Monday, October 5, 2015

Gang Using Spy Cam, Bluetooth for Exam Paper Leaks Busted

India - Police have busted a New Delhi-based gang involved in assembling spy cameras and bluetooth devices in undergarments and shirts to facilitate question paper leaks in important competitive exams across the country.

...the accused used to assemble spy cams and bluetooth devices in shirts, briefs and vests, mobile hardware kits, and other equipment to get the question papers leaked out from the exam centres...

...the kit included an android smartphone which was connected with a spy cam in cuff of a shirt. The question paper was clicked by some candidate or a staff member through spy camp and smuggled outside the examination centre through drop box application.

The paper was then distributed through e-mails or WhatsApp to a team of six to eight teachers, who solved the paper. The candidates, who paid for the solved paper, were given a bluetooth ear device which did not require mobile handset and acted just as receiver. The accused had assembled a set with 40 mobile phones through which the answers were dictated to the candidates... more

Phone on Drone Hacks Wireless Printer

You might think that working on a secured floor in a 30-story office tower puts you out of reach of Wi-Fi hackers out to steal your confidential documents.

But researchers in Singapore have demonstrated how attackers using a drone plus a mobile phone could easily intercept documents sent to a seemingly inaccessible Wi-Fi printer. The method they devised is actually intended to help organizations determine cheaply and easily if they have vulnerable open Wi-Fi devices that can be accessed from the sky. But the same technique could also be used by corporate spies intent on economic espionage. more

Sunday, October 4, 2015

Operation Armchair - Son of The Thing, or...

...how a small Dutch company, helped the CIA to eavesdrop on the Russians.

"A small company from Noordwijk, Dutch Radar Research Station, worked for the CIA for decades. It built sophisticated listening devices that the Americans used against the Soviet Union. I came across this story when a schoolmate gave me papers of his grandfather. Along with intelligence expert, Cees Wiebes, I reconstructed in eighteen months the never told key role that this Dutch company played during the Cold War." ~ Maurits Martijn
(A long, but interesting story.) 

Friday, October 2, 2015

IP Protection: Don’t Expect Government Help

If actions – or in this case inaction – speak louder than words, the message from the U.S. government to the private sector regarding defense against cyber economic espionage by China is clear: “You’re on your own.”

That remains true, in the view of multiple experts, even after Chinese President Xi Jinping and U.S. President Barack Obama announced an agreement last week that, according to a White House press secretary Fact Sheet, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

...the agreement refers only to the governments of both countries – not their private sectors...

Kevin Murray, director at Murray Associates, said the reality is that, “both leaders know economics comes first. “Waving an ‘agreement’ in the air may mollify some of their constituents,” he said, but the subtext of promising that “governments” won’t do it acknowledges the reality that they, “can't control all the rogue hackers out there. All they can say is that their governments are not behind it, and they don't condone it. Meanwhile, cutouts will manage the "consultants" who make money with their data-vacuums." more

Wednesday, September 30, 2015

In China Counterespionage is Everyone's Job... by law

Counter-espionage Law of the People's Republic of China (interesting highlights)
Adopted at the 11th meeting of the Standing Committee of the Twelfth National People's Congress on November 1, 2014.
  • Chapter I: General Provisions
  • Chapter II: Functions and Powers of State Security Organs in Anti-Espionage Efforts
  • Chapter III: The Duties and Rights of Citizens and Organizations 
Article 19: State organs, groups and other institutions shall educate their units' personnel on the maintenance of State security, and mobilize and organize them to prevent and stop espionage activity.

Article 20: Citizens and organizations shall facilitate and provide other assistance to anti-espionage efforts.

Article 25: Individuals and organizations must not illegally hold or use special-purpose spy equipment needed for espionage activities. Special-purpose spy equipment will by verified by the State Council department responsible for national security in accordance with relevant national provisions.
  • Chapter IV: Legal Liability
Article 31: Where state secrets relating to anti-espionage efforts are disclosed, the state security organs give 15 days of administrative detention; where it constitutes a crime, criminal liability is pursued in accordance with law.

Article 32: For those in unlawful possession of state secret documents, materials and other items, as well as those who unlawfully possess or utilize specialized spying equipment, state security organs may conduct a search of their person, items, residence and other relevant locations in accordance with law; and confiscate the state secrets documents materials and other items they unlawfully possessed, as well as the specialized spying equipment they possessed or utilized. Where the unlawful possession of state secrets documents, materials or other materials constitutes a crime, pursue criminal responsibility in accordance with law; where it does not constitute a crime, state security organs give warnings or administrative detention of up to 15 days.
  • Chapter V: Supplementary Provisions
Article 38: Espionage conduct as used in this law refers to the following conduct... more

Sunday, September 27, 2015

Bugged: Russian Roach Rampage (Warning: Sensationalist Reporting)

The terrifying cockroach robo-SPY that could soon perform reconnaissance missions for the Russian military...

  • Robot is fitted with photosensitive sensors to track its surroundings
  • The 4-inch (10cm) mechanical roach moves like the Blaberus giganteus
  • A sample of the robo-bugs is being planned for Russian armed forces
  • Future models will be able to camouflage themselves, spy on people with portable cameras and carry out reconnaissance missions
Move over James Bond, your job is under threat from an army of robo-spies that look and move like cockroaches.

Researchers have created insect bots, inspired by the Blaberus giganteus species of roach, capable of scanning rooms and tracking their surroundings.

