An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology.
Called SIPtap, the software is able to monitor multiple voice-over-IP call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need to do would be to infect a single PC inside the network with a Trojan incorporating these functions, (see our USB memory stick warnings) although the hack would work at the Internet service provider level as well.
SIPtap demonstrates that the worst-case nightmares of VoIP vulnerability are now well within the capabilities of organized crime, which could use such a program to steal confidential data from companies, governments and even the police. (more)
Wednesday, November 28, 2007
SpyCam Story #407 - Killer Mum Bugged
Killer mum's room bugged with spy cameras
Australia - Child protection authorities at Brisbane's Mater Children's Hospital were so concerned that a baby might be harmed by its mother they had his room bugged with hidden spy cameras, a court has heard.
But no one was watching the night eight-month-old Bray Metius was smothered to death in his cot by model mum Candaneace Lea Metius... (Two days before Bray's death, a decision was made to stop monitoring the footage.)
Metius, 24, who taught parenting classes and won an award for her volunteer work, has admitted to suffocating her son during an "out of body" experience... (more)
Australia - Child protection authorities at Brisbane's Mater Children's Hospital were so concerned that a baby might be harmed by its mother they had his room bugged with hidden spy cameras, a court has heard.
But no one was watching the night eight-month-old Bray Metius was smothered to death in his cot by model mum Candaneace Lea Metius... (Two days before Bray's death, a decision was made to stop monitoring the footage.)
Metius, 24, who taught parenting classes and won an award for her volunteer work, has admitted to suffocating her son during an "out of body" experience... (more)
Mexico expands electronic surveillance
Mexico is widening its capacity for electronic surveillance, using funds from Washington to expand its ability to tap telephone calls and e-mail. The expansion comes as new President Felipe Calderon pushes to amend the Mexican Constitution to allow phone taps without a judge's approval in some cases... The new system provides extensive data storage capacity and will allow voice identification of callers... (more)
Myth - "Eavesdropping Detection is expensive."
Today's article in Forbes Magazine If Security Is Expensive, Try Getting Hacked, by Andy Greenberg, is a great cautionary tale. Andy clearly shows why your IT department's security budget is a good investment in your company's bottom line.
A sister article entitled If Security Is Expensive, Try Getting Bugged is just as easy to document. Periodic sweeps for bugs and wiretaps (TSCM inspections) can be an even better investment in your company's bottom line. Fund both.
In a nutshell...
Intelligence collection is a leisurely process. Enemies quietly collect long before they use. Until they use what they have gathered no harm is done. Knowing this gives you the edge.
• Eavesdropping is not the goal. It is a means to an end. • Eavesdropping is a key component of intelligence gathering.
• Eavesdropping is the one spy trick which is easily detectable.
Protection Requires Detection
Eavesdropping detection audits exploit weaknesses inherent in electronic surveillance.
Knowing someone is interested in you provides time to counter - before harm is done.
A sister article entitled If Security Is Expensive, Try Getting Bugged is just as easy to document. Periodic sweeps for bugs and wiretaps (TSCM inspections) can be an even better investment in your company's bottom line. Fund both.
In a nutshell...
Intelligence collection is a leisurely process. Enemies quietly collect long before they use. Until they use what they have gathered no harm is done. Knowing this gives you the edge.
• Eavesdropping is not the goal. It is a means to an end. • Eavesdropping is a key component of intelligence gathering.
• Eavesdropping is the one spy trick which is easily detectable.
Protection Requires Detection
Eavesdropping detection audits exploit weaknesses inherent in electronic surveillance.
Knowing someone is interested in you provides time to counter - before harm is done.
Tuesday, November 27, 2007
Alert - Throw These Bums Out!
The FM analog wireless presenter's microphone – one of the Top 5 corporate eavesdropping threats. Why? No secret. Radio waves travel. A quarter mile is the advertised standard. Interception of an FM analog signal is easy. Safer solutions exist. Throw these bums out. (Murray Associates - Case History)
Bum Two..
Any meeting planner who still uses FM analog wireless microphones for your sensitive presentations or meetings. Educate them. Give them a chance to change. If they don't, your sensitive meetings become Town Hall Meetings. Throw these bums out.
Bum Three...
Any security director or security consultant who does not point out the dangers of FM analog wireless microphones. They have an obligation to stand up to meeting planners and AV crews. They have an obligation to recommend one of the several, more secure, options available. If they don't. Throw these bums out.
Bum Four...
These days, any AV production company that doesn't invest in digital, encrypted wireless microphones for their clients is stupidly cheap. For years, they hid behind excuses like "digital technology is not reliable enough," and "it lacks fidelity." Those days are over.
