Death by Spycam

The wedding hall was booked and home furnishings all bought... but the bride — one of thousands of women to fall victim to an epidemic of high-tech voyeurism in South Korea — is not here.

Lee Yu-jung took her own life after a colleague secretly filmed her in the changing room of the hospital where they both worked, the country’s first reported spy-cam death.

Footage of Lee was found among a bigger video cache of women, all illegally snatched in the country’s spy-cam epidemic, often with cheap devices as small as a key ring. more

Spybuster Tip #632: Fortify Your Two-factor Authentication

Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead.

 The most popular authenticator apps are Google Authenticator and Authy, but password managers 1Password and LastPass offer the service as well, if that helps you streamline. If you're heavy into Microsoft's ecosystem, you might want Microsoft Authenticator. While they all differ somewhat in features, the core functionality is the same no matter which one you use. more

The Art of Investigation (book)

The Art of Investigation examines the qualities required to be a professional, thorough, and effective investigator. As the title suggests, it delves into more than the steps and procedures involved in managing an investigation, it also covers the "soft skills" necessary to effectively direct investigations and intuit along the way.

The editors and contributing authors* are the best in their field, and bring a wealth of real-world knowledge and experience to the subject. There are several publications available on the nuts-and-bolts of the process and stages of an investigation. That ground has been covered. However, little has been published on the investigative skills required, the traits necessary, and the qualities endemic to an inquisitive mind that can be cultivated to improve an investigator’s professional skill-set.

Each chapter discusses the applicability of the traits to the contributor’s own work and experience as an investigator. more
*Robert Rahn (Lt. Ret.) is one of the excellent contributors.

ISBN-13: 978-1138353787

ISBN-10: 1138353787

FutureWatch: The Demise of the Common Spies

Not so long ago, Secret Agent Man could globe-hop with impunity (sing-a-long) and hide with undercover diplomatic immunity. Now, he may as well wear the Scarlet Letter "A", for Agent.

WTF happened? Quite a bit...

9/11, for one. It's not so easy to fly under the radar these days.

In 2014, U.S. spies were exposed when the Office of Personnel Management was hacked. About 22 million fingerprints, security clearance background information, and personnel records allegedly fell into Chinese hands. In 2015 it happened again.

One can be fairly sure this isn't just a problem for U.S. spies. Other countries get hacked, too. You just don't hear about it.

If all this wasn't bad enough, a spy's best friend turned on him in the 2000's. Technology.

Video cameras are planted everywhere, and facial recognition is becoming more accurate every day. It is being used at airports, in buildings, and with in conjunction with city surveillance cameras. This list will grow, of course.

The latest advancement is analysis of video streams using artificial intelligence logarithms.  Suspicious movements, packages left unattended, predictions of future movements and crimes are analyzed by mindless machines 24/7, waiting to trigger an alert.

On the communications side spyware is a concern. Smartphone and GPS tracking don't help spies hide either.

It has been reported that some countries are compiling real-time databases which incorporate the above-mentioned speed bumps with: taxis, hotel, train, airline, credit card, customs and immigration information. As soon as one enters the country, they know where you are—minute by minute. And, if one takes too long going between locations, or a dual timeline appears (being in different places at the same time), a security alert is generated.

Couple all this with countries sharing information, e.g. EU, being a spy who needs to make in-person contacts becomes nearly impossible.

Think staying out of view is a good spy strategy? For now, perhaps. However, progress is being made by constructing a person's face by the sound of their voice.

The future of spying (no, it won't go away) will be radically different out of necessity. One can only guess how, but I understand they are working very hard on mind-reading.

Be seeing you.

Surveillance is Hot at CES 2020

At CES show, devices that see, hear, track people are promoted. Privacy concerns? Not so much.

From the face scanner that will check in some attendees to the cameras-everywhere array of digital products, the CES gadget show is all-in on surveillance technology...

All these talking speakers, doorbell cameras and fitness trackers come with the promise of making life easier or more fun, but they're also potentially powerful spying tools.

