Quote of the Week - The BugNets are Coming

"Remote surveillance is a significantly invasive threat, arguably even more so than identity theft. As it stands now, most vulnerable devices (mobile devices and computers) do not have the protection necessary to distinctly address microphone or camera hijacks. As a growing number of mobile devices with exploitable operation systems gain more reliable Internet access, this long standing problem is reaching a critical potential." 

from Roving Bugnet: Distributed Surveillance Threat and Mitigation
by Ryan Farley and Xinyuan Wang

Mobile Phone Eavesdropping - The Next Level

Imagine sitting in a café and discussing the details of a business proposal with a potential client. Neither you nor the client has a laptop; you're just two people having a conversation. But unbeknownst to you, someone half a world away is listening to every word you say. Later, as you leave, you receive a text message referring to the proposal and demanding money in exchange for silence.

Recent research from two universities suggests that such a remote-eavesdropping scenario may soon be possible.

According to George Mason University researchers Ryan Farley and Xinyuan Wang, cell phones make excellent surveillance devices for remote snoops. In a paper, Farley and Wang discuss a "modernized mic hijacker" [PDF] that an attacker could control over what they call a "roving bugnet." The eavesdropper would use a piece of malware called a "bugbot" to listen in on in-person interactions via a nearby smartphone or laptop. Such attacks would be more likely to target specific people (a wayward spouse, say) than to play a role in widespread attacks on the general public. (more)

Commercial Quantum Cryptography System Hacked

It is supposed to be absolutely secure – a means to transmit secret information between two parties with no possibility of someone eavesdropping. 

Yet quantum cryptography, according to some engineers, is not without its faults. In a preprint submitted late last week to arXiv, Hoi-Kwong Lo and colleagues at the University of Toronto, Canada, claim to have hacked into a commercial quantum cryptography system by exploiting a certain practical “loophole”.  

So does this mean high-profile users of quantum cryptography – banks and governments, for example – are in danger of being eavesdropped after all? (more)

Don't even think of saying "pampas ass."

The mayor of the Argentine capital, Buenos Aires, has been indicted on charges of illegal wiretapping of citizens including political and business leaders.

Mauricio Macri has allegedly authorized the secret recordings of many individuals, including politicians and business moguls, in the 1990s...

Despite his indictment, Macri says he will not resign. (more)

Cordless Phone Question

via The Journal Times...

When we're using cordless phones, can others pick up our conversations?

"Yes, depending on the kind of phone you use," according to a fact sheet from the Privacy Rights Clearinghouse, a nonprofit consumer-oriented group based in California. "In most cases, your cordless phone conversations are probably overheard only briefly and accidentally. But there are people who make it a hobby to listen to cordless phone calls using radio scanners."

Analog phones, which include most older ones, are more susceptible to eavesdropping. Nothing's a guarantee, the mildly paranoid-sounding fact sheet points out, but newer digital models often have better built-in security features.

Those include channel hopping, which constantly changes the frequency during a call, and more complicated stuff known as digital spread spectrum technology (DSST) and digital enhanced cordless technology (DECT). (more)

For more information on both cordless and cellular phone privacy click here.

Theft & Espionage Awareness Slide Show

(more)

I created life... and I own it!

Scientists for the first time have created a synthetic cell, completely controlled by man-made genetic instructions, which can survive and reproduce itself, researchers at the private J. Craig Venter Institute announced Thursday. Created at a cost of $30 million, the experimental one-cell organism opens the way to the manipulation of life on a previously unattainable scale.

Synthetic Genomics, a company founded by Dr. Venter, funded the experiments and owns the intellectual property rights to the cell-creation techniques. (more)

Hope they have a good counterespionage strategy. They will need it.

Testimonial - The Photocopier Security Problem

"Regarding photocopier security, I recovered 8,308 files from a high-capacity Xerox copier in the summer of 2008. The copier was several years old, shared by perhaps two dozen employees, and had a 4 gigabyte IDE hard disk. I recovered both scanned and photocopied TIFF images from user activity as well as TXT, HTML, DOC, PDF, and GIF files. I also recovered about 900 email addresses and file names." ~ from a newsgroup posting this week by a professional electronic evidence recovery specialist.

Photocopier security is only one element of an overall counterespionage strategy. If your organization does not have one. (Or, if you are not sure of the effectiveness of your current one.) Please engage the services of an independent counterespionage security consultant. Don't know where to find one? Click here for a jump start.

