Face-blurring Technology in CCTV Systems
Could Protect Privacy, Researcher Says
According to New Scientist, Hewlett-Packard computer scientist Jack Brassil and his team have created "Cloak," a technology designed to protect individuals' privacy when CCTV operators share images. If fielded, the system's participants would be akin to those on the national "do-not-call" list, which targets unwanted telephone solicitation, Brassil says.
To opt into Cloak, a person would first need a "privacy enabling device" - most conveniently a mobile phone with GPS capability. The device would wirelessly beam the user's position, direction, and velocity to a central system server. (more)
Wednesday, February 4, 2009
SpyCam Story #515 - Showered With Gifts
A 39-year-old Michigan man was charged Monday after the Macomb County Sheriff's Office said he allegedly videotaped a neighbor's daughter in her Bruce Township home.Macomb County Sheriff Mark Hackel said the 10-year-old's parents found a wireless camera mounted in the girl's bathroom and notified the sheriff's office.
Hackel said the girl's parents suspected a neighbor, Stephen Ray Keller, because he had been "over friendly" with the girl recently and had given her gifts. (more) (more)
This week in... Spying's Hidden Costs
The recent massive Heartland Payment Systems data attack...
Area banks are issuing new credit and debit cards after a data breach at a New Jersey company that processes payments.
Gate City Bank sent letters this week to about 25 percent of its cardholders, telling them they will get new ATM and check cards... Alerus Financial also has sent letters saying it is issuing new cards. (more) (notification costs, lost good will, reissue costs, etc.)
Did you know...
A study by the Ponemon Institute found the average cost of data breaches - from detection to notification to lost business - is rising. The No. 1 cost to companies is lost business, which now accounts for 69 percent of total costs. (more) According to a report released Monday by the Ponemon Institute and funded by encryption firm PGP, the cost of a data breach for companies has risen to $202 per lost record, up from $197 in the institute's 2007 study. For the 47 companies audited in the study, those costs added up to $6.6 million per incident. (more)
From the Deutsche Bahn spying scandal...
Deutsche Bahn Chief Executive Hartmut Mehdorn is battling to save his job over a staff snooping scandal, and keep alive his dream of a partial privatisation of the railway operator...
Now, some left-wing leaders of the ruling Social Democrats, who oppose the IPO, and opposition parties have called on Mehdorn to step down over the scandal. Mehdorn apologised on Tuesday for the spying on staff. (more) (loss of employment, probable loss of IPO and investments in getting the IPO ready, lost good will, legal costs, etc.)
From Microsoft...
Microsoft begins lawsuit over ex-employee spying... (more) (legal costs, PR costs, lost good will, etc.)
From Lebanon...
Ministerial-level security talks will be held on Monday to address the issue of wiretapping which has threatened to increase political turmoil in a divided nation where tensions between rival political camps often turned bloody. (more) (loss of life)
Area banks are issuing new credit and debit cards after a data breach at a New Jersey company that processes payments.
Gate City Bank sent letters this week to about 25 percent of its cardholders, telling them they will get new ATM and check cards... Alerus Financial also has sent letters saying it is issuing new cards. (more) (notification costs, lost good will, reissue costs, etc.)
Did you know...
A study by the Ponemon Institute found the average cost of data breaches - from detection to notification to lost business - is rising. The No. 1 cost to companies is lost business, which now accounts for 69 percent of total costs. (more) According to a report released Monday by the Ponemon Institute and funded by encryption firm PGP, the cost of a data breach for companies has risen to $202 per lost record, up from $197 in the institute's 2007 study. For the 47 companies audited in the study, those costs added up to $6.6 million per incident. (more)
From the Deutsche Bahn spying scandal...
Deutsche Bahn Chief Executive Hartmut Mehdorn is battling to save his job over a staff snooping scandal, and keep alive his dream of a partial privatisation of the railway operator...
Now, some left-wing leaders of the ruling Social Democrats, who oppose the IPO, and opposition parties have called on Mehdorn to step down over the scandal. Mehdorn apologised on Tuesday for the spying on staff. (more) (loss of employment, probable loss of IPO and investments in getting the IPO ready, lost good will, legal costs, etc.)
From Microsoft...
Microsoft begins lawsuit over ex-employee spying... (more) (legal costs, PR costs, lost good will, etc.)
From Lebanon...
Ministerial-level security talks will be held on Monday to address the issue of wiretapping which has threatened to increase political turmoil in a divided nation where tensions between rival political camps often turned bloody. (more) (loss of life)
NOVA's "Spy Factory"
NOVA's documentary about the NSA, "Spy Factory", aired last night. The production quality lived up to NOVA's usual excellence. Surprising, because they didn't have much first-hand information. It will no doubt be rerun and turned into a DVD if you missed it.
I did, however, walk away thinking this was a bit misleading. A true documentary about the NSA would have focused on history, organizational structure, people and explaining specific jobs. It would also have presented a balanced historical assessment of successes and failures.
This documentary left me feeling like I was watching a caged animal being teased. Lots of finger pointing and poking at something that was not allowed to defend itself, yet it continues to defend its pokers.
The focus was narrow; NSA's 9/11 role. The main criticism; NSA did not share information it gleaned; thus 9/11 was somehow their fault.
While building their point, NOVA conveniently glossed over some pieces of foundation information:
• The laws which limited NSA's scope and ability to share, in 2001.
• The inane turf protectionist mentality which permeated the entire Intelligence Community, in 2001. (There was very little inter-agency sharing of anything back then.)
• Osama bin Laden was not exactly an NSA pre-9/11 secret. The U.S. indited him in 1998.
Heck, you even read about him here in Kevin's Security Scrapbook in January 2001...