You pay these guys hundreds of thousands each year to produce your corporate events. The least they can do is update their equipment (a one-time investment).
They KNOW they are leaking your sensitive/secret information when they
continue to use FM analog wireless microphones. Not upgrading to secure communications is negligence on their part. Demand secure wireless microphones, or... throw these bums out.The New Wireless Mics Can Make Your Meetings More Secure.
Some even have encryption capabilities!
The Newest Solution...
SpectraPulse™ Ultra Wideband (UWB) Wireless Microphone System
Additional Digital Choices...
• Lectrosonics (...and an Encryption White Paper)
• Zaxcom
• Mipro ACT-82
• Telex SAFE-1000
Infrared Choices...
• Glonetic Audio
• PA-System
• Azden
SpyBuster's Tip #106 - Eye-Fi
You see someone on your property taking photos with a digital camera."Not allowed," you tell them.
"My mistake, I'll erase them right now and put the camera away," they say. "Watch."
faba daba zap - pooffff
Camera shows empty.
No more photos. Case closed.
Security wins again.
Not so fast...
Those photos might have zapped their way to a web-based storage site, or a nearby computer (check their napsack), the instant they were taken - thanks to Eye-Fi, a new wireless memory card for digital cameras. (more)
Like other electronic spying tricks...
You need to know what to look for, before you know to look for them. ~ Kevin
Monday, November 26, 2007
Mall Rats - Eating Your Wireless Data
Do you think twice when typing in your credit card number online, but have no problem handing over your plastic card at a store? Well actually, you may have it backward. Your personal information may be more secure in cyberspace than at the mall down the road.
That's because it's easier for dot-coms to protect the data. And most stores in America underestimate how vulnerable they are.
As correspondent Lesley Stahl reports, it's becoming a big problem. The retail industry got a wake-up call earlier this year, when TJX, the parent company of T.J. Maxx and Marshalls, disclosed it had suffered the worst high-tech heist in shopping history. Hackers raided the company's computer system, taking off with tens of millions of records. And what we have learned is: TJX could have prevented it. (more & video)
That's because it's easier for dot-coms to protect the data. And most stores in America underestimate how vulnerable they are.
As correspondent Lesley Stahl reports, it's becoming a big problem. The retail industry got a wake-up call earlier this year, when TJX, the parent company of T.J. Maxx and Marshalls, disclosed it had suffered the worst high-tech heist in shopping history. Hackers raided the company's computer system, taking off with tens of millions of records. And what we have learned is: TJX could have prevented it. (more & video)
Mom and Pop Spy Shop
In an upper-middle class suburb in the Midwest, Tom and Cindy are spying on their 16-year-old daughter Jane.
“It’s a frightening window on our daughter’s world,” Cindy told CBS News science and technology correspondent Daniel Sieberg. “And it’s the dark side.”
They asked that CBS News conceal their identities, because their daughter doesn’t know they are tapping into all her online communications.
But then the dilemma - do they confront her with their knowledge and blow their cover? (more - with video)
Professional spy agencies face the same dilemma daily. The question they don't face, however, is... "Is spying really the best parenting skill that I have?"
“It’s a frightening window on our daughter’s world,” Cindy told CBS News science and technology correspondent Daniel Sieberg. “And it’s the dark side.”
They asked that CBS News conceal their identities, because their daughter doesn’t know they are tapping into all her online communications.
But then the dilemma - do they confront her with their knowledge and blow their cover? (more - with video)
Professional spy agencies face the same dilemma daily. The question they don't face, however, is... "Is spying really the best parenting skill that I have?"
From the 'esoteric but important' files...
New Details Support Tor Spying Theory
"You'll recall the story about the Swedish security researcher who stumbled upon unencrypted embassy e-mail traffic that was passing through five Tor exit nodes he set up. ...
TeamFurry researchers decided to examine the configuration of a few Tor exit nodes to see what they might be up to and found some interesting results...
Of course there's no telling who the exit node owners are (bored hackers, industrial spies or intelligence agencies) or what they're doing for sure, but as TeamFurry notes, the configurations sure look suspicious." (more)
Tor is digital 'Hide and Seek'.
Carter would have loved it.
"You'll recall the story about the Swedish security researcher who stumbled upon unencrypted embassy e-mail traffic that was passing through five Tor exit nodes he set up. ...
TeamFurry researchers decided to examine the configuration of a few Tor exit nodes to see what they might be up to and found some interesting results...
