Spy History: The CIA Heart Attack Gun

You can say that the gun looks like a toy at best, especially with that ridiculous scope, but from the descriptions of the American senator Franck Church, the weapon is scary, to say the least, even to today’s standards.

The CIA needed a weapon to take care of the targets on their blacklist without living any sort of trace that would bring up suspicions in the media. One of the hot targets was Fidel Castro, the Prime Minister of Cuba from 1959 to 1976. Killing people from a distance was the go-to choice, but every bullet can be traced back. Getting too close to the target would risk the agent being compromised.

This is why the CIA gave the task of creating a new secret weapon to Mary Embree. Embree started working at the CIA as a secretary in the audio surveillance department. With time she got promoted to the technical services department where she was asked specifically to research a new poison that would induce a heart attack on its victim but undetectable in a post-mortem verification.

The technical team came up with a gun that would shoot poisoned projectiles that would dissolve inside the target and induce a heart attack which would be undetectable upon post-mortem. Embree wasn’t able to confirm if the gun was used to assassinate someone, but she did confirm that animals, as well as prisoners, were used to test the weapon.

To explain the strange scope on top of the weapon, besides being a pistol, the gun had had the ability to shot the poisoned projectile from 100 meters with good accuracy, hence the scope. more

Nanny Cam Catches Home Inspector with Elmo Doll

A home inspector caught ... with an Elmo doll has been charged with two misdemeanor counts in a Rochester Hills district court. 

Kevin Wayne VanLuven, 59, was arraigned on charges of aggravated indecent exposure and malicious destruction of property under $200. Bond was set at $2,500 cash or surety. 

The charges stem from a March 12 incident in Oxford Township, when homeowners asked to have their property inspected at request of the buyers. A nursery camera detected movement, the news release said, so the 22-year-old homeowner checked her phone and caught VanLuven in the act. After he finished ... he returned the doll to its original place, the release said. more

Coca-Cola Trade Secret Theft Underscores Importance of Early Detection

The trial of Xiaorong You is set to begin today, April 6, in Greenville, TN. She is accused of trade secret theft and economic espionage after allegedly stealing bisphenol-A-free (BPA-free) technologies owned by several companies, including her former employers Coca-Cola and Eastman Chemical Company. 

The value placed on the development of the stolen technologies is $119.6 million. Other affected companies include Azko-Nobel, Dow Chemical, PPG, TSI, Sherwin Williams and ToyoChem.

Two actions could have stopped the theft or lessened its impact:

• Real-time alerts and processes designed to prevent sensitive and protected data from exiting the corporate environment.
• Prohibiting personal and non-authorized electronic devices, including smartphones, from proximity to trade secrets or sensitive installations. 

Using the smartphone’s camera to copy documents and workspace is a throwback technique of espionage days of old, when miniature and subminiature cameras would be used to copy documents from within restricted spaces. more 

See Murray Associates - Recording in the Workplace Recommendations

Electric Aircraft Start-Up Accuses Rival of Stealing Its Secrets

The age of electric planes may still be years away, but the fight for that market is already heating up.

Wisk Aero, a start-up developing an electric aircraft that takes off like a helicopter and flies like a plane, on Tuesday sued another start-up, Archer Aviation, accusing it of stealing trade secrets and infringing on Wisk’s patents.

The lawsuit brings into public view a dispute between two little-known companies in a business that has become a playground for billionaires. It also entangles giants of aviation and technology. Wisk is a joint venture of Boeing and Kitty Hawk, which is financed by Larry Page, who co-founded Google. Archer’s investors include United Airlines, which is a major Boeing customer and plans to buy up to 200 aircraft from the start-up...

Filed in U.S. District Court for the Northern District of California, the lawsuit accuses two engineers of downloading thousands of files containing confidential designs and data before leaving Wisk to join Archer. Wisk accused a third engineer of wiping history of his activities from his computer before leaving for Archer. more

Spy History: KGB Spy in 1961 Used X-Ray to Crack U.S. Top-Secret Lock

In late 1961 [Robert Lee Johnson] received the top-secret clearance and was admitted into the vault as a clerk. At long last the KGB was in. […] Over the following weeks the infiltration began in earnest as he successfully copied the vault keys using clay molds supplied by KGB operatives. 

In October of 1961 he received a specially manufactured X-ray device from Moscow that he was instructed to place over the final lock in the vault; KGB technicians could then deduce what combination unlocked the vault by studying the cogs inside the locking mechanism...

On 15 December 1962, Johnson accessed the vault for the first time and looted its contents. The operation, extensively rehearsed beforehand, went exactly as planned and by 03:15 the following morning some of America’s most sensitive cryptographic and military information⁠—some of it classified higher than top secret⁠—was on its way to Moscow. more

Lawmakers: Fund Tech to Thwart Telco Spies

Lawmakers want Biden to fund technology they say could secure American telecommunications companies from spies.

