Security Director Alert: How Spies Convince Someone They Work in Your Building

Re-framed, this article makes an excellent social engineering warning for your employees. The unknown person who fits this profile is exactly the person you want them to challenge...

There are fewer opportunities to put your social engineering skills to the test better than trying to convince someone you work at their establishment. Whether you just want to serve yourself a drink refill at a restaurant or you want to surprise your significant other with a birthday bouquet, here's how to get in unnoticed...

Take Advantage of Human Nature
The best way to get into a building or office that you want access to is to go in behind someone else. Most people call it "tailgating," and it's a serious security issue for offices, apartment complexes, college dorms, anywhere with restricted access, but it's your best friend here. 

Probably not a spy.

Dress the Part
This part requires some familiarity with the place you're going to visit, but no one is going to believe you work in an office where everyone is wearing shirts and ties if you walk in wearing a polo and jeans. Make sure you dress at or slightly above the dress code for the place you're visiting.

Be Ready for Questioning
Ideally, you'll be able to slip into an office and get around to where you need to be without any questioning at all. However, if you're overdressed, underdressed, or just unlucky enough to run into a curious employee, you need to be ready to deal with it.

Remember to Smile
Not always, of course—grinning to yourself will make you stand out—but keeping a relatively upbeat and positive demeanor will make you stand out less than someone who's hunched over, shifty-eyed, and ducking around corners wearing a Mission: Impossible serious-face. People by nature avoid confrontation, and you can use this to your advantage by being confident, being positive, and engaging when appropriate. (more via Alan Henry at lifehacker.com)

Tomorrow, the US Goverment Takes Over the Airwaves

If you have ever wondered about the government’s ability to control the civilian airwaves, you will have your answer on November 9th.

On that day, federal authorities are going to shut off all television and radio communications simultaneously at 2:00PM EST to complete the first ever test of the national Emergency Alert System (EAS).

Only the President has the authority to activate EAS at the national level, and he has delegated that authority to the Director of FEMA. (more)

QR Codes - Taking Candy from Strangers

QR codes, part of popular marketing strategies created to engage mobile device users, have become a vector for malware that hackers could use to remotely access all of the data in a person’s phone and record their every move through pictures and audio, according to cybersecurity researchers. And there’s no way to know once a device is infected.

In an interview on Tuesday with Security Management, Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs, a group of ethical hackers at a data security firm with expertise in investigations, research, and application security, said that most attacks that happen on mobile platforms occur when a user goes to malicious URL or they’re redirected to a Web site containing malicious code. Hackers are using QR codes as a tool to direct mobile phone users to those Web sites and infect mobile devices with malware. (more)

Foreign Spies Stealing US Economic Secrets Report Released (FREE)

The Office of the National Counterintelligence Executive (ONCIX) Report: "Foreign Spies Stealing US Economic Secrets in Cyberspace - Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011" has been released.
Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation's prosperity and security. Cyberspace—where most business activity and development of new ideas now takes place—amplifies these threats by making it possible for malicious actors, whether they are corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect.

Pervasive Threat from Adversaries and Partners:
Sensitive US economic information and technology are targeted by the intelligence services, private sector companies, academic and research institutions, and citizens of dozens of countries.

• Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC cannot confirm who was responsible.

• Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.

• Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.

Outlook:
Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security. The nature of the cyber threat will evolve with continuing technological advances in the global information environment.

"You're only a stranger here once!" ~Tampa, FL

Do you recall my prediction about Tampa?
FutureWatch (September 2008) - Although facial recognition and tracking didn't catch on the first go-around (the Tampa, Florida experiment), it is ripe for a come-back. 5 years from now, this will be commonplace – along with automatic license plate readers and motion-intention evaluators.

August 2003 - Tampa police have scrapped their controversial security camera system that scanned city streets for criminals, citing its failure over two years to recognize anyone wanted by authorities.

History...
July 2001 - The Tampa City Council took a fully-informed look at Ybor City's controversial high-tech face-scanning software. When the dust settled, the council split down the middle with a 3-3 vote on whether or not to do away with the face-scanning software.

Fast Forward... 2011 - via National Motorists Association...

The request reads like a shopping list for a counter-terrorism strike: low-light cameras to identify people and vehicles at 100 meters, helmet-mounted cameras, cameras for "use around high-risk activities" and cameras that can read license plates across three lanes of traffic.

In reality, it’s part of a plan proposed by Tampa city officials to provide security for next year’s Republican National Convention. Funds to buy or lease the gear are expected to come from federal taxpayers in the form of a $55 million congressional appropriation.

The surveillance will target convention protestors (as many as 10,000, according to convention organizers), but, given the sweeping nature of the plan, many bystanders and motorists are likely to be ensnared as well.

And while police officials admit they may not get all 238 cameras on the original request, critics are already reacting. A spokesperson for the American Civil Liberties Union of Florida likens the approach to "hitting a gnat with a sledgehammer." (To be fair, officials canceled a request for two aerial surveillance drones due to cost concerns.)

FutureWatch - Drones are already in some state and local police toy chests. Tampa will eventually get one, too.

"Anyone who feels they were hacked, please raise your hand."

News Corporation has begun a voluntary program that allows people who believe they have been the victims of phone hacking to apply online for compensation.

A statement issued Friday by the company’s British publishing unit, News International, urged possible victims to take advantage of the settlement plan, calling it a “speedy, cost-effective alternative to litigation.” Charles Gray, a former High Court judge and arbitration specialist, will assess the applications and serve as an independent adjudicator, News International said. There is no limit on how much the company might have to pay. (more)

"Come on, Joey. Halloween is over."

MA - Police arrested a Framingham man at gunpoint yesterday after he chased two women with a sharp lawn-edging tool, a prosecutor said yesterday in Framingham District Court.

