"Everybody's doin' a brand-new dance, now"
A federal appeals court in California is reviewing a lower court's definition of "interception" in the digital age... The case, Bunnell v. Motion Picture Association of America, involves a hacker who broke into TorrentSpy's company server and obtained copies of company e-mails as they were being transmitted. He then e-mailed 34 pages of the documents to an MPAA executive, who paid the hacker $15,000 for the job, according to court docuWiretapments.
"I know you'll get to like it if you give it a chance now"
The issue boils down to the judicial definition of an intercept in the electronic age, in which packets of data move from server to server, alighting for milliseconds before speeding onward. The ruling applies only to the 9th District, which includes California and other Western states, but could influence other courts around the country.
"Jump up. Jump back. Well, now, I think you've got the knack."
In August 2007, Judge Florence-Marie Cooper, in the Central District of California, ruled that the alleged hacker, Rob Anderson, had not intercepted the e-mails in violation of the 1968 Wiretap Act because they were technically in storage, if only for a few instants, instead of in transmission.
"Now that you can do it, let's make a chain, now."
"The case is alarming because its implications will reach far beyond a single civil case," wrote Kevin Bankston, a senior attorney for the Electronic Frontier Foundation in a friend-of-the-court brief filed Friday. If upheld, the foundation argued, "law enforcement officers could engage in the contemporaneous acquisition of e-mails just as Anderson did, without having to comply with the Wiretap Act's requirements."
"Do it nice and easy, now, don't lose control"
Cooper's ruling also has implications for non-government access to e-mail, wrote Bankston and University of Colorado law professor Paul Ohm in EFF's brief. "Without the threat of liability under the Wiretap Act," they wrote, "Internet service providers could intercept and use the private communications of their customers, with no concern about liability" under the Stored Communications Act, which grants blanket immunity to communications service providers where they authorize the access.
"Move around the floor in a Loco-motion"
Individuals could monitor others' e-mail for criminal or corporate espionage "without running afoul of the Wiretap Act," they wrote.
"There's never been a dance that's so easy to do."
"It could really gut the wiretapping laws," said Orin S. Kerr, a George Washington University law professor and expert on surveillance law. "The government could go to your Internet service provider and say, 'Copy all of your e-mail, but make the copy a millisecond after the email arrives,' and it would not be a wiretap." (more)
...It even makes you legal when they're feeling screwed,
So come on, come on, do the Loco Motion with me.
"Next stop!
Voicemails, ISPs, and bucket brigading of phone calls.
All aboard!"
Tuesday, August 12, 2008
Monday, August 11, 2008
WiFi / WLAN / 802.11 Spying Instructions
The following information is available to the public at blackhatlibrary.com. Excerpts reprinted below highlight the need for adding WLAN Security Audits to corporate TSCM inspection programs.
"Wireless Network Hacking and Spying Made Simple"
Here’s a quick and simple guide on how to get on to so called “secure” networks as well as a few things you can do to amuse yourself after you are in. Enjoy!
Finding the network
Most wireless networks are configured to broadcast their SSID (Service Set Identifier), when looking for a network to have some fun with I like to start with these if they are available.... If you know that a network exists but you don’t see a SSID in your available networks, or are just curious to see if any are out there, there are a few tools that will get this job done for you.
For Linux users I recommend:
AirJack- A lightweight program.
Kismet- Unquestionably the most powerful wireless program.
For Windows users I recommend:
AirSnort
AirMagnet
Bypassing WEP or WPA
Let me start this section by saying that WEP encryption is a joke. The only thing turning on WEP does is add some extra information to the packets. Aircrack is a free Windows/Linux tool that can break both WEP and WPA-PSK.
Modifying the network
It never fails to surprise me how many routers are left configured to the default admin password and username- if this is the case you can easily hijack an entire network. If the default credentials work, you can easily change the passphrase, SSID or completely turn off the router.
Spying on Connected Users
On a wireless network, the router effectively screams out requested information from any computer to the whole broadcast radius. This means that you can use a program to eavesdrop on other users on the network. (more)
"Wireless Network Hacking and Spying Made Simple"
Here’s a quick and simple guide on how to get on to so called “secure” networks as well as a few things you can do to amuse yourself after you are in. Enjoy!
Finding the network
Most wireless networks are configured to broadcast their SSID (Service Set Identifier), when looking for a network to have some fun with I like to start with these if they are available.... If you know that a network exists but you don’t see a SSID in your available networks, or are just curious to see if any are out there, there are a few tools that will get this job done for you.
For Linux users I recommend:
AirJack- A lightweight program.
Kismet- Unquestionably the most powerful wireless program.
For Windows users I recommend:
AirSnort
AirMagnet
Bypassing WEP or WPA
Let me start this section by saying that WEP encryption is a joke. The only thing turning on WEP does is add some extra information to the packets. Aircrack is a free Windows/Linux tool that can break both WEP and WPA-PSK.
