Common Bugs

Spy tools are no longer esoteric, expensive and difficult to obtain. 

Some bugs are built into everyday objects - like pens, power strips and key fobs.

The result...
The average person can engage in eavesdropping and spying cheaply; doing it better than the professionals did only ten years ago - with less chance of being discovered. So they do!

Spy Trick Awareness

1. Digital audio/video recorders are very small, and absolutely silent. No moving parts. Inexpensive. Some are smartphone apps, others are built into wristwatches and key fobs.

The trick...
These devices are easily hidden on-the-body, or look like everyday objects. They can be activated by a timer, or when they hear sound, or see movement. Some devices can even stream live video.

In adversarial meetings, the other party may leave the room to make a call, or go to the restroom, and leave one of these behind in a coat, briefcase or notepad.

Assume you are being recorded. 


2. GSM bugs are designed to be bugs and nothing else. They are basically one-way, dumb cell phones. No keypad. No display. No speaker. They are available on the Internet for less than $20.

The trick...
The snoop plugs in a SIM card and hides the device. From then on, they can call-to-listen, from anywhere.

Some devices might have to be retrieved periodically to refresh the battery, or retrieve the recording. Other devices might be wired to the mains and transmit their data via LAN, Wi-Fi, light or radio waves.

Spybuster Tips:

• Tighten perimeter security to make entry difficult for the eavesdropper. 
• Conduct periodic eavesdropping detection inspections.
• Suspect someone is recording you if they want to repeat a previously held conversation, or ask leading questions.

The 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones

John* tapped out a simple text message to his wife in January 2016. "I love you," it read.

But this wasn't the only message she saw. Unbeknownst to John, his wife had bugged his smart phone. She was spying on John, eavesdropping on all of his texts and multimedia messages, and tracking his every move through the device's GPS...

John is just one of tens of thousands of individuals around the world who are unwitting targets of powerful, relatively cheap spyware that anyone can buy. Ordinary people—lawyers, teachers, construction workers, parents, jealous lovers—have bought malware to monitor mobile phones or computers, according to a large cache of hacked files from Retina-X and FlexiSpy, another spyware company.

The breaches highlight how consumer surveillance technology, which shares some of the same capabilities and sometimes even the same code as spy software used by governments, has established itself with the everyday consumer. more

Spy Camera in a USB Charger — Scam or Slam?

You decide...

Hummmm, wait until August and pay through the nose, or... buy it now, on eBay!

Spy Satellite Calibration Crosses

via wired.com 
Venture into the Sonoran Desert about an hour south of Phoenix 

Click to Enlarge

and you’ll eventually stumble upon a concrete cross. More than 100 dot the terrain, each of them 60 feet across and spaced precisely one mile apart. The government used them to calibrate the world’s first spy satellites as they peered down on Russia and China while photographing more than 750 million square miles of the planet.

The 95 satellites of the once top-secret Corona project sent their last images in 1972, but the calibration markers still stand in a grid that once measured around 16 square miles. “It’s such a massive thing in terms of its scale, but it pales in comparison to the scale of history that it’s a part of,” says Julie Anand. She and Damon Sauer have spent the better part of three years photographing the markers and mapping the satellites that pass over them for Ground Truth: Corona Landmarks.

Spy v Spy in Nicaragua — Some Things Never Change

U.S. officials are tracking the activity of a Russian spy base on the edge of a volcano in Nicaragua that is believed to be monitoring American agents.

The CIA has reportedly sent numerous Russian-speaking Cold War experts to perform counter surveillance of Moscow’s activity in Central America.

One source told The Washington Post, “Clearly, there’s been a lot of activity, and it’s on the uptick now.”

Located in Laguna de Nejapa, the base is officially known as a tracking site for Moscow’s GPS satellite system, but CIA officials suspect that resources there are being utilized to spy on the American Embassy located only ten miles away. more

PIN Crack Hack, or The Gyro Knows

Turns out your phone's PIN code is less secure than previously thought. Researchers demonstrated how to hack it with gyroscope data.

