Monday, December 19, 2016

Reality Spyware Documentary - Find My Phone

What happens to a smartphone after it's stolen? That was the question that a film student in Amsterdam had in mind when he produced a short documentary about a smartphone thief and their stolen goods. On the surface, it might not sound like the most avant-garde idea out there. But here's what made it interesting: the student procured material for his documentary by spying on the thief using a bugged smartphone.

The student, a certain Anthony van der Meer, intentionally had a phone of his stolen – one that he loaded with software called "Cerberus."

As The Next Web reported, the software gave him access to the device location, its features, and its contents – all of which he could retrieve when he wanted. The software also allowed him to make use of the phone's camera and microphone so he could spy on the thief.


For 2 weeks, that's exactly what der Meer did. He spied on the thief, tracking his moves, which resulted in the documentary posted above called Find My Phone – almost the namesake of the Apple app "Find My iPhone" used to find one's phone or disable it after being stolen. more

Excellent work, Anthony! ~Kevin

Vintage "Spy" Ads

  

Spying Feeds the Monkeys ...in real life

Do Not Feed The Monkeys: Voyeuristic Spying Game Launches In 2017

from the press release...
“We all have a natural tendency to wonder about other people’s lives. Sometimes the best stories are kept secret … all in the name of privacy. It begs the question: Why miss out on life’s best experiences because they’re not your own? We’re trying our hand at an answer with Do Not Feed the Monkeys. Hope you enjoy the ride!” more

There's a New Law in Town - Wiretapper Bounty Hunter

The Seventh Circuit revived wiretap claims against a woman who used an email-autoforwarding program to show that the husband she was divorcing had cheated on her.

In a concurring opinion, U.S. Circuit Judge Richard Posner questioned the usefulness of allowing litigants to use the wiretapping law as a means of concealing misconduct.

“I don’t understand why law should promote dishonesty and deception by protecting an undeserved, a rightly tarnished, reputation,” Posner wrote.

Posner also found it relevant that adultery is illegal in Illinois, where the Epsteins are divorcing.

We might compare Mrs. Epstein to a bounty hunter — a private person who promotes a governmental interest,” he wrote. “She has uncovered criminal conduct hurtful to herself, and deserves compensation, such as a more generous settlement in her divorce proceeding.” more

Security Scrapbook Tip # 519 - Avast Ye Porch Pirates

Shipping companies like FedEx and UPS expect to deliver a record number of packages this holiday season...
Law enforcement officials are concerned that a record number of thieves could be following the trucks and attempting to steal the packages from porches before customers get home...

Hoping to stop "porch pirates" from taking packages, Seattle entrepreneur Michael Grabham invented a Frisbee-sized device called The Package Guard.
When delivery drivers place parcels on top of the $69 device, customers receive an alert via text message, email, or through an app. If a thief tries to remove the packages from the pressure-sensitive pad, a piercing alarm sounds.

The device can also be set up to send electronic alerts to neighbors if a theft is underway, according to the company’s website. more

Thursday, December 8, 2016

TSCM Team Finds "Plug Bug" Eavesdropping Device

Japan - An eavesdropping device was found in a waiting room for conservative members of the Mito Municipal Assembly, local city government officials and other sources told the Mainichi Shimbun on Dec. 7.

Example of a "Plug Bug"
Ibaraki Prefectural Police seized the device and are investigating the case which they suspect could constitute trespassing into the building and violation of the Radio Act.

According to Mito Government officials, it was tipped off about the bug on Dec. 6.

Specialized workers hired by the local government began searching for the device from the evening of Dec. 7 and found it in a waiting room for three assembly members from "Suiseikai" -- a conservative parliamentary group -- on the first floor of the temporary two-story prefabricated assembly building. The bug plugs into an electric outlet. more

The example shown operates like a cell phone, but looks (and also operates) as a USB charger. It is powered 24/7, and may be called from a cell phone anywhere in the world. BTW, it can  also automatically call the eavesdropper when it detects sound. Available on eBay for $14.79. 

Don't you think its time to have your offices and conference rooms checked? ~Kevin

Business Espionage: ThyssenKrupp AG Technical Trade Secrets Stolen

Germany - Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday.

"ThyssenKrupp has become the target of a massive cyber attack," the industrial conglomerate said in a statement.

In breaches discovered by the company's internal security team in April and traced back to February, hackers stole project data from ThyssenKrupp's plant engineering division and from other areas yet to be determined, the company said. more

Most "cyber" attacks are made possible by internal security vulnerabilities. Regular information security audits conducted by independent consultants greatly reduce this risk. ~Kevin

Chatty Kathy's Grandkids May be Criminals

Internet-connected toys pose privacy risks to children, and their parents often aren’t aware, according to advocacy groups for children and consumers.