SPECIAL SECTION -- Osama bin Laden
He's famous; his days are numbered, and you still don't know him. Sound really smart on capture day. Stoke your sound bite file now... CIA Biography - Osama bin Laden - "the cave-dwelling lunatic suspected of ordering the August bombings of U.S. embassies in Kenya and Tanzania..." (and USS Cole)
(more)
Meanwhile... on an Arab satellite channel...
Osama bin Laden appeared happy and smiling at his son's wedding...
(more)
But... nobody likes mingy...
"...a Saudi millionaire ... is tight with cash... says a former employee..."
(more)
I did, however, walk away thinking this was a bit misleading. A true documentary about the NSA would have focused on history, organizational structure, people and explaining specific jobs. It would also have presented a balanced historical assessment of successes and failures.
This documentary left me feeling like I was watching a caged animal being teased. Lots of finger pointing and poking at something that was not allowed to defend itself, yet it continues to defend its pokers.
The focus was narrow; NSA's 9/11 role. The main criticism; NSA did not share information it gleaned; thus 9/11 was somehow their fault.
While building their point, NOVA conveniently glossed over some pieces of foundation information:
• The laws which limited NSA's scope and ability to share, in 2001.
• The inane turf protectionist mentality which permeated the entire Intelligence Community, in 2001. (There was very little inter-agency sharing of anything back then.)
• Osama bin Laden was not exactly an NSA pre-9/11 secret. The U.S. indited him in 1998.
Heck, you even read about him here in Kevin's Security Scrapbook in January 2001...
SPECIAL SECTION -- Osama bin Laden
He's famous; his days are numbered, and you still don't know him. Sound really smart on capture day. Stoke your sound bite file now... CIA Biography - Osama bin Laden - "the cave-dwelling lunatic suspected of ordering the August bombings of U.S. embassies in Kenya and Tanzania..." (and USS Cole)
(more)
Meanwhile... on an Arab satellite channel...
Osama bin Laden appeared happy and smiling at his son's wedding...
(more)
But... nobody likes mingy...
"...a Saudi millionaire ... is tight with cash... says a former employee..."
(more)
Tuesday, February 3, 2009
TUNE IN TONIGHT: "Spy Factory"
"Nova" (8 p.m., PBS, check local listings) presents "The Spy Factory," an exposé of the National Security Agency (NSA).
Three times the size of the CIA and many times more secretive, the NSA's own initials have inspired many nervous jokes, such as "No Such Agency" and "Never Say Anything."
"The Spy Factory" looks at two major concerns about the agency. Many worry about its potential to eavesdrop on ordinary Americans' phone calls and Internet activities. But the principal concern addressed in "Spy Factory" is the fact that the agency may be too secretive to be of practical use. (more)
Three times the size of the CIA and many times more secretive, the NSA's own initials have inspired many nervous jokes, such as "No Such Agency" and "Never Say Anything."
"The Spy Factory" looks at two major concerns about the agency. Many worry about its potential to eavesdrop on ordinary Americans' phone calls and Internet activities. But the principal concern addressed in "Spy Factory" is the fact that the agency may be too secretive to be of practical use. (more)
Sunday, February 1, 2009
Eavesdropping Invention is a "Sickness" Detector
via crooze.fm"If you thought the airport denizens of the TSA were already obnoxious, wait until they get their mitts on a Sick Traveler Detector. It's a software idea by Belgian company Biorics, which can determine if travelers are sick by the sound of their coughs...
The tech involves installing dozens of microphones around an airport security area or any public space, and running all the coughs they pick up through a special software algorithm that can tell the difference between a dry throat-clearing hack and a loogy-dripping, bubbling and wheezing honk, aka a "productive cough."
In their patent application, the privacy-invading chutzpah of the inventors is astonishing, where they even suggest eavesdropping on cell phone conversations to glean their illness detection data." (more) (patent)
UK's Data Loss... Bad News, Good News, "Oh, no!"
"BAD NEWS."
from Steven J. Klein, via Risks Digest...
Bad news...
A National Health Service employee lost a flash drive containing personal information of up to 6,360 patients.
Good news...
The data on the flash drive was encrypted.
BAD NEWS...
The password was written on a sticky-note attached to the drive.
Paraphrased from the Lancashire Evening Post
from Steven J. Klein, via Risks Digest...
Bad news...
A National Health Service employee lost a flash drive containing personal information of up to 6,360 patients.
Good news...
The data on the flash drive was encrypted.
BAD NEWS...
The password was written on a sticky-note attached to the drive.
Paraphrased from the Lancashire Evening Post
Saturday, January 31, 2009
Q. Would you hire a long-distance baby sitter?
A. Depends on how old the baby is.
From those wonderful folks in Sweden who brought us SpyOn Voice... Now, a morphed and more palatable (ta-daaa) SpyOn Baby.
How could you resist a cute little program that calls itself, "A modern baby alarm that allows you to watch over your baby at home and over the internet." (for less than $10.00)
Besides, "If you are looking for specialists in VOIP (Voice over IP) then you have come to the right place. We are developing a series of applications based upon VOIP technology. If you can not find exactly what you are looking for maybe we can develop it for you."
And, oh, by the way, the company name is Spying Machines.
Why do we mention it?
So you know what your up against.
From those wonderful folks in Sweden who brought us SpyOn Voice... Now, a morphed and more palatable (ta-daaa) SpyOn Baby.
How could you resist a cute little program that calls itself, "A modern baby alarm that allows you to watch over your baby at home and over the internet." (for less than $10.00)
Besides, "If you are looking for specialists in VOIP (Voice over IP) then you have come to the right place. We are developing a series of applications based upon VOIP technology. If you can not find exactly what you are looking for maybe we can develop it for you."And, oh, by the way, the company name is Spying Machines.