It’s no secret that smartphone PIN codes are not perfect, but new research suggests they might be next to worthless. A team of scientists at Newcastle University in the U.K. was able to guess a user’s phone PIN code with nothing more than data from the device’s sensors.

In a paper published in International Journal of Information security, researchers demonstrated how a phone’s gyroscope — the sensor that tracks the rotation and orientation of your wrist — could be used to guess a four-digit PIN code with a high degree of accuracy. In one test, the team cracked a passcode with 70 percent accuracy. By the fifth attempt, the accuracy had gone up to 100 percent.

...it highlights the danger of malicious apps that gain access to a device’s sensors without requesting permission. more

Tips...

• Make sure you change PINs and passwords regularly so malicious websites can't start to recognize a pattern.
• Close background apps when you are not using them and uninstall apps you no longer need.
• Keep your phone operating system and apps up to date.
• Only install applications from approved app stores.
• Audit the permissions that apps have on your phone.
• Scrutinize the permission requested by apps before you install them and choose alternatives with more sensible permissions if needed.

The above is just the tip of this iceberg. For the full scare, read what Dr. Maryam Mehrnezhad had to say. ~Kevin

Siemens Employee Arrested in Netherlands for Business Espionage

Siemens said on Friday that an employee had been arrested in the Netherlands in a case which the country's financial crimes prosecutor said involved suspected espionage for a Chinese competitor...

He did not disclose which department the employee worked for or whether it was known if secrets had been leaked.

Click to enlarge.

Investigators said the man was detained on a train station platform as he was about to travel to China.

In addition to searching his baggage, they raided his home and workplace, seizing several digital memory devices.

Corporate espionage cases rarely come to light in the Netherlands. more

It Pays to Spot Spies in Beijing, or Peeking Duck

China is offering cash rewards of up to $72,400 to encourage residents in the capital Beijing to report about foreign spies in the country, stepping up its campaign against espionage.

Beijing's residents can report through a hotline, by mail or in person any activity endangering China's national security or thefts of national secrets, the Beijing Daily and other state media reported.

The top reward for whistle-blowers ranges from $1,500 (100,000 yuan) to $72,400 (500,000 yuan), depending on how important the intelligence is, the report said. more

BBC Uncovers Secret Bank of England Recording

A secret recording that implicates the Bank of England in Libor rigging has been uncovered by BBC Panorama. 

The 2008 recording adds to evidence the central bank repeatedly pressured commercial banks during the financial crisis to push their Libor rates down.

Libor is the rate at which banks lend to each other, setting a benchmark for mortgages and loans for ordinary customers. more

Panorama: The Big Bank Fix will be broadcast on BBC One on Monday 10 April at 20.30.

Former Prosecutor Admits to Illegal Wiretap in Love Triangle

A former New York City prosecutor 
has pleaded guilty to charges she used an illegal wiretap to spy on two other people in a love triangle. 

Tara Lenich entered the plea on Monday in federal court in Brooklyn.

The 41-year-old Lenich admitted that she forged documents so she could wiretap the phones of a police detective and another woman working as a prosecutor working in the Brooklyn district attorney's office. Authorities haven't revealed the identities of her targets. more

500 Year Old Russian Eavesdropping Device

Archaeologists have uncovered a 500-year-old spy chamber beneath a Moscow street. 

It was built underneath a 2.5km wall to protect Russians from Polish raids – and was used to listen in on the enemy through a wall.

It is said the room’s vaulted walls created an acoustic effect which allowed people to eavesdrop.

It contained around 150 artifacts, including ancient cooking equipment, upon its discovery. more with video

Extra Credit: 6 KGB Spy Tools That are Still Relevant

DJ turned PI turned DJ Uncovers Corporate Espionage of Rival Networks

Australia - Kyle Sandilands called on his little known training as a private eye 
to uncover what he calls multiple acts of “corporate espionage” aimed at destabilising his hit breakfast show...

He eventually discovered that a number of people from 2DayFM and NOVA had been emailing clips from The Kyle and Jackie O Show to advertisers and celebrity agents, suggesting they move their business from KIIS to them.