A complaint filed Tuesday with the Federal Trade Commission alleges that two talking dolls—My Friend Cayla and I-Que Intelligent Robot, both made by Genesis Toys Inc.—collect and use personal information from children in violation of rules prohibiting unfair and deceptive practices.

The complaint was drafted by several groups, including the Campaign for a Commercial Free Childhood, a coalition of groups dedicated to ending child-targeted marketing, and Consumers Union. The groups also filed complaints with data protection, consumer protection and product safety regulators for the European Union, France, the Netherlands, Belgium, Ireland and Norway. more grandma

Monday, December 5, 2016

Pharmacy Bandits Nailed by GPS Cough Syrup

CA - The suspects had no idea that the bottle of cough syrup perched on a shelf at a Tustin pharmacy contained something more than cough relief. 

It wasn’t until the nondescript package was removed from the small Newport Avenue business by burglars that its secret ingredients went to work.

Concealed inside the bottle of cough syrup was a GPS device that began tracking the medicine thieves’ every move, according to police investigators...

Tustin police spokesman Lt. Robert Wright said investigators decided to drop the small piece of technology into a bottle of cough syrup after a half-dozen pharmacy burglaries this year. more

Friday, December 2, 2016

14 Year Old Kid Violates Wiretap Law ...again

PA - Police say a western Pennsylvania teen who recorded his principal making threatening comments toward him has a history of secretly recording school officials.

Chief Allen Park tells The Pittsburgh Tribune-Review that Churchill police charged the 14-year-old Woodland Hills High School student with violating Pennsylvania's wiretap law earlier this year.

Park says the boy recorded a September meeting called to settle a dispute with another student without permission and then posted the audio on Facebook.

The teen now finds himself at the center of the controversy surrounding Principal Kevin Murray, who was placed on leave Wednesday after the boy produced a recording where Murray can be heard saying he would punch him in the face. more
 sing-a-long

Pennsylvania is a 2-party consent sate, meaning all parties to a recorded conversation must agree to the recording. 

And no, the principal is not me. I live in New Jersey... where the last words recorded might be, "Take him for a ride." ~Kevin

UPDATE - One of our sharp readers from Pennsylvania points out that the kid may not have broken the law after all. An exemption was amended to the state law in 2012...

§ 5704. Exceptions to prohibition of interception and disclosure of communications.

(17) Any victim, witness or private detective licensed under the act of August 21, 1953 (P.L.1273, No.361), known as The Private Detective Act of 1953, to intercept the contents of any wire, electronic or oral communication, if that person is under a reasonable suspicion that the intercepted party is committing, about to commit or has committed a crime of violence and there is reason to believe that evidence of the crime of violence may be obtained from the interception.

DHS Whimps Out on IoT Protections

On November 15, the US Department of Homeland Security (DHS)

issued guidance to help stakeholders account for security in the development, manufacturing, implementation, and use of IoT devices.

The set of nonbinding principles and suggested best practices for IoT device security includes the following... more

Come on, DHS. Talk to Congress about regulations. ~Kevin

Spycam News: Security Check Nabs 'Moonlighting' Spy

TX - An employee of the National Security Agency in San Antonio is facing prison time for taking his agency's spying mission a little too far...

James Johannes pleaded guilty in Federal Court in San Antonio on Thursday to sneaking around outside the homes of his neighbors, and using his smart phone to take videos of little girls who were undressing, peeking through their windows and open doors.

Johannes was nabbed in a rather unconventional way. He was attending a meeting at Fort Sam Houston, and as he left, military police asked to check his cell phone. It is standard procedure to check the cell phones of people in secure areas to make sure there is no classified material on them.

The guards found videos of an underage girl getting undressed and stepping into the shower.

Other similar images were found on Johannes' cell phone, and one of the girls recognized him...because he was a youth leader at their church. more

UK Politicians Exempt Themselves from Extreme Spying Laws

UK - Politicians have exempted themselves from Britain's new wide-ranging spying laws.

The Investigatory Powers Act, which has just passed into law, brings some of the most extreme and invasive surveillance powers ever given to spies in a democratic state. But protections against those spying powers have been given to MPs. more

Thursday, December 1, 2016

The Martini Olive Bug, or who was Hal Lipset?

He was a private investigator in San Francisco, and chief investigator for Sam Dash on the Senate Watergate Committee...

Francis Ford Coppola considered the implications of the professional eavesdropper when he made The Conversation... It should come as no surprise that Hal Lipset was hired as technical consultant for the picture.

Lipset spoke in Congress using the famous "bug in the martini olive" and other secret surveillance devices that he and his staff pioneered...