Why do we mention it?
So you know what your up against.
2009 State and Federal Privacy Laws Supplement
The 2009 Supplement to Privacy Journal's Compilation of State and Federal Privacy Laws (0-930072-17-0, 2002) has just been published. The price is $25, plus $4 for shipping. Need the original 2002 book as well? The price for the 2002 book and the current Supplement together is $35 plus $4 for shipping.Contact:
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
Employer Spying Increases
On Wednesday, the German rail spying scandal went from run-of-the-mill to flabbergasting: 173,000 -- and not 1,000 -- employees were spied on.
Politicians and the public are outraged, and commentators predict that the Deutsche Bahn CEO will take the fall. (more)
Politicians and the public are outraged, and commentators predict that the Deutsche Bahn CEO will take the fall. (more)
Employee Spying Increases
High anxiety about job-cuts in the workplace is fueling inter-office rumors, gossiping and eavesdropping, according to a recent survey by the Society for Human Resource Management. Of 494 human-resource professionals surveyed, nearly 1/4 reported that they had encountered significantly more cases of eavesdropping in the workplace over the past year...
More than 1/5 of survey respondents reported that workers at their companies had recently been confronted or disciplined by an authority figure for spreading rumors or eavesdropping. (more)
Litigant Becomes Miki Mole
The Opposition Pays ...in more ways than one.
Microsoft is suing a former employee for applying for his job under false pretenses and using his role at the company to gain access to confidential data related to patent litigation he is now waging, reports the Seattle Post-Intelligencer.
Miki Mullor was hired by Microsoft in November 2005 after stating in his job application that he was a former employee at Ancora Technologies, a local software development company that he said had gone out of business.
However, Microsoft claims Ancora was still a viable company and that Mullor was still its chief executive — and that while he was at Microsoft, he downloaded confidential documents to his company-issued laptop. (more)
Miki talks... "When I joined Microsoft, I notified them in writing of Ancora and my patent in both my resume and in my employment agreement. In its complaint against me, Microsoft withheld the portions of these key documents that show this." (more)
"The patent case is scheduled for trial in a Los Angeles federal court on Jan. 26, 2010." This is getting interesting, and EXPENSIVE. Let's meet back here in a year and see what happens.
Spybusters Tip # 493
Look for espionage problems pro-actively. Catch them early.
Result... Low cost. Higher success rate.
Need help? Call us.
Microsoft is suing a former employee for applying for his job under false pretenses and using his role at the company to gain access to confidential data related to patent litigation he is now waging, reports the Seattle Post-Intelligencer.
Miki Mullor was hired by Microsoft in November 2005 after stating in his job application that he was a former employee at Ancora Technologies, a local software development company that he said had gone out of business.
However, Microsoft claims Ancora was still a viable company and that Mullor was still its chief executive — and that while he was at Microsoft, he downloaded confidential documents to his company-issued laptop. (more)
Miki talks... "When I joined Microsoft, I notified them in writing of Ancora and my patent in both my resume and in my employment agreement. In its complaint against me, Microsoft withheld the portions of these key documents that show this." (more)
"The patent case is scheduled for trial in a Los Angeles federal court on Jan. 26, 2010." This is getting interesting, and EXPENSIVE. Let's meet back here in a year and see what happens.
Spybusters Tip # 493
Look for espionage problems pro-actively. Catch them early.
Result... Low cost. Higher success rate.
Need help? Call us.
Japan's New Wiretap Law Take Root, Bears Fruit
Japan - The Communication Interception Law, which authorizes wiretapping as part of investigations, took effect in 2000. The Metropolitan Police Department carried out Japan's first wiretap authorized under the law in 2002.
Police across Japan conducted authorized wiretaps in a record 11 cases in 2008, up four from the previous year, that lead to the arrest of 34 people, Justice Minister Eisuke Mori told a Cabinet meeting Friday.
The number of arrests was the same as 2007... "Know-how on authorized wiretapping seems to be steadily taking hold," the Justice Ministry said. (more)
Police across Japan conducted authorized wiretaps in a record 11 cases in 2008, up four from the previous year, that lead to the arrest of 34 people, Justice Minister Eisuke Mori told a Cabinet meeting Friday.
The number of arrests was the same as 2007... "Know-how on authorized wiretapping seems to be steadily taking hold," the Justice Ministry said. (more)
Friday, January 30, 2009
Shades... of Joe Engressia
A legally blind Massachusetts phone hacker admitted this week to federal computer intrusion and witness intimidation charges that could put him away for as long as 13 years.Matthew Weigman, 18, pleaded guilty to two felonies before U.S. Magistrate Judge Paul D. Stickney in Dallas on Tuesday. Known in the telephone party-line scene as "Li'l Hacker," Weigman is widely considered one of the best phone hackers alive.
In his plea deal with prosecutors, Weigman, who was born blind, admitted to a long criminal resume (.pdf). Among other things, he confessed to conspiring with other telephone hooligans who made hundreds of false calls to police that sent armed SWAT teams bursting into the homes of their party-line enemies.
In a new revelation, Weigman also admitted eavesdropping on customer service calls to Sprint, by dialing into a phone line used by Sprint supervisors to monitor their employees. Weigman parked on the spy line to overhear customers giving out their credit card numbers, which he memorized and passed to accomplices. Weigman and his friends used the numbers to purchase computers and other electronics. (more) (Joe Engressia)
Heavy Duty Recording SpyCam, Goes Lighter
Lighter Camerafrom the seller's web site...
Date time stamping with 8Gb large memory
Lighter Camera with built in Micro DVR for your home or office surveillance when you are not there. it records everything what you missed while you are away.
