Corporate Espionage that Flies Below the Radar

by Kevin G. Coleman, SilverRhino
Headlines about economic, corporate and industrial espionage have been in abundance lately and for good reason... Several subject matter experts agree that much of these espionage activities that target businesses are criminal-based.

Recently while on the executive floor of one large company a new twist to espionage tradecraft popped up.

Drone at office window story.

After entering a conference room, a note on the whiteboard caught my attention: “DO NOT ERASE.” Seeing that on a whiteboard filled with financial numbers, notes, diagrams and so on is not an uncommon occurrence. When I was looking out the windows, I saw a drone slowly fly by. Given the camera capabilities that are now available and becoming common on drones, it would not be difficult to capture what was on those whiteboards. The images are digitally captured, cropped, enhanced extracted and then sold...

Today economic, corporate and industrial espionage is big business. With significant money being made selling corporate secrets, this threat will only grow. more

His Spy Got Caught and was Arrested. The Handler Disavowes it as "Silly"

David Vitter calls spying arrest ‘silly’; Sheriff Newell Normand says Vitter would be ‘worst governor in Louisiana history’ 
 
Louisiana - The bungled political espionage that unfolded hours before Saturday’s election has exposed and perhaps deepened the enmity between U.S. Sen. David Vitter and Jefferson Parish Sheriff Newell Normand, fellow Republicans who traded barbs Monday as Vitter turned his attention to the gubernatorial runoff next month.

The animus between the two elected officials traces its roots to a similar split between Vitter and the late Harry Lee, Normand’s combative predecessor. And the relationship appears to have reached a nadir after Normand caught a private investigator hired by Vitter’s campaign secretly recording the sheriff’s regular coffee gathering at the Royal Blend cafe in Old Metairie. more

A Tale of Two Law Suits - Eavesdroppers Won, Targets Zero

Facebook Wins Dismissal Of $15 Billion Privacy Lawsuit
It’s been more than three years since a federal judge in California heard arguments in a large class-action lawsuit filed against Facebook over its questionable privacy practices. Finally, on Friday that judge sided with the social network and threw out the case — while leaving open the option for plaintiffs to revise and re-file their case.

The complaint involves Facebook’s tracking of users both while they are logged in as Facebook users and after they log off.

The plaintiffs argued that, in exchange for offering free access to Facebook, the company “conditions its membership upon users providing sensitive and personal information… including name, birth date, gender and e-mail address,” and requires that users accept numerous Facebook “cookies” on their web browsers that allow Facebook to track that a user’s Internet browsing history — which is then marketed to advertisers.

Of particular concern to the plaintiffs was Facebook’s continued tracking of users even after they had logged out of Facebook. more

ACLU lawsuit against NSA mass spying dropped in federal court
A federal district court on Friday dismissed a lawsuit brought by the American Civil Liberties Union against the National Security Agency over its mass surveillance program.

Ashley Gorski, a staff attorney with the ACLU national security project told The Guardian the mass spying program was innately harmful, arguing it violates “our clients’ constitutional rights to privacy, freedom of speech, and freedom of association, and it poses a grave threat to a free internet and a free society.” more

A Downer for Drones

There's recently been a run of new anti-drone systems introduced to deal with potential threats from UAVs, but these have been on the large and expensive side. To provide an affordable alternatives to plug the gap between shotguns and truck-mounted systems, national security research and development firm Battelle is introducing DroneDefender. Billed as the first portable, accurate, rapid-to-use UAV counter-weapon, it's a rifle-like raygun device that uses a radio beam to jam drone control systems and stop them in midair. more

Get Ready for Spectre - Battle of the Bonds Infographic

Battle of the Bonds: Kisses, Cocktails, Kills, Cars & Cash – An infographic by the team at GB Show Plates

Jealous Wives and Girlfriends Can Now Snoop on their Partner using a Spy Belt

Jealous wives and girlfriends can snoop on their fellas with a spy gadget disguised as a belt.

A tracking device hidden in the leather monitors the wearer’s location every 60 seconds. And it can be controlled remotely through Android and iPhone apps without the wearer noticing.

Unwary men could receive one as a present without knowing what they have let themselves in for.

The Belt Tracker, sold by Spymaster, in Marylebone, London, has a 12-hour battery life and can be used in 220 countries without incurring data roaming charges. It even has a flight safe mode to comply with airline regulations.

The GPS device was originally designed to monitor people working in dangerous environments, such as undercover police. And it can be used to track children and give peace of mind to parents. more

Scientist Pleads Guilty to Corporate Espionage

Researcher Xiwen Huang pleaded guilty Friday to one count of stealing trade secrets. But the legal battle over the punishment the former Charlotte resident receives already is underway.

Federal prosecutors say the 55-year-old chemical engineer stole proprietary technology and hundreds of pages of documents over the last decade from his government and civilian employers, including a company in Charlotte. Huang’s goal, according to court documents, was to aid both the Chinese government and his own company, which he started in North Carolina to do business in his Asian homeland.

Huang faces a maximum penalty of 10 years in prison and a $250,000 fine. He will be sentenced at a later date. Imprisonment is all but certain. more

Ai Weiwei Discovers Eavesdropping Devices in His Studio

Ai Weiwei has posted a number of pictures of what he says are listening devices found in his Beijing studio.