In 1964, Time Magazine wrote, "Hal Lipset, a seasoned San Francisco private eye, maintains a laboratory behind a false warehouse from where his eavesdropping ‘genius,' Ralph Bertsche, works out new gimmicks such as a high-powered bug that fits into a pack of filter-tip cigarettes..."

His first chance to go public on the national scene occurred the previous year when he was invited to testify before the Senate Constitutional Rights Subcommittee... "First I thought I’d dazzle them with an array of miniature devices they had never seen before; then I would surprise them by playing back my own testimony from a recorder I had hidden before the hearing."

The great idea worked too well. Lipset’s appearance was seen as a clever but ominous sign of   snooping running amok.
... the next time he was invited to Washington to speak before a Senate subcommittee - this one in 1965 to hear testimony specifically on eavesdropping - he renewed his efforts...

"We came up with the "bug in the martini olive" idea, it didn’t seem all that unusual. The martini glass was simply another example of how ingenious these devices could be."

The glass held a facsimile of an olive, which could hold a tiny transmitter, the pimento inside the olive, in which we could embed the microphone, and a toothpick, which could house a copper wire as an antenna. No gin was used - that could cause a short.

It was the bug in the martini olive that made Lipset "the real star of the day," as UPI reported. Hardly an ominous indication of private snoopers taking over the world, this little olive with its toothpick antenna became a "playful" and charming toy.
                                  ---
This is the very condensed version of his story. The full story is here,  as excerpted from his biography, "The Bug in the Martini Olive," by Patricia Holt, Little Brown, 1991 ~Kevin

Wednesday, November 30, 2016

Angry Birdmen of Malta v Scientists in Eavesdropping Spat

Malta - The FKNK Federation for Hunting and Conservation – Malta, said on Friday said that BirdLife Malta was...

“possibly desperately resorting to illegal and corrupt methods to abolish the traditional socio-cultural practice of live-finch capturing from the Maltese islands,” claiming that BirdLife had been using electronic devices to eavesdrop on private mobile phone conversations.

Possibly, a false GSM base station known as ‘IMSI catcher’ or similar was used to intercept the trappers’ mobile traffic in the immediate area,” the hunting federation said.

But MaltaToday has learnt that the would-be “eavesdropping equipment” are actually antennae set up for 15 to 20 minutes in different locations to establish accurate GPS positioning data as part of a research study on coastal land-sliding being carried out by an Italian team of experts on behalf of the University of Malta and with the full cooperation of local authorities. more

Telephone Eavesdropper Learns The Beatles Were Right

UK - A multi-millionaire property developer strangled a burlesque dancer after bugging her home
and learning that she was planning to “fleece him”, a court heard yesterday.

Peter Morgan, 54, had been paying Georgina Symonds, a 25-year-old single mother, up to £10,000 a month to stop seeing other men after meeting her while she was working as an escort.

He decided to murder her after listening in to a telephone conversation in which she told a male friend that she was planning to leave Mr Morgan, a jury was told. more sing-a-long

Personal Security: Your Internet Vanishing Act May Begin Here

Just FYI...
I have not tested this. Use at your own risk.

Remember... If it's "free" you're not the consumer, you're the product.
~Kevin
 
via Dan Misener, for CBC New
With all the fake news, toxic speech, and online scams out there, you might be feeling like now is a good time to scale back your online footprint. 

There's a new tool that promises to help you do just that — by essentially deleting yourself from the internet.

It's called Deseat.me, and it does one thing and one thing only — it displays a list of all the online services you've ever signed up for.

So if you had a MySpace account in the early 2000s, it'll probably show up in Deseat. If you created an avatar in Second Life, it's likely to show up as well. And of course, so will things like your Facebook or Twitter accounts...

To use Deseat.me, you first log in using a Google account. Then, once it knows your email address, it can find any accounts that have been linked in any way to that Google account.

Now, it will ask for some things which may sound creepy — it will not only ask to view your email address, but also to view your email messages and settings. Based on my experience, Deseat.me scans through your email archives to find sign-up confirmation messages from various services. more

Tuesday, November 29, 2016

Business Espionage: The Darknet - Where Industrial Trade Secrets are Sold

Ludwig Sandell, Dignato AS general manager, expressed his concern over how the darknet is a place where sensitive industrial trade secrets can be exchanged without repercussions.

To be more precise, he feels there are multiple local companies affected by espionage, which could significantly hurt their business if these details fall into the wrong hands...