And the skeptics who raise privacy and security concerns can be easily drowned out in the flashy spectacle of gee-whiz technology. more

Information Security and Cryptography Seminar

Information Security and Cryptography —
Fundamentals and Applications
June 8-10, 2020 in Zurich, Switzerland
Lecturers: Prof. David Basin and Prof. Ueli Maurer

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience.

A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2020.html. Early registration is until February 28th.

The seminar takes place in Zurich Switzerland. The lectures and all course material are in English. more

U.S. Securities & Exchange Commission Issues Guidance on IP and Tech Risks

...Among the risks faced by companies is the risk of theft of technology, data and intellectual property through a direct intrusion by private parties or foreign actors, including those affiliated with or controlled by state actors.


While not exclusive, examples of situations in which technology, data or intellectual property may be stolen or compromised through direct intrusion include cyber intrusions into a company’s computer systems and physical theft through corporate espionage, including with the assistance of insiders... more

Your Smart TV is Spying on You — How to stop it...

Those smart TVs that sold for unheard of low prices over the holidays come with a catch. The price is super low, but the manufacturers get to monitor what you're watching and report back to third parties, for a fee.

 Or, in some cases, companies like Amazon (with its Fire TV branded sets from Toshiba and Insignia) and TCL, with its branded Roku sets, look to throw those same personalized, targeted ads at you that you get when visiting Facebook and Google.

It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!

• He tried to stop smart devices spying on him. Here's why he failed. 
  
• Is Your Smart TV Spying on You? Warning From FBI

2020 Quote of the Year - First Contender

“The biggest thing (coming in 2020) is connected everything,” said Carolina Milanesi, a technology analyst for the research firm Creative Strategies. “Anything in the home — we’ll have more cameras, more mics, more sensors.” *
 ----
via The New York Times...
The 2010s made one thing clear: Tech is everywhere in life... In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments. more

* Thus, a need for more TSCM; the yin to espionage yang.

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

Every engineer has stories of bugs that they discovered through clever detective work. But such exploits are seldom of interest to other engineers, let alone the general public.

Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.

It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more

Get Ready for a Wild Security Ride in 2020

Drones are considered mainstream business tools and are used from surveillance and delivery to agriculture and mining.

In 2020, we will see hackers trying to find out what drones know, said Lavi Lazarovitz, group research manager at Cyberark. This information can be vital for intelligence gathering, government control, corporate espionage, and more. It also means CDOs need to consider a security framework when introducing devices like drones from the onset. (and other issues) more

Now Santa's Toys Know if You Are Naughty or Nice

Christmas is over, which means there may be a few extra toys for children in the house.

Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.

...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more

This Month in Spycam News

UK - A school caretaker who installed a hidden camera in a toilet used by female teachers was sentenced to prison after the device recorded him committing the crime... When investigators searched Stupples' house, they discovered 76 videos and nearly 150,000 photos recorded from 50 separate instances of people using the toilet... Even as Stupples initially denied installing the hidden camera, his defense soon fell apart after prosecutors told the court how the accused was "very clearly visible" in one of the videos that showed him installing the device. more

US - Charges are expected to be filed Friday against a one-time registered sex offender suspected of mounting a small video camera inside a grocery store bathroom in Cathedral City. more

US - A Georgia army officer with high-ranking clearance has been arrested on charges of distribution of child pornography after an FBI agent caught him sharing nude pictures of a teenage relative captured via a spy camera. more

CA - A 56-year-old Owen Sound man is facing voyeurism charges after police allege he had been secretly filming a resident for months. Detectives with the Owen Sound Police uncovered a video camera that had been hidden in a fake heating vent in the washroom of an apartment... Police say the man worked maintenance for the building in which the incident occurred and allege the camera was installed in anticipation of a new tenant moving into the unit earlier this year. more

UK - A "deviant" voyeur secretly filmed a woman trying on a dress in a supermarket changing room - but was caught when her nine-year-old daughter saw what was happening. more

 

Walt Disney World Employee Charged with Illegal Recording

A Walt Disney World employee made an illegal audio recording of her interview with Disney security officials while being questioned about thefts at the theme parks, according to prosecutors.