How Do They Do It - Cracking Your Wi-Fi

In China, they sell full Wi-Fi hacking kits. 
Any teckie can cobble together their own...

"The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network." (more) (videos)

SmartWater - "I've been slimed!"

Here is a theft deterrent idea... 

What if you could spray your valuables with an invisible DNA-like identifier, unique to you. What if this brilliant agua could also be used to link a suspect to the scene of the crime. What if this water could only be seen using ultra-violet light. You would probably say, "That's smart water." (knock, knock) Excuse me. (whisper, whisper)

Right, well then... apparently this has already been done.

"SmartWater delivers proven crime reduction strategies customised to the needs of your business. Widely used within intelligence-led policing operations, and proven to deter criminals on a sustained basis, SmartWater is now available to the commercial sector." (video)

Security Clearance - What you 'need to know'

FREE
Security Clearance Handbook
All you need to know to get cleared or stay cleared!

The shortage of IT professionals holding security clearances grows rapidly. To really accelerate your career you need to maintain or obtain a security clearance. To help you, the University of Fairfax has assembled a comprehensive handbook with 100's of facts and FAQs. The topics covered by this handbook include:
- How to obtain your security clearance.
- How to reactivate your inactive clearance.
- Who may or may not be eligible for a clearance.
- What can prevent you from getting a clearance.
- How long it can take to get a clearance.
- PLUS MUCH MORE! 

(booklet)

Can a Tin Foil Hat Protect Your Crazy Brain?

Mrfixitrick demonstrates the Faraday effect of a tinfoil hat by blocking the EMP (Electro-Magnetic Pulse) from a typical wireless modem. (video)

No word yet on whether the Bowler or Pork Pie style works best. Personally, I would opt for a Sandy Becker Hambone Pith Helmet.

A New Windows Virus (that nothing can stop?!?!)

via zdnet.com...

Are you a Windows user? Do you make sure that your antivirus program is updated regularly? Do you feel safe? You shouldn’t! Read on to find out why …

Security researchers at Matousec.com have come up with an ingenious attack that can bypass every Windows security product tested and allow malicious code to make its way to your system.

Yes, you read that right - every Windows security product tested. And the list is both huge and sobering... (more)

What Does a Spy Look Like?

"In the world of espionage, an umbrella is a pistol, a pen a microphone and that quiet kid at Starbucks a KGB informant. Nothing is what it seems. Inviting the public to look through the eyes of a spy and question the seemingly normal world around them, Red Tettemer created a provocative piece of interactive media. As pedestrians pass the unit, it detects their motion and transforms the clean-cut gentleman into three elaborate disguises: a longhaired drifter, an Indian woman and a well-aged senior citizen." Visit the International Spy Musuem (more)

What it takes to be a TSCM tech for a U.S. government contractor...

"The candidate will assist in all aspects of of TSCM management that involves technical security (including TEMPEST) entailing new construction, modification, accreditation, re-accreditation, withdrawal and advice and assistance (SAV). The candidate will help schedule and perform TSCM evaluations and security staff visits of facilities locate CONUS/OCONUS, provide comprehensive, risk-based technical security advice, guidance, and general security support to program offices and contractor facility security offices. The candidate will prepare written correspondence to include facility file reports, cable messages, approvals, status/technical briefs and inspections reports, SAV reports, maintain databases; which includes entering new data and correspondence and quality controlling file records. Conduct analysis of complex technical, surveillance, counter surveillance, surveillance detection or other technical vulnerabilities. Provide technical support to projects in areas such as training, logistics, acquisition and technical counterintelligence investigations. Assists in developing and monitoring project tasks and schedules. Maintain a thorough knowledge of all technical security governing directives.

The candidate must be a graduate of the Interagency Training Center for TSCM and an EXPERT in two of the following areas: a) Counterintelligence , b) Automated Information Systems, c) Lock and Key Control Systems, d) Access Control Systems, g) TEMPEST, h) DoD SCIF construction standards.

Experience using a variety of ADP systems that include Microsoft Office applications (e.g. Word, Excel, Outlook, PowerPoint). Requires a Bachelors degree and 10-12 years experience." (more)

I believe subjecting people to PowerPoint goes against the Geneva Convention. P.S. The job requires 75% travel.