Friday, November 4, 2016

Bugging Devices Found at Iran Nuclear Talks Hotel, Say Swiss Officials

A number of computers at a five-star Geneva hotel that has hosted sensitive talks, including Iranian nuclear negotiations, were found to be infected with malware used for espionage, Swiss prosecutors have revealed...

The long-running nuclear talks were a magnet for the world’s intelligence agencies as they sought to find out more about the Iranian nuclear programme and the negotiating positions of the six nations involved.

When the talks shifted to a luxury hotel in Vienna, the microwave radiation from the surveillance efforts of competing intelligence agencies was so intense that diplomats had to walk some distance from the venue to use their mobile phones.

The US secretary of state, John Kerry, would take walks with his Iranian counterpart, Mohammad Javad Zarif, in what was seen as a publicity stunt, but which was also a practical means of dodging electronic bugs.

When diplomats attending talks in Lausanne wanted to call their capitals, they would stroll around the grounds of the venue, another five-star hotel, rather than call from their rooms. more

Happy 64th Birthday NSA

The National Security Agency celebrates its 64th birthday today.

The agency was established on Nov. 4, 1952, by President Harry Truman in the wake of World War II.

More information about NSA and its history is available online at nsa.gov.

Thursday, November 3, 2016

IoT - Hackers Get A Bright Idea

The so-called Internet of Things, its proponents argue, offers many benefits...

Now here’s the bad news: Putting a bunch of wirelessly connected devices in one area could prove irresistible to hackers. And it could allow them to spread malicious code through the air, like a flu virus on an airplane.

Researchers report in a paper to be made public on Thursday that they have uncovered a flaw in a wireless technology that is often included in smart home devices like lights, switches, locks, thermostats...

The researchers focused on the Philips Hue smart light bulb and found that the wireless flaw could allow hackers to take control of the light bulbs...

That may not sound like a big deal. But imagine thousands or even hundreds of thousands of internet-connected devices in close proximity. Malware created by hackers could be spread like a pathogen among the devices by compromising just one of them. more

UPDATE
This Virus Automatically Kills Smart Light Bulbs
A group of researchers says they found a way to have a self-replicating worm spread through internet-connected lightbulbs, turning them them off, bricking them, or make them all turn on and off multiple times to disrupt the electric grid. “A single infected lamp with a modified firmware which is plugged-in anywhere in the city can start an explosive chain reaction in which each lamp will infect and replace the firmware in all its neighbors within a range of up to a few hundred meters,” the researchers wrote in the paper. more

Tuesday, November 1, 2016

Business Espionage Trick #763 - The CD VD

A cautionary tale...

Telephone pitch
A senior prosecution source in Tel Aviv told the BBC that Ruth Haephrati was the expert at implanting the trojan into the unknowing victims office computer system.

He said she would contact a senior executive proposing a bogus business deal.

She would start with a telephone pitch, before offering to send more detailed information on a CD.

She stressed that the offer was so commercially sensitive that only the executive should open it.

Once the CD was installed, the trojan was let loose, but the company and the executive were none the wiser.

The Haephratis were jailed earlier this year.

But the techniques the Haephratis used are being adapted by others. more

Friday, October 28, 2016

A Spy's House with a 007 Connection—For Sale

NY - This Long Island estate at 189 Terrace Lane in Upper Brookville
was once owned by English novelist Ian Fleming’s dear friend Ivar Felix C. Bryce — a real-life British spy and, in Fleming’s James Bond books, 007’s best friend, Felix.

The 6,800-square-foot, five-bedroom brick mansion was built in 1917 as a carriage house for the 90-acre Mill River Farm estate. Fully restored, it’s now on the market for $2.99 million. The Bryces bought the estate in 1936 and renamed it Farlands Estate. more

AT&T Requires Police to Hide Hemisphere Phone Spying

AT&T built a powerful phone surveillance tool for police, called Hemisphere. Every day, AT&T adds four billion call records to Hemisphere, making it one of the largest known reservoirs of communications metadata that the government uses to spy on us. Law enforcement officials kept Hemisphere “under the radar” for many years—hidden from courts, legislators, and the general public—until the New York Times exposed the program in 2013...

New documents published by The Daily Beast earlier this week reveal that AT&T required this corrosive secrecy. Specifically, the contract AT&T prepared for police seeking access to Hemisphere provides:
[T]he Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence. The Government Agency shall make every effort to insure that information provided by the Contractor is non-attributable to AT&T if the data is provided to a third-party.
In other words, the first rule of Hemisphere is: you do not talk about Hemisphere. more

Former Rutgers Student Pleads Guilty in Webcam Spying Case

NJ - A former Rutgers University student accused of spying on his gay roommate, who later committed suicide, pleaded guilty Thursday to a reduced charge, ending a long-running case that drew international attention to cyberbullying.

The former student, Dharun Ravi, now 24 years old, streamed video of his roommate, Tyler Clementi, and another man during a sexual encounter in their dorm room in September 2010. Mr. Ravi pleaded guilty in New Jersey’s Superior Court to one felony count of attempted invasion of privacy, the Middlesex County Prosecutor’s Office said. more

"Mr. Bond, you're fired."

Here’s some news that could leave James Bond feeling shaken and stirred: The head of Britain’s top spy agency doesn’t want to hire him.

Alex Younger, the real-life head of M16, the British intelligence agency where the fictional super spy works, tells the British website Black History Month that Bond doesn’t have the qualities he wants for his spies.

“In contrast to James Bond, MI6 officers are not for taking moral shortcuts,” Younger told the website. “In fact, a strong ethical core is one of the first qualities we look for in our staff.”