Sandilands says he was shocked when he discovered the extent of the ‘”corporate espionage” after he started getting proof from KIIS clients and associates in the US, where he has a music business. more

Burglars and Peeping Toms Use Drones

UK - Loud music, unkempt gardens and disputed boundaries have long caused acrimony between neighbours. Now technology has brought a new grievance: low-flying drones.

As well as causing arguments between neighbours they have been used by burglars planning raids and to snoop on teenage girls sunbathing.

Figures obtained under the Freedom of Information Act showed that last year forces recorded 3,456 incidents involving drones, nearly ten a day. The true total is likely to be higher as data was not available for all forces. more

Crack the Code - Get a Drink

The Bletchley is a spy-themed London bar where you have to crack codes to order drinks.

To do that, you use imitation World War 2 Enigma machines which generate a unique code for every "agent." Orders are then transmitted via radio to the bar.

The venue is inspired by Bletchley Park, the site where British mathematician and codebreaker Alan Turing and his team used to crack German codes during World War 2. more with video

Space X & Tesla - So, why not Blink & an electric car?!?!

Blink, which makes home security cameras, debuts its Blink XT1 EPV, the first car that runs on batteries, coming summer 2018.


The dramatic trailer slowly builds suspense as it unveils the sleek automobile and poses the question we've all pondered—what if a car could run on store-bought batteries?

Privacy Tips for the New Post-Privacy Internet

10 practical privacy tips for the post-privacy Internet.

1. Educate yourself about cookies and clean them out regularly.
2. Use two, or even three, browsers.
3. Disable Flash or option it.
4. Change your DNS serve.
5. Lose search engines that track you. Now.
6. Use the Tor browser(s).
7. Remove your information on websites.
8. If you have the luxury, change ISPs.
9. Use virtual machines.
10. Modify your browser as little as possible. more

Operation Ivy Bells — Cold War, Cold Water Wiretapping

Secrets haunt the still-classified Operation Ivy Bells, a daring Cold War wiretapping operation conducted 400 feet underwater.

It's the summer of 1972 and the U.S. is in the middle of pulling off the most daring, covert, and dangerous operation of the Cold War. Only a few months before, the signing of SALT I (Strategic Arms Limitations Treaty) limited the number of nuclear missiles of the world's two largest superpowers. Yet even with this well-publicized US/Soviet détente in place, a submerged American submarine rests mere miles from the Russian coastline.

At the bottom of the Sea of Okhotsk, the U.S. nuclear submarine Halibut silently listens to the secret conversations of the Soviet Union. With the Kremlin completely unaware, Navy divers emerge from a hidden compartment (referred to as the "Bat Cave") and walk along the bottom of the sea in complete darkness, wiretapping the Soviet's underwater communications line.

America wiretapped this particular Soviet communications cable for maybe a decade or more—and many details remain classified. It was the U.S.'s most ambitious wiretapping operation, until this point, in its entire history. This was Operation Ivy Bells. more

Economic Espionage: Declining, or just more stealthy?

by Taylor Armerding 
Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage... 

So, with Xi due to meet with President Trump in early April, an obvious question is: Has the agreement been effective?...

The reviews on that are mixed...

Robert Silvers, writing on the Lawfare blog, called the statement, “a landmark concession” by the Chinese, and said in the months since, multiple researchers and analysts had concluded that the agreement, “coincided with a significant downturn in Chinese hacking activity.”...

FireEye iSIGHT Intelligence, concluded that while “unprecedented action by the US government” was a factor in the decline, it actually began in the middle of 2014 – more than a year before the Obama/Xi agreement...

John Quinn, former Far East specialist for the CIA, a more tempered view of the impact of the agreement. “I would characterize it as a work in progress, but a good start,” he said....

Israel Barak, CISO of Cybereason, means the conclusion that economic espionage has decreased is “problematic.” “Fewer attempts might mean they already have access,” he said. “The amount attributed to cyber crime in manufacturing, health care and other industries is constantly on the rise.”...

As Kevin Murray, director at Murray Associates, put it, “once someone starts closely watching the cookie jar, the thief is forced to become more crafty.”