...industrial trade secrets of a Norwegian wind power project run by Statoil are up for grabs on the darknet as we speak. The data itself was found on a memory stick – which was either lost or stolen – and includes vital measurement information. For the company itself, having that information leak to the public could spell the end of their business rather quickly. more

Are your company secrets for sale on the darknet?
Hire a service to find out. ~Kevin

Japanese Singer Calls Police to Report Spycam... gets arrested.

Fallen Japanese pop star Aska has been arrested on drugs charges after calling police to tell them he was being spied on at home by a hidden camera, police and reports said Tuesday.

The singer -- one half of folk rockers Chage and Aska -- was slurring on the call when he insisted he was being watched, Jiji Press and other media said.

Police who visited his Tokyo home on Monday arrested the 58-year-old on suspicion of using stimulants and MDMA, a force spokesman told AFP. more

Brooklyn Prosecutor Allegedly Wiretapped Cop Love Interest's Cell Phone

NY - A Brooklyn assistant district attorney was arrested this week for allegedly wiretapping two cell phones so she could hear conversations between a cop love interest and another woman.

According to a criminal complaint, Tara Lenich, 41, forged judges' signatures to authorize the wiretapping of the aforementioned unidentified cop's cell phone, as well as a phone belonging to an unidentified woman. Lenich, who was in charge of the Violent Criminal Enterprises Bureau at the DA's office, may have been romantically attached to the cop, and tabloid reports speculate the wiretapped woman was his new love interest.

The complaint says Lenich forged warrants related to the wiretapping at least 20 times, using different judges' names, between August 20, 2015 and November 25, 2016. Lenich allegedly called the wiretapping a "secret outside investigation" when discussing it with colleagues. more

Monday, November 28, 2016

Spybuster Tip #715: How to Prevent Hacker Wi-Fi Attacks

If your Wi-Fi name (SSID) is on this list, you're at risk. 
If you ever used a Wi-Fi whose name (SSID) is on this list, you're at risk.

The list consists of approximately the 5000 most common SSIDs.

If a hacker uses this list to broadcast SSIDs, your laptop or phone may automatically connect to them. At that point, they see everything you do; user names, passwords, etc.

In a nutshell, program your device so that it does not automatically connect to a Wi-Fi SSID to which it has previously connected. Purge your previous connections list just to be sure.

Basic Spy Tradecraft: "Beware of pretty faces that you find..."

A German spy's romantic time in Latvia has ended up in a Munich court. The love-struck agent has lost his job, and a court case. 

A German spy fell in love with a Latvian woman in Riga and lost his job for violating policy. He has lost a legal battle against the BND intelligence agency.

The unnamed spy dated a Latvian woman while station chief in Riga, despite being instructed against having romantic relations with locals. Instead of informing the BND, he asked Latvia's intelligence agency to run a background check on his girlfriend, who came up clean.

Only after the Latvian woman had moved in with him did the station chief inform his superiors. That landed him in hot water, leading the BND to recall the spy and find him unfit for duty.

The man then sought compensation from the BND for lost earnings and other losses to the tune of 400,000 euros ($421,920). more sing-a-long

Spycam News: Multi-Millionaire Landlord Pleads Guilty to Secretly Filming his Tenants

Australia - A multi-millionaire Sydney landlord will face sentencing next month after pleading guilty to charges relating to secretly filming his tenants without consent to obtain sexual arousal.

Masaaki Imaeda, 66, installed hidden cameras into his rental properties so he could spy on tenants having sex or undressing...

After finding a warning about Imaeda and his spy cameras on a Japanese website, a husband and wife who rented a bedroom from him found a camera in their bedroom light fitting.

The young couple called police, who found multiple other hidden cameras inside the house...

He faces up to two years in prison. more

UK - A Starbucks customer in London was left “shocked and disgusted”* after finding a hidden camera above a toilet in a branch of the coffee shop. 

Ricci Arcari, 33, was at the Starbucks in Vauxhall when he spotted the device hidden in an air vent directly above the unisex toilet.

He told The Independent: “I go in [to the store] regularly. I ordered my drink and while I was waiting I popped in to use the toilet.

“I was standing using the toilet when I noticed a little glint Iike the way glass reflects.

“I stood on top of the toilet seat to get a better look and realised it was a webcam or some other kind of recording device.”

Mr Arcari, who used to work for Starbucks himself, said he ran out of the toilet, asked to speak to the store manager and showed him the camera.

The manager seemed “pretty shocked” and reportedly said “Oh God, that’s not good".

The device was immediately taken down and placed in a bag to be passed to police. more

 * May also be applied to the dirty air vent grill.
Protect yourself.

Business Espionage Today: Sling TV Launches Cloud DVR Hours Before DirecTV

Sling TV users will soon be able to record some TV shows and store them online for later viewing.