Built in Digital Audio Video recorder will give you all the evidence you need to prove in the court in case some one came to your home or office for bad purpose.
You don't have to worry about the battery as it can work up to 6 long hours in a single charge. Micro SD card can record up to 8 hours of Very Fine audio video on 8GB Micro SD Card. (more)
Why do we mention it?
So you know what you are up against.
Thumb Stick in USB = VD for Unies
VD (Viral Data)Japan - Virus infection of university campus computers via USB thumb drives has become common, according to the results of Yomiuri Shimbun survey that found more than 500 such incidents were reported in 13 universities. (more)
Wednesday, January 28, 2009
Happy Data Privacy Day... and good luck
January 28, 2009 - the United States, Canada, and 27 European countries celebrate Data Privacy Day for the second time.
Designed to raise awareness and generate discussion about data privacy practices and rights, Data Privacy Day activities in the United States have included privacy professionals, corporations, government officials, and representatives, academics, and students.
One of the primary goals of Data Privacy Day is to promote privacy awareness and education among teens across the United States. Data Privacy Day also serves the important purpose of furthering international collaboration and cooperation around privacy issues. (more)
This week's prelude to Data Privacy Day...
• Heartland May Be the Biggest Data Breach Ever
• Britain's biggest cyber theft case - Monster.co.uk
Designed to raise awareness and generate discussion about data privacy practices and rights, Data Privacy Day activities in the United States have included privacy professionals, corporations, government officials, and representatives, academics, and students.
One of the primary goals of Data Privacy Day is to promote privacy awareness and education among teens across the United States. Data Privacy Day also serves the important purpose of furthering international collaboration and cooperation around privacy issues. (more)
This week's prelude to Data Privacy Day...
• Heartland May Be the Biggest Data Breach Ever
• Britain's biggest cyber theft case - Monster.co.uk
Top Five Teen Privacy Tips for the Internet
Privacy is the right to decide who has access to your personal information and how that information should be used.
Think carefully about the information you share online and understand how social networking sites work to use them responsibly and safely.
1. Know your potential audience.
Be aware that anyone, including site operators, advertisers, colleges, potential employers, friends and parents, as well as dangerous people or sexual predators may access, use, and forward the information you share online.
2. Use privacy settings to control who has access to information you put online, including your profile page, your photos, your “wall,” and your online journals. Do not share your phone numbers, home address, date of birth, school or team name, travel plans, social security number or other national ID numbers, family financial information, bank or credit card numbers. Don’t share your passwords with anyone.
3. Don’t accept “friends” you do not know in the real world.
Never agree to meet anyone in person you have only “met” online.
4. Think before you post.
If you would not want a college or a prospective employer to see it, or if you wouldn’t share it with your parents, don’t post it. Once you put something online, it is difficult if not impossible to take it back. Respect the privacy of others. Don’t identify others on your page in a way they
would not identify themselves or post photos they would not post. Protect yourself. Ask friends to take down content about you that you would not post yourself, and un-tag photos that you may find embarrassing in the future.
5. You are your own best protector online.
Online conduct has consequences. Make smart choices.
(print version courtesy of Intel)
Think carefully about the information you share online and understand how social networking sites work to use them responsibly and safely.
1. Know your potential audience.
Be aware that anyone, including site operators, advertisers, colleges, potential employers, friends and parents, as well as dangerous people or sexual predators may access, use, and forward the information you share online.
2. Use privacy settings to control who has access to information you put online, including your profile page, your photos, your “wall,” and your online journals. Do not share your phone numbers, home address, date of birth, school or team name, travel plans, social security number or other national ID numbers, family financial information, bank or credit card numbers. Don’t share your passwords with anyone.
3. Don’t accept “friends” you do not know in the real world.
Never agree to meet anyone in person you have only “met” online.
4. Think before you post.
If you would not want a college or a prospective employer to see it, or if you wouldn’t share it with your parents, don’t post it. Once you put something online, it is difficult if not impossible to take it back. Respect the privacy of others. Don’t identify others on your page in a way they
would not identify themselves or post photos they would not post. Protect yourself. Ask friends to take down content about you that you would not post yourself, and un-tag photos that you may find embarrassing in the future.
5. You are your own best protector online.
Online conduct has consequences. Make smart choices.
(print version courtesy of Intel)
SpyCam Story #514 - The Electrician Guy
David Mitchell Clark, an electrician from Rancho Cucamonga has pleaded guilty to burglary for installing spy cameras in the bathrooms of homes.
Prosecutor Jason Anderson says investigators found 18 DVDs in Clark's house with hours of surveillance of women and families in various states of undress. Sheriff's investigators eventually tied him to nine installed cameras.
Investigators say the 35-year-old Clark told them last year he had installed one hidden camera in a Rancho Cucamonga home "because the wife was hot." (more) (more)
Prosecutor Jason Anderson says investigators found 18 DVDs in Clark's house with hours of surveillance of women and families in various states of undress. Sheriff's investigators eventually tied him to nine installed cameras.
Investigators say the 35-year-old Clark told them last year he had installed one hidden camera in a Rancho Cucamonga home "because the wife was hot." (more) (more)
Skype vs. Eavesdropping
Mike Chapple handles a Skype question...
Q: Can an attacker gain important and private information from my phone through a peer-to-peer network?
A: Peer-to-peer telephone services such as Skype offer a way to save significant money on telephone services. By leveraging peer-to-peer networks to route calls around the world, every call becomes a local one. Peer-to-peer services allow telephone calls to be routed through the privately owned equipment of one or more unknown individuals. This raises a number of confidentiality, integrity and availability concerns, and little information is available about what, if any, security controls these services have put in place to protect your telephone calls.