Murray, however, contended that the private sector needs to be much more effective in protecting itself. He pointed CSO to a 2015 blog post in which he declared: “We fight like hell for our freedom, but we let the world pick our intellectual pockets.”

Murray said the “punish-the-spy” model isn’t enough – that corporations should be held accountable as well, for failure to protect their assets.

“We need a law creating business counterespionage security standards, with penalties for inadequate protection,” he said, arguing that the US already, “successfully employs the same concept with medical and financial record privacy.” more

Electronic Eavesdropping Confirmed: CEO's Car Was Bugged During Takeover Talks

The head of Stada, the German drugmaker at the centre of a takeover battle, confirmed his car had been bugged last year but reassured investors that the company had not suffered as a result. "I have no reason to assume that any confidential business information went into the wrong hands," Chief Executive Matthias Wiedenfels told a news conference on Wednesday after the group announced annual financial results.

The disclosure comes at a sensitive time as Stada is the subject of a 4.7 billion euro ($5.1 billion) takeover fight between two rival private equity consortia. It was not clear who was responsible for the bugging and no suggestion that it was connected to the takeover battle.

Germany's Manager Magazin reported last week that Wiedenfels found a listening device in his car and that he was also anonymously sent photographs taken of him in confidential business situations and outside of the office.  more

Did you expect him to say, "Oh yes, confidential business information went into the wrong hands. The company has suffered as a result."

When was the last time you checked? Check here.

Nixon Watergate Era Poster

Vintage (1973) Waterbug Workshop, Boston.

Poster by David Campion.

The Cold War’s Least Believable Surveillance Strategy

In an effort to gather information from behind the Iron Curtain, the U.S. Air Force launched hundreds of spy balloons to float over the Soviet Union, collect photographic coverage, and hopefully reappear in friendly airspace for midair recovery...

In the days before reconnaissance satellites, balloons were seen as a safer alternative to proposals for manned overflights, and less provocative than plans to attach cameras to cruise missiles. But the audacity of the balloon program also reflected the tremendous appetite for recon information in Washington. In his 1991 history of the Moby Dick program, as it was known, Curtis Peebles describes how “the reconnaissance balloon had the highest national priority of 1-A. The only other project to share this priority was the hydrogen bomb. Knowledge is power.”

The balloons carried a 150-pound metal box with the approximate dimensions of an old television. Inside, a camera, film, and electronics were shielded from the conditions by several inches of styrofoam. Two additional tubs of ballast provided the balloons with rudimentary navigational aids. If sensors indicated a drop in altitude, magnetic valves inside the tubs could gradually release its steel dust to lighten the load. more

ISPs May Soon be Selling Your Browsing Data – Privacy Tips...

Recently, the United States Senate saw fit to allow Internet Service Providers to sell your web browsing history and other data to third parties. The action has yet to pass the House, but if it does, it means anyone concerned about privacy will have to protect themselves against over zealous data collection from their ISP.

Some privacy-conscious folks are already doing that—but many aren’t. If you want to keep your ISP from looking over your shoulder for data to sell to advertisers, here are three relatively simple actions you can take to get started.

1. The Electronic Frontier Foundation’s HTTPS Everywhere browser extension is one of the first things you should install. This extension requires that all website connections to your browser occur using SSL/TLS encryption...

2. Your next step is to subscribe to a paid virtual private network service—not a free one that collects your data and sells it to third parties for analytics, or uses ads to support its free service, because that would negate the entire point of all this...

3. The Domain Name System is how your computer translates a human readable website name, such as NYTimes.com, into a machine-friendly numerical Internet Protocol address. It’s like the telephone book of the Internet.

The problem is that your PC is usually configured to use your ISP’s DNS, which means your ISP sees all your browser requests. VPNs typically configure your PC to use their DNS, and there is usually a DNS leak protection feature that makes sure your PC doesn’t ignore the VPN and use your default DNS settings.Nevertheless, to be doubly sure you’re not using your ISP’s DNS, it’s a good idea to set your PC to use a third-party DNS provider such as OpenDNS... more

Smartphone Malware Up 400% in 2016

Mobile device malware infections reached an all-time high last year, according to a new Nokia Threat Intelligence Report, released Monday.