Modifying the network
It never fails to surprise me how many routers are left configured to the default admin password and username- if this is the case you can easily hijack an entire network. If the default credentials work, you can easily change the passphrase, SSID or completely turn off the router.
Spying on Connected Users
On a wireless network, the router effectively screams out requested information from any computer to the whole broadcast radius. This means that you can use a program to eavesdrop on other users on the network. (more)
sixteen-love
LA - Tai Shen Kuo, 58, long-time restaurateur and former tennis pro who pleaded guilty three months ago to spying for China was sentenced Friday to nearly 16 years in prison by a federal judge. “We had hoped to do a little bit better,” said John Hundley, of the Washington, D.C., law firm Trout-Cacheris. (more)
The Geek Chorus Wails Again...
Hackers at the DefCon conference were demonstrating these and other novel techniques for infiltrating facilities...Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections. (which makes our 24/7 rogue cellphone and wifi location service all the more valuable to you)
How about stealing someone's computer passwords? Forget trying to fool the person into downloading a malicious program that logs keystrokes. A tiny microphone hidden near the keyboard could do the same thing, since each keystroke emits slightly different sounds that can be used to reconstruct the words the target is typing.
As technology gets cheaper and more powerful, from cellphones that act as personal computers to minuscule digital bugging devices, it's enabling a new wave of clever attacks that, if pulled off properly, can be as effective and less risky for thieves than traditional computer-intrusion tactics. (more)
Cool Idea - Eavesdrop On Your Car Being Stolen
Morris Mbetsa, an 18 year old self-taught inventor with no formal electronics training from the coastal tourist town of Mombasa on the Indian Ocean in Kenya has invented the "Block & Track", a mobile phone-based anti-theft device and vehicle tracking system.The real-time system uses a combination of voice, DTMF and SMS text messages over cell-based phone service that allows control of some of a vehicles' electrical systems including the ignition.
Another feature of the system is the capacity to poll the vehicle owner by mobile phone for permission to start, as well as eavesdrop on conversation in the vehicle. Mbetsa is now looking for funding to commercially develop his proof of concept and bring it to the market (video)
Good work, Morris. I hope you get your funding.
Sunday, August 10, 2008
SpyCam Story #455 - The IT Boy
FL - A Gainesville man has been arrested for allegedly installing software on a woman’s computer, then using the software to remotely control the camera on her computer to take videos of the woman and her friends while they were clothed and while they were naked. The alleged victim is a Hialeah woman who told police she had a man perform some maintenance on her computer in early July. The woman told police she discovered the program on Monday along with about 20,000 photos of herself and her friends that had been made from the videos taken with the camera.
The man arrested in the case was identified as Craig Matthew Feigin, 23, who was charged with modifying computer data and disrupting or denying computer system services.
Once he was taken into custody, he quickly admitted to this crime, but also admitted to installing these programs on other computers as well. The Gainesville Florida Police believe there are eight or nine other victims. (more) (more)
Saturday, August 9, 2008
Bug Bites... with Bluetooth
Smart spies can build their own bugs; ones which average TSCM detection equipment can't see. One example of this are bugs which use off-the-shelf Bluetooth technology, like Bluegiga. Short range, but very effective.
Another example is second generation Zigbee which can transmit audio a much greater distance.
Both signals are digital. Both blend their transmissions into the sea of legitimate WiFi signals which surround us.
The cost for building these advanced bugging devices is less than $100. per bug.
Discovery requires the most advanced TSCM instrumentation... like what you will find only here.
Wednesday, August 6, 2008
Bugs don't grill people. People grill people.
Philadelphia - A gun-control activist who championed the cause for more than a decade and served on the boards of two anti-violence groups is suspected of working as a paid spy for the National Rifle Association, and now those organizations are expelling her and sweeping their offices for bugs. The suggestion that Mary Lou McFate was a double agent is contained in a deposition filed as part of a contract dispute involving a security firm. (more)
The employee double-cross is an old and highly successful trick. Aside from the obvious, undercover employees also have the time and opportunity to plant bugs and wiretaps. If an employee-spy is discovered be sure to conduct a thorough bug sweep after they are fired. Better... Conducting thorough bug sweeps on a regular basis is a good way to uncover the undercover spy.
SpyCam Story #454 - "Baby let me be..."
Your lovin teddy bear
Put a chain around my neck,
And lead me anywhere
Oh let me be
Your teddy bear.
Australia - A Rivervale man has admitted to secretly filming his female housemate with a camera concealed in a teddy bear in her bedroom.
Russell Christopher Hounslow, 22, pleaded guilty to one count each of using an optical device to record a private activity and possessing an obscene article in the Perth Magistrate's Court today.
Magistrate Steven Heath heard how on April 22 this year, Hounslow's flatmate found a covert camera in the toy, linked to a transmitter under her bed.
Police prosecutor Steve Mayne said the woman then found a similar transmitter on top of a video recorder in the house. (more)
Put a chain around my neck,
And lead me anywhere
Oh let me be
Your teddy bear.
Australia - A Rivervale man has admitted to secretly filming his female housemate with a camera concealed in a teddy bear in her bedroom.