Although Bond has managed to get through scrapes that would kill many real spies, Younger thinks he’d be weeded out early.

“It’s safe to say that James Bond wouldn’t get through our recruitment process and, whilst we share his qualities of patriotism, energy and tenacity, an intelligence officer in the real MI6 has a high degree of emotional intelligence, values teamwork and always has respect for the law… unlike Mr Bond!” more

Agent Kingfisher Dead - Just Coincidence? - You Decide

Serial protester and spy enthusiast...
who called himself 'Agent Kingfisher' and disrupted a royal James Bond premiere suffers ‘unexplained’ death days after he was caught urinating in the MI5 foyer. more

Iceland's Pirate Party Prepares for Power

The party that could be on the cusp of winning Iceland’s national elections on Saturday didn’t exist four years ago.

Its members are a collection of anarchists, hackers, libertarians and web geeks. It sets policy through online polls – and thinks the government should do the same. It wants to make Iceland “a Switzerland of bits,” free of digital snooping. 

It has offered Edward Snowden a new place to call home. And then there’s the name: in this land of Vikings, the Pirate Party may soon be king...

The Pirates, they say, are less about any specific ideology than they are about a belief that the West’s creaking political systems can be hacked to give citizens a greater say in their democracy. more

Thursday, October 27, 2016

IoT Takes Down the Net — "Wow, didn't see that coming."

If you followed this blog you would have. The topic has been in the Scrapbook for years.

https://s-media-cache-ak0.pinimg.com/originals/1d/63/5d/1d635d655d79ea7ac9f38beeccf7ec73.gifThe IoT insecurity trend has been building for a long time. Few paid attention. When it knocked out the Internet people start taking notice.

Let's review a few of the old posts. Then, imagine a month without the electrical grid.

2009 Video over IP. Convenient, but not secure.
2011 Security Director Alert: Unsecured Webcams Hacked
2011 Man Hacks 100+ Webcams and Makes Blackmail Videos
2011 Scared of SCADA? You will be now...
2012 SpyCam Story #647 - Unintended Exhibitionists
2013 Shodan - The Scary Search Engine
2013 Baby Cam Hackers Can See You, Hear You, and Talk to You... and Your Kids
2013 The Ratters - men who spy on women through their webcams
2013 Spybusters Tip #972 - Own a Foscam camera? There is a security update for you!
2015 Is Your Home Security System Putting You at Risk? ...news at eleven.
2015 Some Top Baby Monitors Lack Basic Security Features
2016 FutureWatch - Keep Your Eye on IoT - The Encryption Debate is a Distraction
2016 Do You Have an IoT in the Workplace Policy? (you need one)
2016 Security Alert: Your Security Camera May Have Friends You Don't Know About
2016 Your New IoT Ding-Dong Can Open Your Wi-Fi... to hackers
2016 Security Director Alert - 46,000 Internet-accessible Video Recorders Hackable
2016 Mom Alerted - Daughters' Bedroom Nanny Cam Streaming on Internet
2016 Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks 

Lawmakers, force the manufacturers of these devices to a higher security standard. ~Kevin

Tuesday, October 25, 2016

O.S.S. Heros Honored ...except by Congress

In February 1945, a small group of personnel assigned to the Office of Strategic Services, the wartime spy agency, scrambled to prepare for a particularly risky mission: inserting a team of agents deep behind Nazi lines with the goal of gleaning crucial enemy information.

For a host of reasons, the proposed operation seemed like a suicide mission. The area targeted for dropping the three-man team into Nazi territory was high in the Austrian Alps, surrounded by towering peaks and flanked by antiaircraft weaponry. Even if the drop went as planned, some of the spies tapped to infiltrate enemy ranks were European-born Jews, increasing the dangers they faced.

After the Royal Air Force refused the dangerous mission, code-named Operation GREENUP, John Billings, then a lieutenant in the U.S. Army Air Corps, was given the job.

Billings and other veterans who made possible some of World War II’s most daring spy missions were among those honored this weekend by the OSS Society
, a group that includes former OSS members and members of the U.S. intelligence, military and Special Operations communities.

In addition to Billings, Gaetano Rossi and Caesar Daraio, two then-sergeants who were part of operational groups made up of Italian American volunteers, were honored with OSS Society awards for their work advancing the Allied cause during World War II. Also honored at this year’s “spy ball” was David Cohen, who served as director of operations at the CIA and as a senior intelligence official with the New York City Police Department, and retired Gen. Norton A. Schwartz, former Air Force chief of staff.


After retiring from the military as a captain, Billings became a commercial pilot. At age 93, he still pilots a Cessna Cutlass. Most of the time he flies “angel flights,” transporting people in need of medical attention.

The OSS Society is advocating passage of a proposed measure that would honor the wartime spies, which so far has not gained required congressional support.
The proposal, which would award living OSS veterans the Medal of Honor, has stalled in the House.*  more

*You can help get this bill passed. It's easy. Click here, see top right corner.

The OSS Society is a 501(c)(3) charitable organization. All donations are tax deductible to the fullest extent of the law. Membership in The OSS Society is available to OSS veterans, their descendants, current and former members of the U.S. intelligence community and U.S. Special Operations Forces, and people who are interested in General Donovan's "unusual experiment" - the Office of Strategic Services.