The Chinese dissident artist captioned one photo of a bug on Instagram with "There will always be surprises".

His friend Liu Xiaoyuan confirmed the bugs were found after the artist returned from a trip to Germany.

Xiaoyuan tweeted that they were found when redecoration started on Ai's home and were found in the office and a living room.

The artist also posted a video clip of firecrackers being set off in a metal bucket next to one of the devices. He wrote "Did you hear it?" next to the video. more

Gang Using Spy Cam, Bluetooth for Exam Paper Leaks Busted

India - Police have busted a New Delhi-based gang involved in assembling spy cameras and bluetooth devices in undergarments and shirts to facilitate question paper leaks in important competitive exams across the country.

...the accused used to assemble spy cams and bluetooth devices in shirts, briefs and vests, mobile hardware kits, and other equipment to get the question papers leaked out from the exam centres...

...the kit included an android smartphone which was connected with a spy cam in cuff of a shirt. The question paper was clicked by some candidate or a staff member through spy camp and smuggled outside the examination centre through drop box application.

The paper was then distributed through e-mails or WhatsApp to a team of six to eight teachers, who solved the paper. The candidates, who paid for the solved paper, were given a bluetooth ear device which did not require mobile handset and acted just as receiver. The accused had assembled a set with 40 mobile phones through which the answers were dictated to the candidates... more

Phone on Drone Hacks Wireless Printer

You might think that working on a secured floor in a 30-story office tower puts you out of reach of Wi-Fi hackers out to steal your confidential documents.

But researchers in Singapore have demonstrated how attackers using a drone plus a mobile phone could easily intercept documents sent to a seemingly inaccessible Wi-Fi printer. The method they devised is actually intended to help organizations determine cheaply and easily if they have vulnerable open Wi-Fi devices that can be accessed from the sky. But the same technique could also be used by corporate spies intent on economic espionage. more

Operation Armchair - Son of The Thing, or...

...how a small Dutch company, helped the CIA to eavesdrop on the Russians.

"A small company from Noordwijk, Dutch Radar Research Station, worked for the CIA for decades. It built sophisticated listening devices that the Americans used against the Soviet Union. I came across this story when a schoolmate gave me papers of his grandfather. Along with intelligence expert, Cees Wiebes, I reconstructed in eighteen months the never told key role that this Dutch company played during the Cold War." ~ Maurits Martijn
(A long, but interesting story.) 

IP Protection: Don’t Expect Government Help

If actions – or in this case inaction – speak louder than words, the message from the U.S. government to the private sector regarding defense against cyber economic espionage by China is clear: “You’re on your own.”

That remains true, in the view of multiple experts, even after Chinese President Xi Jinping and U.S. President Barack Obama announced an agreement last week that, according to a White House press secretary Fact Sheet, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

...the agreement refers only to the governments of both countries – not their private sectors...

Kevin Murray, director at Murray Associates, said the reality is that, “both leaders know economics comes first. “Waving an ‘agreement’ in the air may mollify some of their constituents,” he said, but the subtext of promising that “governments” won’t do it acknowledges the reality that they, “can't control all the rogue hackers out there. All they can say is that their governments are not behind it, and they don't condone it. Meanwhile, cutouts will manage the "consultants" who make money with their data-vacuums." more

In China Counterespionage is Everyone's Job... by law

Counter-espionage Law of the People's Republic of China (interesting highlights)
Adopted at the 11th meeting of the Standing Committee of the Twelfth National People's Congress on November 1, 2014.

• Chapter I: General Provisions

Article 4: Citizens of the People's Republic of China have a duty to preserve national security, honor and interests; and must not endanger national security, honor or interests. All State organs, armed forces, political parties and public groups, and all enterprises and organizations, have the obligation to prevent and stop espionage activities and maintain national security. State security organs must rely on the support of the people in anti-espionage efforts, mobilizing and organizing the people to prevent and stop espionage conduct threatening state security . 

• Chapter II: Functions and Powers of State Security Organs in Anti-Espionage Efforts

Article 12: As needed for investigation of espionage activities, and on the basis of national provisions, state security organs may employ technological investigative measures upon strict formalities for approval.

Article 13: National security organ counterintelligence work, organizations and individuals can check electronic communication tools, equipment, and other equipment and facilities in accordance with the regulations. Where situations harmful to state security to national security are discovered in the course of an inspection, the state security organ shall order rectification; and where rectification is refused or after the rectification requirements are still not met, they may be sealed or seized.

Where situations harmful to state security to national security are discovered in the course of an inspection, the state security organ shall order rectification; and where rectification is refused or after the rectification requirements are still not met, they may be sealed or seized.

• Chapter III: The Duties and Rights of Citizens and Organizations 

Article 19: State organs, groups and other institutions shall educate their units' personnel on the maintenance of State security, and mobilize and organize them to prevent and stop espionage activity.

Article 20: Citizens and organizations shall facilitate and provide other assistance to anti-espionage efforts.

Article 25: Individuals and organizations must not illegally hold or use special-purpose spy equipment needed for espionage activities. Special-purpose spy equipment will by verified by the State Council department responsible for national security in accordance with relevant national provisions.

