the 17th and 18th centuries, the Chinese alone possessed the ability to produce high-end “hard-paste” porcelain, an expensive material beloved by Europe’s elites. In the 1680s, a French Jesuit, Pere d’Entrecolles, traveled to China, where he saw the kilns and likely read technical works on the subject... more

Thursday, May 28, 2015

Business Espionage - Quote of the Week

"Commercial espionage is considered to be on the rise as our dependence on digital data – and technologies in the workplace – becomes more and more severe... We're only seeing the tip of the iceberg at the moment." ~ Dr Dionysios Demetis, Hull University Business School (UK) more

Summer Reading - Corporate Espionage

Here are five stories that delve deep into the murky world of corporate information gathering.

1. “Drug Spies” (Richard Behar, Fortune, September 1999)

This story about corporate spies fighting pirated drugs in the high stakes pharmaceutical industry reads like a summer action movie, complete with former Scotland Yard detectives, solitary confinement in a Cyprus prison and multinational drug giants.

2. “Confessions of a Corporate Spy” (George Chidi, Inc., February 2013)

George Chidi’s work is more social engineering than cloak-and-dagger, but this first-person piece from a competitive intelligence consultant offers fascinating insight into the less legally shaky subset of the corporate intelligence world. Bonus: the last third of the article functions as a how-to for aspiring information gatherers.

3. “The Secret Keeper” (William Finnegan, New Yorker, October 2009)

If there is a gold standard in the corporate intelligence world, it’s Kroll Inc., Jules B. Kroll’s namesake consulting group. Here the New Yorker profiles Mr. Kroll, who is “widely credited with having created an industry where there was none.”

4. “A Spy in the Jungle” (Mary Cuddehe, The Atlantic, August 2010)

Cuddehe was a freelance reporter with a busted rental car in a Cancún parking lot when a friend called with a “research” job:

…an offer from Kroll, one of the world’s largest private investigation firms, to go undercover as a journalist-spy in the Ecuadorian Amazon. At first I thought I was underqualified for the job. But as it turned out I was exactly what they were looking for: a pawn.

Her recollections, and reflections on why she chose not to take the job, are an interesting counterpoint to the New Yorker article.

5. “The Pizza Plot” (Adam L. Penenberg and Marc Barry, New York Times Magazine, December 2000)

Schwan’s knew that Kraft was going to roll out a new kind of frozen pizza, and that if they wanted to compete they would have to find out all sorts of specifics before the launch. This article, which is adapted from Penenberg and Barry’s 2000 book Spooked: Espionage in Corporate America, is a dazzlingly fun look at just how Schwan pulled that off.

Debate Over NSA ‘Spying’ Program, Explained in Under 2 Minutes

Congress has less than a week to decide the fate of a government surveillance program that was created after 9/11 to prevent terrorist attacks. The program, enabled by a provision under the Patriot Act, gives the National Security Agency a number of tools to fight terror, such as the ability to collect phone records in bulk. With the U.S. Senate deeply divided on the issue, The Daily Signal breaks down the debate happening on Capitol Hill. more

Free Espionage Movies Near Washington, DC

VA - The Crystal City Business Improvement District has revealed the lineup for its annual outdoor summer movie festival. The theme this year: espionage.

The movies are shown weekly on Monday at sunset — around 8:30 p.m. — and are held rain or shine, except in the event of dangerous weather.

Families are encouraged to bring a blanket to the free event. The outdoor “theater” is located in the courtyard of an office building at 1851 S. Bell Street.

The lineup is:
June 1 — Mission: Impossible
June 8 — Mission: Impossible II
June 15 — Mission: Impossible III
June 22 — Mission: Impossible- Ghost Protocol
June 29 — Charlie Wilson’s War
July 6 — RED
July 13 — Argo
July 20 — Tinker Tailor Soldier Spy
July 27 — Body of Lies
Aug. 3 — Enemy of the State
Aug. 10 — The Bourne Identity
Aug. 17 — The Bourne Supremacy
Aug. 24 — The Bourne Ultimatum
Aug. 31 — The Bourne Legacy



MIA - "The Conversation"


Tuesday, May 26, 2015

South Korea's New Law Mandates Installation Of Government-Approved Spyware

The app, "Smart Sheriff," was funded by the South Korean government primarily to block access to pornography and other offensive content online. But its features go well beyond that.

Smart Sheriff and at least 14 other apps allow parents to monitor how long their kids use their smartphones, how many times they use apps and which websites they visit. Some send a child's location data to parents and issue an alert when a child searches keywords such as "suicide," ''pregnancy" and "bully" or receives messages with those words...

Last month, South Korea's Korea Communications Commission, which has sweeping powers covering the telecommunications industry, required telecoms companies and parents to ensure Smart Sheriff or one of the other monitoring apps is installed when anyone aged 18 years or under gets a new smartphone. The measure doesn't apply to old smartphones but most schools sent out letters to parents encouraging them to install the software anyway...

