Tip: How to recover from a malicious web picture attack

Security researchers have found thousands of photos from searches within the Google Images site that have been infected with malicious code. In many cases, clicking on one of these poisoned images triggers a script that makes it seem like the computer has become infected with viruses. Another Web site pops up trying to wheedle your credit-card number in exchange for fake antivirus software. (more)

Tip: If this happens, just force-quite the application. If you downloaded the photo, trash it.

PC - Press the Control-Shift-Esc keys, then End Task.

MAC - Press the Option-Command-Esc keys, click on the program and click the Force Quit button.

SPYPEDIA Library is On-Line and Open for Business

 SPYPEDIA, is the CI Centre's new counterintelligence and security database. It is a resource of cases, latest news, podcasts, videos, CI calendar events, quotes, reports, and more. SPYPEDIA has been in research and preparation for 15 years.

A continually updated, rich, open source database for professionals in the counterintelligence, security, and counterterrorism disciplines; educators; authors; researchers; academia; students; and all who hold an interest in CI and CT.  

What's Available...
• Search current and archival news links and security trends.

• Facts on case studies of spy cases, economic espionage, security, leaks, illegal exports to high-threat countries, foreign intel officers, domestic terrorists.

• Articles from authorities on counterintelligence, terrorism, and security issues.

• Download critical information for your organization's security awareness briefings.

• Hours of video documenting CI and security lessons, vital issues, key facts, and important cases.

• CI history - congressional hearings on espionage related activities, government reports, source documents, and spy trials.

• CI and CT expert reviews of current movies, books, and television shows. (more)

PA School Laptop SpyCam Lawsuits Keep Coming

(Recap - How it began... Michael and Holly Robbins of Penn Valley, Pa., said they first found out about the alleged spying last November (11/09) after their son Blake was accused by a Harriton High School official of "improper behavior in his home" and shown a photograph taken by his laptop.)

PA - A former student at a suburban Philadelphia high school has sued his school district for allegedly spying on him and his family using a school-issued Mac laptop, according to court documents.

The Lower Merion School District of Ardmore, Pa. was first sued in February 2010 by another student using similar charges. That case, dubbed "Spygate" in some media reports, was settled last October when Lower Merion agreed to pay Blake Robbins $175,000 and cover $425,000 in court costs.

On Monday, Joshua Levin, a 2009 graduate of Herriton High, charged the district with violating his civil rights and privacy by remotely activating the notebook's built-in camera to take photographs and screenshots.

Today, Lower Merion spokesman Doug Young called Levin's lawsuit "solely motivated by monetary interests and a complete waste of the taxpayer's dollars."

Last year, Lower Merion acknowledged it had activated cameras on the school-provided MacBook system to track lost or stolen laptops, but denied it was using them to spy on students.

Levin begged to differ.

According to his lawsuit, Lower Merion used his laptop to take more than 8,000 photographs and screenshots between September 2008 and March 2009. A report commissioned by the district uncovered more than 30,000 photographs and another 27,000 screenshots taken when the tracking and security software was activated by district IT personnel. (more)

SpyCam Story #611 - The Mac Attacker

He was hired to fix their computers, but police say that Trevor Harwell instead installed spyware software that took candid photos of his clients in various states of undress.

Trevor Harwell had been a Macintosh specialist with a Los Angeles-area home computer repair company called Rezitech. That's how he allegedly had the opportunity to install the spy software, called Camcapture, on computers.

While working on repair assignments, the 20-year-old technician secretly set up a complex system that could notify him whenever it was ready to snap a shot using the computer's webcam, according to Sergeant Andrew Goodrich, a spokesman with the Fullerton Police Department in California. "It would let his server know that the victim's machine was on. The server would then notify his smartphone... and then the images were recorded on his home computer," he said.

Police say they've found thousands of images on Harwell's computers and have identified dozens of victims, all of them women in Los Angeles and Orange County. Harwell was arrested Wednesday by Fullerton police.

Harwell was formerly a student at Biola University, a small Christian university in southern California. Many of the victims were Biola students and Harwell may have compromised university systems as well, police said. (more)

NLJD "Test Target" for TSCM Reverse Engineered

Ok, I know not everyone will "get" this, but the TSCM'ers in our readership will. Everyone else, go read the next post.

Thanks to our respected Canadian colleague for pointing this out.

Disclaimer: I will not be responsible if you read this and die laughing. You have been warned. DO NOT read this if you have a weak heart. 