Fitted with sensors, these mechanical bugs can cover 12 inches (31cm) a second and the technology has already piqued the interest of the Russian military.

Researchers have created a robotic cockroach (pictured main), inspired by the Blaberus family of roaches (B. craniifer shown on top of the robot), capable of scanning rooms and tracking its surroundings. The mechanical bug can cover 12 inches a second

The bionic cockroaches were designed by engineers Danil Borchevkin and Aleksey Belousov at Kaliningrad's Kant University.

Each robot is 4-inches (10cm) long and fitted with photosensitive sensors, as well as sensors that detect contact, meaning they can constantly look out for obstacles. more


Man Admits Wiretapping, Harassment of Judge... and DUI

PA - An East Goshen man who secretly recorded telephone conversations with his ex-wife, her attorney’s office, two police officers and others, and who also made profane telephone calls to a Common Pleas Court judge and officials in the Chester County Domestic Relations Office, has admitted his culpability in those crimes.

On Wednesday, William Robert Wheeler pleaded guilty to charges of wiretapping and harassment, as well as driving under the influence, before Judge Patrick Carmody, who deferred formal sentencing to allow Wheeler to apply for the county’s alternative sentencing program for repeat DUI offenders. more

Spying Coffee Cup Lid Worthy of James Bond

This may look like an ordinary coffee cup.

But the innocent-looking container could soon become a potent new weapon in the fight against criminals, fraudsters and enemy spies.

The plastic lid is similar to those handed out by coffee chain giants, such as Starbucks and Costa.

The lid, which looks like it could have been devised by James Bond's gadget guru Q, has been created by Bodmin-based LawMate UK.

Inside, it is fitted with hi-definition filming equipment and an eavesdropping device that can listen in and record conversations, even in a room full of people.

Investigators will be able to use the device to gather crucial evidence, and can activate it by pressing the letter H – which stands for Hot – on the lid.

The firm, based at the Mid-Cornwall town's Callywith industrial estate, has already sold more than 100 of the gadgets, which are designed to fit any takeaway cup in the UK. more

U.S., China Vow Not to Engage in Economic Cyberespionage

President Obama and Chinese leader Xi Jinping pledged Friday...

that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.

But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more

----

Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?

Answer...
#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.

The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.

Here is what the private sector can do for themselves...

• View information security holistically. Spread the budget out. Cover all the bases.
   - Provide information security training to all employees.
   - Create stiff internal controls. Enforce them.
   - Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.
~Kevin

Wednesday, September 16, 2015

Ex-Spies Join Cybersecurity Fight

Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks.

Their job: Befriend hackers to find out about attacks before they even happen.

Last year, Black Cube, an Israel-based firm that specializes in gathering intelligence online, asked one of its bank clients for access to some of its internal HR and payroll data—sensitive enough to look like the spoils of a real cyber theft, but not enough to affect operations.

When Black Cube accessed the information, it left a digital trail that made it look like it had broken into the bank’s networks and stolen the data. By dangling this bait, Black Cube operatives posing as hackers infiltrated a group of cyber thieves that had been circling the bank, according to a person familiar with the sting, helping thwart an attack.

With the pace and severity of corporate cyberattacks increasing, a growing number of small cybersecurity and business intelligence firms like Black Cube are deploying the same sort of cloak-and-dagger moves that governments and police have long used to penetrate spy rings or break up terrorist cells. more

Android Apps Get Graded for Privacy - What's App on Your Phone?

A team of researchers from Carnegie Mellon University have assigned privacy grades to Android apps based on some techniques they to analyze to their privacy-related behaviors. Learn more here or browse their analyzed apps.

Grades are assigned using a privacy model that they built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.

For example, according to studies they conducted, most people don't expect games like Cut the Rope to use location data, but many of them actually do. This kind of surprise is represented in their privacy model as a penalty to an app’s overall privacy grade. In contrast, most people do expect apps like Google Maps to use location data. This lack of surprise is represented in their privacy model as a small or no penalty. more

Concerned about Android spyware, click here.

Tuesday, September 15, 2015

Sports TSCM: Manchester United Searched Hotel for Bugging Devices

UK - Manchester United reportedly organised for their hotel to be searched for bugging devices prior to Saturday's match against arch rivals Liverpool...

According to the Manchester Evening News, security men used devices to check a meeting room at the Lowry Hotel before Van Gaal discussed tactics for the game.

The report adds that the Premier League giants have been checking hotels for more than a year after a bugging device was found in a meeting during the 2013-14 season. more

Police: Fired Officer Used Drone to Spy on Neighbors

GA - A Valdosta police officer was out of a job as of Monday evening after being arrested for reportedly using a drone to eavesdrop on a neighbor.

Officer Howard Kirkland, 53, of Ray City, was fired Monday morning, Valdosta Police Chief Brian Childress confirmed.


He had been on suspension since September 4th. He was arrested at the police department by Lanier County Sheriff's Deputies on September 10th. The sheriff's office had been conducting an investigation for about a week. more

Twitter Slapped With Class-Action Lawsuit for Eavesdropping on Direct Messages

Twitter has been slapped with a proposed class action lawsuit, which alleges that the service uses URL shorteners in violation of the Electronic Communications Privacy Act and California’s privacy law.

