Watergate will forever be notorious as the site of the Democratic National Committee break-in. Now for $1.33 million, you can buy your place in its history.
That’s the asking price of the four-bedroom residence where then-Attorney General John Mitchell lived when planning the infamous break-in of 1972. The apartment, located in one of the Watergate’s three residential towers, measures 3,150 square feet and includes a private elevator entrance.
The buildings that make up the Watergate complex have a long list of A-list residents influential in politics, public policy, the arts and business. Current owners include Supreme Court Justice Ruth Bader Ginsburg, former Sens. Bob and Elizabeth Dole, and Jacqueline Mars, heiress to the Mars candy fortune. We take you behind the scenes in the Washington landmark. more
Fun Facts
• John Mitchell was the person who evaluated the results of the first
Watergate burglary and ordered the five men to return to fix wiretaps
and photograph more documents.
• "If it hadn't been for Martha Mitchell,
there'd have been no Watergate."
~Nixon
Saturday, September 3, 2016
Thursday, September 1, 2016
50% of Email Users Deserve the Problems They Create
Security experts often talk about the importance of educating people
about the risks of "phishing" e-mails containing links to malicious websites. But sometimes, even awareness isn't enough.
A study by researchers at a university in Germany found that about half of the subjects in a recent experiment clicked on links from strangers in e-mails and Facebook messages—even though most of them claimed to be aware of the risks. more
about the risks of "phishing" e-mails containing links to malicious websites. But sometimes, even awareness isn't enough.
A study by researchers at a university in Germany found that about half of the subjects in a recent experiment clicked on links from strangers in e-mails and Facebook messages—even though most of them claimed to be aware of the risks. more
Sports Smartphone App Accused of Eavesdropping
A putative class action suit filed in a California court on Monday against Oakland’s Golden State Warriors basketball team accuses the team of offering a smartphone app that secretly records the user’s conversations.
The app, developed by Yinzcam Inc., uses the phone’s microphone to track the user’s location by picking up on sonic beacons built by Signal360, but fails to warn users that it is doing so and that it is picking up nearby conversations in the process, plaintiff Latisha Satchell said.
“Unbeknownst to plaintiff and without her consent, defendants programmed the app to turn on her smartphone’s microphone and listen in. Specifically, because plaintiff carried her smartphone to locations where she would have private conversations and the app was continuously running on her phone, defendants app listened in to private oral communications,” Satchell said.
According to the complaint, the app, which is advertised as a source of scores, game schedules, news, statistics and other information about the Warriors, uses the phone’s microphone to pick up sound tones generated by Signal360 beacons and uses those tones to track the user’s location in the Warrior’s stadium and send the user appropriate notifications and advertisements or track the user’s movements for later analysis. Satchell argued that the app also picks up and temporarily records other nearby sounds, including conversations. more
The app, developed by Yinzcam Inc., uses the phone’s microphone to track the user’s location by picking up on sonic beacons built by Signal360, but fails to warn users that it is doing so and that it is picking up nearby conversations in the process, plaintiff Latisha Satchell said.
“Unbeknownst to plaintiff and without her consent, defendants programmed the app to turn on her smartphone’s microphone and listen in. Specifically, because plaintiff carried her smartphone to locations where she would have private conversations and the app was continuously running on her phone, defendants app listened in to private oral communications,” Satchell said.
According to the complaint, the app, which is advertised as a source of scores, game schedules, news, statistics and other information about the Warriors, uses the phone’s microphone to pick up sound tones generated by Signal360 beacons and uses those tones to track the user’s location in the Warrior’s stadium and send the user appropriate notifications and advertisements or track the user’s movements for later analysis. Satchell argued that the app also picks up and temporarily records other nearby sounds, including conversations. more
Wednesday, August 24, 2016
BBC: Are hi-tech spies stealing all your firm's secrets?
Last weekend's reports about the New Zealand rugby team's discovery of a listening device sewn in to a hotel meeting room chair, have illustrated just how much spying technology has advanced in recent years.
These days, you don't need to sit outside in a van with your headphones on, listening to static for an hour before the battery runs out and the tape recorder gives a tell-tale clunk.
Tiny matchbox-sized gadgets are now capable of transmitting audio and video for hours on end to the other side of the world. more
If you are in business, you have information others want. Don't be an easy target.
Order our 3-point information security assessment. (Bug sweep / TSCM, Wi-Fi security and compliance audit & Information Security Survey)
These days, you don't need to sit outside in a van with your headphones on, listening to static for an hour before the battery runs out and the tape recorder gives a tell-tale clunk.
Tiny matchbox-sized gadgets are now capable of transmitting audio and video for hours on end to the other side of the world. more
If you are in business, you have information others want. Don't be an easy target.
Order our 3-point information security assessment. (Bug sweep / TSCM, Wi-Fi security and compliance audit & Information Security Survey)
Rugby Bugging Scandal - CEO - Nieve? Negligent? You Decide...
Australian Rugby Union CEO Bill Pulver says... he’d never previously heard of sports teams sweeping rooms for bugs.
“I’m not going to describe the All Blacks as paranoid, it’s up to them to run their team the way they want to,” Pulver said.
“But I can tell you we don’t sweep rooms.” more
Obviously, if you never check, you'll never know. TSCM inspection sweeps work. Just ask the All Blacks.
“I’m not going to describe the All Blacks as paranoid, it’s up to them to run their team the way they want to,” Pulver said.
“But I can tell you we don’t sweep rooms.” more
Obviously, if you never check, you'll never know. TSCM inspection sweeps work. Just ask the All Blacks.
CNN Report: How is the US / China Cyber Theft Agreement Working Out?
About a year ago, China and the United States formally agreed not to conduct or knowingly support the cyber theft of each other's intellectual property.
So, how is that agreement working out?
Not great, said Adm. Mike Rogers, head of US Cyber Command.
"Cyber operations from China are still targeting and exploiting US government, defense industry, academic and private computer networks," Rogers said last April during testimony before a US Senate committee.
Cyber theft of US trade secrets can easily ruin American businesses and result in higher prices for consumers. Even more worrisome, stolen American military secrets could put US servicemen and women at risk during combat. more with video
See the dramatic story of how the United States caught and convicted an American who was spying for China. Watch CNN's "Declassified," Sunday at 10 p.m. ET/PT.
So, how is that agreement working out?
Not great, said Adm. Mike Rogers, head of US Cyber Command.
"Cyber operations from China are still targeting and exploiting US government, defense industry, academic and private computer networks," Rogers said last April during testimony before a US Senate committee.
Cyber theft of US trade secrets can easily ruin American businesses and result in higher prices for consumers. Even more worrisome, stolen American military secrets could put US servicemen and women at risk during combat. more with video
See the dramatic story of how the United States caught and convicted an American who was spying for China. Watch CNN's "Declassified," Sunday at 10 p.m. ET/PT.
Eye in Sky Surveillance - “Imagine Google Earth with TiVo capability.”
Baltimore, MD - Since January, police have been testing an aerial surveillance system adapted from the surge in Iraq.
[See excellent video report.]
A half block from the city’s central police station, in a spare office suite above a parking garage, Ross McNutt, the founder of Persistent Surveillance Systems, monitored the city...
Since this discreet arrangement began in January, it had felt like a make-or-break opportunity for McNutt. His company had been trying for years to snag a long-term contract with an American metropolitan police department. Baltimore seemed like his best shot to date, one that could lead to more work.
He’s told police departments that his system might help them reduce crime by as much as 20 percent in their cities, and he was hoping this Baltimore job would allow him to back up the claim. “I don’t have good statistical data yet, but that’s part of the reason we’re here,” he said. McNutt believes the technology would be most effective if used in a transparent, publicly acknowledged manner; part of the system’s effectiveness, he said, rests in its potential to deter criminal activity.