A bipartisan group of lawmakers is urging President Biden to include $3 billion in funding for technology it says would reduce American reliance on Chinese telecommunications equipment that could provide a back door for spying.

The money would go to funds established by Congress last year to encourage more American companies to switch over to Open Radio Access Network (OpenRAN) technology. The technology is essentially the software version of the hardware components needed to connect phones within 5G networks. more

Does 5G create new cybersecurity risks?

5G will be able to accept millions of devices per square kilometer on its network, which will allow it to adapt to ever-increasing nomadic uses, such as the autonomous car generalization or remote surgical operations via robots located on the other side of the planet. 

The real promise of 5G will come in September 2021, with the third phase of 5G specifications. These are the data centers located a few kilometers from each branch, which will allow operators to process massive amounts of data and set up new applications for businesses.

 

However, increasing the number of connected devices means that this technology will become a major security issue for governments, people and businesses around the world. Indeed, it also multiplies the entry points of attack for cyber criminals. more

IKEA France Accused of Spying on Employees – Call for Prison Sentence

In an ongoing court case, a prosecutor has demanded IKEA France be fined some €2 million - and for a prison sentence for a former CEO - with the company accused of spying on hundreds of employees.

After five days of the sometimes stormy trial, the Versailles prosecutor's office demanded an “exemplary” sentence be passed down, to send a “strong message” to “all commercial companies”."

The issue at stake in this trial is "the protection of our private lives in the face of a threat, that of mass surveillance", prosecutor Paméla Tabardel told the court.

Fifteen defendants took the stand during the case, including former Ikea France executives, shop managers, but also police officers and the head of a private investigation company. more

Privoro Launches Audio Masking Chamber & RF Shield for Mobile Devices

(Press release) 
Privoro, today revealed its latest product, Vault, a first-of-its-kind defense against remote data capture. The Vault case is a two-in-one portable Faraday enclosure and audio masking chamber for smartphones, providing unsurpassed protection against not only wireless attacks and location tracking but also eavesdropping and spying.

Vault eliminates smartphone signals more effectively than portable, fabric-based Faraday products, delivering a minimum of 100 dB of radio frequency (RF) attenuation – 10 billion times signal reduction. When a smartphone is placed in the Vault case, the smartphone can no longer be reached via cellular, WiFi, Bluetooth, near-field communication (NFC) and radio-frequency identification (RFID).

In addition to RF shielding, Vault's user-controlled audio masking prevents the extraction of intelligible speech up to voice levels of 90 dBA through independent noise signals. Users will have the assurance that conversations in the vicinity of Vault cannot be deliberately captured by bad actors through the enclosed smartphone's cameras and microphones.

Privoro developed Vault to meet the requirements of nation-state customers seeking to tackle the long-standing unique and critical security risks that mobile devices pose. more

 

Criminal Group Accused of Wiretapping State Officals & Companies

The Sverdlovsk Region law enforcement officers apprehended several members of a criminal group over a case of illegal wiretapping of state officials and lawmakers...

"On March 30, police officers carried out a series of searches at residences of members of a criminal group as part of a case ‘on illegal wiretapping.’ The searches took place at 13 locations simultaneously. The wide-scale operation was triggered by an attempt of a key suspect to hide abroad. He was apprehended on March 27 during an attempt to cross the border with Kazakhstan," the source said.

According to the source, the wiretapping of city administration officials and city Duma deputies, as well as regional authorities and representatives of major companies took place in the fall of 2019. more

Spy-turned-TV Host Anna Chapman Urges Russians to Get Vaccinated

Anna Chapman, the Russian intelligence agent busted for spying in the Big Apple in 2010, has now taken on a new mission – persuading vaccine doubters in the Motherland to be jabbed against COVID-19.

The flamed-haired former femme fatale told viewers on REN TV that “the health of your loved ones depends on your decision.”

Chapman, who had been working in real estate in New York, made headlines in 2010 when she was revealed to be part of a Russian sleeper cell.

She was deported to Russia shortly after along with nine other spies as part of a massive prisoner swap and is now a TV presenter. more

Intel Sued Under Wiretapping Laws

FL - A class-action suit in Lake County, Florida, alleges that Intel unlawfully intercepted communications without user consent. The claim is backed by the usage of analytics technology on Intel’s company website. Intel capitalizes on session-replay software to capture the interactions of people visiting the corporate homepage, a violation of user rights.

According to the lawsuit, Intel is violating the Florida state wiretapping law by capturing keystrokes, mouse movements, and other similar session-replay tech. more

G. Gordon Liddy, convicted Watergate conspirator, dies at 90

G. Gordon Liddy, the political operative who supervised the Watergate burglary, which brought down President Richard Nixon, died Tuesday, his family said. He was 90.