Smartphones were by far the most vulnerable devices, with infections that rose nearly 400% in 2016. Attacks on smartphones represented 85% of all mobile device infections in the second half of the year, according to the report. more

Another Leak of Security Clearance Files (WTF?!?!)

via zdnet.com...
An unsecured backup drive has exposed thousands of US Air Force documents, including highly sensitive personnel files on senior and high-ranking officers.

Security researchers found that the gigabytes of files were accessible to anyone because the internet-connected backup drive was not password protected.

The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess "top secret" clearance, and access to sensitive compartmented information and codeword-level clearance.

Phone numbers and contact information of staff and their spouses, as well as other sensitive and private personal information, were found in several other spreadsheets.

The drive is understood to belong to a lieutenant colonel... more

The device has since been taken offline and it is unclear if anyone other than members of the MacKeeper Research Team had access to the files or how long they were available. more

Enough is enough!!! 
Make information security a top priority, wherever you work, right now! 
(My security clearance info was stolen during the OMB hack of 2015. I'm still pissed.) ~Kevin

Anti-Surveillance Sunglasses – Q Would Be Proud

via... digitaltrends.com
...there’s a new set of spectacles on Kickstarter that might help you bamboozle even the most sophisticated facial recognition tech.

The Eko shades, as they’re called, are rimmed with a type of retro-reflective material that bounces light back to exactly where it came from. Most surfaces reflect light by diffusing or scattering it in all directions, but this material is specially designed to reflect light back at the exact same angle as it arrived.

If caught in flash photography, retro-reflective material will send most of the light back to the camera’s sensor. This will put the dynamic range of the camera’s sensor to the test, and likely result in an image that’s underexposed for everything but the rims of your glasses.

Of course, this won’t help much for any camera that doesn’t require a flash, but it’s still a pretty interesting concept. more

...and the DIY hat to go with them!
1937 prototype anti-mind control device.
(Ok, who said, "Too late. She has already lost hers.")

Hotel Spying Fears

Last week, New York’s famed Waldorf Astoria hotel closed for two years of renovations amid ongoing concerns that the Chinese government could be spying on guests. 

For decades, US government officials stayed at the hotel during the United Nations General Assembly. But in 2015, after the Waldorf was sold to the Chinese Anbang Insurance Group Ltd, President Obama and State Department officials moved elsewhere, citing security concerns.

Last month, New York Post gossip columnist Cindy Adams speculated that the reason for the renovations is that the hotel “is getting hardwired”...

Worries about espionage could lead not just political officials but also business executives to steer clear of properties owned by Anbang and other foreign companies. It’s common knowledge that governments —including the US, France and China — spy on foreign businesses. more

Extra Credit Reading: Who's Watching You In Your Hotel Room? ...and more


Education.

One New Solution to the USB Port Vulnerability

The USG is a small, portable hardware USB firewall that isolates a potentially harmful device from your computer. It's designed to prevent malicious USB sticks and devices laden with malware from infecting your computer...

The problem is that most computers automatically trust every USB device that's plugged in, which means malicious code can run without warning.

It's not just computers: Cars, cash registers, and some ATMs also come with USB ports (desk phones and printcenters, too), all of which can be vulnerable to cyberattacks from a single USB stick.

While the USG will protect against low-level USB attacks, it won't protect against malware stored on the flash drive itself.

Fisk explained on his Github page, where the code is available, that the project is "particularly useful for individuals and organizations that face advanced threats including corporate espionage or state sponsored attacks." more

Toshiba Nixes Foxconn - Business Espionage Fears

Taiwan’s Foxconn, the world’s largest contract electronics maker, is not a favored bidder for Toshiba memory chip business because it is too close to China.

Apparently the Japanese government has told Tosh that flogging its flash business to China would be opposed because it means the transference of key technology.

Foxconn has plants in China, and the Japanese fear that putting the tech close to the Chinese would result in the tech leaking out due to industrial espionage and internal corruption. more

Consumer Reports Adds Privacy to its Checklists

Consumer Reports announced Monday it would begin considering data security in its comprehensive product reviews. 