While this is an interesting technology, I would not recommend that it be used for any private communications. (more)
Additional considerations...
• Skype says their communications is encrypted.
• Some say Skype encryption can be bypassed.
Q: Can an attacker gain important and private information from my phone through a peer-to-peer network?
A: Peer-to-peer telephone services such as Skype offer a way to save significant money on telephone services. By leveraging peer-to-peer networks to route calls around the world, every call becomes a local one. Peer-to-peer services allow telephone calls to be routed through the privately owned equipment of one or more unknown individuals. This raises a number of confidentiality, integrity and availability concerns, and little information is available about what, if any, security controls these services have put in place to protect your telephone calls.
While this is an interesting technology, I would not recommend that it be used for any private communications. (more)
Additional considerations...
• Skype says their communications is encrypted.
• Some say Skype encryption can be bypassed.
64% of women under 35 spy on partners
More than quarter of women use the internet to secretly spy on their partners, a survey has revealed... The research, by Virgin Media, showed that an astonishing 88 per cent of the population use the internet every day and that women are more that twice as likely to spy on their partners than men are... The under 35s are most paranoid, with 64 per cent of all interviewed admitting they have snooped at a partner's online communication or internet history. (more)
X-Ray Vision - Coming to a Wall Near You
prism 200 is a handheld through-wall radar, which has been designed to be used by police, special forces or the emergency services. It provides quick and covert intelligence on the movement and location of people in a room or building - without the need for invasive sensors.prism 200 has been designed for situations where a high degree of insight is essential for success. This compact, portable and durable product uses advanced signal processing to highlight moving people and objects in cluttered environments, through doors or brick, block and concrete walls. (more & videos) (brochure)
"Hey, kids! Just like the police drones."
Nitrotek, a seller of radio controlled helicopters and cars, announced that they are now offering a large scale, outdoor spy copter with a built in video camera and receiver. They claim this is the first fully functional dual rotor radio controlled helicopter with a camera built in offered in the world. ≈$206.00 (more)
Tuesday, January 27, 2009
Pocket Gadgets & Bugs Rejoice - Mini Fuel Cells
The world's smallest working fuel cell has been created by US chemical engineers, at just 3 millimetres across. Future versions of the tiny hydrogen-fuelled power pack could replace batteries in portable gadgets.While batteries are used to do that today, fuel cells are able to store more energy in the same space. Even the most advanced batteries have an energy density an order of magnitude smaller than that of a hydrogen fuel tank.
Yet batteries are much easier to make at the small scale than the pumps and control electronics of a fuel cell. And small pumps can use more energy than they generate. (more)
SpyCam Story #513 - Another Dip in the Pool
A Connecticut man was arrested Sunday accused of videotaping guests at a Cape Cod resort.
Alan Gillette, 50, of Winsted, Conn., was also in possession of a stun gun, pepper spray and drugs when he was arrested...
Gillette was seen at the Cape Codder Resort and Spa videotaping guests at the pool and in the sauna... Witnesses said the man had a camera hidden under a towel. The hotel has a policy banning video cameras in the pool area.
Police were able to hear conversations taking place in the pool and sauna area on the video... There was also footage from inside the men's locker room and audio recording of muffled conversations while the showers were running, police said.
Gillette pleaded not guilty... to charges of possession of chemical mace without an FID card, selling or possessing an electric stun gun and unlawful wiretapping. He was ordered to stay away from the Cape Codder. (more)
Alan Gillette, 50, of Winsted, Conn., was also in possession of a stun gun, pepper spray and drugs when he was arrested...
Gillette was seen at the Cape Codder Resort and Spa videotaping guests at the pool and in the sauna... Witnesses said the man had a camera hidden under a towel. The hotel has a policy banning video cameras in the pool area.
Police were able to hear conversations taking place in the pool and sauna area on the video... There was also footage from inside the men's locker room and audio recording of muffled conversations while the showers were running, police said.
Gillette pleaded not guilty... to charges of possession of chemical mace without an FID card, selling or possessing an electric stun gun and unlawful wiretapping. He was ordered to stay away from the Cape Codder. (more)
Sour RazzBerry?
Obama’s spy-proof BlackBerry still a security risk, claims Microsoft...
"You would be sending your data outside the country," Fox News quoted Randy Siegel, a Microsoft enterprise mobile strategist... He stressed that even if RIM routed information through a U.S. data center, the devices aren't built to NSA's security specs. (more)
"You would be sending your data outside the country," Fox News quoted Randy Siegel, a Microsoft enterprise mobile strategist... He stressed that even if RIM routed information through a U.S. data center, the devices aren't built to NSA's security specs. (more)
US Military Files on $15. Thrift Shop MP3 Player
A New Zealand man has found confidential US military files on an MP3 player he bought in an Oklahoma thrift shop.
Chris Ogle, 29, paid $15 for the player and when he plugged it into his computer he found 60 pages of military data. The files contained the names and personal details of US soldiers, including some who served in Afghanistan and Iraq, as well as information about equipment deployed to bases and a mission briefing. (more)
Chris Ogle, 29, paid $15 for the player and when he plugged it into his computer he found 60 pages of military data. The files contained the names and personal details of US soldiers, including some who served in Afghanistan and Iraq, as well as information about equipment deployed to bases and a mission briefing. (more)
Other Countries' Illegal Surveillance Problems
Lebanon - Progressive Socialist Party leader Walid Jumblat accused Minister of Telecommunications Jebran Bassil of illegally allowing bugging of communications. Jumblat, in an article published by the PSP's weekly al-Anbaa on Tuesday, said Bassil is hosting a colonel from the General Security Directorate at the ministry where he runs a network of employees "specialized in bugging calls." (more)
How to Beat a Keystroke Logger
Need password privacy when using un-secure computers?