McNutt is an Air Force Academy graduate, physicist, and MIT-trained astronautical engineer who in 2004 founded the Air Force’s Center for Rapid Product Development. The Pentagon asked him if he could develop something to figure out who was planting the roadside bombs that were killing and maiming American soldiers in Iraq. In 2006 he gave the military Angel Fire, a wide-area, live-feed surveillance system that could cast an unblinking eye on an entire city.
The system was built around an assembly of four to six commercially available industrial imaging cameras, synchronized and positioned at different angles, then attached to the bottom of a plane. As the plane flew, computers stabilized the images from the cameras, stitched them together and transmitted them to the ground at a rate of one per second. This produced a searchable, constantly updating photographic map that was stored on hard drives. His elevator pitch was irresistible: “Imagine Google Earth with TiVo capability.” more more videos
[See excellent video report.]
A half block from the city’s central police station, in a spare office suite above a parking garage, Ross McNutt, the founder of Persistent Surveillance Systems, monitored the city...
Since this discreet arrangement began in January, it had felt like a make-or-break opportunity for McNutt. His company had been trying for years to snag a long-term contract with an American metropolitan police department. Baltimore seemed like his best shot to date, one that could lead to more work.
He’s told police departments that his system might help them reduce crime by as much as 20 percent in their cities, and he was hoping this Baltimore job would allow him to back up the claim. “I don’t have good statistical data yet, but that’s part of the reason we’re here,” he said. McNutt believes the technology would be most effective if used in a transparent, publicly acknowledged manner; part of the system’s effectiveness, he said, rests in its potential to deter criminal activity.
McNutt is an Air Force Academy graduate, physicist, and MIT-trained astronautical engineer who in 2004 founded the Air Force’s Center for Rapid Product Development. The Pentagon asked him if he could develop something to figure out who was planting the roadside bombs that were killing and maiming American soldiers in Iraq. In 2006 he gave the military Angel Fire, a wide-area, live-feed surveillance system that could cast an unblinking eye on an entire city.
The system was built around an assembly of four to six commercially available industrial imaging cameras, synchronized and positioned at different angles, then attached to the bottom of a plane. As the plane flew, computers stabilized the images from the cameras, stitched them together and transmitted them to the ground at a rate of one per second. This produced a searchable, constantly updating photographic map that was stored on hard drives. His elevator pitch was irresistible: “Imagine Google Earth with TiVo capability.” more more videos
Monday, August 22, 2016
Bugging devices 'widespread' According to Prime Minister
NZ - Prime Minister John Key says he too has been bugged, but won't go into specifics about how often that has happened, where it occurred and who might have been responsible.
His comments come as police in Sydney investigate the discovery of a listening device in a hotel meeting room used by the All Blacks.
Mr Key said it had happened to him, but would not give any details, except to say he would only know about a fraction of the times he had been bugged.
"I'm just saying it's not a new concept that people would put in bugging devices ... I'm just saying it's widespread and I think people would be wise to consider those factors." more
When you think about it, we only know about covert bugging, wiretapping and optical surveillance from the failed attempts.
By definition, all successful eavesdropping is never discovered. (Usually because no one is looking for it.)
This is why smart businesses, like the All Blacks rugby organization, conduct proactive technical surveillance countermeasures inspections (aka TSCM).
If you would like to add TSCM inspections to your security strategy, contact me. I'll recommend a trusted specialist in your area. ~Kevin
His comments come as police in Sydney investigate the discovery of a listening device in a hotel meeting room used by the All Blacks.
Example of a digital transmitter. |
"I'm just saying it's not a new concept that people would put in bugging devices ... I'm just saying it's widespread and I think people would be wise to consider those factors." more
When you think about it, we only know about covert bugging, wiretapping and optical surveillance from the failed attempts.
By definition, all successful eavesdropping is never discovered. (Usually because no one is looking for it.)
This is why smart businesses, like the All Blacks rugby organization, conduct proactive technical surveillance countermeasures inspections (aka TSCM).
If you would like to add TSCM inspections to your security strategy, contact me. I'll recommend a trusted specialist in your area. ~Kevin
Facebook Surveillance Would Make Santa Jealous, or...
...98 personal data points that Facebook uses to target ads to you...
Say you’re scrolling through your Facebook Newsfeed and you encounter an ad so eerily well-suited, it seems someone has possibly read your brain.
Maybe your mother’s birthday is coming up, and Facebook’s showing ads for her local florist. Or maybe you just made a joke aloud about wanting a Jeep, and Instagram’s promoting Chrysler dealerships.
Whatever the subject, you’ve seen ads like this. You’ve wondered — maybe worried — how they found their way to you...
While you’re logged onto Facebook, for instance, the network can see virtually every other website you visit. Even when you’re logged off, Facebook knows much of your browsing: It’s alerted every time you load a page with a “Like” or “share” button, or an advertisement sourced from its Atlas network. Facebook also provides publishers with a piece of code, called Facebook Pixel, that they (and by extension, Facebook) can use to log their Facebook-using visitors. more
Say you’re scrolling through your Facebook Newsfeed and you encounter an ad so eerily well-suited, it seems someone has possibly read your brain.
Maybe your mother’s birthday is coming up, and Facebook’s showing ads for her local florist. Or maybe you just made a joke aloud about wanting a Jeep, and Instagram’s promoting Chrysler dealerships.
Whatever the subject, you’ve seen ads like this. You’ve wondered — maybe worried — how they found their way to you...
While you’re logged onto Facebook, for instance, the network can see virtually every other website you visit. Even when you’re logged off, Facebook knows much of your browsing: It’s alerted every time you load a page with a “Like” or “share” button, or an advertisement sourced from its Atlas network. Facebook also provides publishers with a piece of code, called Facebook Pixel, that they (and by extension, Facebook) can use to log their Facebook-using visitors. more
Banksy Spy Art Destroyed
This famous Banksy artwork showing "snooping" in Cheltenham has been removed.
Spy Booth depicts three 1950s-style agents, wearing brown trench coats and trilby hats, using devices to tap into conversations at a telephone box.
On April 13, 2014 the mural first appeared on the house in Fairview Road, Cheltenham.
The graffiti street art - which highlights the issue of Government surveillance - is located on the Grade II listed building near GCHQ, where the UK's surveillance network is based.
Spy Booth was granted listed status by Cheltenham Borough Council but the house itself has been put up for sale in January this year.
A social media post yesterday appeared to show the mural being cut down behind a tarpaulin. more
Sunday, August 21, 2016
TSCM Find: Bug Discovered in Hotel Meeting Room Used by New Zealand Rugby Team
New Zealand Rugby says a Sydney hotel room where the All Blacks held meetings was bugged before their first Bledisloe Cup match against Australia.
The New Zealand Herald reported that a "sophisticated" listening device found on Monday had been hidden in a chair...
The paper reported that hiding the bug "was a highly skilled and meticulous act and whoever put it there would have needed a significant amount of time to have pulled off such an accomplished job".
Indications are that the device was working and would have transmitted conversations about the All Blacks' strategy for Saturday's match. more
The Herald understands the foam of the seat appeared to have been deliberately and carefully cut to make way for the device and then sewn or glued back together to be almost undetectable. more
The New Zealand Herald reported that a "sophisticated" listening device found on Monday had been hidden in a chair...
The paper reported that hiding the bug "was a highly skilled and meticulous act and whoever put it there would have needed a significant amount of time to have pulled off such an accomplished job".