Liddy's family said in a statement that he died Tuesday morning at his daughter's home in Mount Vernon, Virginia. It did not give a cause of death. His son, James, said that the cause was not related to Covid-19, and that he had been dealing with Parkinson's disease.

Liddy was one of the organizers of the 1972 break-in of the Democratic National Committee headquarters at the office building with the name that would forever be linked to one of the biggest political scandals in American history...

Liddy was convicted of conspiracy, burglary and wiretapping in 1973 and sentenced to 20 years in prison. Years later, he declared, "I'd do it again for my president."...

In an interview with WHYY "Fresh Air" in 1980 after the publication of his autobiography, Liddy described unusual ways of overcoming fears as a child, including rats.

He went to the waterfront to confront the rats, but they would swim away. When his sister's cat killed a rat, he decided to eat it. "And so I cooked and consumed part of the rat. And thereafter, I had no fear of rats," Liddy said. more

Breaking: Billions of Online Trading Broker Records Have Been Leaked

Researchers at WizCase have discovered a massive data leak that belongs to FBS, a Cyprus-based online trading broker used by millions of traders in over 190 countries. 

The leak includes sensitive personally identifiable information (PII), financial information, government documents, numbers, and even passwords in plaintext form...

The consequences for the exposed individuals are grave, ranging from identity theft and banking fraud to scams, phishing, blackmailing, and even business espionage. The details that have been exposed are just too revealing, and mitigating the risks now is very complicated – if at all possible.

If you were using FBS, you should reset all your passwords, enable 2FA and monitor your bank account activity closely. more

Industrial Espionage Quote of the Week: Most In-Demand Career

"...companies are increasingly at risk from hacking and industrial espionage. Protecting data and defending corporate networks is poised to be one of the most in-demand careers of the future." — Doros Hadjizenonos, Regional sales manager at Fortinet  more

Iowa Passes New Electronic Surveillance Law

IA - New penalties for those found guilty of trespassing to set up electronic surveillance equipment on someone else's property to secretly capture images or video have passed in the House.  

Iowa legislators have been trying to enhance trespassing laws for nearly a decade in response to undercover operations in large-scale livestock operations. Republican Representative Jarad (JAIR-ud) Klein of Keota says the bill addresses somebody that has ill intentions and wants access to somewhere where they don't have a reason to be. 

Critics say the bill could be used to shield those who are mistreating animals or it could prevent reporting of unsafe working conditions in Iowa meatpacking plants. more

How Grandma Hears Everything...

 …and why your business should care. 

There is a new eavesdropping spy trick in town. You could get burned unless you know about it.

Let’s start with Grandma. She is hard of hearing. A while back the family gave her money to buy two new hearing aids. Nice. Now she has stopped saying, “WHAT!” all the time. She hears everything clearly. 

There is only one problem. She seems to  hear everyone’s conversations even when she is not in the room. Sometimes she is in her room with the door closed. 

It’s a mystery, but we’ll figure it out soon. more

Cars Know Your Location. A Spy Firm Wants to Sell It to the Military

• 15 billion car locations.
• Nearly any country on Earth.
‘The Ulysses Group’ is pitching a powerful surveillance technology to the U.S. government.

A surveillance contractor that has previously sold services to the U.S. military is advertising a product that it says can locate the real-time locations of specific cars in nearly any country on Earth. It says it does this by using data collected and sent by the cars and their components themselves, according to a document obtained by Motherboard.

"Ulysses can provide our clients with the ability to remotely geolocate vehicles in nearly every country except for North Korea and Cuba on a near real time basis," the document, written by contractor The Ulysses Group, reads. "Currently, we can access over 15 billion vehicle locations around the world every month," the document adds. more

Placed in my Grain of Salt file until I can verify.

Spy Tech: Listening May be the Key to Cloning Your Key Says Spikey

Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raises suspicion. 

In this paper, we propose SpiKey, a novel attack that significantly lowers the bar for an attacker as opposed to the lock-picking attack, by requiring only the use of a smartphone microphone to infer the shape of victim’s key, namely bittings (or cut depths) which form the secret of a key. 

When a victim inserts his/her key into the lock, the emitted sound is captured by the attacker’s microphone. SpiKey leverages the time difference between audible clicks to ultimately infer the bitting information, i.e., shape of the physical key.

As a proof-of-concept, we provide a simulation, based on real-world recordings, and demonstrate a significant reduction in search space from a pool of more than 330 thousand keys to three candidate keys for the most frequent case. more

Ion Mihai Pacepa, Key Cold War Defector, Dies at 92

A general in the Romanian intelligence service, he later revealed the corruption and cruelty behind his country’s Communist regime. He died of Covid-19.