South Korea's new system is by no means impervious. For one, it can only be fully applied to Android phones not Apple Inc. phones. more

Monday, May 25, 2015

A Memorial Day Thought - The Thing We Forgot to Fight For

We fight like hell for freedom, but we let the world pick our intellectual pockets.

Sure, the US has a counterespionage law. But it is a half-way measure. Ok, we do more than Canada. They don't even have a law.

Question... What is the quality of your freedom once your jobs are stolen, and your intellectual property is ripped out from under you? 

Memorial Day is a good day to re-print this post from April 5, 2012.

----------------------------------

Gen. Keith B. Alexander, (NSA)
...called the continuing, rampant cybertheft “the greatest transfer of wealth in history.” (bio)
---
Shawn Henry, (FBI) 
...current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said. (bio)
---
Richard A. Clark, (presidential advisor) 
"Yet the same Congress that has heard all of this disturbing testimony is mired in disagreements about a proposed cybersecurity bill that does little to address the problem of Chinese cyberespionage." (bio)
---

Letter to the Editor - The New York Times

Dear Editor,

Richard A. Clarke’s op-ed piece, “How China Steals Our Secrets,” (4/2/12) states the current business espionage problem perfectly, but we need a solution. Consider this...

The Chinese secrets of: silk and tea production; making porcelain, gunpowder and paper, could not survive Western espionage attacks – not even when protected with death penalties. Espionage killed their economy, and the damage lasted for centuries. Obviously, our competitive advantages are also our National Interest Assets.

The one-sided, punish-the-spy security model, still being used today, never worked. We need to make it two-sided. There must be a proactive legal responsibility to protect.

The solution... Corporate caretakers must be held accountable for protecting their valuables; our national treasures. We need a law creating business counterespionage security standards, with penalties for inadequate protection. We already
successfully employ the same concept with medical and financial record privacy.

Kevin D. Murray
Spybusters, LLC
---

A cybersecurity law alone will not stop spying. 
If implemented, it will force an increase in traditional spy techniques, such as: bugging, wiretapping, physical intrusions and social engineering. (Remember, computer data is available elsewhere long before it is computerized.) 

Protecting our competitive advantages requires a holistic approach; a National Interest Assets law which would also...

• Protect the entire intellectual property timeline, from brainstorming and initial discussions, to the final product or business strategy. 

• Impose a responsibility of due care upon the creators and holders competitive advantage information.

• Specify compliance requirements aimed at countering traditional business espionage practices. Technical Surveillance Countermeasures Inspections (TSCM / bug sweeps), information-security audits, and information-security compliance procedures; safeguards which can be easily mandated and monitored.

This is a no-brainer, Congress.

The cost of keeping National Interest Assets safe is infinitesimal compared to current losses (not to mention the long-term effects). Just ask the Chinese.
~Kevin

Saturday, May 23, 2015

Spy Trick # 482 - Keyless Car Break-in Mystery Solved

If you have a wireless key fob for a car with a remote keyless system, then you might want to start keeping your keys in a freezer or other Faraday Cage to protect it from high-tech thieves, who can use a $17 power amplifier to break into your vehicle.

Cars with keyless entry systems are capable of searching for a wireless key fob that is within a couple feet of the vehicle, but car thieves can use a $17 "power amplifier" to boost the key searching capabilities, sometimes up to around 100 meters, and pull off a high-tech car break-in. more extra spy credit

Friday, May 22, 2015

Does Android Factory Reset Protect Your Information

If you sell or gift your old Android phone to someone, is it enough to do a factory reset to wipe all your sensitive data? And if your Android gets stolen, how sure are you that your anti-theft solution will do a good job wiping it and/or locking the device?

Consumers generally have no insight in how well these features work. Their only option is to trust the manufacturers' and developers' assurances, and wait for security researchers to test the solutions.

Now, two researchers from the Security Group at the University of Cambridge Computer Laboratory have published two papers that answer those questions.

The first one details the results of a security analysis of Android's Factory Reset option, tested on 21 second-hand Android smartphones from 5 vendors running Android versions v2.3.x to v4.3.

In the second paper, they revealed the results of their testing of the top 10 mobile anti-virus apps' anti-theft functions (“remote wipe” and “remote lock”). Again, the results are bad: they found flaws that undermine MAV security claims and highlight the fragility of third-party security apps. more

Coming Soon - Surveillance Cacti - Prick

AZ - The Town of Paradise Valley is adding a new gadget to its collection of surveillance tools: permanent roadside license plate readers. Several Valley police agencies, including Paradise Valley, already use license plate readers mounted on patrol cars. But the decision by council leaders to install the technology at eleven locations across town signals a broader use of the cameras.

They will be mounted on poles and embedded inside faux cacti to record the location, date and time of the plate number. Some of the cameras have already been installed and the program is expected to go online in June. The total cost for the project is $752,000...



Paradise Valley Community Resource Officer, Kevin Albert says strict protocols will be in place for investigators who are trained and designated to access the database. He also says simply having the plate numbers on file will not compromise privacy rights. (right) more

Next on the TSA Hit List... Igniting Shoe Laces