Consumer Reports will use new standards to evaluate the quality of "internet of things" gadgets based criteria such as how secure products are and what sorts of disclosures are made when a device is collecting your data. The goal: For consumers to feel safer, and to not have to worry about the real threat of (for example) hackers taking over their baby monitor. more

Electronic Surveillance: Trust Your Instincts - Don't Wait 10 Years

A Craig, Iowa man will spend up to ten years behind bars for spying on a family in their home over the course of a decade. A judge sentenced 67-year-old James Grasz on five charges including sexual exploitation of a minor, and invasion of privacy.

Prosecutors say Grasz videotaped adults, and juveniles, in various states of nudity, without their consent, for ten years, or more. Authorities started investigating, last March, after a woman complained that she felt like she was being spied on.  more

Pole Cam Issue Flagged as Possible Spy Tool

Pakistan has raised concerns that India’s tallest ever flag, which can be seen from Lahore, could be used for “spying”.

India erected a 110 metre (360 feet) high flag at the Attari Border in the northern state of Punjab, prompting Pakistan to accuse its neighbour of violating international treaties.

Pakistan has complained to the Border Security Force and raised suspicions that hidden cameras may be installed on the flag pole for spying purposes. more

High Flying Corporate Espionage Lawsuit

Panasonic Avionics plans to seek immediate dismissal of a lawsuit filed by software company CoKinetic Systems, which claims PAC employed unlawful means to monopolize the market for IFE software and media services on the IFE hardware it supplied to airlines...

The firm’s suit, filed in the US District Court for the Southern District of New York, alleges that Panasonic Avionics willfully violated open source licensing requirements, breached contractual obligations to CoKinetic, abused FAA regulatory processes, conducted corporate espionage, and defamed CoKinetic and sabotaged its products...

Separately, Panasonic Corp on 2 February revealed in a stock exchange filing that the DOJ and SEC are probing PAC’s sales activities, and said it had begun talks with authorities to try to resolve the matter... PAC’s CEO and CFO departed the company last month. more

Spycam News: A Darwin Award to Another Spy Who Shot Himself

OH - Judge Robert Peeler sentenced a former Deerfield Township maintenance man to four years in prison, for putting hidden cameras in women's apartments. 

Gerald Rowe will also have to register as a Tier 1 sex offender. Rowe worked at the Steeplechase Apartments in Deerfield Township. A woman called police after finding one of his hidden cameras in the vent of her bathroom in May 2016, according to Prosecutor David Fornshell.

Warren County Sheriff's Office detectives found videos from four other apartments from February through May.

Rowe mounted the cameras to get video of the women undressed. One of the videos shows Rowe's face while installing the camera. more

FutureWatch: Cheap, difficult to detect, short-range, long-term bugs.

Researchers at the University of Washington (UW) have pioneered a technique where everyday objects can be embedded with transmitters that piggyback ambient FM signals to send data to nearby smartphones and radios using almost no power. 

The technique makes used of backscattering, which is the reflection of waves, particles, or signals back in the direction they came from. The system uses a low-power reflector to encode specific audio or data on top of reflected signals from an existing FM broadcast, with the data sent on an adjacent band so as not to interrupt any current radio transmissions.

The key benefit of the technology is that it has an extraordinarily low level of power consumption, meaning that it can easily be incorporated into everyday objects at a low cost...



The antennas are made of thin copper tape and can be simply embedded into objects like advertising posters or articles of clothing. Initial demonstrations of the technique showed the total power consumption of a transmitter embedded into a poster to be as little as 11 microwatts – an output that could run uninterrupted off a small coin-cell battery for two years...

The UW team has produced two working proof-of-concept prototypes demonstrating the technology. The first was dubbed a "singing poster" that transmitted portions of a band's music to a smartphone up to 12 ft (3.6 m) away, or a car up to 60 ft (18 m) away.  more

FutureWatch: Cheap, difficult to detect, short-range, long-term bugs. The traditional police "wire" invisibly woven into undercover investigators' clothing.  ~Kevin

Las Vegas Constable Gambles—Pleading Not Guilty to Wiretapping

Former Las Vegas Township Constable John Bonaventura pleaded not guilty Tuesday to theft and wiretapping charges.