Lt. Gen. Ion Mihai Pacepa, a senior Romanian intelligence official and an adviser to his country’s president, Nicolae Ceaucescu, arrived in Bonn, West Germany, one day in June 1978 on a diplomatic mission. Mr. Ceaucescu had given him a message for the German chancellor — and orders to devise a plan to assassinate an American journalist who covered Romania.

An engineer who specialized in industrial espionage, Mr. Pacepa had no interest in murder. And so, he entered the U.S. Embassy and announced his intention to defect. When he landed at Andrews Air Force Base a few days later, he became one of the highest-ranking officials to flee the Soviet bloc during the Cold War.

Mr. Ceaucescu offered a $2 million reward for his death, and reportedly hired Ilich Ramírez Sánchez, a Venezuelan terrorist known as Carlos the Jackal, to find him. more

Poor Due Diligence Can Carry a Costly Bite

A failure to properly consider cyber security in M&A due diligence could be a ticking time bomb for companies, with undiscovered breaches leading to reputational damage and multimillion-dollar fines.

The warning from consulting giant Accenture comes as cyber security firm McAfee unveils an espionage campaign linked to a Chinese hacking group it said is targeting telcos in the US, Europe and south-east Asia. more

Cyber is only one M&A due diligence technical precaution to undertake.

Secret Recordings & a High Stakes Divorce

UK - A judge is overseeing a private divorce court hearing featuring a member of one of Britain's most famous business families and his estranged wife.

Sir Frederick Barclay, 86, and Lady Hiroko Barclay, 78, are both expected to give evidence at the virtual trial in the Family Division of the High Court...

The nephews - all sons of his twin brother David - allegedly made over 94 hours of secret recordings as part of what his lawyers have described as 'commercial espionage on a vast scale'. more | Some of the bugging video.

In Recent Spy News...

Spies may have been among those forced to work remotely by the coronavirus pandemic, say researchers from the Finnish Security and Intelligence Service Supo... According to Supo researcher Veli-Pekka Kivimäki, the number of online espionage targets has risen in part because of the increase in the number of people working remotely. more

The U.S. intelligence community concluded with “high confidence” that China didn’t attempt to change the outcome of the 2020 election, an assessment that contradicts repeated assertions by former President Donald Trump and his allies. more

Email-management provider Mimecast has confirmed that a network intrusion used to spy on its customers was conducted by the same advanced hackers responsible for the SolarWinds supply chain attack. more

Privacy-focussed search engine DuckDuckGo (DDG) called out Google for spying on users after the latter updated privacy labels on Apple’s App Store to show the type of data it collects from users. more

Iran has charged a French tourist with spying and “spreading propaganda against the system,” his lawyer said Monday, the latest in a series of cases against foreigners at a time of heightened tensions between Iran and the West. more

A 22-year-old Army personnel has been arrested on charges of spying and leaking confidential information to Pakistani agents. Akash Mehria, who hails from Sikar, was allegedly honey-trapped and was supplying information to woman Pakistani agents. more

Podcast studio Wondery has released the first audio trailer for Spy Affair, a new six-part miniseries. The show, which premieres March 30th on Apple Podcasts, investigates the true story of Russian gun advocate Maria Butina, who was convicted in 2018 of conspiring to act as a foreign agent within the United States. more

China to soon try 2 Canadians on spying charges... A Communist Party newspaper says China will soon begin trials for two Canadians arrested in apparent retaliation for Canada's detention of a senior executive for Chinese communications giant Huawei Technologies. more

How to Hire a Genuine Hacker For Cell Phone Spying Easily... Would you like to hire a genuine hacker for cell phone spying anonymously? All we know that finding real professional hackers on the internet is as difficult as finding water in the desert. We have come to highlight some of the special aspects of cell phone hacking to alleviate your suffering. more

In post-war Armenia, spy mania running amok... Two spy scandals involving well-regarded organizations speak to Armenians’ loss of faith in the international community, as well as the opposition’s interest in taking advantage of that mistrust. Our weekly Post-war Report. more

Google Jumps into Your Nest with its Own New Nest

Google has launched a new ‘Nest Hub’ home assistant that tracks its owners’ sleep.

It comes in a range of colors, and can be ordered today. Like the existing Nest Hub, it can show photos and videos from Google’s owner services like YouTube and Google Photos, integrates with other services such as Netflix, and can be used to control the home.

But its standout feature is its new sleep tracking technology. To use it, the Nest Hub is supposed to be placed on a bedside table, so that it can monitor its owners as they sleep. 

It can not only track the amount of sleep, and how deep it is, but also other things that might disturb that sleep – as well as other people sharing the bed – such as coughing and snoring. more

Interesting points...
• Google says the recorded audio and raw Soli data stays on the device and does not get sent to Google, though extrapolated sleep event data is sent to the company’s servers.
• Sleep Sensing (Google’s name for sleep tracking) is completely opt-in and can be disabled at any time.
• This will be a paid feature.
For some people this will be helpful and worth it. For others, it is AI creepy creep.
Hackers, on your mark! ...