Alicia Reese later shared that secret recording with Patrick Spikes, a former Disney employee who is accused of breaking into a theme park attraction and stealing props, deputies allege.

Prosecutors have charged Reese with an illegal interception of oral communications, a felony punishable by up to five years in prison.

Reese and Spikes have pleaded not guilty to the charges against them. Reese, who had been an employee of ESPN Club restaurant at Disney’s Boardwalk Resort, was interviewed by two Disney security investigators in March about thefts from the company. more

The 11 types of business failure – and how you can learn from the mistakes of others

Founders and business professionals can learn a lot about the failure landscape from Robin Banerjee’s new book, Who Blunders and How: The Dumb Side of the Corporate World. The eleven chapters are written in a conversational style and span 265 pages, full of examples, analysis and tips...

(Guess what made the list.)
Some rivalries between business groups have led to allegations of unethical advertising practices, and even corporate espionage... more

It's easy to "blunder" when it comes to corporate espionage. By definition, espionage is a covert practice. Because you don't see it, you don't believe it is happening. Successful espionage is invisible. Only failures make the news. Successful corporations employ specialists to monitor for espionage.

The Top 200 Worst Passwords of 2019

Independent researchers, who requested to stay anonymous, compiled and shared with us a list of 200 most popular passwords that were leaked in data breaches just this year. The database is quite impressive — 500 million passwords in total. And if you think that’s a lot of leaked passwords, we have some bad news for you — it’s just the tip of the iceberg. more

Here are the Top 20 to get you started...

Top 2020 New Years Resolution... Fortify your passwords.

World's Smallest Video Camera (unfreakinbelieveable!)

This company in Taiwan has been reducing the size of video cameras year after year. I would like to say this is the smallest possible, but they continue to surprise.


If you have privacy concerns caused by the flood of covert video surveillance cameras, stop by here and learn how to fight back.

Trend Micro Reveals Security Worries for 2020

In 2020, tried-and-tested cyber crimes – such as extortion, obfuscation and phishing – will remain, but new risks will inevitably emerge.

Full 5G implementations will introduce new security threats and the increased migration to the cloud will see more organizations facing risks from their cloud and supply chain.

In addition, the sheer number of connected assets and infrastructures will open doors to threats, and fake images, videos, or audio will be used to manipulate enterprise business procedures.

This is according to a new report from security firm Trend Micro, titled: “The New Norm: Trend Micro Security Predictions for 2020.”

...of special interest to our clients...

IOT devices used for espionage, extortion.

Machine learning and AI will be abused to listen in on connected devices like smart TVs and speakers to snoop on personal and business conversations, which can then provide material for extortion or corporate espionage. more

"Electronic Device" Found in Mayor's Office

MI - Flint Police are investigating after an electronic surveillance device was found inside Flint City Hall.

The device was found in the mayor's office, Interim Police Chief Phil Hart said.

Hart said he cannot speak as to what the capabilities of the electronic surveillance device are at this time.

No other information has been released because it is still under investigation. more

Former Flint Police Chief Timothy Johnson believed the device could've been in City Hall when Former Mayor Karen Weaver was in office. 

He said she was concerned when she moved into City Hall that it had been bugged with recording devices. So Johnson said they checked her office, even removing ceiling tiles.* But, he explained, Weaver's was the only office they checked. more

* A professional technical surveillance countermeasures inspection is quite a bit more thorough.

Spybuster Tip #734: Don't Store Incriminating Photos on Your Android Phone

This time around, a team of security researchers found a terrifying flaw with the Android camera apps that could let malicious apps completely take control over a phone’s camera to spy on users without their knowledge.

It doesn’t take a genius to know that photos and videos can contain extremely sensitive information, and therefore, you should think twice about giving an app permission to use a camera...

Android camera apps often store photos and videos to an SD card, granting an app permission to storage gives it access to the entire contents of that card, according to the researchers. And the truly terrifying thing is that attackers wouldn’t even need to request access to the camera.