This week on eBay...

NLJD “TEST TARGET” TSCM

Reverse Engineered...
$0.00 - Paint Stick (free at any paint store)
$0.35 - Diode
$0.00 - Can of paint bought for some other reason.
-------------------------------------------------------------------

$69.00 - "Buy It Now" on eBay... priceless!

$8.00 - Expedited Shipping

Of course, the reverse engineering above is just wild speculation. It is possible that the stick is rare Anigre wood, the diode is actually a specially designed array which was painstakingly tuned to provide an even 360º sphere of sensitivity with a tolerance of +/- .0045%, and all this was encased in an environmentally sealed protective coating – impervious to everything except NLJD emissions.

PrivateEye Software - Automatic Screen Shield - Major Price Drop

When this product was first pitched to the government a few years back it was about $49.95. TODAY - $1.99!!! 

These guys are brilliant, on two counts. 

1. This is a really clever, innovative security solution that works. 

2. They are really trying to sell the enterprise solution of this software... by practically giving away free individual samples to seed the marketplace.

End result. Everyone wins.

BTW, I am not affiliated in any way with any of the products I discuss here. I paid for the original version of PrivateEye I tested. I just paid for the upgrade to test that version. 

I love showing off new software and gadgets to my clients. Just after "Hello" comes "What cool stuff did you bring to show me this time, Kevin?" 

Let's review... 

"How can I stop shoulder surfers from reading my computer screen? The polarized screen thing makes me look like a paranoid dork."

Kevin says... Funny you should ask. I recently purchased some computer screen security software for testing, PrivateEyes from Oculis Labs. It works eerily well. All you need is a computer screen with a video camera and Windows. 

During the simple setup, the software learns who you are by looking at your face. From that point on, the screen automatically blurs unless you are looking directly at it. Turn to answer a phone call, or talk to someone nearby – BLURRR goes the screen. 

"What if someone sneaks up behind me?" I hear you say. No problem. When it sees an extra set of eyes – BLURRR.

Pro: The BLURRR effect changes quickly.

Con: Doesn't work as well in a high contrast environment.
The upgrade seems to have fixed this. Still testing.

PrivateEyes would also make an awesome IT guy gag. "I don't know. Your computer screen looks sharp and clear to me. Maybe you should get your eyes checked."

FREE 30-day trial, or just buy it for $1.99

"Is that an EB200 with directional antenna, or are you just glad I'm not cheating on you?"

Priming the U.S. market for TSCM practitioners coming out of the darkness of their covert inspections for bugging devices, Chinese police show that techno-proctoring school exams is a viable service.

 China's Education Ministry says police have detained 62 people for selling wireless headphones, two-way radios and other electronic devices to cheat on this week's nationwide college entrance exam. (more)

In a strange twist of fate, a man is brought to court on wiretapping charges because of a law passed at his brother's urging, a brother often burned by electronic surveillance revelations in the media and currently engulfed in his own legal quagmire because of them.

Italy - A judge in the northern city of Milan on Friday sent Italian prime minister Silvio Berlusconi's brother to trial for the illegal publication of a wiretapped phone conversation in conservative Italian daily Il Giornale. (more)

Finally, Something in the Smoke-Filled Room that Actually Works

NC - North Carolina House Republicans caucused Friday at the state capitol. These meetings are essentially strategy sessions that are closed to the public. But unbeknownst to lawmakers, the media was able to listen in. WFAE's Greg Collard reports. 

About 20 minutes into the meeting, a lawmaker walked up to a microphone and asked, "Is this working?"

Was it ever.

The meeting took place in a legislative committee room where debate during public meetings is streamed on the web. There's also a feed to the press room.

These feeds are turned off when the political parties caucus. But today, the feed to the press room stayed hot.

So reporters listened in, recorded and posted the audio of a rare behind-the-scenes look at the political process. (more)

"How I lost three fingers making a cupcake bomb in the kitchen of my mom."

British intelligence agents have hacked into the online magazine of the Yemeni branch of Al Qaeda and sabotaged an article on bomb making, a government official said Friday. 

The English-language magazine Inspire had published an article last year titled “Make a Bomb in the Kitchen of Your Mom.” The agents, reportedly working for Britain’s eavesdropping agency, replaced the instructions with a recipe for cupcakes. (more) (cupcake cannon video)

The Future of Warrantless GPS Tracking in Doubt

DE - A criminal case making its way to the Delaware Supreme Court could help define personal privacy and set limits on how far police can go when using electronic surveillance in Delaware and perhaps across the United States.