A Hacker Got All My Texts for $16

A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

I didn't expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me. more

Information Security as a Service (ISaaS) - The Future of Information Security

Free-world businesses know they have a problem. They are bleeding their life-blood. Manufacturing was phlebotomized first. Bleeding now is their intellectual property and confidential information. What happens when these are gone?

We are watching a death of a thousand cuts, but it can be stopped. This paper examines how to do it... more

Security startup Verkada hack exposes 150,000 security cameras...

 ... in Tesla factories, jails, and more.

Verkada, a Silicon Valley security startup that provides cloud-based security camera services, has suffered a major security breach. Hackers gained access to over 150,000 of the company’s cameras, including cameras in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, jails, schools, police stations, and Verkada’s own offices, Bloomberg reports.

According to Tillie Kottmann, one of the members of the international hacker collective that breached the system, the hack was meant to show how commonplace the company’s security cameras are and how easily they’re able to be hacked. In addition to the live feeds, the group also claimed to have had access to the full video archive of all of Verkada’s customers... more

Privacy and the Clubhouse App

Clubhouse might be the hottest app that's not even publicly available yet, but privacy issues are already being discussed online. Some of the people who are particularly upset? Those who say they have profiles without even having used the app before...

Clubhouse reportedly requests access to your phone's contacts, under the pretense that you can connect with other users of the social network. But people are claiming that Clubhouse takes information from your contact list and builds "shadow profiles" of people who have never signed up...

If you allow Clubhouse to use your contact list, the app then reportedly has access to your contacts' names, phone numbers and how many friends they have on Clubhouse. But that's not all. Privacy advocates note Clubhouse records voice chats of the virtual rooms, which also doesn't sit well with some current users of the app.

Clubhouse's Community Guidelines states: "Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live." more

More privacy considerations...
• Clubhouse app technology runs on the platform of Agora.io, an audio tech startup in Shanghai, China.
• Voice recordings may be paired with personal account details, and transferred into a government dossier for future voice identification surveillance purposes.
• What is said using the app may not be very private given hackers, lurkers and government interests. Not a good way to communicate confidentially.

“I refuse to join any club that would have me as a member” ― Groucho Marx

 

TSCM Detection Evaluation of the AudioWow Wireless Microphone

AudioWow advertising is enticing, a Wireless Audio Studio Microphone in a Matchbox Size.

Certain features pointed in that direction…

• Nano sized.
• Records directly to a smartphone.
• Up to 50 foot range. Good enough for some operations.
• Bluetooth transmission. Low probability of intercept.
• Professional quality sound.
• Equalization capabilities.
• Noise reduction capabilities.
• Audio to text transcription… in 120 different languages!

Could it be useful as a spy device?
Could a TSCM bug sweep detect it?
We tested and found... more

Spy Tech - Molar Mic - No more finger to ear and mouth to sleeve.

Next time you pass someone on the street who appears to be talking to themselves, they may literally have voices inside their head…and be a highly trained soldier on a dangerous mission. 

The Pentagon has inked a roughly $10 million contract with a California company to provide secure communication gear that’s essentially invisible.

Dubbed the Molar Mic, it’s a small device that clips to your back teeth. The device is both microphone and “speaker,” allowing the wearer to transmit without any conspicuous external microphone and receive with no visible headset or earpiece. 

Incoming sound is transmitted through the wearer’s bone matter in the jaw and skull to the auditory nerves; outgoing sound is sent to a radio transmitter on the neck, and sent to another radio unit that can be concealed on the operator. From there, the signal can be sent anywhere. more

How the Cincinnati FBI Cracked the Chinese Spy Case at GE Aviation

The GE Aviation engineer was deeply involved in the design and analysis of new commercial jet engines, a technology at the top of the shopping lists of Chinese intelligence operatives.

It took the spies only a few months to get him to accept their offer: A $3,500 fee paid in U.S. currency, and free travel, lodging and meals for a one-hour presentation in China. more

GE Aviation takes their information security seriously. Applause. Most companies aren't doing all they can. Too few employ Technical Surveillance Countermeasures (TSCM) / counterespionage consultants, for example. The result... They don't know what they are missing, in more ways than one.

What Work From Home is Doing to Corporate Security

Behavox, AI-based data operating platform used by firms to catch misconduct before it causes massive regulatory fines and company crises, has found a startling increase in corporate misbehavior and decline in employee morale as a result of working at home indefinitely...

The ECR Report reveals numerous misconduct and morale issues resulting from loosening professional standards, widespread frustration, and mounting stress. 

Prominent findings include the prevalence of illegal misconduct, such as employees willingly breaking security policies, corporate theft, and espionage, as well as harmful behavior like racism, sexual harassment, and bullying... 