Russell Christopher Hounslow, 22, pleaded guilty to one count each of using an optical device to record a private activity and possessing an obscene article in the Perth Magistrate's Court today.
Magistrate Steven Heath heard how on April 22 this year, Hounslow's flatmate found a covert camera in the toy, linked to a transmitter under her bed.
Police prosecutor Steve Mayne said the woman then found a similar transmitter on top of a video recorder in the house. (more)
"You talkin' to me?" - India
India - Telephone booth operators, taxi drivers and guesthouse owners in the national capital have been asked to keep an eye and eavesdrop on people calling Pakistan, Bangladesh, Nepal, Jammu and Srinagar as Independence Day approaches. Cyber cafes and guesthouses have been told to install closed circuit television (CCTV) cameras. (more)
"You talkin' to me!" - China
China - Tens of thousands of taxi drivers in Beijing have a tool that could become part of China's all-out security campaign for the Olympic Games. Their vehicles have microphones -- installed ostensibly for driver safety -- that can be used to listen to passengers remotely. The tiny listening devices, which are connected to a global positioning system able to track a cab's location by satellite, have been installed in almost all of the city's 70,000 taxis over the past three years, taxi drivers and industry officials say.
...those devices in Beijing taxis can be remotely activated without the driver's knowledge to eavesdrop on passengers, according to drivers and Yaxon Networks Co., a Chinese company that makes some of the systems used in Beijing. The machines can even remotely shut off engines. (more)
"No, I wasn't talkin' to you!" - New Zealand
New Zealand - National leader John Key has hit back at suggestions his party has a hidden agenda after a second set of secret recordings were leaked to 3 News.
Key says the latest recordings are not significant and he has accused Young Labour activists of bugging National's party conference. (more)
Key says the latest recordings are not significant and he has accused Young Labour activists of bugging National's party conference. (more)
Monday, August 4, 2008
Yawn, and your laptop goes to sleep
What if you could simply think about an action, and the computer would respond?Emotiv is currently fine-tuning a mind-reading headset called the Epoc, which should ship late this year. The $299 device purports to eavesdrop on your thoughts and translate them into computer instructions, so you can play a game or arrange photos without using your hands or speaking words.
Epoc "neuroheadset" has 16 sensors embedded in its crossbars that communicate wirelessly with your PC. There are no messy smears or tangles of wires. But in order to get correct readings, the sensors must make just the right contact with your scalp, which can take a fair amount of fiddling. And once the headset is in place, you have to be careful not to move around too much or the sensors will slip, preventing the computer from getting a clear signal. (more)
...and you were self-conscious about wearing your Bluetooth earpiece.
Seriously, you are witnessing the future of eavesdropping. Near-term... physical motion replacement, a boon to the seriously handicapped. Mid-term... Doors that auto-lock if the person approaching is of the wrong frame of mind. Far-term... TiVO your life whenever you want. I can't wait.
Friday, August 1, 2008
PI Toolkit Item #141 - Pocket Phone Bud-dy
Need to record a cell phone call, or any telephone call? Call on your Pocket Phone Bud-dy! An Olympus TP-7 headset.
Plug it into the ‘MIC’ jack of a recorder. Pop the bud in your ear and you are good-to-go.
Captures both sides of the conversation. Frequency range is 50 - 20,000 Hz. Plugs into a 3.5mm monaural jack and comes with two plug adaptors to convert either to a 3.5mm stereo plug or a 2.5mm monaural plug. (more)
Deep Packet Inspection - Computer Santa Claws
Imagine a Santa who receives bags of mail every second, reads and sorts each request, knows everybody's naughty or nice quotient and dispenses the correct 'just deserts' as fast as each request arrives. Creep'ed out yet?
If so, stop reading now.
"Anyone who uses the Internet needs to be aware of Deep Packet Inspection (DPI), its uses, and potential misuses... DPI is next-generation technology that’s capable of inspecting every byte of every packet that passes through the DPI device, that means packet headers, types of applications, and actual packet content... DPI allows people controlling the device to know everything, including the payload of each packet in the data stream. For example, if an unencrypted e-mail is scanned, the actual body of the e-mail can be reassembled and read.
What makes DPI all the more impressive is that the packet analysis happens in real time, with data stream throughput approaching 20-30 Gb. See where I’m going with this? With no loss of throughput, ISPs are able to insert these devices directly in their data streams, forcing all traffic to pass through the devices. Procera, Narus, and Ellacoya are front-runners in development of this technology, having placed equipment throughout the world.
DPI developers are adamant that the technology is benign and will create a better Internet. experience. However, privacy groups have two major concerns: little or no oversight and the potential for losing still more individual privacy.
An optimist would say that DPI will help enhance the experience, even producing ads that are relevant to each individual user. Whereas a pessimist would say it’s “big brother” technology that only benefits ISPs." (more)
A realist would say: "history tends to repeat" "mission creep" "if a technology can be abused..."
Subscribe to:
Posts (Atom)