Indications are that the device was working and would have transmitted conversations about the All Blacks' strategy for Saturday's match. more
The Herald understands the foam of the seat appeared to have been deliberately and carefully cut to make way for the device and then sewn or glued back together to be almost undetectable. more
Labels:
#eavesdropping,
#TSCM,
business,
eavesdropping,
espionage,
find,
sports,
TSCM
It Just Got Harder to Spy on Your Spouse Online
Joseph Zhang became suspicious of his wife Catherine’s online activities, so he installed software called WebWatcher on their home computer in Ohio to track her. The fallout was not just a divorce, but a landmark court ruling that could have long-term implications for both users and makers of so-called spyware.
According to an appeals court in Cincinnati, the maker of the spyware used by Zhang violated federal and state wire-tapping laws by intercepting the messages of a Florida man, Javier Luis, who had been communicating with Catherine in an America Online chatroom called “Metaphysics.”
The legal case begin in 2010 not long after Zhang used messages captured with the spyware to obtain leverage in divorce proceedings, even though a court said the relationship between his wife and Luis was “apparently platonic.” more
According to an appeals court in Cincinnati, the maker of the spyware used by Zhang violated federal and state wire-tapping laws by intercepting the messages of a Florida man, Javier Luis, who had been communicating with Catherine in an America Online chatroom called “Metaphysics.”
The legal case begin in 2010 not long after Zhang used messages captured with the spyware to obtain leverage in divorce proceedings, even though a court said the relationship between his wife and Luis was “apparently platonic.” more
Man Charged with Eavesdropping on Family
NY - A Bloomingburg man was charged Thursday with eavesdropping on family members.
State police said their investigation found that Joseph Codi, 33, of Bloomingburg, used a hidden electronic monitor to overhear conversations between other family members without their consent or knowledge for more than a month.
Codi was charged with eavesdropping, a felony. He was arraigned before Mamakating Town Justice Cynthia Dolan and released on his own recognizance, pending further court action. more
State police said their investigation found that Joseph Codi, 33, of Bloomingburg, used a hidden electronic monitor to overhear conversations between other family members without their consent or knowledge for more than a month.
Codi was charged with eavesdropping, a felony. He was arraigned before Mamakating Town Justice Cynthia Dolan and released on his own recognizance, pending further court action. more
Friday, August 19, 2016
Privacy Guidebook for Eavesdropping on Americans Draws Flack
A privacy update to 1982 Defense Department rules for conducting surveillance on Americans contains a loophole...
that lets the National Security Agency continue eavesdropping on a wide swath of online conversations, critics say.
"DOD Manual 5240.01: Procedures Governing the Conduct of DOD Intelligence Activities" was last issued when all email addresses could fit in a Parent Teacher Association-sized directory. The new rules reflect a shift in intelligence gathering from bugging an individual’s phone to netting communications in bulk from the global internet...
It remains to be seen, or unseen, how U.S. spies are following the new data-handling guidelines in practice when scanning networks.
On Wednesday, Defense officials declined to comment on internet cable-tapping. more
that lets the National Security Agency continue eavesdropping on a wide swath of online conversations, critics say.
"DOD Manual 5240.01: Procedures Governing the Conduct of DOD Intelligence Activities" was last issued when all email addresses could fit in a Parent Teacher Association-sized directory. The new rules reflect a shift in intelligence gathering from bugging an individual’s phone to netting communications in bulk from the global internet...
It remains to be seen, or unseen, how U.S. spies are following the new data-handling guidelines in practice when scanning networks.
On Wednesday, Defense officials declined to comment on internet cable-tapping. more
The 10 Best Offbeat Spy Movies
You can see all the trailers here.
10. Casino Royale
9. Our Man Flint
8. The Man Who Knew Too Little
7. Burn After Reading
6. Confessions of a Dangerous Mind
5. Spies Like Us
4. What’s Up, Tiger Lily?
3. Austin Powers: International Man of Mystery
2. Top Secret!
1. Spy
Enjoy the weekend! ~Kevin
10. Casino Royale
9. Our Man Flint
8. The Man Who Knew Too Little
7. Burn After Reading
6. Confessions of a Dangerous Mind
5. Spies Like Us
4. What’s Up, Tiger Lily?
3. Austin Powers: International Man of Mystery
2. Top Secret!
1. Spy
Enjoy the weekend! ~Kevin
Three Espionage Tests
Denmark - The EspionageTest is the name of a newly developed free online test designed to reveal whether businesses are vulnerable to industrial espionage.
“The test is designed to provide an immediate picture of a business’s strengths and weaknesses. It provides a picture of the business’s challenges and the areas that need strengthening. The test looks at digital security, employee behaviour, culture and physical security,” says Senior Consultant Christine Jøker Lohmann from the Confederation of Danish Industry who is a member of the project steering group.
Employee behaviour and technology are tested
The test, which has been financed by the Danish Industry Foundation and developed by the intelligence and security firm CERTA Intelligence & Security, requires businesses to answer questions covering all areas of security and tests both technology and employee behaviour.
In each area, businesses will be told how they score in terms of security and will be given specific tips and recommendations on how to improve or develop suitable protection against espionage... more
The EspionageTest – Launching on 23 August 2016 – will be freely available to all Danish businesses.
...and, from another point-of-view, take these two tests to see if you would be good at espionage...
Espionage Spy Test #1
Espionage Spy Test #2
“The test is designed to provide an immediate picture of a business’s strengths and weaknesses. It provides a picture of the business’s challenges and the areas that need strengthening. The test looks at digital security, employee behaviour, culture and physical security,” says Senior Consultant Christine Jøker Lohmann from the Confederation of Danish Industry who is a member of the project steering group.
Employee behaviour and technology are tested
The test, which has been financed by the Danish Industry Foundation and developed by the intelligence and security firm CERTA Intelligence & Security, requires businesses to answer questions covering all areas of security and tests both technology and employee behaviour.
In each area, businesses will be told how they score in terms of security and will be given specific tips and recommendations on how to improve or develop suitable protection against espionage... more
The EspionageTest – Launching on 23 August 2016 – will be freely available to all Danish businesses.
...and, from another point-of-view, take these two tests to see if you would be good at espionage...
Espionage Spy Test #1
Espionage Spy Test #2
Thursday, August 18, 2016
Spycam News: Gawker Smacks Down on Monday
Gawker, the best known part of Gawker Media, but apparently the least salvageable, will not be welcomed aboard the lifeboat that Univision has sent to the sinking company in the form of a $135 million bid for its assets. The site will cease publishing on Monday, according to a person familiar with the situation...
Gawker's nearly 14 years' worth of media-world scoops, amusing rants, gratuitous take-downs and occasional investigative gems will be archived, according to a memo company founder and Chief Executive Nick Denton sent to staffers Thursday announcing the site's closure.
"We have not been able to find a single media company or investor willing to take on Gawker.com," he wrote. "The campaign being mounted against its editorial ethos and former writers has made it too risky. I can understand the caution. Gawker.com may, like Spy Magazine in its day, have a second act. For the moment, however, it will be mothballed, until the smoke clears and a new owner can be found."...
Gawker Media, which declared bankruptcy in June after losing an invasion-of-privacy suit brought by Hulk Hogan. A Florida jury awarded him $140 million in the case, which revolved around a sex tape of the wrestler, whose real name is Terry Bollea, that Gawker published. more
Gawker's nearly 14 years' worth of media-world scoops, amusing rants, gratuitous take-downs and occasional investigative gems will be archived, according to a memo company founder and Chief Executive Nick Denton sent to staffers Thursday announcing the site's closure.
"We have not been able to find a single media company or investor willing to take on Gawker.com," he wrote. "The campaign being mounted against its editorial ethos and former writers has made it too risky. I can understand the caution. Gawker.com may, like Spy Magazine in its day, have a second act. For the moment, however, it will be mothballed, until the smoke clears and a new owner can be found."...