According to court documents filed Monday, Texas resident Wilford Raney brought the complaint to federal court in San Francisco, citing that although “Twitter represents that its users can ‘talk privately,’ Twitter ‘surreptitiously eavesdrops on its users private direct message communications.”
The complaint alleges that Twitter “intercepts, reads, and at times, even alters the message” as soon as someone sends a direct message. more

Giving Up Privacy in the Name of Security


Cicada Drones Will Eavesdrop in Swarms Like Their Creepy Namesake

The U.S. Navy has developed tiny drones that can fly in swarms like cicada bugs, the organisms that give the drones their names.

In this case, "Cicada" is short for Covert Autonomous Disposable Aircraft. They're small yellow devices that can fit in the palm of one's hand and are made of only ten parts. They can fly up to 46 miles per hour almost silently.

The military described the drones as "robotic carrier pigeons," though unlike the birds historically used to send messages, these drones have an array of sensors that monitor things like weather and location data, as well as microphones that or eavesdropping on anyone in the vicinity.

The Cicada drones are meant to be deployed in swarms; they will reportedly be used behind enemy lines to determine things like troop positions, whether or not a car is on a road, and where military forces should be deployed.

For now, the tiny devices cost $1,000, but the government plans to manufacturing them more cheaply: about $250 per drone. The future of surveillance drones is, apparently, a relatively inexpensive one. more

Saturday, September 12, 2015

Security Director Alert - Worker Admits to Bathroom Spycam - Think Forseeability

If you don't have a written Recording in the Workplace Policy, and an in-house inspection procedure, right now is the time to get one in place. Contact me. I can help you do this, easily and inexpensively. ~ Kevin

AZ - A worker at a Cottonwood business was arrested on suspicion of voyeurism after police said he hid a cellphone in a women’s restroom.

Oscar Valles, 22, of Rimrock, admitted during police questioning that he placed the cellphone behind a plant in the bathroom to record one of his coworkers, officers said.

Valles said he knew the coworker changed clothes there each at the end of her shift each day. He said he did not mean to record any other person but was not able to retrieve his phone before others used the restroom, according to police. more


What is the First Thing a Spycam Sees?

All together now...
"The dumb owner setting it up!"

A bungling voyeur was captured on a video camera he set up to record women using the toilet at a party - in a stunt inspired by an American Pie film.

Adam Stephen Barugh, 26, used velcro to hide the small digital camera beneath a sink directly facing a toilet, after being invited to a house in Brotton.

His solicitor Paul Watson told Teesside Magistrates’ Court yesterday that the “prank” was inspired by watching the comedy film American Pie: Bandcamp, which features women being secretly filmed...

During the party, a female at the house noticed a small blue light coming from beneath the sink while using the toilet, and alerted her mum and sister.

Quickly hooking the camera up to a laptop, they discovered it had captured a full facial shot of Barugh setting up the camera, and videos of two women using the toilet. more

Woman Discovers Spycam in Her Bedroom... (then the action starts)

Ms. Wu, age 26, is suing her former roommate, identified by his last name Lin, for installing a spycam in her bedroom...
Ms. Wu noticed that there was a large black trashbag that didn’t belong to her, stuffed into the space above her closet. Inside, she discovered a camera, and a wire that ran from the camera across the hall into her roommate’s bedroom.

Ms. Wu waited for her roommate, Mr. Lin, to return home from work before confronting him about the camera.

Mr. Lin denied that he’d put a spycam in Ms. Wu’s room, but broke down her door to steal the camera back and packed up his computer equipment.

Ms. Wu, while attempting to stop him from leaving with the evidence, was thrown from the moving car. Ms. Wu said she’d still file charges against him for the spycam, despite the lack of evidence, and would also be filing a vehicular assault charge.  (more with video report)

The Starbucks Bathroom Spycam - Anatomy of the Crime

A 44-year-old man turned himself in Monday for being the "person of interest" sought for a spy camera being found hidden in a Starbucks restroom...

A female customer of the Starbucks was in the unisex restroom around when she found a four-inch long device--about the size of a marking pen--hidden behind a bracket. She pulled it out and called police...

Forensic laboratory investigators confirmed it's a video camera that recorded images of men and women using the restroom...

Police posted images on its Twitter and Facebook pages of the spy camera, its hiding place and a "person of interest" seen loitering outside the coffeehouse: a dark-haired man wearing a black shirt with a white stripe...
After intense local television coverage Monday morning, a Starbucks spokesman emailed a statement to KTLA that afternoon that said, "We take our obligation to provide a safe environment for our customers and partners (employees) very seriously. As a part of regular store operations, we monitor the seating areas and restrooms in our stores on a regular basis to identify potential safety or security concerns." more

Suggestion: Spycams in public restrooms are "foreseeable"; a legal term loosely meaning "you better do something about this."  At least one shift manager should receive spycam detection and deterrence training. Being pro-active and showing due diligence saves money (legal expenses and awards). Plus, if signage is posted, customer goodwill increases.

Friday, September 11, 2015

Spy Fears Drive U.S. Officials from Chinese-Owned Waldorf-Astoria Hotel

Fears of espionage have driven the U.S. government from New York’s famed Waldorf-Astoria Hotel, which has housed presidents and other top American officials for decades but was bought last year by a Chinese firm from Hilton Worldwide.
Instead, President Barack Obama, his top aides and staff along with the sizable diplomatic contingent who trek to Manhattan every September for the annual U.N. General Assembly will work and stay at the New York Palace Hotel, the White House and State Department said.

The Associated Press first reported the impending move in June but it wasn’t formally announced until Friday, a day after the final contract was signed with the Palace.