The OSS Society®
7700 Leesburg Pike, Ste. 324
Falls Church, VA 22043
Phone: 703-356-6667
Email:

Indianapolis Colts App Accused of Eavesdropping

The Indianapolis Colts, mobile developer YinzCam and audio technology company LISNR were named in a class action lawsuit filed Oct. 14 in Pennsylvania
App asking for access.
alleging that features of the team’s official app allowed them to listen in to private conversations without consent.

Plaintiff Alan Rackemann, a citizen of Indiana pursuing punitive and statutory damages, lists San Francisco-based law firm Edelson PC as a member of his legal counsel in the case. The Golden State Warriors’ official team app was the focus of a similar lawsuit filed in August that saw Edelson PC also represent the plaintiff in that case, LaTisha Satchell.

“It’s a lot of things that are fishy,” LISNR CEO and founder Rodney Williams said in response to the allegations. “It’s a little bit of lawyers being opportunistic, and it’s a lot of false allegations and just bad information.” more

Monday, October 24, 2016

Interception of LTE Cell Phone Calls, or LTE = Let's Telephone Eavesdrop

Ruxcon Hacker Wanqiao Zhang of Chinese hacking house Qihoo 360 has blown holes in 4G LTE networks by detailing how to intercept and make calls, send text messages and even force phones offline.

The still-live attacks were demonstrated at the Ruxcon hacking confab in Melbourne this weekend, with the demo offering a recording of the hack perpetrated in part on a live network. It exploits fall-back mechanisms designed to ensure continuity of phone services in the event of overloads.

The tested Frequency Division Duplexing LTE network is more popular than TDD-LTE and operates in Britain, the US, and Australia. The competing Time Division Duplexing (TDD) LTE network is more common in Asian countries and in regions where population densities are higher.

Zhang conducted further tests after The Register inquired whether the attacks would work against TDD-LTE and found all LTE networks and devices are affected.

"I asked my colleagues to test TDD-LTE yesterday and it works well, so it really can work against all LTE devices," Zhang says.

"This attack exists [and] it's still reasonable."

...Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity.

“You can create a denial of service attack against cellphones by forcing phones into fake networks with no services,” Zhang told the conference.

You can make malicious calls and SMS and … eavesdrop on all voice and data traffic.more

Sunday, October 23, 2016

Spy Camera News: Seven Cameras Found in One Airbnb

NV - A man is facing criminal charges after eight people were recorded secretly by hidden cameras in his Airbnb vacation rental home in Las Vegas.

Clark County District Court records show that Christopher Gregory Rogers was indicted last week on five counts of capturing an image of the private area of another person, a gross misdemeanor...

According to a declaration prepared by a Las Vegas police detective, a man and his employees needed a place to stay during the annual Consumer Electronics Show and found Rogers’ listing on Airbnb...

On Jan. 4 the renters met with a host, whom police believe is Rogers’ employee. They noticed security cameras in the common areas of the home and were told the private rooms had no cameras, according to the police report.

Five days later, the renters noticed the smoke detector in the master bathroom had a small camera hidden in it. The renters found other hidden cameras in the private areas of the home and notified Las Vegas police.

A total of six hidden spy cameras were found in the bedrooms and a bathroom. The cameras were being fed to a server room, which contained a digital video recording device, according to the report.

An Additional iHome radio contained a small camera that recorded to a flash drive. Some cameras were pointed at the beds, some at a sitting area in the master bedroom and one at the master shower, the report said. more

Learn how to protect yourself from spycams. Visit http://spycamdetection.training

Man Admits Spying on UEA Students in Toilets and Shower

UK - Luke Mallaband, 22, was once in a relationship with one of the women he recorded showering, although she had not consented to being filmed.

Norwich Magistrates Court heard the filming of students at the UEA, and other locations, had been “going on for a number of years”.

Josephine Jones, prosecuting, said a woman using a gender neutral toilet in the UEA library noticed a “white plastic bag on the floor which appeared to have a hole in one corner”.

She had noticed the bag a few days before and opened it to discover a box which also had a hole in it.

“Inside the box she found an iPhone 6 which was recording.”

In total 38 videos had been recorded on an iPhone at various locations, including toilets at the UEA, a bathroom and also at Mary Chapman Court student accommodation at UEA. more

Student Fined for Spying on Women via their Webcams

Student from Munich fined €1,000 for spying on 32 different computers, using their webcams to take photographs, or record their keyboard history. more

Former Director of Enchanted Forest Denies Spying on Women

The former director of the Enchanted Forest lightshow and Pitlochry Festival Theatre has been accused of secretly spying on women and filming them for more than three years. more

Yet Another Spycam Story This Week

UK - Jack Eldred hid a secret camera at his unsuspecting victim's house and filmed her drying herself off with a towel.

Eldred later sent the victim some of the shots on Facebook and threatened to forward them to her boyfriend.

"There is no dispute he made the recordings - they were not only found on his phone, but in one of the videos he can be seen setting up the hidden camera" she said.

In the clip, he was wearing a hoodie as he smiled directly at the camera and gave a thumbs up sign with both hands. more

Friday, October 21, 2016

What Do You Call the New Vinyard in Spy Valley? ..."The Must Sea"?

NZ - A Marlborough wine company with an espionage theme is calling on members of the public to help name their new vineyard.

Crowd sourcing names can be a risky business, as the National Environment Research Council in the United Kingdom found out earlier this year...

Although they derived their name from the presence of the communications orbs in the Waihopai Valley, McCone said Spy Valley Wines did not hold any contracts to supply spooks with wine.

"They do occasionally come in their unmarked vans to buy some wine on a Friday afternoon though," he said. more

Sheriff Arrested - Bugged Ex-girlfriend

TX - The sheriff of Palo Pinto County has turned himself in on felony charges 

of spying on his ex-girlfriend.