Afraid your significant other placed a keystroke logger?
Want to keep your net surfing URLs private?
While no solution provides 100% security, but bypassing the traditional keyboard will help...
My-T-Soft Virtual Onscreen Keyboards
I-Tech Virtual Laser Keyboard (bluetooth)
Click-N-Type Virtual Keyboard
MountFocus Virtual Keyboard
FREE Virtual Keyboard by MiloSoft
For the more technically advanced...
Virtual Keyboard Interface - Adds a virtual keyboard to text fields, password fields and text areas allowing keyboard-less input of text and special characters. Install the script and double-click on one of the form element types above to display the keyboard. This is a Greasemonkey script and will work wherever Greasemonkey works. (download page)
Afraid your significant other placed a keystroke logger?
Want to keep your net surfing URLs private?
While no solution provides 100% security, but bypassing the traditional keyboard will help...
My-T-Soft Virtual Onscreen Keyboards
I-Tech Virtual Laser Keyboard (bluetooth)
Click-N-Type Virtual Keyboard
MountFocus Virtual Keyboard
FREE Virtual Keyboard by MiloSoft
For the more technically advanced...
Virtual Keyboard Interface - Adds a virtual keyboard to text fields, password fields and text areas allowing keyboard-less input of text and special characters. Install the script and double-click on one of the form element types above to display the keyboard. This is a Greasemonkey script and will work wherever Greasemonkey works. (download page)
Airport Security / Airport Insecurity - Games
Airport Security offers a satirical critique of airport security practices circa early fall 2006, when security agencies in the US and abroad changed their policies to prohibit common items like toothpaste and hair gel. Do knee-jerk reactions that limit our freedom of expression and travel make us safer? In Airport Security you inspect each passenger and his luggage and remove the forbidden items before allowing the passenger to go through -- but the list of forbidden items changes on a moment-to-moment basis. Prohibited items may include pants, mouthwash, and hummus. (more) (play it now)
Airport Insecurity - a game about inconvenience and the trade-offs between security and rights in American airports. While the government wants you to believe that increased protection and reduced rights are necessary to protect you from terrorism, the effectiveness of airport security practices is uncertain.
Airport Insecurity allows you to explore these issues in context: the game's rules are based on government reports about airport security practices since 2002. To consider the game's implications fully, players are encouraged to play the game while waiting in line at airport security. (more)
Sunday, January 25, 2009
"Attention, nanny's union. Attention nanny's..."
WA - Everett lawmaker, Mike Sells, has filed a bill in the state legislature to make it illegal to videotape teachers without their knowledge. The bill is in response to the Everett School District's use of hidden cameras when it was investigating a teacher in 2007...
The bill currently in the state legislature would require that all staff must be notified in writing in advance before video surveillance is used. Schools would also be required to post written notices outside any rooms that may have hidden cameras. Current law allows for hidden cameras as long as no audio is recorded. (more)
The bill currently in the state legislature would require that all staff must be notified in writing in advance before video surveillance is used. Schools would also be required to post written notices outside any rooms that may have hidden cameras. Current law allows for hidden cameras as long as no audio is recorded. (more)
Rogue Security Hurts Reputations
A cautionary tale...
Whether he's known as a boardroom brawler or maybe the savior of SemGroup LP, John Catsimatidis doesn't mind his reputation as a man of his convictions or contradictions...
His takeover of United Refining paid back creditors 100 cents on the dollar, but hit a judicial bump when the company's security apparatus admitted to illegally wiretapping some staffers at the Warren headquarters.
Catsimatidis was never accused of any personal wrongdoing in the wiretapping case. He said that the surveillance began before he owned the company and before it was actually illegal under Pennsylvania law.
"The law changed in 1986, but they kept doing it," he recalled. "I didn't know about it until afterwards."
The security firm kept up the wiretaps after Catsimatidis took control of United Refining, according to reports. He replied that it was stopped and the offending employee was fired once he discovered the practice. (more)
Due Diligence...
CEOs... Quarterly inspections to discover electronic eavesdropping can uncover rogue Security operations like this one. We can help. Please call us.
Whether he's known as a boardroom brawler or maybe the savior of SemGroup LP, John Catsimatidis doesn't mind his reputation as a man of his convictions or contradictions...
His takeover of United Refining paid back creditors 100 cents on the dollar, but hit a judicial bump when the company's security apparatus admitted to illegally wiretapping some staffers at the Warren headquarters.
Catsimatidis was never accused of any personal wrongdoing in the wiretapping case. He said that the surveillance began before he owned the company and before it was actually illegal under Pennsylvania law.
"The law changed in 1986, but they kept doing it," he recalled. "I didn't know about it until afterwards."
The security firm kept up the wiretaps after Catsimatidis took control of United Refining, according to reports. He replied that it was stopped and the offending employee was fired once he discovered the practice. (more)
Due Diligence...
CEOs... Quarterly inspections to discover electronic eavesdropping can uncover rogue Security operations like this one. We can help. Please call us.
Saturday, January 24, 2009
SpyCam Story #512 - The Boss Spy
Canada - There is an extremely fine line between what might be considered voyeurism and employee surveillance as Cornerstone Properties learned. It also learned that a high price can be exacted if an employer installs a secret camera to monitor its employees.
Colleen Colwell, commercial manager, had been working for the company for more than seven years, when she learned a secret camera had been installed in the ceiling of her office almost a year earlier by her boss, Trent Krauel, Cornerstone's vice-president in finance.