An indictment accuses Bonaventura, 54, of wrongfully increasing an employee’s salary to repay a personal debt. It also accuses him of secretly recording phone calls from newspaper reporters, lawyers, a judge and at least one Clark County commissioner. Along with one count of theft, Bonaventura faces one count of misconduct of a public officer and four counts of unlawful interception of wire communications, all felonies. more

Background: In March 2013, the Clark County Commission unanimously voted to abolish the Las Vegas constable’s office... Bonaventura told others that he wanted to bleed the office dry of all its assets before it was abolished in January 2015.

Macbook Anti-Spyware App - Reveals Video & Audio Spying

After reading about how hackers have taken control of a MacBook's iSight camera to spy on the person sitting in front of it, you might start to get a feeling that someone is watching you... Making matters worse, hackers have been able to spy on people without triggering the little green light that tells you your iSight camera is active...
...monitor your iSight camera so you know when it's being used. MacOS doesn't let you do this natively, so you'll need to turn to a third-party app: OverSight.

OverSight is a free app that installs quickly and places an icon in your menu bar to let you know it's running. more  Other security apps from the same developer.

A Solution to Dog-With-A-Bone Phoneaddicts

Dog-With-A-Bone Phoneaddicts are everywhere: at corporate meetings/events, concerts, expensive social gatherings, movie theaters, classrooms, lecture halls, even family dinner tables. The list is endless, others become furious, and speaking out could be injurious.

Temporary separation of the bonephone from the addict results in growling and snarling.

The only way to unlock Yondr's phone case 

is to tap it on the unlocking station.  

Photo: Jarrard Cole / The Wall Street Journal

There is a better solution... Yondr.

"As people enter the venue, their phones will be placed in Yondr cases. Once they enter the phone-free zone, the cases will lock. Attendees maintain possession of their phones and are now free to enjoy the experience without distraction... If at any point attendees need to use their phones, they simply step outside of the phone-free zone to unlock the case."

It's a good compromise.
Simple. Easy. Effective.

Security Director Alert: The USB Leach

If you see this, call us...

"The LAN Turtle is a covert Systems Administration and Penetration Testing tool providing stealth remote access, network intelligence gathering, and man-in-the-middle monitoring capabilities.

Housed within a generic "USB Ethernet Adapter" case, the LAN Turtle’s covert appearance allows it to blend into many IT environments."
----

"This is insane. No one at my work would notice this!"
-Pentest with Hak5 Student

more

Talking Doll Hack Exposes 2.2 Million Voice Recordings...

...thus busting the old proverb that children should be seen but not heard.

A security vulnerability allowed anyone to view personal information, photos and recordings of children's voices from CloudPets (A Message You Can Hug™) toys. And at one point, some people tried to hold all of that information for ransom.

According to a report compiled by security researcher Troy Hunt, over 820,000 user accounts were exposed. That includes 2.2 million voice recordings.

"I suspect one of the things that will shock people is that they probably didn't think through the fact that when you connect the teddy bear, your kids voices are sitting on an Amazon server," Hunt said. more  Plus: A brief history of creepy talking toys!

Optical Spying Through Office Windows

With talented hackers able to break into just about any device that's connected to the internet, from a computer to a car, the best way to keep sensitive data safe is to cut the cord completely.

Keeping an "air gap" between a hard drive and other devices forces any would-be thief to physically go to the machine ... or so you might think. Cyber security researchers have shown that hackers could hijack the innocent flashing LED on the outside of a computer, and use it to beam a steady stream of data to a waiting drone.

...digital criminals can be extremely crafty, using acoustic signals to jump the air gap between devices from a distance or untangling typed text by listening via Skype to the clickety-clack of a keyboard.

Now, a team at the Ben-Gurion University Cyber Security Research Center has demonstrated a new way that creative crooks could crack that isolated data. A piece of malware infecting an air-gapped computer could harness the hard drive's LED, making it flash in a very controlled and very fast manner. Flickering thousands of times a second, the virus could blink out a binary code of the desired data, at a rate that a human sitting at that computer wouldn't even notice. Special cameras or light sensors – say from a drone hovering at the window, with a line of sight to the LED – could then receive and record that information. more

Spybusters Tip #792: External visual surveillance through windows is easy using high-powered optics, or even cameras on drones. Keep computer screens, and their blinky lights, away from external line-of-sight. 