Ira Mercer is accused of using an electronic device to intercept his former girlfriend's communications. The indictment lists two incidents, one on Jan. 24, 2015 and again on Dec. 10, 2015...

He is not seeking re-election and his term ends at the end of the year. more

Shades of...
Former Lake Co. deputy accused of illegally recording ex-girlfriend

DIY NSA ...at home, in your spare time!

Harold Thomas Martin is alleged to have spent more than 20 years collecting data from multiple government agencies, federal prosecutors said.

My conception photo of his home office.
Court documents say 50 terabytes of data had been seized but it is not clear how much of this was classified...

Mr Martin was employed with Booz Allen Hamilton, the same consulting firm that employed Edward Snowden, who gave documents to journalists exposing NSA surveillance practices...

If the case succeeds, it raises serious questions about NSA security, says Alan Woodward, a computer security expert from Surrey University.

"The only extraordinary thing about this story is the volume of data stolen," he said.

"If someone was taking the data out of the NSA over a very long period of time, regardless of motive, it does raise a few questions about how they were able to do that: if someone is removing data habitually you'd expect that to be spotted." more

ESCAPE THE NET: A 5-step guide to going MIA online

How do I erase myself from the internet? With growing concerns over online privacy and government surveillance, what was once a seemingly unthinkable question is now becoming more common...

The answer, as you may have guessed, is not so simple. As the saying goes, the internet is forever, and smart, dedicated stalkers will always be able to track you down. But if you're committed — and patient — you can come awfully close to removing your digital footprint. Here's how to do it.

Step 1: Delete your social, shopping and entertainment accounts.

Step 2: Search for yourself and cut any remaining ties.

Step 3: Remove outdated search results.

Step 4: Clear your information from data collection sites.

Step 5: Contact your phone company, unsubscribe from mailing lists and delete your email accounts.
(details on each step here)

Congratulations, you no longer exist online. Right? Well, actually ... you probably still do. It's incredibly hard to fully delete your presence on the internet, but by following these steps, you've come as close as you possibly can.

Wednesday, October 12, 2016

Business Espionage Alert: Spying is the New Hacking

Increasingly cybercriminals are using spying techniques better associated with intelligence agencies 
 
to identify relevant information about you and your life and turn that around to attack you.

"There are no hackers, they're all gone -- there are only spies," says Eric O'Neill, national security strategist for Carbon Black and a former FBI counter-intelligence operative.

"The new hackers are using traditional espionage techniques and they're blending it with advanced cyber penetrations in order to steal information," he says, adding "just ask the DNC". more

As predicted back in 2013. Help is available. ~Kevin

Smart Watches Banned from Government Meetings

Apple Watch reportedly banned from UK government meetings due to Russian spying fears.

Virtually all connected devices are susceptible to hacking, which is why the UK government banned smartphones from cabinet meetings over fears that they could be used by foreign agents to eavesdrop on sessions. Now, the ban has been extended to cover Apple Watches and similar wearables.

The Telegraph reports that the UK government's biggest concern is that Russian spies could potentially hijack any smart device to discover national secrets. “The Russians are trying to hack everything,” said one source.

There haven't yet been any reported incidents of cybercriminals, Russian or otherwise, using smartwatches to listen in on sensitive government meetings, but the idea isn’t just a case of being overly paranoid. more

Beans from Boston Accused of Spying

CT - A borough couple is suing their neighbors in federal court, alleging they have used the windows and porches of their newly enlarged home to “launch a full scale threatening attack” on their neighbors by continuously spying on them.

Dave and Reba Williams also allege that their Water Street neighbors, Randall and Elizabeth Bean and their two adult sons, Christopher and Matthew, may also be disseminating their recordings and photographs electronically and in other ways.

They allege the two Bean sons have undertaken the surveillance in an “deliberate, calculated effort to harass them.''...

The Williamses, who are in their 80s and residents of Greenwich, have a summer home at 24 Water St. that is appraised by the town at $1.7 million. They bought the home in 2007.

The Beans, who live in Boston, have a summer home at 28 Water St. that they bought in 2014 and is appraised by the town at $1.4 million. Both homes are on Stonington Harbor. more

Yahoo Email'ers Fed-Up with Hacking and Spying Find Forwarding Door Locked

After back-to-back revelations that hackers had compromised a staggering 500 million Yahoo Mail accounts and that the company had complied with a US government request to open incoming emails for surveillance, 

some users are having a hard time switching to any of Yahoo's competitors.

While it remains unclear how many users intend to leave over the privacy concerns and bad publicity, several told the Associated Press that their ability to do so has been hampered since the beginning of the month, when Yahoo disabled its automated email-forwarding option.

Those who had already set up their forwarding are unaffected, but those who wish to begin forwarding messages now are unable. more

Monday, October 10, 2016

How to Delete Your Private Conversations from Google

Google could have a record of everything you have said around it for years, and you can listen to it yourself.

The company quietly records many of the conversations that people have around its products. 

The feature works as a way of letting people search with their voice, and storing those recordings presumably lets Google improve its language recognition tools as well as the results that it gives to people.

But it also comes with an easy way of listening to and deleting all of the information that it collects. That’s done through a special page that brings together the information that Google has on you.

It’s found by heading to Google’s history page and looking at the long list of recordings. The company has a specific audio page and another for activity on the web, which will show you everywhere Google has a record of you being on the internet. more

Friday, October 7, 2016

Bugged Samovar Leads to Arrest of Russian Officials

Russia's security service arrested three senior officials after recording conversations using a bug hidden in a samovar they had given as a gift of thanks for anti-corruption efforts, it's emerged.