To demonstrate the vulnerability, the team at Checkmarx recorded a proof-of-concept video. Using a mockup Weather app, the team was able to not only take photo and video from a Pixel 2 XL and Pixel 3, it also was able to glean GPS data from those photos.


The team was able to detect when the phone was face down and could then remotely direct the rear camera to take photos and video. Another creepy bit is that attackers could potentially enact a “stealth mode,” where camera shutter noises are silenced and after taking photos, return the phone to its lock screen like nothing happened.

But perhaps most disturbingly, the video demonstrates a scenario where attackers could start recording a video while someone was in the middle of call, record two-way audio, and take photos or video of the victim’s surroundings—all without the target knowing. more

WhatsApp? Eavesdropping. That's WhatsApp.

WhatsApp parent company Facebook has issued a warning about a new vulnerability on its hugely-popular chat app, which could let hackers take control of their device remotely and eavesdrop on your every conversation.

Facebook has warned users about a potential vulnerability within its WhatsApp chat app that allows cyber-criminals to take control of your device remotely. The security flaw could also allow them to eavesdrop on your conversations.

And if that wasn’t worrying enough, all you’d have to do to let the hackers access your handset is watch a single video... This security flaw affects all versions of WhatsApp, from Windows Phone to iOS. It even includes the enterprise-focused WhatsApp Business. That suggests the issue was found in the underlying code that powers all versions of the chat app...

WhatsApp has closed the loophole with the latest updates to WhatsApp. If you haven’t already got automatic app updates set on your smartphone, you should head to your respective app store and download the latest software to make sure you’re sa

According to Facebook, the potential issue only impacts the following versions of WhatsApp:
fe from attack.

• Android versions of WhatsApp before 2.19.274
• iOS versions of WhatsApp before 2.19.100
• Enterprise Client versions of WhatsApp before 2.25.3
• Windows Phone versions of WhatsApp before and including 2.18.368
• Business for Android versions of WhatsApp before 2.19.104
• Business for iOS versions of WhatsApp before 2.19.100

Beginner's Guide to Small Business Cyber Security

Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.

Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness...

Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements... more

Eavesdropping Vulnerability: Cisco SPA100 - Update Firmware

While setting up a VoIP service in their home, security researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100 Series.

If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.

Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.

...if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild. more

Hot Wheels - Part I

A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . .
And His $9 Million WhatsApp Hacking Van


On a wildflower-lined gravel track off a quiet thoroughfare in Larnaca, Cyprus, Tal Dillian is ensconced in a blacked-out truck. It’s a converted GMC ambulance, pimped out with millions of dollars of surveillance kit, antennas on top reaching out to learn what it can from any smartphone within a 1-kilometer radius and, at the click of a button, empty them of all the content within.

WhatsApp messages, Facebook chats, texts, calls, contacts?
Everything?

“Exactly,” says Dilian, a 24-year Israeli intelligence veteran and multimillionaire spy-tech dealer, though he doesn’t look it; imagine a shabbier, more hirsute George Clooney...

He’s dialing up the charm offensive over the two days he gives Forbes unprecedented access to the normally hidden, clandestine spy-tech industry, estimated to be worth $12 billion and rising. more

Hot Wheels - Part II

Cypriot police have confiscated a van reportedly loaded with sophisticated surveillance equipment and have questioned its Israeli owner following media reports that the vehicle was being hired out to spy on people...

The police probe was initiated after local media highlighted an earlier Forbes report on the Israeli it identified as a former intelligence officer who showed off the $9 million van’s spying capabilities. more

The Invisible Man - 122 Years in the Making

“Quantum Stealth” (Light Bending material) non-powered adaptive camouflage which portrays what is behind the user in-front of the user bending the light around the target. The cost is inexpensive, very lightweight and there are no power requirements.

It even blocks thermal imaging! more

Venezuela's Ex-spy Chief Disappears on Eve of Extradition to U.S. (shocking, just shocking)

Hugo Carvajal, nicknamed "El Pollo," or "The Chicken," was the military-intelligence chief for Presidents Hugo Chavez and Nicholas Maduro, and some experts have said he could be a source of incriminating intelligence on Maduro and his regime...