The feature, which will initially be available as an invite-only beta to users of Dish's online streaming video service, is being announced on the same day that a major rival is appearing on the scene. Details of AT&T's DirecTV Now will be unveiled at a press event in New York later today. more

Just coincidence? You decide. 
How secret is your marketing strategy? 
When was the last time you checked? ~Kevin

3 Ways Corporate Spies Might Be Watching Your Business and How to Stop Them

Business is a game of constant competition, but the widespread emergence of covert surveillance and tracking tools has expanded the playbook. Now, industrial espionage has a new dimension.

In the corporate world, the practice is nothing new. In fact, it's been a marketing tactic for decades... But the digital age has given corporate spying a new face. And with the modern proliferation of web-based spying options, corporate surveillance is more sophisticated and covert than ever.

Today, corporate spies for hire carry titles like "Competitive Intelligence Analyst" and "Competitive Market Strategist." There are many lucrative opportunities for these workers. And they might be watching your business right now. Here are three of the ways they do it—and also how to dodge their efforts. more

Sunday, November 27, 2016

Turn Any Computer Into an Eavesdropping Device

Researchers at Israel’s Ben-Gurion University of the Negev have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones.

In a paper titled "SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit," the researchers this week described malware they have developed for re-configuring a headphone jack from a line-out configuration to a line-in jack, thereby enabling connected headphones to work as microphones.

The exploit works with most off-the-shelf headphones and even when the computer doesn’t have a connected microphone or has a microphone that has been disabled, according to the researchers. more

 Spoiler Alert: It ain't easy to do, or likely to happen to you. ~Kevin

Tuesday, November 22, 2016

Business Espionage: GSM Bugs Are Mini Cell Phones in Disguise

(from a seller's website in the UK)
GSM bugs are also known as mobile phone bugs and infinity bugs. Based around mobile technology, these devices provide a discreet listening facility with an unlimited distance.

Click to enlarge.
Up until a few years ago radio frequency transmitters were relied upon to provide an eavesdropping solution, albeit over only relatively short distances, generally up to about 800 metres line of sight. These devices are still available, but have been outlawed by OFCOM legislation and are therefore not legal to sell into the UK or operate in the UK without a radio broadcast licence. GSM Bugs use the existing GSM network as a transmission tool.

When they fist became available, the GSM bugs were literally modified mobile phones that auto-answered silently to open up the microphone and listen into the surrounding environment. These devices are still available today and some dedicated (dead phone) units have had enhanced microphone adjustments to make them more attuned to pick up sounds in a wider area, turning them into dedicated listening devices.

As the technology has moved on, these eavesdropping devices have become smaller and more sophisticated. They are really only restricted in size at present by the battery size, however, some of the latest units are built into mains powered devices such as multi-plug adapters and mains sockets, thereby making them invisible to the naked eye and with no power consumption restrictions.

Some of these eavesdropping devices are obviously for the UK market.
Bugs for other electrical standards are also available. 


Do you have electrical extension strips in your office?
Have they been inspected and sealed by a TSCM specialist

~Kevin

Hot Tech History: The "iPod" of 1938

via Matt Novak 
 Today we take it for granted that we can bring music with us wherever we go.

But that obviously wasn’t always the case. As just one example of how cumbersome portable music could sometimes be, take a look at this portable radio receiver from 1938. It was all the rage in France.

The May 1938 issue of Short Wave and Television magazine included a photo-filled spread of new radio sets that had recently been featured at an electronics exhibit in Paris. As you can see in the photo on the far left, the latest “portable radio” included a strap so that you could lug it around with you.

Radio miniaturization was happening at a quick pace in the 1920s, and this was far from the only portable radio of the 1930s. But it’s a decent reminder that portability is and always has been relative... more

Monday, November 21, 2016

3D Industrial Espionage

Your 3-D printer is leaking, but not in ways you can see.

It leaks sounds and energy. That's not a problem — unless you want to keep your creation a secret. In that case, it's time to get serious about security. Computer scientists have now shown that hackers can eavesdrop on 3-D printers — and then copy what they made. All it takes is your average smartphone.

As 3-D printing becomes more widespread, thieves will find new ways to steal original designs, worries Wenyao Xu. This computer scientist at the State University of New York in Buffalo led the new work...

To hack these printers, a spy needs to merely “listen” to the noise and energy the machine emits, including the magnetic fields that vary as it works. Both sound and electromagnetic energy travel as waves. By tapping into these waves, Xu says, a spy could identify the shape of what was being printed. This would allow someone to steal a design without ever seeing the original.

“We need to prevent these attacks,” Xu says. more

The Most Intrusive Spying Powers in the “History of Western Democracy.”