According to the influential Kommersant newspaper, the Federal Security Service (FSB) planted the bug as part of an investigation into senior officials of the Russian Investigations Committee (SKR) who were said to be taking bribes. The samovar - engraved with the letters "FSB" and the organisation's logo - been presented to the head of the Investigations Committee's Internal Security Directorate, Mikhail Maksimenko, and was left sitting in his office, Moscow daily Izvestiya reports.

The three were arrested in July, but details of the bugging operation have only just been revealed as their case comes to court. more

But wait! 
There's more!
This isn't the first time a Russian samovar has been accused of being a bug. 
Check this out.  ~Kevin

Wednesday, October 5, 2016

Business Espionage: Houston Fortune 500 Energy Company Invaded Twice

The Federal Bureau of Investigation says it is looking into the theft of intellectual property from a Fortune 500 company in Houston’s energy corridor.

The company has asked to not be identified for security reasons, but the FBI wants to know why the man took several items from the business during its off-hours last year.

The man was caught on camera during the theft and during another burglary attempt at the same company.



According to the FBI, at approximately 3 a.m. on June 25 the burglar gained unauthorized access into the building through a defective door. After spending a couple of hours inside, the man exited with property belonging to the company and its employees.

On Dec. 30, the same man attempted to enter the same Fortune 500 Company. This time, the man was unable to get into the secure area of the building. He stole a security radio from a desk in the lobby on his way out. more

As IT security becomes better, intrusion, theft and the planting of bugging devices will increase. Conduct periodic technical surveillance countermeasures (TSCM) to reduce opportunities and risk. Read the Facilities Management article,  How to Handle Counterespionage to learn how. ~Kevin

Friday, September 30, 2016

Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks

Attackers used an army of hijacked security cameras and video recorders to launch several massive internet attacks last week, prompting fresh concern about the vulnerability of millions of “smart” devices​in homes and businesses connected to the internet.
The assaults raised eyebrows among security experts both for their size and for the machines that made them happen. The attackers used as many as one million Chinese-made security cameras, digital video recorders and other infected devices to generate webpage requests and data that knocked their targets offline, security experts said. It is unclear whether the attackers had access to video feeds from the devices.

Click to enlarge.
more

"The Cone of Silence" ...as invented at MIT

Once heralded as an ingenious design strategy for saving money and fostering collaboration, the open-plan office has fallen from grace. 
It's increasingly viewed by employees as a stressful, noisy nuisance, but with real estate prices soaring, it's not an easy trend for many companies to reverse. That's why some of the best solutions have been small-scale interventions that reconfigure existing open-plan spaces to fit employees' needs in the moment.
But ask Skylar Tibbits to design a reconfigurable space for your open office and you're going to get a whole different animal. That's what happened after Drew Wenzel, a civil and environmental engineer who is part of the campus development team at Google, met Tibbits and started collaborating with him earlier this year...

The original Cone of Silence.
The lab's latest project brings its wild material experimentation to the everyday office: a wooden pod that lowers down from the ceiling and expands into a temporary work space. Born out of a conversation Tibbits had with Wenzel and others at Google, the transformable workspace offers a real-world application of the lab's future-focused work. more
Could also be used to secure open-area desks and cubicles from after-hours snoops. ~Kevin

Tuesday, September 27, 2016

How The Great Seal Bug Became Your Electronic Toll Tag

The story of the electronic tollbooth begins at the turn of the century, in St. Petersburg, Russia. That's where Leon Theremin was born.

Yes, that Theremin — the creator of the musical instrument you play without even touching.

"Just as World War I was starting, and then the Russian Revolution, he found himself in the middle of that and was pulled into the new Soviet inner circle and told he was now a Soviet scientist," says Albert Glinksy, who wrote the biography Theremin: Ether Music and Espionage.

Playing with electromagnetic fields while working on a gas detection meter, Theremin discovered a trick: Using the radio frequency between two antennas, he'd wave one hand for volume and the other for pitch...

Theremin was sent to New York City, where he performed and continued to invent. But he also had another mission.

"He was carrying out espionage, so he had this sort of double life in New York," Glinsky says.

In 1938, Theremin returns to Russia.

But the political winds had changed, and he was sent to a Siberian labor camp, then transferred to a prison for scientists.

It was there that Theremin took spying to a new level when he was ordered to build a bugging device to spy on the U.S. ambassador in Moscow.

"The brilliance of this device was it had no batteries, it needed no electrical external source," Glinsky says. "And it was perfectly inert until it was activated, when they wanted to externally, by microwave beams from a companion device that was a few buildings down."


The bug was the size of a quarter and placed in the office of the U.S. ambassador in Moscow. It was hidden in a seal of the United States, where it stayed for seven years before being accidentally discovered.  (Not true. It was found during a TSCM search.)

Theremin may have created the first RFID-like device. But it took a Brooklyn inventor to connect another technology — friend or foe radar — with modern computing that gets us to electronic toll collection. more

Industrial Espionage: An update on what it includes.