Gawker Media, which declared bankruptcy in June after losing an invasion-of-privacy suit brought by Hulk Hogan. A Florida jury awarded him $140 million in the case, which revolved around a sex tape of the wrestler, whose real name is Terry Bollea, that Gawker published. more
Early 20th Century Phone Privacy Gadgets
Invented in 1921, the Hush-A-Phone was advertised as a “telephone silencer” and a device that “Makes your phone private as a booth.”
It produced the same effect as cupping both your hands around the mouthpiece of the two-pieced candlestick model telephone, with others in the room only hearing a rumbling of indiscernible sounds.
Callers only needed to slide the Hush-A-Phone over the mouthpiece of the phone, place their lips in the circular opening, and speak. The device was simple, easy to use, and it worked.
Yet, the Hush-A-Phone isn’t remembered for its simplicity, or success in creating an artificial cone of silence. Rather, the device is known for waging a war against the telecommunication giant, AT&T—a historic legal battle law experts compare to feuds over today’s open internet. more
Predating the Hush-A-Phone by about 20 years was The Whispering Mouthpiece. ~Kevin
It produced the same effect as cupping both your hands around the mouthpiece of the two-pieced candlestick model telephone, with others in the room only hearing a rumbling of indiscernible sounds.
Callers only needed to slide the Hush-A-Phone over the mouthpiece of the phone, place their lips in the circular opening, and speak. The device was simple, easy to use, and it worked.
Yet, the Hush-A-Phone isn’t remembered for its simplicity, or success in creating an artificial cone of silence. Rather, the device is known for waging a war against the telecommunication giant, AT&T—a historic legal battle law experts compare to feuds over today’s open internet. more
Predating the Hush-A-Phone by about 20 years was The Whispering Mouthpiece. ~Kevin
Wednesday, August 17, 2016
Court: Producers of Spyware Can Be Held Liable
A federal appeals court says the maker of an online spying tool can be sued on accusations of wiretapping. The federal lawsuit was brought by a man whose e-mail and instant messages to a woman were captured by the husband of the woman. That husband used that data as a "battering ram" as part of his 2010 divorce proceedings.
It's the second time in a week that a federal court has ruled in a wiretapping case—in favor of a person whose online communications were intercepted without consent. The other ruling was against Google. A judge ruled that a person not using Gmail who sent e-mail to another person using Gmail had not consented to Gmail's automatic scanning of the e-mail for marketing purposes. Hence, Google could be sued (PDF) for alleged wiretapping violations.
For the moment, the two outcomes are a major victory for privacy. But the reasoning in the lawsuit against the makers of the WebWatcher spy program could have ramifications far beyond the privacy context—and it places liability on the producers of spyware tools. more
It's the second time in a week that a federal court has ruled in a wiretapping case—in favor of a person whose online communications were intercepted without consent. The other ruling was against Google. A judge ruled that a person not using Gmail who sent e-mail to another person using Gmail had not consented to Gmail's automatic scanning of the e-mail for marketing purposes. Hence, Google could be sued (PDF) for alleged wiretapping violations.
For the moment, the two outcomes are a major victory for privacy. But the reasoning in the lawsuit against the makers of the WebWatcher spy program could have ramifications far beyond the privacy context—and it places liability on the producers of spyware tools. more
Friday, August 12, 2016
"DiskFiltration" - Siphons Data Even When Computers are Disconnected from the Internet.
Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores.
The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data.
By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes. more
Solution: Upgrade to a solid state drive.
The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data.
By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes. more
Solution: Upgrade to a solid state drive.
Mom Alerted - Daughters' Bedroom Nanny Cam Streaming on Internet
A mother from Texas was horrified to learn that the cameras she used to keep watch on her 8-year-old girls had been hacked and were being live streamed on the internet.
She made the appalling discovery after she found a screenshot posted by another woman on a Facebook group for Houston Mothers, who was trying to alert mothers after stumbling across a free app ‘Live Camera Viewer.’ ...
According to security experts, her private cameras had been hacked by accessing the household’s IP address through her daughter’s iPad whilst she was playing a video game, and was consequently live streamed to an online feed.
The feed, which is sorted according to the number of ‘likes’ that users give, had been available since July, and had 571 ‘likes,’ meaning at least that many people had been watching it over the course of the stream. more
She made the appalling discovery after she found a screenshot posted by another woman on a Facebook group for Houston Mothers, who was trying to alert mothers after stumbling across a free app ‘Live Camera Viewer.’ ...
According to security experts, her private cameras had been hacked by accessing the household’s IP address through her daughter’s iPad whilst she was playing a video game, and was consequently live streamed to an online feed.
The feed, which is sorted according to the number of ‘likes’ that users give, had been available since July, and had 571 ‘likes,’ meaning at least that many people had been watching it over the course of the stream. more
Wednesday, August 10, 2016
IT Guy Pleads Not Guilty to Eavesdropping Charge — Recordings Found
IL - The technology director of Abingdon-Avon schools pleaded not guilty to charges of eavesdropping Tuesday at a hearing.
Mark L. Rogers, 56, of Abingdon, is on paid administrative leave from Abingdon-Avon School District 276 and has been charged with three felony counts of eavesdropping. Abingdon Police Chief Kenneth Jones testified...
Jones said authorities found that Rogers had installed a webcam in his office that was not part of the school system. Authorities found a "number of videos collected from February 2016," including one of a meeting between Rogers and Drew Witherall, who was assistant technology director at the time. Witherall said he was unaware of the Feb. 11 recording. more
Mark L. Rogers, 56, of Abingdon, is on paid administrative leave from Abingdon-Avon School District 276 and has been charged with three felony counts of eavesdropping. Abingdon Police Chief Kenneth Jones testified...
Jones said authorities found that Rogers had installed a webcam in his office that was not part of the school system. Authorities found a "number of videos collected from February 2016," including one of a meeting between Rogers and Drew Witherall, who was assistant technology director at the time. Witherall said he was unaware of the Feb. 11 recording. more
Car Key Fobs — Wireless = Useless
...a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars.
One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.
Both attacks use a cheap, easily available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key. The attacks, the researchers say, can be performed with a software defined radio connected to a laptop, or in a cheaper and stealthier package, an Arduino board with an attached radio receiver that can be purchased for $40. “The cost of the hardware is small, and the design is trivial,” says Garcia. “You can really build something that functions exactly like the original remote.”
...they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.” more
original paper
One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.
Both attacks use a cheap, easily available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key. The attacks, the researchers say, can be performed with a software defined radio connected to a laptop, or in a cheaper and stealthier package, an Arduino board with an attached radio receiver that can be purchased for $40. “The cost of the hardware is small, and the design is trivial,” says Garcia. “You can really build something that functions exactly like the original remote.”
...they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.” more
original paper
Quote of the Week
"We have never had absolute privacy in this country." ~FBI Director James Comey more
Pokemon Go — The Story Behind the Story
The suddenly vast scale of Pokemon Go adoption is matched by the game’s aggressive use of personal information. Unlike, say, Twitter, Facebook, or Netflix, the app requires uninterrupted use of your location and camera — a “trove of sensitive user data,” as one privacy watchdog put it in a concerned letter to federal regulators.
All the more alarming, then, that Pokemon Go is run by a man whose team literally drove one of the greatest privacy debacles of the internet era, in which Google vehicles, in the course of photographing neighborhoods for the Street View feature of the company’s online maps, secretly copied digital traffic from home networks, scooping up passwords, email messages, medical records, financial information, and audio and video files.