The American Civil Liberties Union this week filed a brief in Delaware v. Michael D. Holden, urging the state justices to uphold a lower court ruling that essentially bars police from using Global Positioning Systems (GPS) to track people without a court-approved warrant.

Holden, 28 of Newark, was suspected of being a drug dealer and was electronically tracked for more than 20 days by police without a warrant, ending with his arrest after police discovered 10 pounds of marijuana in his vehicle after he visited a suspected drug distribution house. The judge in the case tossed out the drug evidence, ruling that the lengthy warrantless tracking of Holden amounted to an illegal search.

In its brief, the ACLU notes the U.S. Supreme Court has not yet ruled on this issue and legal experts agreed the state case could be part of a growing national debate over the reach of technology versus the boundaries of privacy.

The case will likely turn on the concept of the "reasonable expectation of privacy," said defense attorney and former prosecutor Peter N. Letang. (more)

What Will Anna Chapman Do Next?

Move over, TechCrunch and watch your back, Wired. The voracious self-promotion empire that is Russian spy babe Anna Chapman now claims another conquest. Russia’s sweetheart and America’s favorite deportee is taking over the reins as editor for a small venture capital newspaper.

Yes, hard as it may be to believe, a Putin ally from the intelligences services has found success in Russian business, politics and, now, media. Chapman will take over as editor of the Russian-language Venture Business News, a publication covering the world of venture capital. We’ll also be treated to Anna’s musings on matters economic in a weekly column, Field News. (more)

Anna's interesting time-line, July 2010 until now...

• U.S. sleeper spy who never awoke, was arrested and deported.

• Posed in lingerie for photo shoot.

• Attended a Russian space launch.

• Had a sing-along with Prime Minister Vladimir Putin.

• Nicknamed Agent "90-60-90" by the Russian press, referring to her alleged measurements.

• Attended a political youth rally.

• Attended a meeting of the commission on economic modernization and technological development of the Russian economy.

• Launched a weekly television show called "Mysteries of the World with Anna Chapman."

• Trademarked her name to pimp eight lines of merchandise, including vodka, clothing and watches.

• Assist the Russian space agency in designing a stylish new uniform for its personnel.

• Will run for Parliament in her native Russia. (No word on how this is working out.)

• And now, editor of a newspaper.

So, what have you done since last July?

Slacker Sack becomes Instant Private Meeting

All of us feel the need to make like an ostrich and hide from the world around us now and then. Could this be the answer? Lying somewhere between a travel cushion and a soft bag to put over your head, the OSTRICH is a design concept that aims to provide a portable retreat from any waking daytime environment where the stresses and strains of the day can melt away. (more) (more) 

Not being one to let a bad concept lay an egg, the scientists at the Spybusters Countermeasures Compound put their heads together and created the electronic surveillance resistant Instant Private Meeting.

Corporate Spying: The Next Growth Industry

via economywatch.com...

The corporate spying business is booming. The largest companies around the world are all involved in “competitive intelligence gathering” by highly trained professionals according to PricewaterhouseCoopers.

"Corporations have people trained to obtain raw data from a wide range of sources* and apply traditional intelligence analysis techniques to produce usable information," PwC dispute analysis and investigations director Richard Batten said. (more)

* electronic surveillance, dumspter diving, social engineering, decaying perimeter security measures, lack of (or ignored) information security policies, etc. — All are things a good counterespionage consulting specialist will address for you.

It's One Thing If You Lose Your Wallet...

It's another thing if Google loses it... 

"Your phone will be your wallet." That's what Google's promising with Google Wallet and Google Offers, which'll combine payments and deals in one neat package. And it's a pretty compelling little vision of the future of paying for stuff.

Google Wallet isn't really one thing, so much as a bundle things tied together in one package. It's an Android app. It's a way for you to pay for things with your credit or debit cards, using your phone. It's a coupon collector and loyalty card system. It's another way for merchants to let you pay and offer up deals. It hooks into other Google services, like Shopper (which shows you nearby deals) and Google Offers. And Google is planning for it to eventually store everything you'd keep in a wallet. (more)


It's the future. 
No escaping it. 
Déjà vu time. 
"With new conveniences comes new security vulnerabilities."