Of course there's no telling who the exit node owners are (bored hackers, industrial spies or intelligence agencies) or what they're doing for sure, but as TeamFurry notes, the configurations sure look suspicious." (more)
Tor is digital 'Hide and Seek'.
Carter would have loved it.
Les Vies de D'autres, or.. ISPsnitch enchfray
From the BBC...
"French web users caught pirating movies or music could soon be thrown offline.
Net firms will monitor what their customers are doing and pass on information about persistent pirates to the new independent body. Those identified will get a warning and then be threatened with either being cut off or suspended if they do not stop illegal file-sharing." (more)
From security pundit, Lauren Weinstein, who puts it a little more bluntly...
"In a breathtaking act of arrogance reminiscent of the heyday of Louis XVI (and likely to trigger similar public reactions among many Internet users, though perhaps unfortunately absent the 'equalizing' influence of la guillotine), the French government and its overseers (the entertainment industry), along with a cowering collection of gutless ISPs, have announced an agreement for ISPs to become the Internet Police Force in France." (more)
"French web users caught pirating movies or music could soon be thrown offline.
Net firms will monitor what their customers are doing and pass on information about persistent pirates to the new independent body. Those identified will get a warning and then be threatened with either being cut off or suspended if they do not stop illegal file-sharing." (more)
From security pundit, Lauren Weinstein, who puts it a little more bluntly...
"In a breathtaking act of arrogance reminiscent of the heyday of Louis XVI (and likely to trigger similar public reactions among many Internet users, though perhaps unfortunately absent the 'equalizing' influence of la guillotine), the French government and its overseers (the entertainment industry), along with a cowering collection of gutless ISPs, have announced an agreement for ISPs to become the Internet Police Force in France." (more)
Sunday, November 25, 2007
Three 'Personal Reasons' Resignations - Just Coincidence?
Canada - Three directors of the Energy and Utilities Board are leaving the agency rocked by a spying scandal for "personal reasons."
John Nichol, Ian Douglas and Graham Lock sat on an EUB panel considering an application for a power line between Calgary and Edmonton. The agency later admitted to hiring private investigators to eavesdrop on landowners opposed to the project. (more)
John Nichol, Ian Douglas and Graham Lock sat on an EUB panel considering an application for a power line between Calgary and Edmonton. The agency later admitted to hiring private investigators to eavesdrop on landowners opposed to the project. (more)
From the Diana inquest...
Diana, Princess of Wales, was so convinced that her telephone calls were being monitored in the months before her death that she changed her numbers regularly, her private secretary said yesterday. (more)
Alert - Email Wiretap Scare Spreads Malware
Miscreants are trying to convince email users that their telephone conversations are being recorded in a ruse designed to scare prospective marks into buying bogus security software. Emails promoting the campaign are laced with a new Trojan horse malware.
The Dorf-AH Trojan horse appears as an attachment in emails claiming that the sender is a private detective listening into a recipient's phone calls. This "detective" claims he's prepared to switch sides and reveal who has paid for the surveillance at a later date.
In the meantime, prospective marks are asked to listen to the supposed recording of one of their recent phone calls that comes attached to the email in the form of a password-protected RAR-archived MP3 file. In reality, however, the MP3 file is not an audio file of a telephone conversation or anything else but a malicious executable program that installs malware onto victim's computer. (more)
The Dorf-AH Trojan horse appears as an attachment in emails claiming that the sender is a private detective listening into a recipient's phone calls. This "detective" claims he's prepared to switch sides and reveal who has paid for the surveillance at a later date.
In the meantime, prospective marks are asked to listen to the supposed recording of one of their recent phone calls that comes attached to the email in the form of a password-protected RAR-archived MP3 file. In reality, however, the MP3 file is not an audio file of a telephone conversation or anything else but a malicious executable program that installs malware onto victim's computer. (more)
Wednesday, November 21, 2007
Hushmail Speaks
Hushmail, the web's leading provider of encrypted web mail, updated its explanation of its security model, confirming a THREAT LEVEL report that the company can and will eavesdrop on its users when presented with a court order, even if the targets uses the company's vaunted Java applet that does all the encryption and decryption in a browser. (more)
Police Phones Tapped
UK - Detectives involved in the cash for honours inquiry had their telephones tapped to find out whether they were leaking information to the media.
The extensive bugging was carried out amid allegations by Sir Gus O’Donnell, the cabinet secretary, that Scotland Yard was leaking information about the progress of the inquiry. (more)
The extensive bugging was carried out amid allegations by Sir Gus O’Donnell, the cabinet secretary, that Scotland Yard was leaking information about the progress of the inquiry. (more)
Subscribe to:
Posts (Atom)