In written answers to questions by The Associated Press, Carvajal said he wanted to share secret information on drug trafficking and corruption. more | sing-a-long

More Pirates of The Caribbean

Russia’s underwater spy ship recently traveled across the Atlantic Ocean and is currently sailing in America’s backyard. 

Yantar, allegedly a ship meant to research the deep ocean, has an odd habit of skulking around sunken military equipment—and undersea telecommunications cables. 

The ship has suddenly popped up in the Caribbean, prompting military watchers to wonder what the strange ship is up to. 

Yantar is a Russian Navy vessel, but one that lacks a single weapon. The ship was commissioned in 2015 and officially is known as a "special purpose ship" or "oceanographic vessel." It is operated by the Russian Navy's Main Directorate of Underwater Research, which Russian military watchers believe controls Russia’s undersea spying efforts. more

69 Cops Get Body-Cam'ed - Clerk Gets Slammer

A former police records clerk in Southern California was sentenced to six years in jail Friday after he was charged with secretly recording dozens of coworkers as they used the bathroom. 

 
The sentencing for 29-year-old Sergio Nieto came after he pleaded no contest to dozens of invasion of privacy charges in October for spying on 69 coworkers (stop snickering) during his time working at the Long Beach Police Department’s downtown headquarters, the Long Beach Post reports. more

The New York Times Reports: "Bugging Epidemic"

With surveillance gear cheaper and easier to use, security experts say checking your environment for cameras and microphones is not a crazy idea...

A growing array of so-called smart surveillance products have made it easy to secretly live-stream or record what other people are saying or doing. Consumer spending on surveillance cameras in the United States will reach $4 billion in 2023, up from $2.1 billion in 2018, according to the technology market research firm Strategy Analytics. Unit sales of consumer surveillance devices are expected to more than double from last year.

The problem is all that gear is not necessarily being used to fight burglars or keep an eye on the dog while she’s home alone. Tiny cameras have been found in places where they shouldn’t be, like Airbnb rentals, public bathrooms and gym locker rooms. So often, in fact, that security experts warn that we are in the throes of a “bugging epidemic.” more

Spybuster Tip #621: Conduct your own sweeps for covert spycams. Learn how.

Espionage Concerns Change Hiring Policy

The recent resignation of a compliance director at GitLab Inc. illustrates anxiety in the tech industry about foreign espionage...

GitLab’s vice president of engineering, Eric Johnson, said in GitLab’s public discussion forum in October that the firm would no longer hire people living in Russia and China—countries that U.S. authorities have linked to major data security breaches—for some roles where they would be handling sensitive customer data...

The decision was prompted by “the expressed concern of several enterprise customers,” Mr. Johnson wrote on the forum... more

How People Turn iPhones into Bluetooth Bugs

With iOS 12, Apple added a feature, called Live Listen, which essentially turns your AirPods into on-demand hearing aids. 

There's a bit of setup you'll need to do, but once it's done, you can place your phone on a table closer to the person you're talking to and it will send audio to your AirPods.

On your iPhone go to Settings > Control Center > Customize Controls and tap on the green "+" symbol next to the Hearing option. Then, when you need to use the feature put in your AirPods and open Control Center on your iPhone and select the Hearing icon followed by Live Listen. Turn off the feature by repeating those final steps in Control Center. more

Corporate Espionage Alert: If a person excuses themselves from a business meeting to go to the restroom (or other excuse)... NEVER continue the discussion thinking they won't know. They may be using this trick to listen in to what you are saying. More sage corporate counterespionage advice here.

With a Laser, Researchers Say They Can Hack Alexa and Other Assistants

Since voice-controlled digital assistants were introduced a few years ago, security experts have fretted that systems like Apple’s Siri and Amazon’s Alexa were a privacy threat and could be easily hacked.

But the risk presented by a cleverly pointed light was probably not on anyone’s radar.

Researchers in Japan and at the University of Michigan said Monday that they had found a way to take over Google Home, Amazon’s Alexa or Apple’s Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices’ microphones. more

This Week's News About Spies

 Busy, as always...