Before Niantic Labs CEO John Hanke was the man behind an unfathomably popular smartphone goldmine, he ran Google’s Geo division, responsible for nearly everything locational at a time when the search company was turning into much more, expanding away from cataloging the web and towards cataloging every city block on the planet.
Hanke landed at Google after his wildly popular (and admittedly very neat) CIA-funded company Keyhole, which collected geographic imagery, was acquired in 2004 and relaunched as Google Earth in 2005. more
All the more alarming, then, that Pokemon Go is run by a man whose team literally drove one of the greatest privacy debacles of the internet era, in which Google vehicles, in the course of photographing neighborhoods for the Street View feature of the company’s online maps, secretly copied digital traffic from home networks, scooping up passwords, email messages, medical records, financial information, and audio and video files.
Before Niantic Labs CEO John Hanke was the man behind an unfathomably popular smartphone goldmine, he ran Google’s Geo division, responsible for nearly everything locational at a time when the search company was turning into much more, expanding away from cataloging the web and towards cataloging every city block on the planet.
Hanke landed at Google after his wildly popular (and admittedly very neat) CIA-funded company Keyhole, which collected geographic imagery, was acquired in 2004 and relaunched as Google Earth in 2005. more
Tuesday, August 9, 2016
What Has More Privacy Than the Invisible iPhone Screen?
Inventor Builds Invisible iPhone Screen for Covert Viewing
A Kurdish inventor builds a secret screen for the iPhone that enables only the user to see the contents by wearing special glasses.
It's a problem many of us have faced - how to stop prying eyes peeking at what's on our phone screen But an inventor in Turkey claims to have solved it Celal Goger has invented a secrecy screen that turns iPhones invisible. Only the wearer of these glasses can see the screen. The magic is in a chip that enables the glasses to communicate with the phone...
"The mobile's screen is completely white, nothing can be seen, you can't see the menu. He gave me the glasses and, when I put them on, I saw the complete menu. If I had this on my mobile, nobody would see what I'm looking at or which apps I'm using when I'm commuting."
His next plan is to invent a nanochip that can fit any glasses and turn the screen visible or invisible with a single button. more
It's a problem many of us have faced - how to stop prying eyes peeking at what's on our phone screen But an inventor in Turkey claims to have solved it Celal Goger has invented a secrecy screen that turns iPhones invisible. Only the wearer of these glasses can see the screen. The magic is in a chip that enables the glasses to communicate with the phone...
"The mobile's screen is completely white, nothing can be seen, you can't see the menu. He gave me the glasses and, when I put them on, I saw the complete menu. If I had this on my mobile, nobody would see what I'm looking at or which apps I'm using when I'm commuting."
His next plan is to invent a nanochip that can fit any glasses and turn the screen visible or invisible with a single button. more
Tapes Could Compel Major Fox News Settlement
A settlement with former Fox News host Gretchen Carlson
over alleged sexual harassment by Roger Ailes, the network's former chairman, is expected to reach eight figures. The reason: There are audio tapes of conversations between several female employees and Ailes, who resigned last month. A settlement would most likely keep the tapes private. more
over alleged sexual harassment by Roger Ailes, the network's former chairman, is expected to reach eight figures. The reason: There are audio tapes of conversations between several female employees and Ailes, who resigned last month. A settlement would most likely keep the tapes private. more
Monday, August 8, 2016
Android Bug May Affect 900 Million Smartphones
The bugs were uncovered by Checkpoint researchers looking at software running on chipsets made by US firm Qualcomm.
Qualcomm processors are found in about 900 million Android phones, the company said...
In response, Qualcomm is believed to have created patches for the bugs and started to use the fixed versions in its factories. It has also distributed the patches to phone makers and operators. However, it is not clear how many of those companies have issued updates to customers' phones.
Checkpoint has created a free app called QuadRooter Scanner that can be used to check if a phone is vulnerable to any of the bugs, by looking to see if the patches for them have been downloaded and installed. more
Qualcomm processors are found in about 900 million Android phones, the company said...
- Affected devices included:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- US versions of the Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
In response, Qualcomm is believed to have created patches for the bugs and started to use the fixed versions in its factories. It has also distributed the patches to phone makers and operators. However, it is not clear how many of those companies have issued updates to customers' phones.
Checkpoint has created a free app called QuadRooter Scanner that can be used to check if a phone is vulnerable to any of the bugs, by looking to see if the patches for them have been downloaded and installed. more
Here's What Eavesdropper See When You Use Unsecured Wi-Fi Hotspots
You’ve probably read at least one story with warnings about using unsecure public Wi-Fi hotspots, so you know that eavesdroppers can capture information traveling over those networks. But nothing gets the point across as effectively as seeing the snooping in action. So I parked myself at my local coffee shop the other day to soak up the airwaves and see what I could see.
My intent wasn't to hack anyone's computer or device—that's illegal—but just to listen. It’s similar to listening in on someone’s CB or walkie-talkie radio conversation. Like CBs and walkie-talkies, Wi-Fi networks operate on public airwaves that anyone nearby can tune into.
As you'll see, it’s relatively easy to capture sensitive communication at the vast majority of public hotspots—locations like cafes, restaurants, airports, hotels, and other public places. You can snag emails, passwords, and unencrypted instant messages, and you can hijack unsecured logins to popular websites. Fortunately, ways exist to protect your online activity while you’re out-and-about with your laptop, tablet, and other Wi-Fi gadgets. I'll touch on those, too. more
PS - The author, Eric Geier, also provides a very good "How to use Wi-Fi hotspots securely" checklist. ~Kevin
My intent wasn't to hack anyone's computer or device—that's illegal—but just to listen. It’s similar to listening in on someone’s CB or walkie-talkie radio conversation. Like CBs and walkie-talkies, Wi-Fi networks operate on public airwaves that anyone nearby can tune into.
As you'll see, it’s relatively easy to capture sensitive communication at the vast majority of public hotspots—locations like cafes, restaurants, airports, hotels, and other public places. You can snag emails, passwords, and unencrypted instant messages, and you can hijack unsecured logins to popular websites. Fortunately, ways exist to protect your online activity while you’re out-and-about with your laptop, tablet, and other Wi-Fi gadgets. I'll touch on those, too. more
PS - The author, Eric Geier, also provides a very good "How to use Wi-Fi hotspots securely" checklist. ~Kevin
Mayor Charged: Strip Poker, Alcohol, Eavesdropping... with minors
CA - Stockton Mayor Anthony Silva was arrested Thursday at his youth camp on charges that he played strip poker with a minor and provided youngsters with alcohol, according to authorities...
The 42-year-old mayor stands accused of one felony count of making an illegal recording and one misdemeanor count each of providing alcohol to a minor, cruelty to a child by endangering their health and contributing to the delinquency of a minor...
Amador County District Attorney Todd Riebe said the strip poker game occurred in Silva’s bedroom at the camp.
According to prosecutors, one of the participants was a 16-year-old boy. Prosecutors alleged that the audio was recorded secretly and that a “surreptitious recording clearly indicates that the participants did not want to be recorded.”
Witnesses also informed FBI agents that Silva provided alcohol to the poker game participants, all of whom were underage. Witnesses stated also that Silva had supplied alcohol and made it available to a number of underage counselors at the camp, according to officials.
Included in the evidence were details of a prior episode in which Silva audiotaped a conversation with a Stockton city employee without their consent, officials said. Prosecutors said that another witness told investigators that Silva had cameras installed in his bedroom and at the Stockton Kid's Club. more
http://documents.latimes.com/complaint-against-stockton-mayor-anthony-silva/ |
Amador County District Attorney Todd Riebe said the strip poker game occurred in Silva’s bedroom at the camp.