• Chapter IV: Legal Liability

Article 31: Where state secrets relating to anti-espionage efforts are disclosed, the state security organs give 15 days of administrative detention; where it constitutes a crime, criminal liability is pursued in accordance with law.

Article 32: For those in unlawful possession of state secret documents, materials and other items, as well as those who unlawfully possess or utilize specialized spying equipment, state security organs may conduct a search of their person, items, residence and other relevant locations in accordance with law; and confiscate the state secrets documents materials and other items they unlawfully possessed, as well as the specialized spying equipment they possessed or utilized. Where the unlawful possession of state secrets documents, materials or other materials constitutes a crime, pursue criminal responsibility in accordance with law; where it does not constitute a crime, state security organs give warnings or administrative detention of up to 15 days.

• Chapter V: Supplementary Provisions

Article 38: Espionage conduct as used in this law refers to the following conduct... more

Bugged: Russian Roach Rampage (Warning: Sensationalist Reporting)

The terrifying cockroach robo-SPY that could soon perform reconnaissance missions for the Russian military...

• Robot is fitted with photosensitive sensors to track its surroundings
• The 4-inch (10cm) mechanical roach moves like the Blaberus giganteus
• A sample of the robo-bugs is being planned for Russian armed forces
• Future models will be able to camouflage themselves, spy on people with portable cameras and carry out reconnaissance missions

Move over James Bond, your job is under threat from an army of robo-spies that look and move like cockroaches.

Researchers have created insect bots, inspired by the Blaberus giganteus species of roach, capable of scanning rooms and tracking their surroundings.

Fitted with sensors, these mechanical bugs can cover 12 inches (31cm) a second and the technology has already piqued the interest of the Russian military.

Researchers have created a robotic cockroach (pictured main), inspired by the Blaberus family of roaches (B. craniifer shown on top of the robot), capable of scanning rooms and tracking its surroundings. The mechanical bug can cover 12 inches a second

The bionic cockroaches were designed by engineers Danil Borchevkin and Aleksey Belousov at Kaliningrad's Kant University.

Each robot is 4-inches (10cm) long and fitted with photosensitive sensors, as well as sensors that detect contact, meaning they can constantly look out for obstacles. more

Man Admits Wiretapping, Harassment of Judge... and DUI

PA - An East Goshen man who secretly recorded telephone conversations with his ex-wife, her attorney’s office, two police officers and others, and who also made profane telephone calls to a Common Pleas Court judge and officials in the Chester County Domestic Relations Office, has admitted his culpability in those crimes.

On Wednesday, William Robert Wheeler pleaded guilty to charges of wiretapping and harassment, as well as driving under the influence, before Judge Patrick Carmody, who deferred formal sentencing to allow Wheeler to apply for the county’s alternative sentencing program for repeat DUI offenders. more

Spying Coffee Cup Lid Worthy of James Bond

This may look like an ordinary coffee cup.

But the innocent-looking container could soon become a potent new weapon in the fight against criminals, fraudsters and enemy spies.

The plastic lid is similar to those handed out by coffee chain giants, such as Starbucks and Costa.

The lid, which looks like it could have been devised by James Bond's gadget guru Q, has been created by Bodmin-based LawMate UK.

Inside, it is fitted with hi-definition filming equipment and an eavesdropping device that can listen in and record conversations, even in a room full of people.

Investigators will be able to use the device to gather crucial evidence, and can activate it by pressing the letter H – which stands for Hot – on the lid.

The firm, based at the Mid-Cornwall town's Callywith industrial estate, has already sold more than 100 of the gadgets, which are designed to fit any takeaway cup in the UK. more

U.S., China Vow Not to Engage in Economic Cyberespionage

President Obama and Chinese leader Xi Jinping pledged Friday...

that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.

But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more

----

Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?

Answer...
#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.

The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.

Here is what the private sector can do for themselves...
• View information security holistically. Spread the budget out. Cover all the bases.
   - Provide information security training to all employees.
   - Create stiff internal controls. Enforce them.
   - Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.
~Kevin

Ex-Spies Join Cybersecurity Fight

Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks.

Their job: Befriend hackers to find out about attacks before they even happen.

Last year, Black Cube, an Israel-based firm that specializes in gathering intelligence online, asked one of its bank clients for access to some of its internal HR and payroll data—sensitive enough to look like the spoils of a real cyber theft, but not enough to affect operations.

When Black Cube accessed the information, it left a digital trail that made it look like it had broken into the bank’s networks and stolen the data. By dangling this bait, Black Cube operatives posing as hackers infiltrated a group of cyber thieves that had been circling the bank, according to a person familiar with the sting, helping thwart an attack.

With the pace and severity of corporate cyberattacks increasing, a growing number of small cybersecurity and business intelligence firms like Black Cube are deploying the same sort of cloak-and-dagger moves that governments and police have long used to penetrate spy rings or break up terrorist cells. more

Android Apps Get Graded for Privacy - What's App on Your Phone?

A team of researchers from Carnegie Mellon University have assigned privacy grades to Android apps based on some techniques they to analyze to their privacy-related behaviors. Learn more here or browse their analyzed apps.

Grades are assigned using a privacy model that they built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.