Officials said the change is due in large part to concerns about Chinese espionage, although White House and State Department spokesmen said the decision was based on several considerations, including space, costs and security. more

Thursday, September 10, 2015

Baseball Eavesdropping - Apparatus for Transmitting Sound from a Baseball Field - US Patent #3045064

Filed June 1, 1959 by James S. Sellers, and granted July 17, 1962, this patent was for a system of hidden microphones, concealed within the bases on a baseball diamond. Apparently, the transmission of foul language was not a consideration.

Click to enlarge.
from the patent...
"It is highly desirable for the spectators at a baseball game to hear what is transpiring on the playing field, such as arguments at the bases between opposing players, and discussions between the umpires and players. By transmitting the sounds from the playing field to the grandstand, the spectators feel that they are taking part in the game. Also, it enables the spectators to judge a play better as they can hear the baseball strike the glove or mitt of a player.

Click to enlarge.
It is an object of my invention to provide apparatus for transmitting sound from a baseball field which is positioned beneath a base on a baseball field and does not interfere in any manner with the playing of the game.

It is a further object of my invention to provide apparatus for transmitting sound from a baseball field in which a resilient pad or support for the base is formed of a greater surface area than the base and has perforations or apertures in the area adjacent the base whereby sound may be transmitted through the perforations to a microphone there beneath.

An additional object of my invention is to provide a rigid support for the resilient pad to which the pad and the base may be secured to retain them in position, and with the rigid support having openings to permit the passage of sound there through to a microphone positioned there beneath." more

Windows 10 is a Window into Your World - Kill its Keystroke Logger

via Lincoln Spector, Contributing Editor, PCWorld 
 
Microsoft pretty much admits it has a keylogger in its Windows 10 speech, inking, typing, and privacy FAQ: “When you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information—including information about your Calendar and People (also known as contacts)…”

The good news is that you can turn off the keylogging. Click Settings (it’s on the Start menu’s left pane) to open the Settings program. You’ll find Privacy on the very last row.
Once in Privacy, go to the General section and Turn off Send Microsoft info about how I write to help us improve typing and writing in the future. While you’re there, examine the other options and consider if there’s anything else here that you may want to change.
Now go to the Speech, inking and typing section and click Stop getting to know me. (I really wanted to end that sentence with an exclamation point.)
You may also want to explore other options in Privacy. For instance, you can control which apps get access to your camera, microphone, contacts, and calendar. more


Spies Don't Often Complain, But When They Do They Prefer Revolting

It’s being called a ‘revolt’ by intelligence pros who are paid to give their honest assessment of the ISIS war—but are instead seeing their reports turned into happy talk.

More than 50 intelligence analysts working out of the U.S. military's Central Command have formally complained that their reports on ISIS and al Qaeda’s branch in Syria were being inappropriately altered by senior officials...

Some of those CENTCOM analysts described the sizable cadre of protesting analysts as a “revolt” by intelligence professionals who are paid to give their honest assessment, based on facts, and not to be influenced by national-level policy. more

Wednesday, September 9, 2015

Private Investigator Posts a TSCM Question to an Industry Newsgroup - Scary

Q. Looking for a cheap, do it yourself debugging product. Any recommendations?

It's one thing to be ignorant. We all are at one point. But, we do our own homework and learn. Copying other people's homework never leads to the A+ answer.

It's a, "Which end of the soldering iron should I hold?" question. If you don't know, better find something else to do. 

The Editor-in-Chief of PI Magazine, kindly responded with the following cogent reply... 

A. There really is no such thing as a cheap do-it-yourself debugging product. Even the most basic TSCM / debugging inspect requires you search for RF (radio frequency) signals, hidden video cameras that are either wired or wireless, on or off, hidden audio records, telephone instrument and phone line inspection, as well as searching for GPS trackers that can be battery operated or hardwired.

Each of the categories listed above require specialized equipment unique to the item(s) being searched. Even if you were to acquire a cheap RF detector, you wouldn’t know what type of signal you’re picking up or the source...  Just because you own a piece of equipment doesn’t mean you’ll know how to use it.

By the way, the FTC has been known to criminally charge private individuals and PIs for “theft by deception” for conducting bugsweeps without the proper equipment and training.


For anyone seeking to hire a Technical Surveillance Countermeasures (TSCM) "expert", this is a cautionary tale. Please, do your due diligence. The TSCM field is littered with gum-under-the-table trolls out to make a fast buck with cheap sweeps. ~Kevin 

UPDATE: A Blue Blazer Regular writes in with his two cents... "Doing it yourself is like do-it-yourself brain surgery."

Chess Cheat Caught Using Morse Code and Spy Camera

An Italian chess player has been removed from one of Italy’s most prestigious tournaments after allegedly using Morse code and a hidden camera to cheat. 

Arcangelo Ricciardi ranked at 51,366 in world when he entered the International Chess Festival of Imperia in Liguria, Italy and surprised his competitors when he easily escalated to the penultimate round...

Jean Coqueraut, the tournament's referee told La Stampa newspaper: “In chess, performances like that are impossible. I didn’t think he was a genius, I knew he had to be a cheat.”

He was “batting his eyelids in the most unnatural way,” added Mr Coqueraut. “Then I understood it. He was deciphering signals in Morse code.”

Mr Riccardi was forced to pass through a metal detector by the game organisers, revealing a sophisticated pendent hanging round his neck beneath his shirt, according to the Telegraph.