According to prosecutors, one of the participants was a 16-year-old boy. Prosecutors alleged that the audio was recorded secretly and that a “surreptitious recording clearly indicates that the participants did not want to be recorded.”
Witnesses also informed FBI agents that Silva provided alcohol to the poker game participants, all of whom were underage. Witnesses stated also that Silva had supplied alcohol and made it available to a number of underage counselors at the camp, according to officials.
Included in the evidence were details of a prior episode in which Silva audiotaped a conversation with a Stockton city employee without their consent, officials said. Prosecutors said that another witness told investigators that Silva had cameras installed in his bedroom and at the Stockton Kid's Club. more
Labels:
amateur,
dumb,
eavesdropping,
employee,
government,
lawsuit,
political
Friday, August 5, 2016
Does dropping malicious USB sticks really work?
Of course it does.
Common sense.
I warned about this years ago.
Now, we have empirical evidence!
Research presented this week at BlackHat by Elie Bursztein of Google’s anti-abuse research team shows that the danger is alarmingly real:
On each type of drive, files consistent with the USB stick’s appearance were added. So, “private” files were added to USB sticks that were unlabelled or were attached to keys or a return label, “business” files to sticks marked confidential, etc.
However, in reality each of the files was actually an HTML file containing an embedded image hosted on the researcher’s server. In this way they were able to track when files were accessed. more
Common sense.
I warned about this years ago.
Now, we have empirical evidence!
Research presented this week at BlackHat by Elie Bursztein of Google’s anti-abuse research team shows that the danger is alarmingly real:
- …we dropped nearly 300 USB sticks on the University of Illinois Urbana-Champaign campus and measured who plugged in the drives. And Oh boy how effective that was! Of the drives we dropped, 98% were picked up and for 45% of the drives, someone not only plugged in the drive but also clicked on files.
On each type of drive, files consistent with the USB stick’s appearance were added. So, “private” files were added to USB sticks that were unlabelled or were attached to keys or a return label, “business” files to sticks marked confidential, etc.
However, in reality each of the files was actually an HTML file containing an embedded image hosted on the researcher’s server. In this way they were able to track when files were accessed. more
Smartphone Security Alert - "Juice Jacking" or... Getting your phone's brain drained at the airport,
“Juice-jacking” as the new travel scam is called, targets desperate travelers in need of a charge. Daniel Smith, a security researcher at Radware explains how this works.
“Attackers can use fake charging stations to trick unsuspecting users into plugging in their device. Once the device is plugged in the user’s data and photos could be downloaded or malware can be written onto the device.”
Hackers can download anything that is on your phone since the charging port is doubling as a data port. We’re talking passwords, emails, photos, messages, and even banking and other personal information via apps.
How to Prevent Juice-Jacking
“Don’t use public charging stations. more
Solutions...
“Attackers can use fake charging stations to trick unsuspecting users into plugging in their device. Once the device is plugged in the user’s data and photos could be downloaded or malware can be written onto the device.”
Hackers can download anything that is on your phone since the charging port is doubling as a data port. We’re talking passwords, emails, photos, messages, and even banking and other personal information via apps.
How to Prevent Juice-Jacking
“Don’t use public charging stations. more
Solutions...
- This is a tiny and lightweight external battery that is easy to travel with: Amazon.com
- Plug into your laptop to charge your phone if you’re traveling with one and don’t have an external charger.
- If you absolutely need to use public charging stations you can block the data transfer using SyncStop ($19.99).
More Than 1,000 U.S. Spies Protecting Rio Olympics
U.S. intelligence has assigned more than 1,000 spies to Olympic security as part of a highly classified effort to protect the Rio 2016 Summer Games and American athletes and staff, NBC News has learned.
Hundreds of analysts, law enforcement and special operations personnel are already on the ground in Rio de Janeiro, according to an exclusive NBC News review of a highly classified report on U.S. intelligence efforts.
In addition, more than a dozen highly trained Navy and Marine Corps commandos from the U.S. Special Operations Command are in Brazil, working with the Brazilian Federal Police and the Brazilian Navy, according to senior military officials.
The U.S. military, as expected, has placed larger military units on call should a rescue or counter-terrorism operation be needed, the officials said.
The classified report outlines an operation that encompasses all 17 U.S. intelligence agencies, including those of the armed services, and involves human intelligence, spy satellites, electronic eavesdropping, and cyber and social media monitoring. more
Hundreds of analysts, law enforcement and special operations personnel are already on the ground in Rio de Janeiro, according to an exclusive NBC News review of a highly classified report on U.S. intelligence efforts.
In addition, more than a dozen highly trained Navy and Marine Corps commandos from the U.S. Special Operations Command are in Brazil, working with the Brazilian Federal Police and the Brazilian Navy, according to senior military officials.
The U.S. military, as expected, has placed larger military units on call should a rescue or counter-terrorism operation be needed, the officials said.
The classified report outlines an operation that encompasses all 17 U.S. intelligence agencies, including those of the armed services, and involves human intelligence, spy satellites, electronic eavesdropping, and cyber and social media monitoring. more
Wednesday, August 3, 2016
Snapping Up Cheap Spy Tools, Nations ‘Monitoring Everyone’
Governments known to stifle dissent with
imprisonment and beatings or otherwise abuse their power are buying cheap, off-the-shelf surveillance software that can monitor the phone conversations and track the movements of thousands of their citizens, an Associated Press investigation has found.
Such so-called “lawful intercept” software has been available for years to Western police and spy agencies and is now easily obtained by governments that routinely violate basic rights — outside a short blacklist that includes Syria and North Korea. For less than the price of a military helicopter, a country with little technical know-how can buy powerful surveillance gear. more
imprisonment and beatings or otherwise abuse their power are buying cheap, off-the-shelf surveillance software that can monitor the phone conversations and track the movements of thousands of their citizens, an Associated Press investigation has found.
Such so-called “lawful intercept” software has been available for years to Western police and spy agencies and is now easily obtained by governments that routinely violate basic rights — outside a short blacklist that includes Syria and North Korea. For less than the price of a military helicopter, a country with little technical know-how can buy powerful surveillance gear. more
Spy Bugs Wrong Phones
An Australian spy earned the nickname 'fat fingers' after he incorrectly bugged multiple phones by entering the wrong numbers.
Inspector-General of Intelligence and Security revealed the anecdote during an address at the Australian Policy Institute on Tuesday night, reported Fairfax Media.
She told the story of the time she asked a senior ASIO officer how wrong numbers had been used in multiple telephone intercepts.
'I said: 'How can this happen? There's a whole series of them here.' And the answer was: 'It's fat fingers.'
more
Inspector-General of Intelligence and Security revealed the anecdote during an address at the Australian Policy Institute on Tuesday night, reported Fairfax Media.
She told the story of the time she asked a senior ASIO officer how wrong numbers had been used in multiple telephone intercepts.
'I said: 'How can this happen? There's a whole series of them here.' And the answer was: 'It's fat fingers.'
more
The Spy Who Turned... female
When the Chevalier d’Eon left France in 1762,
it was as a diplomat, a spy in the French king’s service, a Dragoon captain, and a man. When he returned in July 1777, at the age of 49, it was as a celebrity, a writer, an intellectual, and a woman—according to a declaration by the government of France.
What happened? And why?
The answer to those questions is complex, obscured by layers of bad biography, speculation and rumor, and shifting gender and psychological politics in the years since, as well as d’Eon’s own attempts to re-frame his story in a way that would make sense to his contemporary society. more
it was as a diplomat, a spy in the French king’s service, a Dragoon captain, and a man. When he returned in July 1777, at the age of 49, it was as a celebrity, a writer, an intellectual, and a woman—according to a declaration by the government of France.
What happened? And why?