For example, according to studies they conducted, most people don't expect games like Cut the Rope to use location data, but many of them actually do. This kind of surprise is represented in their privacy model as a penalty to an app’s overall privacy grade. In contrast, most people do expect apps like Google Maps to use location data. This lack of surprise is represented in their privacy model as a small or no penalty. more

Concerned about Android spyware, click here.

Sports TSCM: Manchester United Searched Hotel for Bugging Devices

UK - Manchester United reportedly organised for their hotel to be searched for bugging devices prior to Saturday's match against arch rivals Liverpool...

According to the Manchester Evening News, security men used devices to check a meeting room at the Lowry Hotel before Van Gaal discussed tactics for the game.

The report adds that the Premier League giants have been checking hotels for more than a year after a bugging device was found in a meeting during the 2013-14 season. more

Police: Fired Officer Used Drone to Spy on Neighbors

GA - A Valdosta police officer was out of a job as of Monday evening after being arrested for reportedly using a drone to eavesdrop on a neighbor.

Officer Howard Kirkland, 53, of Ray City, was fired Monday morning, Valdosta Police Chief Brian Childress confirmed.


He had been on suspension since September 4th. He was arrested at the police department by Lanier County Sheriff's Deputies on September 10th. The sheriff's office had been conducting an investigation for about a week. more

Twitter Slapped With Class-Action Lawsuit for Eavesdropping on Direct Messages

Twitter has been slapped with a proposed class action lawsuit, which alleges that the service uses URL shorteners in violation of the Electronic Communications Privacy Act and California’s privacy law.

According to court documents filed Monday, Texas resident Wilford Raney brought the complaint to federal court in San Francisco, citing that although “Twitter represents that its users can ‘talk privately,’ Twitter ‘surreptitiously eavesdrops on its users private direct message communications.”
The complaint alleges that Twitter “intercepts, reads, and at times, even alters the message” as soon as someone sends a direct message. more

Giving Up Privacy in the Name of Security

Cicada Drones Will Eavesdrop in Swarms Like Their Creepy Namesake

The U.S. Navy has developed tiny drones that can fly in swarms like cicada bugs, the organisms that give the drones their names.

In this case, "Cicada" is short for Covert Autonomous Disposable Aircraft. They're small yellow devices that can fit in the palm of one's hand and are made of only ten parts. They can fly up to 46 miles per hour almost silently.

The military described the drones as "robotic carrier pigeons," though unlike the birds historically used to send messages, these drones have an array of sensors that monitor things like weather and location data, as well as microphones that or eavesdropping on anyone in the vicinity.

The Cicada drones are meant to be deployed in swarms; they will reportedly be used behind enemy lines to determine things like troop positions, whether or not a car is on a road, and where military forces should be deployed.

For now, the tiny devices cost $1,000, but the government plans to manufacturing them more cheaply: about $250 per drone. The future of surveillance drones is, apparently, a relatively inexpensive one. more

Security Director Alert - Worker Admits to Bathroom Spycam - Think Forseeability

If you don't have a written Recording in the Workplace Policy, and an in-house inspection procedure, right now is the time to get one in place. Contact me. I can help you do this, easily and inexpensively. ~ Kevin

AZ - A worker at a Cottonwood business was arrested on suspicion of voyeurism after police said he hid a cellphone in a women’s restroom.

Oscar Valles, 22, of Rimrock, admitted during police questioning that he placed the cellphone behind a plant in the bathroom to record one of his coworkers, officers said.

Valles said he knew the coworker changed clothes there each at the end of her shift each day. He said he did not mean to record any other person but was not able to retrieve his phone before others used the restroom, according to police. more

What is the First Thing a Spycam Sees?

All together now...
"The dumb owner setting it up!"

A bungling voyeur was captured on a video camera he set up to record women using the toilet at a party - in a stunt inspired by an American Pie film.

Adam Stephen Barugh, 26, used velcro to hide the small digital camera beneath a sink directly facing a toilet, after being invited to a house in Brotton.

His solicitor Paul Watson told Teesside Magistrates’ Court yesterday that the “prank” was inspired by watching the comedy film American Pie: Bandcamp, which features women being secretly filmed...

During the party, a female at the house noticed a small blue light coming from beneath the sink while using the toilet, and alerted her mum and sister.

Quickly hooking the camera up to a laptop, they discovered it had captured a full facial shot of Barugh setting up the camera, and videos of two women using the toilet. more

Woman Discovers Spycam in Her Bedroom... (then the action starts)

Ms. Wu, age 26, is suing her former roommate, identified by his last name Lin, for installing a spycam in her bedroom...

Ms. Wu noticed that there was a large black trashbag that didn’t belong to her, stuffed into the space above her closet. Inside, she discovered a camera, and a wire that ran from the camera across the hall into her roommate’s bedroom.

Ms. Wu waited for her roommate, Mr. Lin, to return home from work before confronting him about the camera.

Mr. Lin denied that he’d put a spycam in Ms. Wu’s room, but broke down her door to steal the camera back and packed up his computer equipment.

Ms. Wu, while attempting to stop him from leaving with the evidence, was thrown from the moving car. Ms. Wu said she’d still file charges against him for the spycam, despite the lack of evidence, and would also be filing a vehicular assault charge.  (more with video report)

The Starbucks Bathroom Spycam - Anatomy of the Crime

A 44-year-old man turned himself in Monday for being the "person of interest" sought for a spy camera being found hidden in a Starbucks restroom...