Key Findings

Illegal Misconduct: Pornography, Drugs, And Espionage - the report cites instances of employees who:

● Intentionally broke the company's security policy (19 percent)

● Witnessed employees stealing corporate information (16 percent in U.S., 8 percent overall)

● Know an employee who willingly introduced a security threat to sabotage their company (16 percent)

● Know actual employees arrested for suspected corporate or international espionage (11 percent)
more

.....Word on The Street.....

Goldman Sachs: Bank boss rejects work from home as the 'new normal'
“I do think for a business like ours, which is an innovative, collaborative apprenticeship culture, this is not ideal for us. And it’s not a new normal. It’s an aberration that we’re going to correct as soon as possible,” he told a conference on Wednesday. more

.....What Smart Corporations Will Be Doing Soon.....

Electronic Eavesdropping Detection – The Other Corporate Covid Deep Clean
"The reality is, organizations just don’t know if employees will be returning to hot-wired offices."

.....UPDATE 3/10/2021.....  

A Quarter of American Workers Are Already Back at the Office
Employers are hoping FOMO gets you to come in, too.

The Most Secure and Anonymous Communication Tools Available

 via David Koff, Tech Talk - The Technology Newsletter for Everyone...

What I’m about to share with you here is… kind of fringe. Like, “Edward Snowden” fringe.

Hopefully, that got your attention.

For some years now, the hacker, privacy, and journalism communities have all been debating, discussing, and using the tools I’m about to share with you in this installment. These tools are used not only to lock down your security and anonymity on the known internet, but also to access the portions of the internet that are normally hidden — “The Dark Web.” 

Despite their usefulness, I haven’t really seen information about these tools shared with the general public in a straightforward, easy-to-understand way. I think it’s worth changing that; while most of us don’t need the same high-privacy, high-security tools that confidential informants, journalists, and whistleblowers use, we should all know about these tools in case the time comes when we actually need them. more

New iOS 14.5 Security Feature Will Stop Hackers in Their Tracks

...it looks like Apple is making some pretty big sweeping steps in iOS 14.5 to lock the whole system down even further.

In fact, Apple has already been taking steps to harden iOS 14 against one of the most common exploits — iMessage vulnerabilities — thanks to a very cool new technology dubbed ‘Blastdoor’. However, it looks like Blastdoor was only the beginning, with iOS 14.5 adding some new defences against “zero-click” attacks in general...

As the name implies, a “zero-click attack” is a method by which hackers can take advantage of security vulnerabilities to get into your iPhone or iPad without requiring any interaction on your part. more

 

Hot Microphone Strikes Again – School Board Resigns

The president and three members of a school board in Northern California have resigned after they were heard making disparaging comments about parents in the school district during a virtual board meeting last Wednesday. 

Members of the Oakley Union Elementary School District (OUESD) Board of Trustees apparently believed they were speaking privately in the moments before the meeting started, CNN affiliate KPIX reported, when in fact, community members had already logged on to watch. 

In a recording of the meeting posted anonymously to YouTube, the superintendent and board members are heard discussing the agenda for the meeting before then-board member Kim Beede says, "Are we alone?" more  sing-a-long

This Week in Spy News

Electronics shops in Hong Kong have seen a sharp increase in demand for cheap burner phones as the Chinese-ruled city’s government eases coronavirus restrictions but pushes the use of a Covid-19 contact-tracing app which has raised privacy concerns. more 

Congressman Murphy reintroduces legislation to crack down on foreign spying at universities... According to the Intellectual Property Commission, they estimate foreign groups steal $300 billion in American intellectual property annually, and the Commission says China is responsible for 70% of that theft or $210 billion annually. more

Critical Flaw in Agora SDK Lets Hackers Eavesdrop on Live Video Calls...
Agora works with MeetMe to integrate its live video streaming features with the popular dating app and online therapy platform Talkspace to facilitate online mental health therapy sessions. more

SolarWinds attack hit 100 companies and took months of planning, says White House...
Anne Neuberger, deputy national security advisor for Cyber and Emerging Technology at the White House, said in a press briefing that nine government agencies were breached while many of the 100 private sector US organizations that were breached were technology companies. more

WARNING: Web Tracking Might Expose Businesses to Wiretapping Lawsuits...
Imagine this. A consumer goes to your website to buy your goods or services. Your website works great, thanks in part to a small bit of code your company licenses that allows you to track a consumer’s experience on your website, commonly called “session replay” software....A few weeks later you’re being served with a class action lawsuit alleging violations of the Federal Wiretap Act and/or analogous State statutes... more

Top 9 Surveillance Videos of the Week: Naked Man Breaks Into House With Baseball Bat...
Other top surveillance videos of the week include the “world’s worst Door Dash driver,” an armed dog theft and more. 

(Man identified as Guy Dixon. You can't make this up.)