Colwell resigned and sued both Cornerstone and Krauel for constructive dismissal. Justice David Little found for Colwell. (more)
Colleen Colwell, commercial manager, had been working for the company for more than seven years, when she learned a secret camera had been installed in the ceiling of her office almost a year earlier by her boss, Trent Krauel, Cornerstone's vice-president in finance.
Colwell resigned and sued both Cornerstone and Krauel for constructive dismissal. Justice David Little found for Colwell. (more)
INTERNAL ESPIONAGE
Germany's national rail company, Deutsche Bahn, may have spent years spying on its employees according to a report published by a leading newsmagazine. More than 1,000 workers, many of them in management, might have been victims of the clandestine surveillance. (more)
It is never "Just an 'information' loss."
Eavesdropping.
Wiretapping.
Data theft.
Sure, the lost information is very valuable, but the collateral damage can be the real killer.
Investigation costs.
Stockholder suits.
Attorney's fees.
Evaporated customer "good will."
Lost competitive standing.
Public embarrassment.
...and even this unexpected PR cost...
Discounter TJX Cos. today is holding its long-anticipated "Customer Appreciation" sale, related to the massive consumer data breach that compromised as many as 100 million accounts.
The one-day promotion, advertised yesterday for the first time, gives customers 15 percent off purchases, excluding gift cards and layaways. The sale is being held at more than 2,100 TJ Maxx, Marshalls, HomeGoods, and A.J. Wright stores nationwide.
The customer appreciation sale was initially negotiated as part of a court settlement connected to the breach, which was first disclosed by TJX in January 2007. Ultimately, the sale was not included in the court agreement, but TJX - which rarely holds storewide sales - said it decided to hold the promotion anyway. (more)
Moral: Proactive security is cheaper, much much cheaper. Call us.
Wiretapping.
Data theft.
Sure, the lost information is very valuable, but the collateral damage can be the real killer.
Investigation costs.
Stockholder suits.
Attorney's fees.
Evaporated customer "good will."
Lost competitive standing.
Public embarrassment.
...and even this unexpected PR cost...
Discounter TJX Cos. today is holding its long-anticipated "Customer Appreciation" sale, related to the massive consumer data breach that compromised as many as 100 million accounts.
The one-day promotion, advertised yesterday for the first time, gives customers 15 percent off purchases, excluding gift cards and layaways. The sale is being held at more than 2,100 TJ Maxx, Marshalls, HomeGoods, and A.J. Wright stores nationwide.
The customer appreciation sale was initially negotiated as part of a court settlement connected to the breach, which was first disclosed by TJX in January 2007. Ultimately, the sale was not included in the court agreement, but TJX - which rarely holds storewide sales - said it decided to hold the promotion anyway. (more)
Moral: Proactive security is cheaper, much much cheaper. Call us.
You've hired a great security consultant when...
...they think like this!Kevin,
I trust all is well with you.
This was sent to me by one of my kids.
SoundBulb - lighting and wireless speakers
My thought was gee….could it not be converted into a microphone?
Pat Murphy, President
LPT Security Consulting
www.lptoday.com
713.899.2402
Houston, Texas
Thank you, Pat!
(Although this bulb is not available yet,
the SpyCam light bulb is here.)
How a Leak Created Information Security Policy
Canada - First, they disconnect the phone lines. Then they lock the doors. And nobody gets out for 27 hours.
Ottawa goes to extreme lengths to shield the printing of the federal budget from prying eyes – a process that begins again this weekend in preparation for the huge stimulus package the Harper government will unveil on Tuesday.
“It's like Fort Knox,” one former Finance Department official said of the secrecy and security deployed to ensure that nothing like the 1989 leak of a budget pamphlet to Global TV reporter Doug Small ever happens again.
Twenty years after the embarrassing incident, the department refuses to discuss any aspect of printing the budget. (more)
Ottawa goes to extreme lengths to shield the printing of the federal budget from prying eyes – a process that begins again this weekend in preparation for the huge stimulus package the Harper government will unveil on Tuesday.
“It's like Fort Knox,” one former Finance Department official said of the secrecy and security deployed to ensure that nothing like the 1989 leak of a budget pamphlet to Global TV reporter Doug Small ever happens again.
Twenty years after the embarrassing incident, the department refuses to discuss any aspect of printing the budget. (more)
Eight Charged With Illegal Wiretapping
Before
Peru's attorney general presented criminal charges Friday against eight people, including a recently demoted rear admiral, accused of making illegal wiretap recordings...
Attorney General Gladys Echaiz said six suspects run a private security company, Business Track SAC, that allegedly tapped the phone lines of as many as 30 people. Two others worked for a subcontractor. (more)
After
Peru's attorney general presented criminal charges Friday against eight people, including a recently demoted rear admiral, accused of making illegal wiretap recordings... Attorney General Gladys Echaiz said six suspects run a private security company, Business Track SAC, that allegedly tapped the phone lines of as many as 30 people. Two others worked for a subcontractor. (more)
After
70% Spy On Their Partner Online
UK - More than 70 percent of people spy on their partners online activity, many at least once a month, it has been found. The worried spouses are not only spying on internet histories to see if adult websites have been viewed, but also monitoring each others social networking. 68 percent of Brits also admitted they would check their partner's private emails if they knew the password.
Steffen Ruehl, of yasni which commissioned the study said: "There really is nowhere to hide on the web anymore; especially now that people are so active online, with social networking sites and forums." (more)
Quote of the day - Grapes of Wrath
"I hate cameras. They are so much more sure than I am about everything."
--John Steinbeck
--John Steinbeck
Friday, January 23, 2009
A business map which shows the trolls and traps!
There is a new threat assessment kid on the block, run by old pros with a great reputation.iThreat®
The iThreat® Global Intelligence Monitor (GIM) is a near-real-time Web application that displays potential threat data on a map, right alongside your organization’s assets.