A female customer of the Starbucks was in the unisex restroom around when she found a four-inch long device--about the size of a marking pen--hidden behind a bracket. She pulled it out and called police...

Forensic laboratory investigators confirmed it's a video camera that recorded images of men and women using the restroom...

Police posted images on its Twitter and Facebook pages of the spy camera, its hiding place and a "person of interest" seen loitering outside the coffeehouse: a dark-haired man wearing a black shirt with a white stripe...

After intense local television coverage Monday morning, a Starbucks spokesman emailed a statement to KTLA that afternoon that said, "We take our obligation to provide a safe environment for our customers and partners (employees) very seriously. As a part of regular store operations, we monitor the seating areas and restrooms in our stores on a regular basis to identify potential safety or security concerns." more

Suggestion: Spycams in public restrooms are "foreseeable"; a legal term loosely meaning "you better do something about this."  At least one shift manager should receive spycam detection and deterrence training. Being pro-active and showing due diligence saves money (legal expenses and awards). Plus, if signage is posted, customer goodwill increases.

Spy Fears Drive U.S. Officials from Chinese-Owned Waldorf-Astoria Hotel

Fears of espionage have driven the U.S. government from New York’s famed Waldorf-Astoria Hotel, which has housed presidents and other top American officials for decades but was bought last year by a Chinese firm from Hilton Worldwide.

Instead, President Barack Obama, his top aides and staff along with the sizable diplomatic contingent who trek to Manhattan every September for the annual U.N. General Assembly will work and stay at the New York Palace Hotel, the White House and State Department said.

The Associated Press first reported the impending move in June but it wasn’t formally announced until Friday, a day after the final contract was signed with the Palace.

Officials said the change is due in large part to concerns about Chinese espionage, although White House and State Department spokesmen said the decision was based on several considerations, including space, costs and security. more

Baseball Eavesdropping - Apparatus for Transmitting Sound from a Baseball Field - US Patent #3045064

Filed June 1, 1959 by James S. Sellers, and granted July 17, 1962, this patent was for a system of hidden microphones, concealed within the bases on a baseball diamond. Apparently, the transmission of foul language was not a consideration.

Click to enlarge.

from the patent...
"It is highly desirable for the spectators at a baseball game to hear what is transpiring on the playing field, such as arguments at the bases between opposing players, and discussions between the umpires and players. By transmitting the sounds from the playing field to the grandstand, the spectators feel that they are taking part in the game. Also, it enables the spectators to judge a play better as they can hear the baseball strike the glove or mitt of a player.

Click to enlarge.

It is an object of my invention to provide apparatus for transmitting sound from a baseball field which is positioned beneath a base on a baseball field and does not interfere in any manner with the playing of the game.

It is a further object of my invention to provide apparatus for transmitting sound from a baseball field in which a resilient pad or support for the base is formed of a greater surface area than the base and has perforations or apertures in the area adjacent the base whereby sound may be transmitted through the perforations to a microphone there beneath.

An additional object of my invention is to provide a rigid support for the resilient pad to which the pad and the base may be secured to retain them in position, and with the rigid support having openings to permit the passage of sound there through to a microphone positioned there beneath." more

Windows 10 is a Window into Your World - Kill its Keystroke Logger

via Lincoln Spector, Contributing Editor, PCWorld 
 
Microsoft pretty much admits it has a keylogger in its Windows 10 speech, inking, typing, and privacy FAQ: “When you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information—including information about your Calendar and People (also known as contacts)…”

The good news is that you can turn off the keylogging. Click Settings (it’s on the Start menu’s left pane) to open the Settings program. You’ll find Privacy on the very last row.

Once in Privacy, go to the General section and Turn off Send Microsoft info about how I write to help us improve typing and writing in the future. While you’re there, examine the other options and consider if there’s anything else here that you may want to change.

Now go to the Speech, inking and typing section and click Stop getting to know me. (I really wanted to end that sentence with an exclamation point.)

You may also want to explore other options in Privacy. For instance, you can control which apps get access to your camera, microphone, contacts, and calendar. more

Spies Don't Often Complain, But When They Do They Prefer Revolting

It’s being called a ‘revolt’ by intelligence pros who are paid to give their honest assessment of the ISIS war—but are instead seeing their reports turned into happy talk.

More than 50 intelligence analysts working out of the U.S. military's Central Command have formally complained that their reports on ISIS and al Qaeda’s branch in Syria were being inappropriately altered by senior officials...

Some of those CENTCOM analysts described the sizable cadre of protesting analysts as a “revolt” by intelligence professionals who are paid to give their honest assessment, based on facts, and not to be influenced by national-level policy. more

Private Investigator Posts a TSCM Question to an Industry Newsgroup - Scary

Q. Looking for a cheap, do it yourself debugging product. Any recommendations?

It's one thing to be ignorant. We all are at one point. But, we do our own homework and learn. Copying other people's homework never leads to the A+ answer.

It's a, "Which end of the soldering iron should I hold?" question. If you don't know, better find something else to do. 

The Editor-in-Chief of PI Magazine, kindly responded with the following cogent reply... 