The pendant reportedly contained a small video camera, wires, which attached to his body, and a 4cm box under his arm pit.

To conceal the pendant around his neck, Mr Riccardi drank constantly from a glass of water and wiped his face with a handkerchief, according to Mr Coqueraut.

It is believed the camera was used to transmit the chess game to an accomplice or computer, which then suggested the moves Mr Riccardi should perform next. These moves were allegedly communicated to him through the box under his arm.

Mr Riccardi denies that he cheated and has claimed that the devices were good luck charms, according to reports. more

Tuesday, September 8, 2015

So You Want to be a PI...

A reporter contacted me and asked... 

Q. What would be your advice to someone who wants to become a PI? One way to think about this question is, what you would have wanted your younger self to know before entering the career. 
  1. Know yourself. If you are not naturally inquisitive, not willing to work odd hours (24/7, including holidays), and not willing to accept financial risk once you are on your own... find something else to do.
  2. Plan on working with an established, large PI firm when you first start out. You may have been a great detective in you law enforcement career, but you'll need to learn the business of doing business to succeed if you want to eventually go out on your own in the private sector. If you have little or no experience, working for a large investigations firm is the way to get some. Large firms will teach you if... you show aptitude, good sense and have excellent writing skills.
  3. In addition to developing a general knowledge of private security, security hardware/software, etc., develop two specialties. This will make you unique and reduces the competitive pressures.
  4. Be willing to learn other aspects of business, e.g. bookkeeping, marketing, advertising, public speaking, website development, social networking, etc. You will need these skills, or you will be paying someone else too much to do them for you.
  Q. What are the career path options someone like yourself has in the field?

The private investigations field is broad: surveillance, insurance investigations, undercover employee, secret shoppers, civil investigations, fraud and counterfeit, on-line research, computer forensics, accident reconstruction, technical surveillance countermeasures (TSCM), skip tracing, pre-trial research, corporate investigations, arson investigations, background checks, domestic investigations, infidelity investigations, and more. Most PI's have many of these fields listed on their menu. The really successful ones specialize in only one or two.

Then, there is the whole field of security consulting where knowledge and experience (and nothing else) are the items being sold. This is considered the top of the field at the end of the career path. For more information on this, visit the International Association of Professional Security Consultants (iapsc.org).

Thursday, September 3, 2015

Spy equipment suppliers: Report exposes who sells surveillance tech to Colombia

A baby's car seat complete with audio and video recorder for covert surveillance...


Privacy International's investigative report reveals the companies selling surveillance tech to Columbia, despite that it may be used for unlawful spying. more 

The Spy Car You May Not Want

If, while driving, you were also chowing down food, yakking on your phone or getting distracted by the Labrador retriever, would your insurance company know?

A patent issued in August to Allstate mentions using sensors and cameras to record “potential sources of driver distraction within the vehicle (e.g. pets, phone usage, unsecured objects in vehicle).” It also mentions gathering information on the number and types of passengers — whether adults, children or teenagers.

And the insurer, based in suburban Chicago, isn’t just interested in the motoring habits of its own policyholders... more

Some Top Baby Monitors Lack Basic Security Features

Several of the most popular Internet-connected baby monitors lack basic security features, making them vulnerable to even the most basic hacking attempts, according to a new report from a cybersecurity firm.

The possibility of an unknown person watching their baby's every move is a frightening thought for many parents who have come to rely on the devices to keep an eye on their little ones. In addition, a hacked camera could provide access to other Wi-Fi-enabled devices in a person's home, such as a personal computer or security system.

The research released Wednesday by Boston-based Rapid7 Inc. looks at nine baby monitors made by eight different companies. They range in price from $55 to $260. more

26 Mobile Phone Models Contain Pre-Installed Spyware

What's in you pocket?
Over 190.3 million people in the US own smartphones, but many do not know exactly what a mobile device can disclose to third parties about its owner. Mobile malware is spiking, and is all too often pre-installed on a user’s device.

Following its findings in 2014 that the Star N9500 smartphone was embedded with extensive espionage functions, G DATA security experts have continued the investigation and found that over 26 models from some well-known manufacturers including Huawei, Lenovo and Xiaomi, have pre-installed spyware in the firmware.

However, unlike the Star devices, the researchers suspect middlemen to be behind this, modifying the device software to steal user data and inject their own advertising to earn money.

"Over the past year we have seen a significant increase in devices that are equipped with firmware-level spyware and malware out of the box which can take a wide range of unwanted and unknown actions including accessing the Internet, read and send text messages, install apps, access contact lists, obtain location data and more—all which can do detrimental damage,” said Christian Geschkat, G DATA mobile solutions product manager.

Further, the G DATA Q2 2015 Mobile Malware Report shows that there will be over two million new malware apps by the end of the year. more


Tuesday, September 1, 2015

Spycam News: What Happens in Vegas Doesn't Always Stay in Vegas

Police in North Las Vegas are looking for a man they say put a hidden camera in the bathroom of a business there...

Investigators have released a clip from video surveillance in the store showing the man they believe to be the suspect.

He is described as a Hispanic male adult, approximately 30 years of age, about 5’ 07”, weighing 190 lbs. He was last seen wearing black glasses, a gray polo shirt, light colored pants, and black sandals.

If you have any information that could help police in this case you’re asked to call them or Crimestoppers at 702-385-5555. more

UPDATE (9/2/2015) - North Las Vegas police say media reports led to the identification and arrest of a 37-year-old man believed to have recorded his own face while placing a hidden camera in the bathroom of a clothing store.