• California Man Charged With Spying for the Chinese Government 
• Russia Pulls Diplomat Suspected of Spying in Bulgaria
• Poland detains man suspected of spying for Russia
• Youth football coach denies spying allegations after team disqualified from playoffs
• Ex-CIA Spy Flees Italy Over Fear for Her Safety
• How The Relationship Between Trump And His Spy Chiefs Soured
• FTC Banned Retina-X Spying Apps Until Proven For Legitimate Use
• The Air Force’s secretive spy spaceplane is back on Earth after a record two-year stay in space 
• Decision-making tips from a former spy

Drones: An Increasing Business Espionage Concern Worldwide

South Africa - The increased use of unmanned aerial vehicles, or drones, in SA over the last few years has opened local organisations to a significant and evolving scope of threat in areas such as cyber espionage, illegal surveillance, electronic snooping and reconnaissance.

Security experts warn that while drone technology is increasingly being harnessed to carry out a host of commercial tasks faster, safer and more efficiently across industries including agriculture, media, health and defence, it is also increasingly being exploited by criminals as a tool to usher in a new era of physical and IT security threats. more

• Our other Security Scrapbook drone coverage.
• Researching anti-drone technology for your corporate security department? Contact us for our free Anti-Drone Research Paper.

Southwest Airlines Flight Attendant Says Pilots Streamed Secret Bathroom Live Feed into Cockpit

A Phoenix-based flight attendant has sued Southwest Airlines for retaliation after she reported two pilots for live streaming secret lavatory video onto an iPad in the cockpit. 

Renee Steinaker says...she saw an iPad mounted to the jet’s windshield where she could see the pilot in the restroom. She says the co-pilot then told her that the cameras were a new “top secret security measure” which Steinmaker later determined was not true.

She claims that the pilots also left the aircraft unattended after landing the flight, and “left a loaded firearm unattended in the cockpit” which violates FAA regulations. more

The two pilots, both based near Southwest's Dallas headquarters, have denied the allegations in court documents. So has the airline, which dismissed the incident as an "inappropriate attempt at humor" in a statement. more

UPDATE:  A statement by the Southwest Airlines Pilots Association this week:

"Southwest Airlines has never placed cameras and never videoed anyone in any lavatory, and the pilots on Flight 1088 did not video anyone. The incident, which occurred over two years ago, was a poor attempt at humor where the pilot took a selfie video from the chest up, fully clothed, in the lavatory of a completely different airplane months before Flight 1088 and then replayed the exact same selfie video on his iPad when Ms. Steinaker came into the cockpit." more

Kettle Gets Called Black... or, Who's Zoomin' Who

Facebook launched a new front in the battle over encryption yesterday by suing the Israeli spyware firm NSO Group for allegedly hacking WhatsApp, its encrypted messaging service, and helping government customers snoop on about 1,400 victims...

The lawsuit marks the first time a messaging service has sued a spyware company for undermining its encryption and it could prompt a slew of suits against companies that have developed encryption workarounds bolstering governments' ability to spy on their citizens. more

More People Searching for Technical Surveillance Countermeasures (TSCM)

Analysis: More organizations are hardening their defenses against electronic surveillance and information theft.  With TSCM information security surveys becoming mainstream attacks will shift toward the defenseless...

Defenseless equals lunch in the Infowar Jungle.

Espionage Weekend Movie: "The Current War"

Don't let the fancy attire and the Gilded Age setting fool you, there is nasty business afoot in "The Current War."

It's a power struggle, both literal and societal, with Benedict Cumberbatch as inventor Thomas Edison on one side, Michael Shannon as industrialist George Westinghouse on the other, Nicholas Hoult as eccentric visionary Nikola Tesla in the middle and the future of electricity in America hanging in the balance.



In theaters Friday, Oct. 25, the film is a tale of innovation advanced via moral compromise. There are dead animals, corporate espionage, even the invention of the electric chair all deployed in the battle to determine whether Edison's direct current or Westinghouse's alternating current would light up the nation.