'Spy pixels in emails have become endemic'...
Emails pixels can be used to log:
• if and when an email is opened
• how many times it is opened
• what device or devices are involved
• the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on. more

Former Union Spy & Freedom Crusader, Harriet Tubman Inducted Into Hall of Fame...
One hundred and fifty years after her work as a Union spy, Harriet Tubman is being inducted into the U.S. Military Intelligence Corps Hall of Fame, The Washington Post reports. more

James Bond Theory: 007's True Mission Is to Distract From OTHER Spies...
For those wondering how such a non-secretive spy became so prominent, a recent Reddit theory looks to provide an answer — and it's pretty convincing. James Bond isn't meant to be a successful agent; he is a distraction that allows other truly secret MI6 operatives to complete their missions. more

Electronic Eavesdropping Detection – The Other Corporate Covid Deep Clean...
Corporate espionage has never been easier. Workplaces—unpopulated for months— became easy targets for corporate spies and foreign government types. The pandemic created a golden opportunity to Deep Plant their electronic surveillance devices...The reality is, organizations just don’t know if employees will be returning to hot-wired offices. more

Spymaster’s Prism by Jack Devine (book)

In Spymaster’s Prism the legendary former spymaster Jack Devine details the unending struggle with Russia and its intelligence agencies as it works against our national security. 

Devine tells this story through the unique perspective of a seasoned CIA professional who served more than three decades, some at the highest levels of the agency. He uses his gimlet-eyed view to walk us through the fascinating spy cases and covert action activities of Russia, not only through the Cold War past but up to and including its interference in the Trump era. Devine also looks over the horizon to see what lies ahead in this struggle and provides prescriptions for the future.

Based on personal experience and exhaustive research, Devine builds a vivid and complex mosaic that illustrates how Russia’s intelligence activities have continued uninterrupted throughout modern history, using fundamentally identical policies and techniques to undermine our democracy. He shows in stark terms how intelligence has been modernized and weaponized through the power of the cyber world.

Devine presents his analysis using clear-eyed vision and a repertoire of better-than-fiction spy stories, giving us an objective, riveting, and candid take on U.S.-Russia relations. He offers key lessons from our intelligence successes and failures over the past seventy-five years that will help us determine how to address our current strategic shortfall, emerge ahead of the Russians, and be prepared for what’s to come from any adversary. more

• Hardcover : 304 pages
• ISBN-10 : 1640123784
• ISBN-13 : 978-1640123786
• Item Weight : 1.74 pounds
• Dimensions : 5.98 x 9.02 inches
• Publisher : Potomac Books (March 1, 2021)
• Language: : English

 

Pretty Good Phone Privacy - Protects Both User Identity and Location

Abstract

To receive service in today’s cellular architecture phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations as operators sell and leak identity and location data of hundreds of millions of mobile users. 

In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators. 

We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified back end stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency trade-offs in a simulation of a large metropolitan region. We show how PGPP maintains today’s control overheads while significantly improving user identity and location privacy. more

BONUS... "It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers." a good summary explanation

There Are Spying Eyes Everywhere...

 ...and Now They Share a Brain.

Security cameras. License plate readers. Smartphone trackers. Drones. We’re being watched 24/7. What happens when all those data streams fuse into one?

...it’s a mistake to focus our dread on each of these tools individually. In many places across the world, they’re all inputs for a system that, with each new plug-in, reaches a little closer to omniscience.

That idea—of an ever-expanding, all-knowing surveillance platform—used to be a technologist’s fantasy, like the hoverbike or the jetpack. To understand how this particular hoverbike will finally be built, I began by calling up the people who designed the prototype. more

Is Russia Targeting CIA Spies with Secret Weapons?

Marc Polymeropoulos woke up in his hotel room with his head spinning and ears ringing. "I felt like I was going to vomit. I couldn't stand up. I was falling over," he recalls. "I have been shot at numerous times and this was the most terrifying experience in my life."

Polymeropoulos had spent years in Iraq, Syria and Afghanistan as a senior officer of the CIA fighting America's war on terrorism. But that night in Moscow he believes he was targeted by a secret, microwave weapon. more

Spyware in Wallpaper, Restaurant and Games Apps

Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents, according to a leading cyber-security company.

The efforts were directed against individuals in Iran and 12 other countries, including the UK and US, Check Point said.

It said the two groups involved were using new techniques to install spyware on targets' PCs and mobile devices.

And this was then being used to steal call recordings and media files.

One of the groups, known as Domestic Kitten or APT-50, is accused of tricking people into downloading malicious software on to mobile phones by a variety of means including:

• repackaging an existing version of an authentic video game found on the Google Play store
• mimicking an app for a restaurant in Tehran
• offering a fake mobile-security app
• providing a compromised app that publishes articles from a local news agency
• supplying an infected wallpaper app containing pro-Islamic State imagery
• masquerading as an Android application store to download further software more
  

Snatched from a Beach to Train North Korea's Spies

15 November 1977, Niigata, Japan: It was after sunset on a crisp November evening when Megumi Yokota left her last badminton practice. Sharp winds chilled the fishing port of Niigata, and the grey sea rumbled at its brink.