A. There really is no such thing as a cheap do-it-yourself debugging product. Even the most basic TSCM / debugging inspect requires you search for RF (radio frequency) signals, hidden video cameras that are either wired or wireless, on or off, hidden audio records, telephone instrument and phone line inspection, as well as searching for GPS trackers that can be battery operated or hardwired.

Each of the categories listed above require specialized equipment unique to the item(s) being searched. Even if you were to acquire a cheap RF detector, you wouldn’t know what type of signal you’re picking up or the source...  Just because you own a piece of equipment doesn’t mean you’ll know how to use it.

By the way, the FTC has been known to criminally charge private individuals and PIs for “theft by deception” for conducting bugsweeps without the proper equipment and training.

For anyone seeking to hire a Technical Surveillance Countermeasures (TSCM) "expert", this is a cautionary tale. Please, do your due diligence. The TSCM field is littered with gum-under-the-table trolls out to make a fast buck with cheap sweeps. ~Kevin 

UPDATE: A Blue Blazer Regular writes in with his two cents... "Doing it yourself is like do-it-yourself brain surgery."

Chess Cheat Caught Using Morse Code and Spy Camera

An Italian chess player has been removed from one of Italy’s most prestigious tournaments after allegedly using Morse code and a hidden camera to cheat. 

Arcangelo Ricciardi ranked at 51,366 in world when he entered the International Chess Festival of Imperia in Liguria, Italy and surprised his competitors when he easily escalated to the penultimate round...

Jean Coqueraut, the tournament's referee told La Stampa newspaper: “In chess, performances like that are impossible. I didn’t think he was a genius, I knew he had to be a cheat.”

He was “batting his eyelids in the most unnatural way,” added Mr Coqueraut. “Then I understood it. He was deciphering signals in Morse code.”

Mr Riccardi was forced to pass through a metal detector by the game organisers, revealing a sophisticated pendent hanging round his neck beneath his shirt, according to the Telegraph.

The pendant reportedly contained a small video camera, wires, which attached to his body, and a 4cm box under his arm pit.

To conceal the pendant around his neck, Mr Riccardi drank constantly from a glass of water and wiped his face with a handkerchief, according to Mr Coqueraut.

It is believed the camera was used to transmit the chess game to an accomplice or computer, which then suggested the moves Mr Riccardi should perform next. These moves were allegedly communicated to him through the box under his arm.

Mr Riccardi denies that he cheated and has claimed that the devices were good luck charms, according to reports. more

So You Want to be a PI...

A reporter contacted me and asked... 

Q. What would be your advice to someone who wants to become a PI? One way to think about this question is, what you would have wanted your younger self to know before entering the career. 

1. Know yourself. If you are not naturally inquisitive, not willing to work odd hours (24/7, including holidays), and not willing to accept financial risk once you are on your own... find something else to do.
   
2. Plan on working with an established, large PI firm when you first start out. You may have been a great detective in you law enforcement career, but you'll need to learn the business of doing business to succeed if you want to eventually go out on your own in the private sector. If you have little or no experience, working for a large investigations firm is the way to get some. Large firms will teach you if... you show aptitude, good sense and have excellent writing skills.
   
3. In addition to developing a general knowledge of private security, security hardware/software, etc., develop two specialties. This will make you unique and reduces the competitive pressures.
   
4. Be willing to learn other aspects of business, e.g. bookkeeping, marketing, advertising, public speaking, website development, social networking, etc. You will need these skills, or you will be paying someone else too much to do them for you.

  Q. What are the career path options someone like yourself has in the field?

The private investigations field is broad: surveillance, insurance investigations, undercover employee, secret shoppers, civil investigations, fraud and counterfeit, on-line research, computer forensics, accident reconstruction, technical surveillance countermeasures (TSCM), skip tracing, pre-trial research, corporate investigations, arson investigations, background checks, domestic investigations, infidelity investigations, and more. Most PI's have many of these fields listed on their menu. The really successful ones specialize in only one or two.

Then, there is the whole field of security consulting where knowledge and experience (and nothing else) are the items being sold. This is considered the top of the field at the end of the career path. For more information on this, visit the International Association of Professional Security Consultants (iapsc.org).

Spy equipment suppliers: Report exposes who sells surveillance tech to Colombia

A baby's car seat complete with audio and video recorder for covert surveillance...

Privacy International's investigative report reveals the companies selling surveillance tech to Columbia, despite that it may be used for unlawful spying. more 

The Spy Car You May Not Want

If, while driving, you were also chowing down food, yakking on your phone or getting distracted by the Labrador retriever, would your insurance company know?

A patent issued in August to Allstate mentions using sensors and cameras to record “potential sources of driver distraction within the vehicle (e.g. pets, phone usage, unsecured objects in vehicle).” It also mentions gathering information on the number and types of passengers — whether adults, children or teenagers.

And the insurer, based in suburban Chicago, isn’t just interested in the motoring habits of its own policyholders... more

Some Top Baby Monitors Lack Basic Security Features

Several of the most popular Internet-connected baby monitors lack basic security features, making them vulnerable to even the most basic hacking attempts, according to a new report from a cybersecurity firm.

The possibility of an unknown person watching their baby's every move is a frightening thought for many parents who have come to rely on the devices to keep an eye on their little ones. In addition, a hacked camera could provide access to other Wi-Fi-enabled devices in a person's home, such as a personal computer or security system.