Spybusters Tip #793: Enforce a "Clear Desk Policy" when sensitive information is not actively being used. ~Kevin

Flexi Morality - Expanded Cell Phone Spyware Laws Introduced

On three occasions this week, I asked a FlexiSpy salesperson a simple question: If I wanted to, could I use their spyware to snoop on my wife's cellphone without her knowing? The answer each time was yes. 

When asked if it was legal, they responded with a canned disclaimer explaining it was necessary to get the permission of the target. But what if I didn't want my wife to know? They could help me anyway...

Detect phone warming caused by spyware. (for clients only)

Even though I started each conversation telling the FlexiSpy salesperson I was a FORBES reporter, they were happy to offer suggestions about how one could install the app without permission of the target. One said I could "sneak to get her phone" and then install, a process that FlexiSpy would guide me through. He sought to allay any fears about getting caught, noting there was no icon and it would operate silently...

Meanwhile, lawmakers are seeking to expand laws that punish unwarranted, secret surveillance. Last week, Senators Ron Wyden, Jason Chaffetz and John Conyers introduced The Geolocation Privacy and Surveillance (GPS) Act. Specifically, it creates criminal penalties for "surreptitiously using an electronic device to track a person's movements that parallel the penalties that exist for illegal wiretapping." more  other cell phone spy gadgets

Howard Stern Sued for Eavesdropping on IRS Phone Call

Howard Stern is being sued for airing live a phone call that a woman thought she was having privately with an IRS agent. 

Stern was sued by Judith Barrigas on Monday for airing a 45-minute conversation that she had with IRS Agent Jimmy Forsythe, according to The Hollywood Reporter...

Before Barrigas was connected to Forsythe, though, the agent was on another line with Stern's show. He put the Stern show on hold to take the call with Barrigas.

Someone on Stern’s show was able to listen in on the Barrigas-Forsythe phone conversation and was apparently so intrigued by it that they decided to air the dialogue live on the radio show. 

The show, which has 30 million subscribers, shared Barrigas’ phone number on the air.. more full lawsuit

Business Espionage: Operation BugDrop - Major Eavesdropping Operation Using PC Microphones to Bug Targets

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research.

The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX.

Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails. Once compromised, infected machines upload the pilfered audio and data to Dropbox, where it's retrieved by the attackers. The researchers have dubbed the campaign Operation BugDrop because of its use of PC microphones to bug targets and send the audio and other data to Dropbox.

"Operation BugDrop is a well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources," the CyberX researchers wrote. more (Heads up. This hasn't hit hard in the Western Hemisphere yet, but be prepared.) 

Spybusters Tip #832: First line of defense... Disable macros on your Word software. Don't turn it back on if prompted to do so by something arriving in your email. ~Kevin

Revenge of the IT Guy (Case #254)

A sacked system administrator has been jailed...

after hacking the control systems of his ex-employer – and causing over a million dollars in damage. 

Brian Johnson, 44, of Baton Rouge, Louisiana, US, had worked at paper maker Georgia-Pacific for years, but on Valentine's Day 2014 he was let go.

He didn't take that lying down, and spent the next two weeks rifling through the firm's systems and wreaking havoc from his home. 

Johnson was still able to connect into Georgia-Pacific servers via VPN even after his employment was terminated.

Once back inside the corporate network, he installed his own software, and monkeyed around with the industrial control systems.

Artist's conception.

His target was the firm's Port Hudson, Louisiana, factory, which produces paper towels and tissues 24 hours a day. In a two-week campaign, he caused an estimated $1.1m in lost or spoiled production. more

Mr. Johnson's emotions imagined as music inside his head.

Czech Mate, or Here's Looking at You Id

Forty-foot statue of David Black Trifot is part of a new multi-genre space outside the city Photo Czech Centre, which is now open to the public. more