Officer Aaron Patty said Eduardo Rafael Chavez was arrested Tuesday. more

Wednesday, August 26, 2015

Communications Interception Device Bust Highlights the World of Non-Government Spying

Three men have been arrested by the South African Police Service in an undercover sting operation in which the Hawks posed as buyers for a cellphone locator and eavesdropping machine called a “Grabber”. The three are alleged to have listened in to government tenders related to the Airports Company of South Africa.

The machine is small enough to fit into a car or van and presidential authority is needed to operate one. The Grabber confiscated in South Africa at the beginning of this month was apparently used for corporate spying, reports The Star. The machine, made in Israel and worth over R25 million, was specially installed in a German-made multi-purpose vehicle. Two of the men arrested while trying to find a buyer for the device are a top businessman in the gold industry and a bank employee. more

TSMC Needs TSCM

Earlier this year, we covered the case of Liang Mong-song, a former TSMC engineer who stood unofficially accused of corporate espionage. Not long after we wrote the story, TSMC elected to file a lawsuit against Mong-song, and the Taiwan Supreme Court has now ruled in favor of the foundry company and against the engineer. Mong-song left TSMC and went to Samsung, not long before Samsung’s foundry plans took a significant leap forward. more

Number of Phones Infected by Dendroid Spying App Remains Unknown

An American student who hoped to sell enough malicious software to infect 450,000 Google Android smartphones pleaded guilty to a law meant to prevent hacking of phones and computers...

Infected phones could be remotely controlled by others and used to spy and secretly take pictures without the phone owner's knowledge, as well as to record calls, intercept text messages and otherwise steal information the owners downloaded on the devices...

Morgan Culbertson expected each person who bought Dendroid would be able to infect about 1500 phones with it, or 300,000 and 450,000 phones total. more

Illinois Law Allows Nursing Home Residents to Install Surveillance Equipment

Illinois Gov. Bruce Rauner signed legislation Aug. 21 supporters say will help prevent abuse and neglect of nursing home residents. The Authorized Electronic Monitoring in Long-Term Care Facilities Act allows nursing home residents to install audio and video surveillance equipment in their rooms.

Residents and their roommates must consent to having video or audio recording devices installed. The act allows legal guardians and family members to give consent for residents, if a physician determines a resident is incapable of doing so. Consent can be withdrawn at any time by residents or their roommates. more

Panel Upholds Christensen’s Conviction on Eavesdropping Charges

The Ninth U.S. Circuit Court of Appeals yesterday affirmed former powerhouse Los Angeles lawyer Terry N. Christensen’s conviction on charges of illegal eavesdropping and conspiracy.

Christensen—who practiced law in Los Angeles for more than 40 years at the famed Wyman Bautzer firm and at the firm he co-founded, Christensen Miller—was convicted along with former private investigator Anthony Pellicano, well known for his work on behalf of rich and famous clients. U.S. District Judge Dale Fischer of the Central District of California sentenced Christensen to three years in prison in 2008, but he has been free on bail pending appeal.

He has been under interim suspension from the State Bar since his conviction. more

Video Game Trade Secret Theft - Next Adventure - Game of War: Anul Stage

A manager at a maker of a popular videogame was arrested last week as he tried to board a plane for Beijing after allegedly stealing trade secrets, according to a federal criminal complaint unsealed Tuesday.

Jing Zeng, 42 years old, of San Ramon, Calif., allegedly downloaded data on how users interact with Game of War: Fire Age, one of the top-grossing games in Apple Inc.’s App Store. Mr. Zeng was a director of global infrastructure for the game’s maker, Machine Zone Inc...

On his LinkedIn profile, Mr. Zeng says that he left Machine Zone last month.

His current position: “Ready for next adventure.” more


Tuesday, August 25, 2015

A Conversation in the Bathroom with the Water Running Can't Beat a Noisebath®

Need to have a private conversation? 
No time to sweep the room for bugs?
Don't want to look like a paranoid hiding in the bathroom with the water running?

Take a Noisebath®... because running the water isn't very effective against determined eavesdroppers with high-tech filtering systems.

from the website...
Playing NOISEBATH masking source material through the speakers of a properly configured system creates a “bath” of noise around the target which mixes with the actual voices or equipment sounds to hinder the exploitation of the target’s acoustics.

NOISEBATH has been shown to be compatible with Secure Telephones. The masking sounds have negligible impact on the remote secure phone user and the local masking level can be adjusted by remote control.

There is up to a 25db reduction in sound level within the protection zone from the sound level outside the protection zone. NOISEBATH can be used with transducers on exterior windows and surfaces to protect against eavesdropping systems outside the room.

Noisebath® is the co-invention of Noel D. Matchet,  employed for 19 years at the National Security Agency where he was presented the Agency’s highest honor – The Exceptional Civilian Service Award for his contributions to information security. He has multiple patents to his credit. more

Surf Like A Spy

The default state of Internet privacy is a travesty. But if you're willing to work hard, you can experience the next best thing to absolute Internet anonymity...

1. Find a safe country
First, you would have to be physically located in a country that doesn't try its hardest to spy on you. Your best option is to find a country with good Internet connectivity that doesn't have enough resources to monitor everything its citizens are doing...

2. Get an anonymizing operating system
Next, you'll need an anonymizing operating system that runs on a resettable virtual machine running on secure portable media. The portable media device should use hardware-based encryption or a secure software-based encryption program. One of the top products on that list is Ironkey Workspace...