The answer to those questions is complex, obscured by layers of bad biography, speculation and rumor, and shifting gender and psychological politics in the years since, as well as d’Eon’s own attempts to re-frame his story in a way that would make sense to his contemporary society. more
Pokemon Go No Go, or What a Great Spy Pretext
The Canadian Armed Forces are warning Pokemon Go players — both in and out of uniform — not to search for Pokemon on military property.
A spokesperson said military police have reported "Pokemon Go occurrences" at three bases — CFB Borden and 22 Wing North Bay in Ontario, and 14 Wing Greenwood in Nova Scotia — within the first week of the game's release.
"In the interests of public safety, Pokemon Go players must refrain from attempting to access defence establishments without authorization for the purpose of searching for Pokemon,"...
"A Pokemon Go player found on a defence installation who is not authorized to be there could face sanctions including a warning, a citation and fine, or arrest and prosecution." more
A spokesperson said military police have reported "Pokemon Go occurrences" at three bases — CFB Borden and 22 Wing North Bay in Ontario, and 14 Wing Greenwood in Nova Scotia — within the first week of the game's release.
"In the interests of public safety, Pokemon Go players must refrain from attempting to access defence establishments without authorization for the purpose of searching for Pokemon,"...
"A Pokemon Go player found on a defence installation who is not authorized to be there could face sanctions including a warning, a citation and fine, or arrest and prosecution." more
Monday, August 1, 2016
Who Might Have Copies of Everyone's "Deleted" Emails?
The National Security Agency (NSA) has “all” of Hillary Clinton’s deleted emails and the FBI could gain access to them if they so desired, William Binney, a former highly placed NSA official, declared in a radio interview broadcast on Sunday.
Speaking as an analyst, Binney raised the possibility that the hack of the Democratic National Committee’s server was done not by Russia but by a disgruntled U.S. intelligence worker concerned about Clinton’s compromise of national security secrets via her personal email use.
Binney was an architect of the NSA’s surveillance program. He became a famed whistleblower when he resigned on October 31, 2001, after spending more than 30 years with the agency. more
Speaking as an analyst, Binney raised the possibility that the hack of the Democratic National Committee’s server was done not by Russia but by a disgruntled U.S. intelligence worker concerned about Clinton’s compromise of national security secrets via her personal email use.
Binney was an architect of the NSA’s surveillance program. He became a famed whistleblower when he resigned on October 31, 2001, after spending more than 30 years with the agency. more
Friday, July 29, 2016
Remotely Turning Office Equipment into Bugging Devices
You think about securing your laptop, but what about your desk phone, monitor, or printer?
Ang Cui, who heads up Red Balloon Security in New York City, has a particularly innovative way of hacking these devices. Using a piece of malware called “funtenna,” he’s able to make devices transmit data over radio (RF) signals, and then pick them up with an antenna. He’s basically using software to turn this equipment into bugging devices. more
(If video space is blank, click here.)
This is one reason why businesses conduct regularly scheduled bug sweeps (TSCM) of their offices and conference rooms. If you are not plugging these information leaks yet, call me. I'll help you put a protection strategy in place. ~Kevin
Ang Cui, who heads up Red Balloon Security in New York City, has a particularly innovative way of hacking these devices. Using a piece of malware called “funtenna,” he’s able to make devices transmit data over radio (RF) signals, and then pick them up with an antenna. He’s basically using software to turn this equipment into bugging devices. more
(If video space is blank, click here.)
This is one reason why businesses conduct regularly scheduled bug sweeps (TSCM) of their offices and conference rooms. If you are not plugging these information leaks yet, call me. I'll help you put a protection strategy in place. ~Kevin
Your Weekend Spy Flick—Bourne... again
‘Jason Bourne’: A welcome return for Matt Damon’s spirited spy.
What with all their international adventures through the years, it seems like only a matter of time before Jason Bourne and Ethan Hunt cross paths, whether it be in a crowded town square in Greece or a winding boulevard in Paris — or maybe while the two of them happen to be involved in crazy high-speed chases at the same time.
Hey man. What are YOU doing here?
Just as Tom Cruise continues to carry the “Mission: Impossible” action franchise in his 50s, the 45-year-old Matt Damon still kicks butt in serious fashion in his fourth appearance (and first since 2007) as Jason Bourne in the film of the same name. more trailer movie times
What with all their international adventures through the years, it seems like only a matter of time before Jason Bourne and Ethan Hunt cross paths, whether it be in a crowded town square in Greece or a winding boulevard in Paris — or maybe while the two of them happen to be involved in crazy high-speed chases at the same time.
Hey man. What are YOU doing here?
Just as Tom Cruise continues to carry the “Mission: Impossible” action franchise in his 50s, the 45-year-old Matt Damon still kicks butt in serious fashion in his fourth appearance (and first since 2007) as Jason Bourne in the film of the same name. more trailer movie times
The Cartoon You Won't See in Your Paper Today
"Today's strip that did not run in papers.
Seems harmless to me, but I guess these are sensitive times."
Stephan Pastis
@stephanpastis
Syndicated Cartoonist, Creator of Pearls Before Swine Comic Strip,
Author of Timmy Failure book series
Seems harmless to me, but I guess these are sensitive times."
Stephan Pastis
@stephanpastis
Syndicated Cartoonist, Creator of Pearls Before Swine Comic Strip,
Author of Timmy Failure book series
Click to enlarge. |
Thursday, July 28, 2016
Stormy Weather, or Subterranean Homesick Blues at the National Weather Service
If it’s on Facebook, can it be secret?
Members of the National Weather Service Employees Organization (NWSEO) thought they had a secret Facebook page that was available only to them.
But not only did National Weather Service (NWS) management officials know about the page, they accessed it and made scornful comments about the postings, according to the union.
That amounts to “illegal surveillance” of union activities, according to the labor organization’s complaint filed Wednesday with the Federal Labor Relations Authority.
In the past six months, Weather Service officials “engaged in the surveillance of internal union communications about and discussions of protected activities” on the labor organization’s “ ‘secret’ (that is, ‘members only’) Facebook page,” according to the complaint. more sing-a-long
Members of the National Weather Service Employees Organization (NWSEO) thought they had a secret Facebook page that was available only to them.
But not only did National Weather Service (NWS) management officials know about the page, they accessed it and made scornful comments about the postings, according to the union.
That amounts to “illegal surveillance” of union activities, according to the labor organization’s complaint filed Wednesday with the Federal Labor Relations Authority.
In the past six months, Weather Service officials “engaged in the surveillance of internal union communications about and discussions of protected activities” on the labor organization’s “ ‘secret’ (that is, ‘members only’) Facebook page,” according to the complaint. more sing-a-long
Wednesday, July 27, 2016
Brand-Name Wireless Keyboards Open to Silent Eavesdropping
Wireless keyboards from popular hardware vendors are wide open to silent interception at long distances, researchers have found, without users being aware that attackers can see everything they type.
Bastille Research said the keyboards transmit keystrokes across unencrypted radio signals in the 2.4 GHz band, unlike high-end and Bluetooth protocol keyboards, which transmit data in an encrypted format, making it more difficult for attackers to intercept the scrambled keystrokes.
It means attackers armed with cheap eavesdropping devices can silently intercept what users type at distances of 50 to 100 metres away.
Such interception could reveal users' passwords, credit card numbers, security question replies and other personally sensitive information, Bastille said. Users would have no indication that the traffic between the keyboard and the host computer was intercepted.
Furthermore, attackers could inject keystrokes of their own into the signals, and type directly onto users' computers. Again, the attack would be unnoticeable to users in most cases.