Britain’s Investigatory Powers Bill, voted through Wednesday, 

gives the government what critics claim will be some of the most intrusive spying powers in the “history of Western democracy.”

U.K.-based Internet service providers will be expected to keep full records of every customer’s browsing history, stretching back a year, and the statute will provide enough legal clout for the government to force companies to decrypt data on demand as well as create security backdoors on the devices they sell in order to facilitate spying. more

The Spy Who Couldn't Spell Straight

...and now we're going to hear a story that sounds just too bizarre to be true. 

More than a decade before Edward Snowden famously leaked thousands of classified records to the world, another U.S. government contractor tried a similar move the old-fashioned way. His name is Brian Regan. And in 1999 and 2000, he smuggled classified documents out of his office and buried them in the woods hoping to sell them to a foreign government. But he was foiled in part by his own terrible spelling.

This thrilling story is out this month in a new book called "The Spy Who Couldn't Spell: A Dyslexic Traitor, An Unbreakable Code And The FBI's Hunt For America's Stolen Secrets." Michel Martin talked with author Yudhijit Bhattacharjee about the strange story of Brian Regan.

MM: Why do you think most people have never heard of this story?

YB: The main reason is that Brian Regan was arrested just two weeks before 9/11. And so his story got completely overshadowed by the coverage of what was arguably the biggest story of the last 20 years... more

Friday, November 18, 2016

How to Get Into a Locked iPhone... and what to do about it.

It's Pretty Easy For Someone To Access Your Photos And Other Personal Info On Your Locked iPhone

YouTuber iDeviceHelp is "not a hacker" but still managed to find a fairly simple way to get into a locked iPhone running iOS 9. No passcode needed.


If you have an iPhone you want to turn off SIRI when the screen is locked. ~Kevin

China Secretly Spying on Android Devices

According to Cybersecurity firm Kryptowire, some Android phones, including those from American phone manufacturer BLU, are being preinstalled with software that monitors where users go, who they call, and what they text. The information is then sent back to Chinese servers.

A software dedicated to spying on users is the trojan horse hidden inside some phones manufactured in China. Kryptowire, a Cybersecurity consulting firm, has released a report stating that such malware is being used to gather sensitive information such as GPS locations, text messages, etc. to send back to Chinese servers every 72 hours.

The piece of code has been lurking inside the Android operative system. As such, the program managed to conceal itself from the user’s perspective.

Tom Karygiannis from Kryptowire revealed that the malicious program was created by the Chinese company Adups, with the sole purpose of spying, stating that it isn’t the result of an error. Karygiannis said that the malware’s goal may be is to perform state espionage or to merely to sell advertising data....

Adups has over 700 million active users, and a market share exceeding 70% across 200+ countries and regions. 

The company’s software is used in phones, cars, and other devices. American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected, promptly stating that it had released an update to remove Adups’ spyware. more

Happy Holidays, or How Not to Get Scammed Online This Season

Protect yourself against online shopping scams by watching for these 10 telltale signs...

Many mom-and-pop retail stores maintain websites for selling their wares, and some entrepreneurs create online-only stores that ship products directly from warehouses. Unfortunately, scammers also use ecommerce as an opportunity to take shoppers' personal and financial information from afar. An odd-looking site or too-good-to-be-true deal might be the work of scammer rather than an ecommerce amateur. The following 10 signs can help shoppers distinguish between the two. more

Lawyers Should Not Bug Opposing Lawyer's Email

Alaska may have only about 2,500 active resident lawyers, but its bar ethics committee has become just the second authority in the country to weigh in on the practice of “bugging” the e-mail of opposing counsel.

The committee disapproved of this spy method in an opinion issued in late October, saying that it violated the Last Frontier’s version of Model Rule 8.4, which prohibits dishonesty and misrepresentation.

A “web bug” is a tracking device consisting of an object embedded in a web page or e-mail, that unobtrusively (usually invisibly) reveals whether and how a user has accessed the content. Other names for a web bug are web beacon, pixel tracker and page tag. more

Want to check who is secretly bugging you? Little Snitch for OSX does an excellent job and offers a free trial. Similar products exist for PC based computers. ~Kevin

Thursday, November 17, 2016

This $5 Device Can Hack Your Locked Computer In One Minute

Next time you go out for lunch and leave your computer unattended at the office, be careful. A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks.

Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there’s a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday.