The lights of home were seven minutes' walk away.

Megumi, 13, with her book-bag and badminton racquet, said goodbye to two friends 800ft from her parents' front door. But she never reached it...

Out on the Sea of Japan a boat manned by North Korean agents was speeding towards the Korean Peninsula with a terrified schoolgirl locked in the hold...

The country's future leader Kim Jong-il, then head of its intelligence services, wanted to expand his spy programme. Kidnapped foreigners weren't just useful as teachers. They could be spies themselves, or Pyongyang could steal their identities for false passports. They could marry other foreigners (something forbidden to North Koreans), and their children, too, could serve the regime. more

Courthouse TSCM Surveillance Sweep Yields...

At the Jackson County Commission meeting... Interim Chairman Jason Venable gave an update on the counter-surveillance sweep that was done at the courthouse after allegations of covert surveillance surfaced. 

Venable held a four-page report as he gave the results.
Venable stated, “Based on the examinations, the writer is of the opinion that no video evidence or active covert video/audio/collection evidence was identified in the area examined during the time of these examinations.”

According to Venable, the person who performed the sweep is from a company in Birmingham and is the same person hired for the Bench and Bar, who swept the entire upstairs of the courthouse, such as offices, judge’s chambers, courtrooms, etc., along with the bottom floors. According to EMA Director, Paul Smith, the sweeps lasted until almost midnight. Each department head was present and directed to ensure every possible area was covered. more

People need InfoSec tips. People want TikTok-style Sea Shanties...

So Rachel Tobac of Social Proof Security gave the people what they want:
a TikTok-style sea shanty about infosec. more sing-a-long

Russian Hack Changes Court Rules on Handling Sensitive Information

Trial lawyer Robert Fisher is handling one of America’s most prominent counterintelligence cases... Under new court rules, he’ll have to print out any highly sensitive documents and hand-deliver them to the courthouse.

Until recently, even the most secretive material — about wiretaps, witnesses and national security concerns – could be filed electronically. But that changed after the massive Russian hacking campaign that breached the U.S. court system’s electronic case files and those of scores of other federal agencies and private companies.

The new rules for filing sensitive documents are one of the clearest ways the hack has affected the court system. But the full impact remains unknown. Hackers probably gained access to the vast trove of confidential information hidden in sealed documents, including trade secrets, espionage targets, whistleblower reports and arrest warrants. It could take years to learn what information was obtained and what hackers are doing with it. more

And The Darwin Award for Spying Goes To...

VA - The Stafford County Sheriff's office has charged a "Peeping Tom" who was allegedly spying on women in a locker room at Onelife Fitness on Garrisonville Road in Stafford, Virginia.

The alleged peeper, identified as 41-year-old Brian Anthony Joe of Woodbridge, was charged after falling through a ceiling in the women's locker room at the gym and landing on a woman below. He was then cornered by patrons at the gym until law enforcement arrived. more

PI News: Famous Private Eye Jack Palladino Gravely Injured in Robbery / RIP

Jack Palladino, the (San Francisco) private investigator who worked on high-profile cases ranging from the Jonestown mass suicides to celebrity and political scandals, has been placed on life support after suffering a head injury during an attempted robbery.

Palladino, 70, had just stepped outside his San Francisco home on Thursday to try out his new camera when a car pulled up and a man jumped out to grab it from him, police and the detective's stepson Nick Chapman told the San Francisco Chronicle.

As the suspect grabbed the camera, Palladino fell and hit his head on the pavement, causing a traumatic head injury. Chapman said Palladino was not expected to survive after undergoing surgery to stop the massive bleeding.

Palladino was wrapping up one final case before joining his wife and work partner, Sandra Sutherland, in retirement.  more

UPDATE: Jack died February, 1 2021. more

Jackson County (AL) Conducts "Professional Search" for Surveillance Cameras

AL - The Jackson County Commissioners Office moved ahead with a professional search of the courthouse, and a number of other county buildings in Scottsboro, after the discovery of a surveillance camera that may have been used to inappropriately watch a female employee. The Alabama Law Enforcement Agency (ALEA) is currently investigating those allegations...

District 3 Commissioner AJ Buckner told News 19 that so far, they have found no evidence that any other cameras are where they should not be, but they would like to go through a security sweep process to be sure.

No word from officials on whether Tuesday’s sweep turned up any inappropriately placed surveillance cameras. The investigation by ALEA is ongoing. more

This is an uncommon case of smart due diligence. Congratulations JCCO. If you would like to learn how to perform your own search, click here.