Industrial espionage comes in many forms; the most commonly seen is the surveillance type methods, usually seen in the secret spy books and television programs. However, the truth is far from the glamour of the fictitious man who find out about the wrong, puts it right and gets the girl. In the real world this problem is a very real thing and one of the worst types of industrial espionage is the selling of trade secrets.
But this is only one cell of a much bigger definition, in recent years the definition of what is seen as industrial espionage has increased to cover such areas as; attempts to sabotage a corporation, in some cases, malware and spyware has even entered the arena of corporate espionage. And as earlier mentioned there are the more obvious kinds of industrial espionage such as theft of trade secrets, bribery, blackmail, and technological surveillance. more

Keep all this in mind when you suspect business espionage. The attack vectors are many; about half people, half technological. Solving the problem requires a holistic strategy, and working with specialists who have holistic mindsets. ~Kevin

Two answers to, "How can corporate espionage firms exist when hacking people is illegal?"

Answer #1. You have to prove the espionage firm did something illegal. This is sometimes much harder than it might seem.

I was once interviewed by an IT manager of a major telecoms company. They had security like nothing I had ever seen - it was like the introduction of the old spy comedy Get Smart - layer after layer of heavy doors, big muscle doormen, ID checks, cameras…

 

I asked why they had all the security. The IT manager said “our main rival is hiring investigators to learn anything about us, any way they can”. Of course, his firm was doing the same to the rival firm - so they were in no position to complain about illegal tactics.

And of course, if the other firm had snuck someone in, someone who planted say a radio network bug, to give the spy direct access to the firm’s internal network - how could anyone prove who they were, and why they were there? I’m sure that “copping a trespass charge” was part of the deal for spies who entered the premises illegally.

Answer #2. Simple : Spying is not limited to hackingmore

Monday, September 26, 2016

Chinese Spy Museum - Now Open to All

The Yuhuatai Memorial Park of Revolutionary Martyrs is hallowed ground for the Chinese Communist Party...

...the most recent addition to the site has garnered less interest than the memorial, or the souvenir stalls nearby — but serves as a tangible testament to China’s perennial preoccupation: espionage.

Billed as the country's only such institution, the Brutalist, barrel-shaped Jiangsu National Security Education Exhibition Hall — a.k.a. the Spy Museum — opened in 2009, closed for more than a year and reopened in mid-April after a face-lift. The reopening came on China’s inaugural national security education day.

The newly renovated exhibition hall has emerged as a showcase of curated propaganda about the myriad threats posed by foreign spies. Gone is a warning sign in four languages that once barred all foreign visitors. more

Surveillance Camera Installer 'Scopes It Out'

NJ—A 38-year-old Franklin Township business owner... Thomas Canales was arrested at his South Lawrence Avenue home in the Somerset section of Franklin Township...
 
He owns a security based company "Scope It Out" in Somerset, according to authorities, who also charged him in connection with his work installing a surveillance system at a private residence.

The charge of "computer theft" came after he installed a surveillance system in a customer's home, and then monitored the residence from his computer and mobile phone. more

Business Espionage: Tram Boss Quits due to Buses Spying

Scotland - The former boss of Edinburgh Trams quit his job in anger over the “outrageous” spying carried out against his colleagues by rival transport firm Lothian Buses. 

According to his leaked resignation letter, Tom Norris left his £80,000 a year post last year over the bus company’s covert monitoring of staff.

He also wrote it was “extraordinary” the individual behind the snooping had not been fired and hit out at the “gross mishandling” of the scandal.

Edinburgh Trams and Lothian Buses are separate companies, but they share IT, media relations and human resources and are ultimately owned by the city council. more

Sunday, September 25, 2016

Alert Security Guard Nails Corporate Espionage Spy

South Korea - A senior official at Samsung Electronics Co. was arrested for trying to steal a core chip-making technology...


The international crime investigation unit at Gyeonggi Police Agency on Thursday arrested an unnamed executive vice president at Samsung Electronics of the semiconductor division on suspicion of committing industrial espionage.

A security guard at the company reportedly found confidential documents in his car during a routine security check.

The company immediately searched his house and called the police upon discovering thousands of classified documents he kept at his house. more

Bird, James Bird - Suspected of Fowl Play

The Indian police on Saturday detained another pigeon that flew into a village near the heavily militarised border with Pakistan on a suspicion of 'spy'. 

The state intelligence and army officers were inspecting the pigeon that might have flown across border from Pakistan and landed in Punjab's Hoshiarpur district with some words in Urdu inscribed on its wings.

The bird was handed over to police by a local Naresh Kumar who spotted some 'suspicious text' on the wings which were actually names of the week days. The pigeon was X-rayed to verify if something was hidden inside but no clues were discovered having any links with Pakistan.

It is pertinent to mention here that in 2015, Indian authorities had captured a pigeon which was claimed to be a 'spy' pigeon from Pakistan. In 2013, Indian security forces found a dead falcon fitted with a small camera, and in 2010 another pigeon was detained over espionage fears. more

When the porn hits your eye like a big pizza pie, that's a-problem.

WA - Ferino’s Pizzeria owner Adam Burns says he may not reactivate the interactive part of his Facebook page ever again after it was hacked and photos of female employees using a restroom were posted online.

Burns said he first thought that someone was prank-calling the Port Hadlock business, but then he looked on the business’s Facebook account and “it was blowing up with disgusting comments.”

The videos showed females, in various levels of undress, using the restroom...

Brett Anglin, Jefferson County Sheriff's Office detective, confirmed that the sheriff's office received a call from Adams about a video recording device having apparently been used inside an employee restroom...

Deputies came and checked the restaurant for hidden cameras. Burns did not reopen the restaurant that day.

“They found nothing,” he said. “Whatever was in here is gone now. Never in a million years did I feel like this would happen here. It's like it's not real,” he said. more 

WA - Redmond Police arrested a 25-year-old lifeguard for allegedly taping a cell phone to a wall in the female locker room of Redmond’s Hartman Pool.