And all a hacker has to do is plug it in and wait. more

Tune into PI's Declassified! Thursday, 9 am Pacific, Noon Eastern

Is Your Cell Phone Bugging You?
Do you want to know how to protect your cell phone privacy or detect spyware on your smartphone? Are there warning signs that your phone is infected with spyware? Are there applications available to prevent your phone from being tapped or to catch the spy red-handed? Kevin D. Murray is an expert on mobile phone electronic surveillance and eavesdropping detection, known as technical surveillance countermeasures. He is also the author of Is My Cell Phone Bugged? Tune in to hear Kevin Murray discuss detecting mobile phone spyware, and tips to protect your most private conversations.
Link to show

Tuesday, November 15, 2016

Shazam, You're Bugged!

Shazam Keeps Your Mac’s Microphone Always On, Even When You Turn It Off

What’s that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple’s computers, Shazam never turns the microphone off, even if you tell it to.

When a user of Shazam’s Mac app turns the app “OFF,” the app actually keeps the microphone on in the background.

For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it’s just a feature that makes the app work better. more

TSCM School: How Small Can Electronic Surveillance Bugs Be?

...or, why we listen to the wires.

Electronic surveillance devices (audio, video, data) are often referred to by their generic term — bugs.
Amplified Mic (enlarged)
Bugs may be highly specialized, as in a video only spy camera, or may incorporate audio, video and data snooping. An example of this is a device which is secreted in a vehicle, which collects GPS data, audio and video.

Most people, however, think of bugs as audio-only radio transmitters.

Often the simplest bugs are the most effective. These are just microphones attached to a length of wire.

The other end of the wire can be connected to a distant radio transmitter, voice recorder, or simply an amplifier with headphones.

Most people are surprised to learn all homes and offices come prewired, bugging-ready.

Standard telephone cables have unused pairs, and computer Ethernet cables generally only use two of the four pairs they contain. Most older office buildings also have legacy wiring which was never removed.

These "hardwired" bugs are among the most difficult to detect, which is why spies and law enforcement favor them.

Since a microphone is the main element of a hardwired bug,
I thought it might be very useful to show you how small they
can be.

These fingers are holding a real microphone, actual size.

Now you know just how much the other picture was enlarged.

Amazingly small, these microphones are mass produced by the millions.

Fortunately, most wind up in cell phones and hearing aids. However, many are sold on eBay for pennies, and then become bugs.

Not everyone knows how to find these. But, don't worry, we do.

Monday, November 14, 2016

Business Espionage: Agribusiness Now in the Crosshairs

In an industry where information is power, dishonest competitors may steal agrichemical company data and use it to their advantage. While this may sound a little like a James Bond movie plot, industrial espionage is a real event.

Take for example, the case from October 2016, when a Chinese man was sent to prison for 3 years... The crime was part of a years-long conspiracy involving several Chinese citizens aimed at stealing valuable patented corn seeds from Iowa farm fields so they could be smuggled to a Chinese agriculture conglomerate.”...

Worse still, is that this case is not an isolated incident, with Robert Anderson Jr., assistant director of counterintelligence at the F.B.I. explaining that, “Agriculture [industrial espionage] is an emerging trend that we’re seeing.” Adding that, until two years ago, “the majority of the countries and hostile intelligence services within those countries were stealing other stuff.”

Such is the power of a trade secret in modern agribusiness, that attempts to steal it are replacing efforts to learn military secrets.

Possibly, this is part of what geo-political experts call ‘food security’...

When it comes to agribusiness data, industrial espionage should leave you neither shaken nor stirred, but should simply be a case of, ‘We’ve been expecting you Mr. Bond.’ more more

Double Creepy

Oklahoma City Police arrested a man
accused of creeping around an apartment complex and spying on people. The suspect is a funeral director and embalmer.

News 9’s Adrianna Iwasinski got a copy of both the police report and court record from last Friday's arrest, and it states that police found a gun under the man’s driver's seat and they also found a video camera. more

The Sounds in Your Head That Nobody Else Hears May Come From...

...an ultrasound Audio Spotlight invented by Dr. F. Joseph Pompei.

The ultrasound, which contains frequencies far outside our range of hearing, is completely inaudible. But as the ultrasonic beam travels through the air, the inherent properties of the air cause the ultrasound to change shape in a predictable way. This gives rise to frequency components in the audible band, which can be accurately predicted, and therefore precisely controlled. By generating the correct ultrasonic signal, we can create, within the air itself, any sound desired.

Sound is literally made from thin air.

Note that the source of sound is not the physical device you see, but the invisible beam of ultrasound, which can be many meters long. This new sound source, while invisible, is very large compared to the audio wavelengths it's generating. So the resulting audio is now extremely directional, just like a beam of light. more

Sunday, November 13, 2016

WindTalker - A Smartphone Intercept Technique

The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed on his phone or in password input fields.

This type of attack, nicknamed WindTalker, is only possible when the attacker controls a rogue WiFi access point to collect WiFi signal disturbances.