3. Connect anonymously
Next, you'll need to connect to the Internet using an anonymous method. The best approach would probably be to jump around random, different, open wireless networks, public or otherwise, as much as possible, rarely repeating at the same connection point. Barring that method, you would probably want to use a device built for anonymous wireless connections, like ProxyGambit...

4. Use Tor
Whatever Live OS and Internet connection method you use, make sure to go with an anonymizing browser, such as a Tor-enabled browser...

5. Don't use plug-ins

It's very important to remember that many of today's browser plug-ins, particularly the most popular ones, leave clues that reveal your identity and location. Don't use them if you want to preserve your anonymity.

6. Stick with HTTP/S
Don't use any protocols other than HTTP or HTTPS. Typically, other protocols advertise your identity or location. When working with HTTPS, use only handpicked, trusted certification authorities that don't issue "fake" identity certificates.

7. Avoid the usual applications
Don't install or use normal productivity software, like word processors or spreadsheets. They, too, will often "dial home" each time they're started and reveal information.

8. Set up burner accounts
You'll need a different email address, password, password question answers, and identity information for each website if you take the risk of creating logon accounts. This particular solution is not only for privacy nuts and should already be practiced by everyone already.

9. Never use credit cards
If you plan to buy anything on the Internet, you can't use a normal credit card and stay anonymous. You can try to use online money transfer services such as PayPal, but most have records that can be stolen or subpoenaed. Better, use an e-currency such as bitcoin or one of its competitors...

Each of these anonymizing methods can be defeated, but the more of them you add to your privacy solution, the harder it will be for another person or group to identify you... more

Monday, August 24, 2015

Report: Colts Still Sweep For Bugging Devices When They Visit Patriots

MA - It appears Peyton Manning left quite the lasting legacy in Indianapolis. Former Colts head coach Tony Dungy caused a major stir Thursday when he admitted Manning used to fear the New England Patriots bugged the visiting locker room at Gillette Stadium and even would go out into the hallway to discuss play-calling.

Manning left Indy in 2011, but apparently the team still takes precautionary measures whenever it comes to Foxboro, according to WTHR.com’s Bob Kravitz. more

Saturday, August 22, 2015

Thousands Of Ashley Madison Clients About To Learn (The Hard Way) That Most Employers Monitor Email

Upwards of 36 million email addresses were compromised when hackers infiltrated Ashley Madison, a site designed to help married people have affairs. Those email addresses, first released as an ungainly data dump, are now easily searchable on a number of different sites, leaving millions of people, some more famous than others, susceptible to personal and, it turns out, professional backlash.

Amazingly, tens of thousands of people, including more than 15,000 military and government personnel, decided to use their work email addresses to sign up for a dalliance, and if you’re wondering whether that puts them at any professional risk, the answer is almost certainly yes. A majority of American businesses monitor what their employees do online in some way or other, and they are not shy about cracking down on misbehavior.

According to a survey conducted by the American Management Association and the ePolicy Institute, more than one-quarter of employers have fired employees for misusing their work email addresses and more than one-third have fired workers for misusing the Internet. more

Spotify Apologizes for Spying on Its Users

On Wednesday, Spotify quietly updated its terms and conditions to grant itself sweeping abilities to track every location, movement, and online activity of its users, even when those users weren’t using Spotify. That data, including information pulled from friends’ profiles, would then be transmitted to advertising partners.

This morning, Spotify CEO Daniel Ek back-pedaled on those terms and promised an entirely new set of terms of conditions, to be updated next week. He also pointed to the ability for users to opt-out of certain data collection activities, a claim that contradicts language in the recently-updated terms.

The following is a statement on the matter shared with Digital Music News this morning from Ek... more

Mayor Bugged - No, really. He has been indicted.

SC - The mayor of the town of Lyman has been indicted on charges of wiretapping and misconduct in office.

A statement from the South Carolina Law Enforcement Division sent to local media outlets says Mayor Rodney Turner was indicted Friday by a Spartanburg County grand jury.

The 58-year-old Turner was charged earlier in August. According to the indictment, Turner used electronic devices to intentionally intercept the communications of employees working in and around Lyman Town Hall. more 

Friday, August 21, 2015

He's Back... The Air Gap Computer Hack

Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.

Air-gapped computers are isolated -- separated both logically and physically from public networks -- ostensibly so they cannot be hacked over the Internet or within company networks.


Led by BGU Ph.D. student Mordechai Guri, the research team discovered how to turn an ordinary air-gapped computer into a cellular transmitting antenna using software that modifies the CPU firmware. GSMem malicious software uses the electromagnetic waves from phones to receive and exfiltrate small bits of data, such as security keys and passwords...

This is the third threat the BGU cyber team has uncovered related to what are supposed to be secure, air-gapped computers. Last year, the researchers created a method called Air-Hopper, which utilizes FM waves for data exfiltration. Another research initiative, BitWhisper, demonstrated a covert bi-directional communication channel between two close-by air-gapped computers using heat to communicate. more

Thursday, August 20, 2015

Everything You Believed About Telephone Security is Wrong - The SS7 Scandal

The scary version...
A massive security hole in modern telecommunications is exposing billions of mobile phone users in the world to covert theft of their data, bugging of their voice calls, and geo-tracking of their location from by hackers, fraudsters, rogue governments and unscrupulous commercial operators using hundreds of online portals across the planet.