Redmond Police said the man was suspended from his job and prohibited from returning to the property as detectives continue their investigation. A female coach discovered the phone and immediately called 911. more

IN - The man accused of recording topless women in his Granger Tiki Tan tanning salon pleaded guilty to four felony charges; three counts of voyeurism and one count of obstruction of justice. Albert Reasonover was arrested in April when an alleged victim discovered she was being filmed during a spray tan. more

Wednesday, September 21, 2016

Talk to Real Secret Agents on New 'Call a Spy' Hotline

If you ever wanted to chat to a spy, now's your chance – a group of German artists have set up the "Call a Spy" hotline.

Ariel Fischer from the art group "Peng!" told Sputnik Deutschland that they can set up the hotline anywhere with a stable internet connection. It looks like an ordinary telephone, but is connected to the "Call a Spy" server.

The server contains a database of spy's numbers, and randomly selects one to connect the caller with. Calls are routed through a private network that masks the original source of the call.


Fischer said that despite the secrecy of intelligence work, the majority of the numbers were freely available on the internet, and come from a range of different countries.  more

USB Warning: Treat Unsolicited USB Sticks Like Junk Mail

Police in the Australian State of Victoria have warned citizens not to trust un-marked USB sticks that appear in their letterboxes.

The warning, issued today, says “The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices.”... 

(...and who could forget the attempt at industrial espionage that saw USB sticks left in the parking lot of Dutch chemical giant DSM?) more

Photons FUBAR Eavesdropping

In a first, scientists have successfully teleported a photon – particle of light – over a distance of six kilometres, an advance that may enable secure communication without having to worry about eavesdropping.

Researchers at the University of Calgary in Canada, led by professor Wolfgang Tittel, set a new record for distance of transferring a quantum state by teleportation, using fibre optics cable infrastructure.

“Such a network will enable secure communication without having to worry about eavesdropping, and allow distant quantum computers to connect,” said Tittel.

The experiment is based on the entanglement property of quantum mechanics, also known as “spooky action at a distance” – a property so mysterious that not even German physicist Albert Einstein could come to terms with it. more

Spying & Espionage Infographic

Click to enlarge.

more

Tuesday, September 20, 2016

One Spy Outs Another at City Council Meeting

CA - A former Scientologist confronted a City Council candidate at a California meeting, where she revealed they both had been sent as spies by the group to harass one of the church’s critics.


Paulien Lombard, who has since left the church, addressed a City Council meeting in Garden Grove, describing how she and candidate Clay Bock had been sent by Scientology’s spy wing, the Office of Special Affairs, to intimidate a man who’d been protesting outside the group’s “Int Base,”... 
 
Bock was actually in attendance when Lombard outed him as a Scientology spy, and the stunned City Council candidate nervously addressed the meeting afterward.

“I had no idea Paulien would be here or that this would be an issue,” Bock said. more

Spycam News: Video Voyeur Builds Spy Camera into Toy Jukeboxes—Gives them to Kids

FL - Deputies with the Lake County Sheriff's Office seized various equipment after Robert Anthony O'Hare's arrest last year. Through the seizure, they learned O'Hare had placed hidden cameras in two miniature jukeboxes that were later delivered to children.

"They didn't go through the post office, it looks as they he hand-delivered them," said John Herrell, with the Lake County Sheriff's Office.

The hidden cameras were used to film the children unbeknownst to them, according to deputies.

"As long as they (the jukeboxes) were plugged into the wall, those cameras were activated," Herrell said. "He could use a remote control and remotely control what the camera was viewing."

O'Hare is accused of producing hundreds of videos using a telescopic lens and camera found in his closet during a search of his home in October 2015, deputies said.

Hundreds of downloaded pornographic videos involving adults were also found on his devices, according to authorities. O’Hare is also accused of downloading child porn at a coffee shop. more

Revision to Federal Criminal Procedure Rule May Lead to Widespread Electronic Surveillance

US - Effective December 1, 2016, Rule 41 of the Federal Rules of Criminal Procedure will be amended to expand the reach of the authority of federal judges when they are issuing search warrants. Senator Ron Wyden of Oregon contends that the upcoming changes present a major threat to civil liberties associated with content stored on or accessible through electronic devices.

As modified, Rule 41 will permit federal judges to authorize expanded remote searches of electronic devices including computers and smartphones. Senator Wyden contends that the revised rule will enable federal judges to issue search warrants to permit remote searches of virtually any device, and the material accessible through that device, no matter where the device is located.

Wyden claims that this broad authority would enable a single federal judge to facilitate remote searches of millions of devices and all the materials accessible through those devices. He has proposed legislation which would block this rule modification. His legislative proposal has, however, not yet been enacted, thus the proposed rule changes currently remain on track for the December 1 effective date. more

Monday, September 19, 2016

Spy Chip Implants - Common Complaint - Best handled with an X-ray

United Kingdom-based NRI (A Non-Resident Indian is a citizen of India who holds an Indian passport and has temporarily emigrated to another country for six months or more...) who claims ‘spying chips’ were installed in his body would be examined at Jalandhar’s Army hospital after the Ministry of Home Affairs forwarded his plea requesting their removal to the Punjab government.

Harinder Pal Singh, who returned from the UK three years ago, claimed British police had installed chips in his body for spying...

Narrating his bizarre-sounding story... “I went to UK in 1987 at the age of 15 with my grandmom. One day, I was sleeping in my room and some plainclothes policemen made me unconscious and got instruments installed in my body.”