The research released Wednesday by Boston-based Rapid7 Inc. looks at nine baby monitors made by eight different companies. They range in price from $55 to $260. more

26 Mobile Phone Models Contain Pre-Installed Spyware

What's in you pocket?
Over 190.3 million people in the US own smartphones, but many do not know exactly what a mobile device can disclose to third parties about its owner. Mobile malware is spiking, and is all too often pre-installed on a user’s device.

Following its findings in 2014 that the Star N9500 smartphone was embedded with extensive espionage functions, G DATA security experts have continued the investigation and found that over 26 models from some well-known manufacturers including Huawei, Lenovo and Xiaomi, have pre-installed spyware in the firmware.

However, unlike the Star devices, the researchers suspect middlemen to be behind this, modifying the device software to steal user data and inject their own advertising to earn money.

"Over the past year we have seen a significant increase in devices that are equipped with firmware-level spyware and malware out of the box which can take a wide range of unwanted and unknown actions including accessing the Internet, read and send text messages, install apps, access contact lists, obtain location data and more—all which can do detrimental damage,” said Christian Geschkat, G DATA mobile solutions product manager.

Further, the G DATA Q2 2015 Mobile Malware Report shows that there will be over two million new malware apps by the end of the year. more

Spycam News: What Happens in Vegas Doesn't Always Stay in Vegas

Police in North Las Vegas are looking for a man they say put a hidden camera in the bathroom of a business there...

Investigators have released a clip from video surveillance in the store showing the man they believe to be the suspect.

He is described as a Hispanic male adult, approximately 30 years of age, about 5’ 07”, weighing 190 lbs. He was last seen wearing black glasses, a gray polo shirt, light colored pants, and black sandals.

If you have any information that could help police in this case you’re asked to call them or Crimestoppers at 702-385-5555. more

UPDATE (9/2/2015) - North Las Vegas police say media reports led to the identification and arrest of a 37-year-old man believed to have recorded his own face while placing a hidden camera in the bathroom of a clothing store.

Officer Aaron Patty said Eduardo Rafael Chavez was arrested Tuesday. more

Communications Interception Device Bust Highlights the World of Non-Government Spying

Three men have been arrested by the South African Police Service in an undercover sting operation in which the Hawks posed as buyers for a cellphone locator and eavesdropping machine called a “Grabber”. The three are alleged to have listened in to government tenders related to the Airports Company of South Africa.

The machine is small enough to fit into a car or van and presidential authority is needed to operate one. The Grabber confiscated in South Africa at the beginning of this month was apparently used for corporate spying, reports The Star. The machine, made in Israel and worth over R25 million, was specially installed in a German-made multi-purpose vehicle. Two of the men arrested while trying to find a buyer for the device are a top businessman in the gold industry and a bank employee. more

TSMC Needs TSCM

Earlier this year, we covered the case of Liang Mong-song, a former TSMC engineer who stood unofficially accused of corporate espionage. Not long after we wrote the story, TSMC elected to file a lawsuit against Mong-song, and the Taiwan Supreme Court has now ruled in favor of the foundry company and against the engineer. Mong-song left TSMC and went to Samsung, not long before Samsung’s foundry plans took a significant leap forward. more

Number of Phones Infected by Dendroid Spying App Remains Unknown

An American student who hoped to sell enough malicious software to infect 450,000 Google Android smartphones pleaded guilty to a law meant to prevent hacking of phones and computers...

Infected phones could be remotely controlled by others and used to spy and secretly take pictures without the phone owner's knowledge, as well as to record calls, intercept text messages and otherwise steal information the owners downloaded on the devices...

Morgan Culbertson expected each person who bought Dendroid would be able to infect about 1500 phones with it, or 300,000 and 450,000 phones total. more

Illinois Law Allows Nursing Home Residents to Install Surveillance Equipment

Illinois Gov. Bruce Rauner signed legislation Aug. 21 supporters say will help prevent abuse and neglect of nursing home residents. The Authorized Electronic Monitoring in Long-Term Care Facilities Act allows nursing home residents to install audio and video surveillance equipment in their rooms.

Residents and their roommates must consent to having video or audio recording devices installed. The act allows legal guardians and family members to give consent for residents, if a physician determines a resident is incapable of doing so. Consent can be withdrawn at any time by residents or their roommates. more

Panel Upholds Christensen’s Conviction on Eavesdropping Charges

The Ninth U.S. Circuit Court of Appeals yesterday affirmed former powerhouse Los Angeles lawyer Terry N. Christensen’s conviction on charges of illegal eavesdropping and conspiracy.

Christensen—who practiced law in Los Angeles for more than 40 years at the famed Wyman Bautzer firm and at the firm he co-founded, Christensen Miller—was convicted along with former private investigator Anthony Pellicano, well known for his work on behalf of rich and famous clients. U.S. District Judge Dale Fischer of the Central District of California sentenced Christensen to three years in prison in 2008, but he has been free on bail pending appeal.

He has been under interim suspension from the State Bar since his conviction. more

Video Game Trade Secret Theft - Next Adventure - Game of War: Anul Stage

A manager at a maker of a popular videogame was arrested last week as he tried to board a plane for Beijing after allegedly stealing trade secrets, according to a federal criminal complaint unsealed Tuesday.