Details about the real-world attack and WindTalker, in general, are available in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."

WindTalker attack has a 68%+ accuracy. more
video

Saturday, November 12, 2016

Robert Vaughn, 'Man from U.N.C.L.E.' Star, Dies at 83

Robert Vaughn, the debonair, Oscar-nominated actor whose many film roles were eclipsed by his hugely popular turn in television’s The Man From U.N.C.L.E., has died. He was 83.

Vaughn died Friday morning after a brief battle with acute leukemia, according to his manager, Matthew Sullivan.



The Man From U.N.C.L.E. was an immediate hit, particularly with young people, when it debuted on NBC 1964. It was part of an avalanche of secret agent shows (I Spy, Mission: Impossible, Secret Agent), spoofs (Get Smart), books (The Spy Who Came in From the Cold) and even songs (Secret Agent Man) inspired by the James Bond films.

Vaughn’s urbane superspy Napoleon Solo teamed with Scottish actor David McCallum’s Illya Kuryakin, a soft-spoken, Russian-born agent.

The pair, who had put aside Cold War differences for a greater good, worked together each week for the mysterious U.N.C.L.E. (United Network Command for Law and Enforcement) in combating the international crime syndicate THRUSH. more

Thursday, November 10, 2016

Business Espionage Problem: Car Spy Photographers Using Drones

...automakers are looking at ways to put a stop to this practice.

Click to enlarge.
One answer may be coming from the German company Deutsche Telekom, which is working with developers on ways to keep drones out of certain areas.

The American company Dedrone also has a DroneTracker system that can locate drones more than half a mile away. We're sure that more creative and interesting means of inhibiting drones are coming down the road as well. more

Spy vs Spy Sweepstakes - Win Original Artwork

Spy vs. Prize Department
MAD’s year-end issue chronicling “The 20 Dumbest People, Events and Things” of 2016 is coming soon. But you don’t have to wait to experience the dumbness of MAD!

Enter now for a chance to win an original piece of Spy Vs Spy artwork by renowned artist Peter Kuper.

This rare piece has never been published, and no, not because one of the editors spilled coffee on it. (Note: The stain has since been removed. Coffee not included in this sweepstakes.)


NO PURCHASE NECESSARY TO ENTER OR TO WIN. A PURCHASE WILL NOT INCREASE YOUR CHANCES OF WINNING. ODDS OF WINNING WILL DEPEND ON THE TOTAL NUMBER OF ELIGIBLE ENTRIES RECEIVED.The “MAD® Spy vs. Spy Original Art Sweepstakes!” begins on 11/9/16 at 10:00a.m. PT and ends on 11/30/16 at 9:59 a.m. PT. Only open to legal residents in the 50 U.S. and D.C. who are 13 years of age or older. Void in Puerto Rico, the U.S. Virgin Islands, U.S., Military installations in foreign countries, all other U.S. territories and possessions and wherever prohibited or restricted by law. Total Prize ARV is: $100.00. Sponsor: DC Entertainment. This Sweepstakes is in no way sponsored, endorsed or administered by, or associated with Facebook, Twitter or any other social media sites.

Wiretapping & Electronic Surveillance - The IT Spy Guy v. Estranged Wife

PA - An employee of a midstate county faces charges of spying on his estranged wife.

36-year-old David Randall Maurer - who works for the Dauphin County information technology department - is charged with violating the wiretapping and electronic surveillance act.

State Attorney General Bruce Beemer alleges that Maurer installed spyware monitoring software that captured key strokes, screenshots and websites that his estranged wife visited on her laptop.

He allegedly used the information to log into her private email and Facebook accounts. more

Business Espionage: Bugger Caught in the Act

UK - A camera recording with audio was found under a chair during a private meeting of MPs. 

British sportswear company Sports Direct was being paid an unannounced visit by members of the House of Commons’ Business Select Committee. The MPs were there to insure that good working practices were being upheld by the company.

The MPs gave Sports Direct a one-hour warning before arriving, part of a long-running investigation into conditions at the company. During their visit, they were having a private meeting over lunch to discuss their findings. It was then that Labour MP Anna Turley spotted a staff member hiding a camera in the room where they were meeting. 

Turley says a woman came into the room to bring sandwiches to the MPs, then she crouched down to hide a camera under a chair. “I saw her trying to arrange it to get the best angle so that they could video us up at the board table and listen to what we were saying.” more

The device was identified as a small Go-Pro camera, which records excellent audio as well as video. ~Kevin

Kevin's Security Scrapbook Reaches One Million Pageviews

...actually 1,001,644 as of today.
Thank you!
~Kevin