Joseph Kenney, 48, is also charged with trying to illegally record police with his cellphone, prosecutor Christopher Baker said during Kenney's arraignment.

Police went to Elm Street yesterday around 1 a.m. to check on a large gathering in the street. There, they found Kenney chasing two women with a lawn edger, Baker said.

"The officers ordered him to drop it, and he didn't until the officers drew their weapons," Baker said.

Kenney complained that "those kids are always in my parking lot" so he confronted them, Baker said.

Police arrested Kenney, who lives at 10 Elm St., and initially charged him with assault with a dangerous weapon and disorderly conduct.

On the way to the police station, the officer noticed Kenney was using his phone, Baker said. Kenney told the officer he was recording him.

The officer said Kenney did not have permission to record his voice, but Kenney refused to stop. As a result, police charged Kenney with illegal wiretapping. (more)

True story. Only the street name has been changed to protect the innocent.

"Wake up, Nguyen. Time to spy on the submarine races."

When foreign spies set their sights on America's secrets, many times they're not looking underground for secret bunkers or in the sky for massive spy blimps, but under the sea at the nation's low-profile underwater drone fleet.

According to some of the military's top counterintelligence analysts, in recent years there has been a significant increase in both old school spying and cyber operations, especially by unnamed East Asian nations, directed at gaining classified information on America's autonomous underwater vehicles (AUVs) in hopes of undercutting the U.S.'s "underseas battlespace dominance." (more)

Must be a Saturday Night Live skit that didn't get used...

Croatian businessman Vladimir Selebaj, who has been jailed over malversations with his production company Core Media, speaks to his parents only in French due to fears of wiretapping.

A French citizen, Selebaj allegedly talks only in French during his parents visits because he thinks he is being targeted by the police chief, Oliver Grbic.  

Grbic is currently in a relationship with Selebaj’s wife, Dijana Culjak.

Selebaj has been detained in Zagreb Remetinec prison while the investigation is underway, daily Vecernji List writes. (more)

BlackBerry / India Ink Surveillance Contract - RIM shot

 Remember when India was threatening to shut down BlackBerry service unless it could tap user's communications? Reports have RIM operating a wiretapping facility in Mumbai to help with that.

Back in 2010, the Indian government set multiple deadlines for RIM to provide the government with access to encrypted BlackBerry communication or face a shutdown of BlackBerry services in the country. Those deadlines came and went, with RIM insisting that it has no back door that would let government authorities (or anybody else) decrypt and access communications on its BlackBerry Enterprise services. 

However, by the beginning of 2011 RIM had been working with the Indian government to provide access to consumer-level BlackBerry Messenger and BlackBerry Internet Services (BIS) email—and now the Wall Street Journal reports RIM is operating a small surveillance facility in Mumbai to process government requests for access to BlackBerry user communications. (more)

Spy Train Tracks Wirey Thieves

Using a thermal camera to track copper cable thieves.

UK - Network Rail said covert spy train patrols to deter metal thieves from the rail network are having an effect.

In the last year the price of copper has doubled and this year alone in the east there have been 72 serious incidents of cable theft, causing delays to more than 2,500 trains and costing the company more than £1m.

Look East joined Network Rail and the British Transport Police on a special spy train as they went on the hunt for thieves in Essex and Hertfordshire. (video)

A Simple Three Question Spy Movie Quiz

Go here. 

I got 2 of three. 

See what you can do.

Here is one from me...

What is the name of this famous spy story town?

What is its real name?

Did I live there for a week?

Answers later next week.

Enjoy your weekend!

~Kevin

Security Alert: Easy Bypass of iPad2 Passcode Screen (w/ fix)

PROBLEM...
Apple's Smart Covers are pretty cool--they attach magnetically to your iPad 2, and you can lock your iPad's screen simply by "closing" the cover. Lift the cover off the screen, and your iPad wakes right up. Unfortunately, members of the German forum Apfeltalk ("Apple Talk") discovered a bug in how iOS handles the Smart Cover that makes it possible to bypass the iPad's passcode screen. Yikes.

To trigger this glitch, hold down the power button and wait for the iPad to ask to power off. When that happens, place the smart cover over the tablet. Next, take the cover off again, cancel the power down, and you're in--no passcode required.

SOLUTION...
Apple is aware of the issue and is working on a fix. And for the time being, you can make it so your iPad doesn't automatically unlock when you open your Smart Cover; that way, even if someone uses this bypass trick, they'll only be greeted with the passcode screen. To change this setting, Open the Settings app, tap General, and change the setting for "iPad Cover Lock/Unlock" to "Off". (more)

Gang Members Are Coming For Your Info. What's Your Counterespionage Strategy?

The Federal Bureau of Investigation on Friday estimated there are some 1.4 million gang members in the United States and they are turning to white-collar crimes as more lucrative enterprises. 

Gangs like the Bloods and the Crips are engaging in crimes such as identity theft, counterfeiting, selling stolen goods and even bank, credit card and mortgage fraud, said a new FBI gangs threat assessment.

"We've seen it, but we've seen them doing it even more now and we attribute to the fact that the likelihood of being caught is less, the sentences once you are caught are less, and the actual monetary gain is much higher," said Diedre Butler, a unit chief at the National Gang Intelligence Center. (more)

Search Engine Encrypts Your Secret Yearnings, Lusts and Thirsts... for Knowledge

Click to enlarge.

Flash - "As of this week, Startpage, by Ixquick, the "world's most private search engine," automatically encrypts ALL searches. Startpage was the first search engine to offer SSL encryption in 2009, and today it again breaks new ground by making SSL encryption the default." (more)

Kevin's Security Scrapbook exclusive! Motion picture footage of the inside of a search engine's encryption kernel.