“In 1996, my nearly four-year-old daughter died in an accident, which was changed into murder. I was convicted for it and sentenced to 15 years. After completing my jail term on February 13, 2013, I was deported,’’ he claimed. more

Saturday, September 17, 2016

Federal Court to Unseal Secret Electronic Surveillance Records... maybe

US - In a major victory for journalists and privacy and transparency advocates, a federal court has started the process of unsealing secret records related to the government's use of electronic surveillance.

US District Court Judge Beryl Howell said at a hearing Friday morning that absent an objection by government attorneys (the maybe), the court would post to its website next week a list of all case numbers from 2012 in which federal prosecutors in Washington, DC applied for an order to install a pen register or a trap and trace device.

A pen register is an electronic apparatus that tracks phone numbers called from a specific telephone line (though the 2001 USA PATRIOT Act expanded the definition of pen register to allow for collection of email headers as well). A trap and trace device is similar, but tracks the phone numbers of incoming calls. For decades, court records relating to these documents have typically been sealed in their entirety, including even the docket numbers. more

Thursday, September 15, 2016

Security Director Alert: USB Sabotage Kills Devices in Split-Second - Only $49.95

For just a few bucks, you can pick up a USB stick that destroys almost anything that it's plugged into. Laptops, PCs, televisions, photo booths -- you name it.

Once a proof-of-concept, the pocket-sized USB stick now fits in any security tester's repertoire of tools and hacks, says the Hong Kong-based company that developed it.

It works like this: when the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in the matter of seconds.

On unprotected equipment, the device's makers say it will "instantly and permanently disable unprotected hardware"...

The lesson here is simple enough. If a device has an exposed USB port -- such as a copy machine or even an airline entertainment system -- it can be used and abused, not just by a hacker or malicious actor, but also electrical attacks.

"Any public facing USB port should be considered an attack vector," says the company. "In data security, these ports are often locked down to prevent exfiltration of data, or infiltration of malware, but are very often unprotected against electrical attack."

Not every device is vulnerable to a USB Kill attack. The device maker said that Apple "voluntarily" protected its hardware. more


From USBKill.com...
USBKill.com strongly condems malicious use of its products.
The USB Killer is developed and sold as a testing device. Use of the device can permanently damage hardware. Customers agree to the terms and conditions of sale, and acknowledge the consequences of use.

In a nutshell, users are responsible for their acts.
A hammer used maliciously can permanently damage to a third party's device. The USB Killer, used maliciously, can permanently damage a third party's device.

As with any tool, it is the individual, not the manufacturer of the tool, responsible for how the individual uses the tool.

The USB Killer was used on our equipment
Please see above. We suggest pursuing the individual responsible, or reporting the act to the appropriate authorities.

This is only one spy trick. 
We know hundreds more.  
Call us for a TSCM / Information Security Survey.

Wednesday, September 14, 2016

New Chip Could Bring Highest Level of Encryption to Any Mobile Device

Random number generators are crucial to the encryption that protects our privacy and security...
For the first time, engineers have developed a fast random number generator based on a quantum mechanical process that could deliver the world’s most secure encryption keys in a package tiny enough to use in a mobile device.

In The Optical Society's journal for high impact research, Optica, the researchers report on their fully integrated device for random number generation. The new work represents a key advancement... delivering the highest quality numbers and thus the highest level of security — into computers, tablets and mobile phones.

“We’ve managed to put quantum-based technology that has been used in high profile science experiments into a package that might allow it to be used commercially,” said the paper’s first author, Carlos Abellan, a doctoral student at ICFO-The Institute of Photonic Sciences, a member of the Barcelona Institute of Science and Technology, Spain. “This is likely just one example of quantum technologies that will soon be available for use in real commercial products. It is a big step forward as far as integration is concerned.” more

Hey Kids - Learn How to Operate a Stingray IMSI-Catcher!

Using mass surveillance software without a warrant is almost as easy as installing Skype, according to leaked footage and instruction manuals for Harris Corp. stingray devices.

The footage, obtained by the Intercept, shows Harris Corp.'s Gemini software being used on a personal computer demonstrating how accessible the program is with a noticeable lack of any registration keys, proof of ownership, or safety measures to ensure the software was only used for authorized purposes.

The manuals include instructions for several Harris surveillance boxes, including the Hailstorm, ArrowHead, AmberJack, KingFish and other products in the RayFish Product Family.

Some features mentioned in the manuals are the ability to impersonate four cellular communication towers at once, monitor up to four cellular provider networks at once, and the ability to knock a targets devices down to an inferior network, such as from LTE to 2G.

The manual also details how to set up a target or “subscriber” and how to set up bulk surveillance, according to a Gemini device “Quick Start Guide” that was leaked on DocumentCloud. more

Business Espionage: At these rates, employees may start selling your passwords.

Hackers are claiming to have accounts at major United States government agencies for sale, including NASA, the Navy, and the Department of Veteran Affairs.

The unverified cache found by Infoarmor chief intelligence officer Andrew Komarov includes 33,000 records tied to the US Government, plus research and educational organizations and universities.

Agencies on the list include the US General Services Administration, National Parks Service, and the Federal Aviation Administration. One government data listing visited by The Register promised alleged access to six unnamed accounts for subdomains of the US Navy including 3.5 bitcoins (US$2132).

They are also selling alleged access to five accounts across subdomains for NASA's Jet Propulsion Lab for three bitcoins (US$1827).

Another three logins to servers of the US Centres of Disease Control and Prevention over FTP and SFTP were being flogged for half a Bitcoin (US$300). more