It's a story rife with tragedy and squandered potential. more

Spy Doc Dropped

The doctor accused of corporate espionage and stealing trade secrets from blood giant CSL to further his career and to land a job at rival group Pharming has been sacked from his job.

Dutch pharmaceutical company Pharming announced on Thursday that it had permanently terminated Joseph Chiao's employment.

Dr Chiao had been subject to a US court injunction preventing him from starting work at Pharming in October so that CSL and Pharming could investigate CSL's allegations that Dr Chiao had stolen 1,000,000 documents from CSL. more

Hacker Physically Plants Keylogger Devices on Company Systems

A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time.

It appears that the individual was after data relating to an "emerging technology" that both targeted companies were developing.

In February 2017, 45-year old Ankur Agarwal of Montville, New Jersey, trespassed the premises of one of the two tech companies and installed keylogging devices on its computers to capture employee usernames and passwords. He also added his laptop and a hard drive to the company's computer network. more

A Technical Information Security Survey could have prevented this in the first place. ~Kevin

Racoon Steals Data for $200. per Month - Cute

A new kind of easy to use trojan malware is gaining popularity among cyber criminals, providing them with simple means of stealing credit card data, passwords and cryptocurrency -- and it has already infected hundreds of thousands of Windows users around the world.

Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.

Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more

Turning Amazon and Google Smart Speakers into Smart Spies

Researchers at Germany’s SRLabs found two hacking scenarios — eavesdropping and phishing — for both Amazon Alexa and Google Home/Nest devices. They created eight voice apps (Skills for Alexa and Actions for Google Home) to demonstrate the hacks that turns these smart speakers into smart spies. The malicious voice apps created by SRLabs easily passed through Amazon and Google’s individual screening processes...

For eavesdropping, the researchers used the same horoscope app for Amazon’s smart speaker. The app tricks the user into believing that it has been stopped while it silently listens in the background. more

Google Accused of Spying with New Tool

Google employees have accused their employer of creating a surveillance tool disguised as a calendar extension designed to monitor gatherings of more than 100 people, a signal that those employees may be planning protests or discussing union organizing. Google parent company Alphabet “categorically” denies the accusation. 

The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.  

Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more

Hospital Bathroom Video Voyeur had 1 Million Images

FL - Authorities have arrested a 41-year-old man who they say hid a small camera in bathrooms at three Florida medical facilities...

 

Police began investigating on Oct. 3 when a hidden camera was found inside an employee bathroom at St. Mary's Medical Center. 

 

Investigators found more than a million still and video images.

 

(The suspect) was a technician who took CT scans at the hospital and PET scans at medical facilities in Delray Beach and Boca Raton. more

Toga! Toga! Toga! ...SCIF Fight!

SCIF fight shows lawmakers can be their own biggest cybersecurity vulnerability.

About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.

A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more

"You're all worthless and weak!" ~Doug Neidermeyer

CNN - In 1999 a listening device was planted inside the State Department...

After a suspicious rise in Russian diplomats visiting the State Department in 1999, the FBI worked with the Diplomatic Security Service to follow mysterious radio frequencies. For more, watch "Declassified" Sunday at 11 p.m. ET/PT. more

Thanks to our Blue Blase Irregular at Big T for spotting this one for us.

Free Ransomware Decryption Tool

Emsisoft Decryptor for STOP Djvu

The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.

Please note: There are limitations on what files can be decrypted. more

Of course, put all the safeguards in place first so you won't need this tool. ~Kevin

IT / Security Director Alert: Cisco Aironet Wi-Fi High-Severity Vulnerability Patch Available

Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.

It also issued a slew of additional patches addressing other flaws in its products.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more

Why Do CIA Spies Stop at Every Yellow Light?

After spending years in the CIA fighting to prevent nuclear terrorism and other catastrophes, some old habits just will not go away for the ex-spy Amaryllis Fox...

...a former CIA clandestine-service officer and author of the new book "Life Undercover: Coming of Age in the CIA"...

...CIA spies learn to master skills regular people do not, and they stick with you...

...But there is one old habit, she said, that drives her husband a little bit crazy — stopping at every yellow light when she drives. more