In a world-first, 60 Minutes has proven the worst nightmares of privacy advocates around the world: that mobile phone calls and data are wide open to interception because of flaws in the architecture of the signalling system – known as SS7 - used to enable mobile phone roaming across telecommunications providers. Despite this concern, the Australian Government’s own Cyber Security Threat Report, published in June, makes no mention of what is probably the biggest threat to this country’s commercial secrets and individual privacy.


60 Minutes’ story shows how German hackers working from Berlin, given legal access to SS7 for the purposes of the demonstration, were able to intercept and record a mobile phone conversation between 60 Minutes reporter Ross Coulthart while he was speaking from Germany to Independent Australian Senator Nick Xenophon in Australia’s Parliament House. As further proof of the hack, Coulthart then made another phone call from London, England, to the Senator in Australia which the Berlin hackers were also able to intercept and record, even though they were in Germany 1000 kilometres distant. The Berlin hackers from SR Labs, who first warned of the vulnerability in SS7 in 2008, were also able to intercept and read the Senator’s SMS’ from Australia to Coulthart in London. The hackers were also then able to geo-track the Senator as he travelled to Japan on official business, mapping his movements around Tokyo and Narita down to the nearest cell tower (within a few hundred metres), and later precisely tracking around the streets of his South Australian home suburb when he returned to Australia.

The demonstration also shows how the key fraud protection relied on by banks to protect banking transactions from fraud – verification by SMS message – is useless against a determined hacker with access to the SS7 portal because they can intercept and use the SMS code before it gets to the bank customer. The same technique can also be used to take over someone’s online email account. The call-forwarding capacity of SS7 also allows any mobile to be forcibly redirected to call hugely expensive premium numbers, the cost of which is then billed to that customer’s account. SS7 also allows any number to be blocked, raising the fearful possibility that the vulnerability could be used by criminals or terrorists to stop a victim from calling police or emergency services. Cellular telephony is also used to remotely manage large industrial equipment, to send instructions to gas, electricity and other utililities and factories over 2G and 3G mobile communications. It is not inconceivable that an SS7 hack could be used to change settings or shut down a power station. more

The counterpoint version...
If you own a mobile phone, “you can be bugged, tracked and hacked from anywhere in the world”. That was the throughline of a particularly problematic story on the 60 Minutes program last night. It’s now being hailed as “the end of privacy” for all Australians, but let me assure you, that moment passed a long time ago.

“How it has been done, has never been shown before”, claimed the 20-minute report which demonstrated how a vulnerability in a global forwarding network can be “hijacked” to listen in on a user’s calls and text messages in real time.

After a lot of teasing and set-up, the report eventually took us to a basement in Germany, where security researcher Luca Melette demonstrated how he could intercept a phone call between the reporter and Australian Senator Nick Xenophon. Luca was able to intercept the call (if we’re to believe that there wasn’t any camera trickery going on), as well as a text message sent between the pair. Big drums. The hack has been reveeeeeeealed. more

Wednesday, August 19, 2015

Security Director Alert - NLRB Bans Blanket Confidentiality Policies for Workplace Investigations

It is common practice for employers to prohibit their employees from discussing ongoing workplace investigations. 

Many employers believe that this restriction is necessary to ensure the integrity and fairness of investigations involving employee misconduct. As a result, employers often have policies that require confidentiality in all workplace investigations.

According to a 2015 decision by the National Labor Relations Board (NLRB), these policies are illegal. The decision, known as Banner Estrella, states that employers cannot enforce a blanket policy requiring confidentiality during workplace investigations. Because of this decision, many employers will need to update their policies and human resources (HR) practices. more

Priest Fleas After Spycam Discovered in Chuch Bathroom

OR - Father Ysrael Bien logged on to a spy-gear website and paid $295 for the hidden camera that was discovered last spring in a Sherwood church bathroom, according to information turned over to police this week.

The camera, designed to look like an electrical outlet, came from the online retailer SpyGuy Security based in Dallas, Texas. Police served a search warrant for transaction records there Monday after the business tipped them off.

A Washington County judge signed a warrant Tuesday for Bien's arrest on misdemeanor charges of invasion of privacy, tampering with evidence and initiating a false report, but police think the priest may not be in the U.S.

They did not find him at his last known address in Sherwood. Another priest there told them that Bien had left the country....

A 15-year-old St. Francis parishioner found the hidden camera affixed to a bathroom wall on April 26. The device looked like a power outlet placed at waist-height near the toilet. Thinking that was odd, the teenager pulled it off the wall and brought it to the priest.  more

Hamas Claims: We Trapped a Dolphin Spying for Israel

Hamas claimed on Wednesday that the terrorist organization trapped a dolphin that was spying for Israel.

Sources in Gaza say that the dolphin was outfitted with spyware and cameras, Army Radio reports. Israel has not confirmed that it has a dolphin spying on its behalf. more

Dressing Room SpyCam'er Convicted - Taped over 30 Females

NY - A Victor businessman is slapped with the maximum sentence after illegally videotaping dozens women in and outside his store.

At least nine women spoke directly to Glen Siembor in court today. Calling him a despicable man.

Glen Siembor was sentenced to 5-15 years for video tapping over 30 females anywhere from the ages of 8 to 49...

Siembor was convicted of 33 counts of 2nd degree unlawful surveillance and one count of possession of child pornography.

Many of his videos were taken in his victor shop's dressing room.. With the victims either nude or partially nude stood. more