Bastille tested eight keyboards from well-known vendors... more
Longtime Security Scrapbook readers may remember my warnings about this beginning in 2007...
https://spybusters.blogspot.com/2007/12/wireless-keyboard-interception.html
https://spybusters.blogspot.com/2007/12/program-discovers-at-risk-wireless.html
https://spybusters.blogspot.com/2009/01/old-news-still-scary-bugged-keyboards.html
Bastille Research said the keyboards transmit keystrokes across unencrypted radio signals in the 2.4 GHz band, unlike high-end and Bluetooth protocol keyboards, which transmit data in an encrypted format, making it more difficult for attackers to intercept the scrambled keystrokes.
It means attackers armed with cheap eavesdropping devices can silently intercept what users type at distances of 50 to 100 metres away.
Such interception could reveal users' passwords, credit card numbers, security question replies and other personally sensitive information, Bastille said. Users would have no indication that the traffic between the keyboard and the host computer was intercepted.
Furthermore, attackers could inject keystrokes of their own into the signals, and type directly onto users' computers. Again, the attack would be unnoticeable to users in most cases.
Bastille tested eight keyboards from well-known vendors... more
Longtime Security Scrapbook readers may remember my warnings about this beginning in 2007...
https://spybusters.blogspot.com/2007/12/wireless-keyboard-interception.html
https://spybusters.blogspot.com/2007/12/program-discovers-at-risk-wireless.html
https://spybusters.blogspot.com/2009/01/old-news-still-scary-bugged-keyboards.html
The DNC Hack — Worse than Watergate
A foreign government has hacked a political party’s computers—and possibly an election. It has stolen documents and timed their release to explode with maximum damage. It is a strike against our civic infrastructure. And though nobody died—and there was no economic toll exacted—the Russians were aiming for a tender spot, a central node of our democracy...
What’s galling about the WikiLeaks dump is the way in which the organization has blurred the distinction between leaks and hacks. Leaks are an important tool of journalism and accountability. When an insider uncovers malfeasance, he brings information to the public in order to stop the wrongdoing. That’s not what happened here.
The better analogy for these hacks is Watergate. To help win an election, the Russians broke into the virtual headquarters of the Democratic Party. The hackers installed the cyber-version of the bugging equipment that Nixon’s goons used—sitting on the DNC computers for a year, eavesdropping on everything, collecting as many scraps as possible.
This is trespassing, it’s thievery, it’s a breathtaking transgression of privacy. more
What’s galling about the WikiLeaks dump is the way in which the organization has blurred the distinction between leaks and hacks. Leaks are an important tool of journalism and accountability. When an insider uncovers malfeasance, he brings information to the public in order to stop the wrongdoing. That’s not what happened here.
The better analogy for these hacks is Watergate. To help win an election, the Russians broke into the virtual headquarters of the Democratic Party. The hackers installed the cyber-version of the bugging equipment that Nixon’s goons used—sitting on the DNC computers for a year, eavesdropping on everything, collecting as many scraps as possible.
This is trespassing, it’s thievery, it’s a breathtaking transgression of privacy. more
Tuesday, July 26, 2016
Judge Flicks Off Uber and its Phony Private Eye
A strange side-show battle over snooping charges came to an end Monday when a judge in federal court ruled that Uber Technologies and its CEO Travis Kalanick could not use background information it dug up on a passenger who brought a price-fixing suit against Kalanick.
Judge Jed Rakoff said Ergo, the Manhattan-based firm Uber hired to conduct the investigation into the plaintiff and his lawyer, "engaged in fraudulent and arguably criminal conduct." Ergo was not licensed to conduct private investigations in New York state and its operative interviewed subjects under phony pretexts. He may also have violated state laws by taping the interviews without subjects' consent.
"It is a sad day," Rakoff began the 31-page opinion, "when, in response to the filing of a commercial lawsuit, a corporate defendant feels compelled to hire unlicensed private investigators to conduct secret personal background investigations of both the plaintiff and his counsel."
Uber declined to comment. more
Courtesy of Thinkgeek |
"It is a sad day," Rakoff began the 31-page opinion, "when, in response to the filing of a commercial lawsuit, a corporate defendant feels compelled to hire unlicensed private investigators to conduct secret personal background investigations of both the plaintiff and his counsel."
Uber declined to comment. more
Saturday, July 23, 2016
Tristan Payton: Highly touted wide receiver — and criminal hunter?
That seemed to be the case this week after the Central Florida wide receiver chased down a man accused of filming teenaged girls in a bathroom on campus, CBS Sports reported.
The girls were attending a cheerleading camp Wednesday at UCF's basketball facilities on campus when they saw a phone recording them inside a bathroom stall.
They told their coach and staff members, saw the man with the phone and chased him, with UCF police soon joining the pursuit.
The man, identified as 21-year-old Jonathan J. Hui, evaded police and the staff but was soon caught by Payton, who saw the commotion and joined the chase.
Payton quickly snagged Hui's phone before he could delete any information on it. more
The girls were attending a cheerleading camp Wednesday at UCF's basketball facilities on campus when they saw a phone recording them inside a bathroom stall.
They told their coach and staff members, saw the man with the phone and chased him, with UCF police soon joining the pursuit.
The man, identified as 21-year-old Jonathan J. Hui, evaded police and the staff but was soon caught by Payton, who saw the commotion and joined the chase.
Payton quickly snagged Hui's phone before he could delete any information on it. more
Professor Accused of Spying on Students Found Dead
An NYIT professor accused of spying on students in the bathroom has been found dead days after his arrest.
Law enforcement sources tell News 12 the body of Professor Jackie Conrad was found in his Harlem home last night.
The 39-year-old had been arrested last week after police say a camera was found hidden inside a handicapped stall at the school’s health care center in Old Westbury. more
An autopsy will determine his cause of death, but police suspect he killed himself, according to sources.
Conrad, a professor at New York Institute of Technology, planted a camera disguised as a pen in a handicapped-accessible bathroom at the school’s Old Westbury campus in Nassau County on July 13, according to a criminal complaint. more
Law enforcement sources tell News 12 the body of Professor Jackie Conrad was found in his Harlem home last night.
The 39-year-old had been arrested last week after police say a camera was found hidden inside a handicapped stall at the school’s health care center in Old Westbury. more
An autopsy will determine his cause of death, but police suspect he killed himself, according to sources.
Conrad, a professor at New York Institute of Technology, planted a camera disguised as a pen in a handicapped-accessible bathroom at the school’s Old Westbury campus in Nassau County on July 13, according to a criminal complaint. more
The Complete Guide to Facebook Privacy
The Techlicious folks have the tips on how to keep your privacy on Facebook...
Privacy concerns and privacy controls on Facebook are ever changing. When you post a picture of your kids at a family gathering, which one of your Facebook friends can share it? What private information are those Facebook game apps collecting on you for "third-party uses"? How do you make sure that live video stream is seen only by people you choose? Every action you take on Facebook has privacy and sharing implications that need to be considered before you upload that next selfie.
Fortunately, thanks to vocal demands for transparency from both Facebook users and government regulators around the world, Facebook has been making the process of managing your privacy easier. Below is our step-by-step guide to taking full control of your Facebook privacy settings... more
Privacy concerns and privacy controls on Facebook are ever changing. When you post a picture of your kids at a family gathering, which one of your Facebook friends can share it? What private information are those Facebook game apps collecting on you for "third-party uses"? How do you make sure that live video stream is seen only by people you choose? Every action you take on Facebook has privacy and sharing implications that need to be considered before you upload that next selfie.
Fortunately, thanks to vocal demands for transparency from both Facebook users and government regulators around the world, Facebook has been making the process of managing your privacy easier. Below is our step-by-step guide to taking full control of your Facebook privacy settings... more
Subscribe to:
Posts (Atom)