Jing Zeng, 42 years old, of San Ramon, Calif., allegedly downloaded data on how users interact with Game of War: Fire Age, one of the top-grossing games in Apple Inc.’s App Store. Mr. Zeng was a director of global infrastructure for the game’s maker, Machine Zone Inc...

On his LinkedIn profile, Mr. Zeng says that he left Machine Zone last month.

His current position: “Ready for next adventure.” more

A Conversation in the Bathroom with the Water Running Can't Beat a Noisebath®

Need to have a private conversation? 
No time to sweep the room for bugs?
Don't want to look like a paranoid hiding in the bathroom with the water running?

Take a Noisebath®... because running the water isn't very effective against determined eavesdroppers with high-tech filtering systems.

from the website...

Playing NOISEBATH masking source material through the speakers of a properly configured system creates a “bath” of noise around the target which mixes with the actual voices or equipment sounds to hinder the exploitation of the target’s acoustics.

NOISEBATH has been shown to be compatible with Secure Telephones. The masking sounds have negligible impact on the remote secure phone user and the local masking level can be adjusted by remote control.

There is up to a 25db reduction in sound level within the protection zone from the sound level outside the protection zone. NOISEBATH can be used with transducers on exterior windows and surfaces to protect against eavesdropping systems outside the room.

Noisebath® is the co-invention of Noel D. Matchet,  employed for 19 years at the National Security Agency where he was presented the Agency’s highest honor – The Exceptional Civilian Service Award for his contributions to information security. He has multiple patents to his credit. more

Surf Like A Spy

The default state of Internet privacy is a travesty. But if you're willing to work hard, you can experience the next best thing to absolute Internet anonymity...

1. Find a safe country
First, you would have to be physically located in a country that doesn't try its hardest to spy on you. Your best option is to find a country with good Internet connectivity that doesn't have enough resources to monitor everything its citizens are doing...

2. Get an anonymizing operating system
Next, you'll need an anonymizing operating system that runs on a resettable virtual machine running on secure portable media. The portable media device should use hardware-based encryption or a secure software-based encryption program. One of the top products on that list is Ironkey Workspace...

3. Connect anonymously
Next, you'll need to connect to the Internet using an anonymous method. The best approach would probably be to jump around random, different, open wireless networks, public or otherwise, as much as possible, rarely repeating at the same connection point. Barring that method, you would probably want to use a device built for anonymous wireless connections, like ProxyGambit...

4. Use Tor
Whatever Live OS and Internet connection method you use, make sure to go with an anonymizing browser, such as a Tor-enabled browser...

5. Don't use plug-ins
It's very important to remember that many of today's browser plug-ins, particularly the most popular ones, leave clues that reveal your identity and location. Don't use them if you want to preserve your anonymity.

6. Stick with HTTP/S
Don't use any protocols other than HTTP or HTTPS. Typically, other protocols advertise your identity or location. When working with HTTPS, use only handpicked, trusted certification authorities that don't issue "fake" identity certificates.

7. Avoid the usual applications
Don't install or use normal productivity software, like word processors or spreadsheets. They, too, will often "dial home" each time they're started and reveal information.

8. Set up burner accounts
You'll need a different email address, password, password question answers, and identity information for each website if you take the risk of creating logon accounts. This particular solution is not only for privacy nuts and should already be practiced by everyone already.

9. Never use credit cards
If you plan to buy anything on the Internet, you can't use a normal credit card and stay anonymous. You can try to use online money transfer services such as PayPal, but most have records that can be stolen or subpoenaed. Better, use an e-currency such as bitcoin or one of its competitors...

Each of these anonymizing methods can be defeated, but the more of them you add to your privacy solution, the harder it will be for another person or group to identify you... more

Report: Colts Still Sweep For Bugging Devices When They Visit Patriots

MA - It appears Peyton Manning left quite the lasting legacy in Indianapolis. Former Colts head coach Tony Dungy caused a major stir Thursday when he admitted Manning used to fear the New England Patriots bugged the visiting locker room at Gillette Stadium and even would go out into the hallway to discuss play-calling.

Manning left Indy in 2011, but apparently the team still takes precautionary measures whenever it comes to Foxboro, according to WTHR.com’s Bob Kravitz. more

Thousands Of Ashley Madison Clients About To Learn (The Hard Way) That Most Employers Monitor Email

Upwards of 36 million email addresses were compromised when hackers infiltrated Ashley Madison, a site designed to help married people have affairs. Those email addresses, first released as an ungainly data dump, are now easily searchable on a number of different sites, leaving millions of people, some more famous than others, susceptible to personal and, it turns out, professional backlash.

Amazingly, tens of thousands of people, including more than 15,000 military and government personnel, decided to use their work email addresses to sign up for a dalliance, and if you’re wondering whether that puts them at any professional risk, the answer is almost certainly yes. A majority of American businesses monitor what their employees do online in some way or other, and they are not shy about cracking down on misbehavior.

According to a survey conducted by the American Management Association and the ePolicy Institute, more than one-quarter of employers have fired employees for misusing their work email addresses and more than one-third have fired workers for misusing the Internet. more