Potential threats are proximity-matched according to your organization’s facility locations. You can also uncover threats that refer to products, employee destinations and your executives’ names.
Test-Drive GIM for Free! (Due to the sensitive nature of Red Flag threat data, demos are restricted to qualified security professionals only.)
Thursday, January 22, 2009
You Need A Smart Information / Data Attorney
I am at Princeton University yesterday, giving a counterespionage presentation to InfraGuard.Surprise!
I left with more than I brought:
- Recommended Data Security Best Practices -- a lucid and 'doable' White Paper.
- And, a valuable business card...
One of my fellow presenters turned out to be "data legalities" guru, Scott S. Christie, a Partner at McCarter & English (160 years old, 400 lawyers, excellent reputation). He concentrates his practice in the areas of Information Technology, Intellectual Property, White-Collar Criminal Defense and Complex Commercial Litigation.
Scott provides counseling to companies on protecting the confidentiality, integrity and availability of their proprietary business information and computer networks and on complying with information security and electronic privacy laws and regulations.
He really knows his stuff!
Additionally, he assists companies in developing computer network incident response plans, provides guidance after network security breaches, conducts internal investigations and litigates against those responsible for network intrusions.
Proactively, Mr. Christie instructs companies on protecting information and provides guidance concerning their obligations when responding to breaches of security.
You want Scott on your side... before it all hits the fan.
He knows where the switch is. Call him. Say hello.
Would you like a copy of Scott's Best Practices, too?
Click here!
~Kevin
An Industry Leader Speaks Out on Espionage
You have seen the "Employees Steal Company Secrets" stories here, and in WhiteRock's newsletter, WhiteSparks. Here is what a top insider thinks... (via WhiteSparks) In response to WhiteSparks article ‘Enemy Within: 60% of Employees Happy to Steal Company Secrets’ (Issue 1, 7 January 2009), we recently received an email from a senior figure in the industry. He provides a compelling reason for why employees are willing to steal company secrets:
"You know, there would be less of this going on if companies did not actively recruit staff with the intention of taking client lists with them..... It's like drugs - if there is no market, there is no point in being the supplier...."
Stories in the media about the theft of trade secrets tend to focus on individual employees who are caught red-handed, but here we are invited to consider the wider issue – that of corporate demand for proprietary information.
If you enjoy Kevin's Security Scrapbook you will also want to receive WhiteSparks. Contact WhiteRock's Managing Director, Rali Maripuu, for your free subscription.
Wednesday, January 21, 2009
Top actress’ cell phone cloned to eavesdrop
Korea’s top actress Jun Ji-hyun’s cell phone has been illegally cloned to allow eavesdropping by her management company whose contract with her expires next month, police say. The company denied the allegation.Police had earlier questioned three people from a private detective agency, including a 42-year-old man identified only by the surname Kim, and two Sidus HQ officials about the alleged phone duplication.
The private agency was hired by Jun’s company exclusively for the job, police say. (more)
In 2000, an intimate videotape of a singer taped by her manager was leaked. There was a feeling that the formation of huge entertainment agencies in recent years has meant less intrusion into stars' privacy, but some managers say discreet "monitoring" of the private life of stars still goes on and is considered necessary supervision. (more)
UPDATE ...a representative from the police department revealed that the two Sidus HQ employees under investigation have admitted to the illegal eavesdropping of Jeon Ji Hyun’s mobile. (more)
UPDATE II ...Prosecutors cleared the chief of Sidus HQ, a major entertainment agency, of replicating a cell phone of top actress Jeon Ji-hyun, 27, to track her phone calls and text messages... The outside expert, who was hired to help copy and rig Jeon's handset, was given a one-year jail sentence last month. (more)
World's Biggest Data Breach
Credit card payment processor Heartland Payment Systems may be the victim of the largest breach to date.The Princeton, N.J.-based firm said Tuesday that it discovered malicious software in its systems that compromised the security of the data traversing its network.
It's unclear what data may have been tampered with or stolen, but Heartland said no merchant data, cardholder Social Security numbers, unencrypted PIN numbers, addresses or telephone numbers "were involved in the breach."
The company also advised consumers to examine their monthly statements closely.
Heartland told The Washington Post that it processes 100 million credit and debit card transactions per month. This volume led analysts to surmise that the company's breach could be the world's biggest to date. (more)
SpyCam Story #511 - $29.90 Mini SpyCam
...from the seller's web site."The Eyecam all-in-one color video (and audio) camera is one of the world's smallest color video cameras with built in transmitter available. ...at a low low price, you can have the coolest spy gadget in the world! Amazing!" (more)
Why do we mention it.
So you will know what you are up against.
VoIP Hackers Strike (as predicted)
Australia - A hacker recently obtained unauthorised access to the IP telephony (VoIP) system of a Perth business, making 11,000 calls costing over $120,000, according to the Western Australian police.
The calls were made over a period of 46 hours, the police said, and the business only became aware of the imposition when it received an invoice from its service provider. (more)
Pet Eye View Digital Camera
What have Kitty and Fido been up to all day, anyway? Find out with this amazing device!
The ultra-compact and extremely durable digital camera clips onto your pet's collar, just like an ID tag. Its water-resistant ABS housing will keep it secure while your best friend roams the world, giving you the chance of a lifetime to actually see all the stories your pet has been dying to tell you for years! The internal memory stores lots of photos, and the timer can be set to automatically take a shot every 1, 5, or 15 minutes. (more)
FutureWatch...
Wireless Color Real-Time Video with Sound.
No, wait...
that's the next story.
Subscribe to:
Posts (Atom)