Monday, January 23, 2012

Security Director Alert: Eavesdropping via Video Teleconferencing

Covertly eavesdropping on boardroom chit chat using the teleconferencing system is not new. We've been demonstrating (and correcting) this problem for our clients for years. The vulnerability, however, has finally received some publicity. 
Result: Expect more attempts to access video teleconferencing systems.
Recommendations: Turn off the autoanswer feature on your teleconferencing system. Make sure your system is behind a firewall.

FREE offer: The full Murray Associates Video Teleconferencing Security Checklist is available to corporate security directors (only) at no charge. Contact me here, and get our Off-Site Meeting Checklist, too!.

via The New York Times...
One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment...the hacker was HD Moore, a chief security officer at Rapid7, a Boston based company that looks for security holes in computer systems...Mr. Moore has found it easy to get into several top venture capital and law firms, pharmaceutical and oil companies and courtrooms across the country...

“These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them.” 

New systems are outfitted with a feature that automatically accepts inbound calls so users do not have to press an “accept” button every time someone dials into their videoconference. The effect is that anyone can dial in and look around a room, and the only sign of their presence is a tiny light on a console unit, or the silent swing of a video camera. 

Two months ago, Mr. Moore wrote a computer program that scanned the Internet for videoconference systems that were outside the firewall and configured to automatically answer calls. In less than two hours, he had scanned 3 percent of the Internet. 

In that sliver, he discovered 5,000 wide-open conference rooms at law firms, pharmaceutical companies, oil refineries, universities and medical centers. He stumbled into a lawyer-inmate meeting room at a prison, an operating room at a university medical center, and a venture capital pitch meeting where a company’s financials were being projected on a screen. 

Among the vendors that popped up in Mr. Moore’s scan were Polycom, Cisco, LifeSize, Sony and others. Of those, Polycom — which leads the videoconferencing market in units sold — was the only manufacturer that ships its equipment — from its low-end ViewStation models to its high-end HDX products — with the auto-answer feature enabled by default. (more)

Friday, January 20, 2012

More NOTW Phone Hacking News

According to a report Friday in the British newspaper The Telegraph, a News Corp. division in the UK faces an investigation by the FBI into whether the now-defunct Murdoch tabloid News of the World hacked into a phone on U.S. soil. (more)

Personal Security: How To Avoid Being A Victim, Anywhere, Any time.

via Peter Shankman - NYC street kid, with cred. (abridged version) 

• Don’t develop a pattern of behavior.
• Know your surroundings
• DO NOT IGNORE YOUR GUT. If something doesn’t seem right, it probably isn’t.
• Have your keys in your hands
• Wherever you are, have a small powerful flashlight. 
• Instead of yelling “HELP” when something goes wrong, yell “FIRE!”
• Have a buddy system
• Know the people in your neighborhood.
• Don’t look like a Victim. Walk down a street with your head up and looking around.
Don’t stare (it can be taken as a challenge) but don’t be afraid to look at people.  
• Don’t be clueless 

Read the whole article here. 
Really, read it. Pass it on.

How to Bug a Germ

The world's smallest ear doesn't belong to any animal. Instead, it's a tiny piece of gold suspended in a laser beam. It can hear sounds a million times fainter than any human ear can, making it a powerful acoustic microscope.

The nano-ear is the work of Jochen Friedmann and Andrey Lutich of Munich's Ludwig-Maximilians University. The setup is a progression from the 1986 development of so-called "optical tweezers", which use laser beams to trap microscopic particles inside the most powerful part of the electric field. This effectively suspends the particle so that it no longer moves on its own - the only way it can move if something nearby disturbs it...

FutureWatch: The nano-ear would be hugely useful in bacteria, viruses, and other microorganisms, as being able to "hear" the sounds they make could provide vital new data on what distinguishes different strains. (more)

Illegal Eavesdropping Costs NOTW 1 Million...

...and that doesn't include the lawyers fees, and the lost revenue from having to shut down the paper.

UK - Rupert Murdoch's media empire has agreed to pay large payouts to 37 phone-hacking victims, including British actor Jude Law, football player Ashley Cole and former deputy prime minister John Prescott.

The High Court in London heard details of new settlements totaling about $1 million for illegal eavesdropping by Murdoch-owned tabloids on celebrities' phone conversations...

Law said he launched his case to find out the truth about the intrusion into his private life between 2003 and 2006. He said he changed his phones and had his house checked for bugs, but that the information continued to appear in the press. (more)

SpyCam Story #639 - The House Guest

CT - A Manchester man was charged Wednesday with 24 counts of voyeuristic recording of another person. Police said Paul Zajac, 20, of Union Street, was charged after a forensic examination of his computer turned up 24 images of people using a bathroom or changing in a bedroom in a home in South Windsor where he used to live. (more)

SpyCam Story #638 - The Hole in the Wall Gang

WA - A 33-year-old Renton man is accused of attempting to spy on his estranged wife by drilling a hole in her bedroom wall and inserting a tiny camera to record what was going on inside, according to King County prosecutors.

Michael James Halvorson, who was originally arrested Dec. 28 for violating a protection order, was charged earlier this month with residential burglary domestic violence, according to court records.

Halvorson and his wife of nine years separated in the spring and are in the middle of a divorce, according to charging papers. But they shared a duplex — he lived in one unit with his father, and she lived on the other side... A wall separated Halvorson's bedroom from his wife's...
 
...at 4 a.m., his wife was "woken up again by the sound of something drilling through her bedroom wall"...a "snakelike camera" equipped with a flashlight came through the wall, extending about 6 inches into the room... officers later found a home-inspection camera with a flashlight in Halvorson's bedroom, but were unable to locate Halvorson... Crumbled drywall was found on both sides of the hole, papers say. (more)

Thursday, January 19, 2012

Security Director Tip: Kill Crime Around Your Executives' Homes

Better than 10 Bobbies blowing their whistles. 
Turn their neighborhoods into networks of awareness.

A company called Village Defense provides neighborhoods with a real-time communication system that connects your executives with their neighbors.

Here's how it works when you are part of the Village Defense group...
"With one phone call, you have the ability to notify all your neighbors when a crime or suspicious activity is in progress, through a text message, home phone call, and cell phone call. Now, everyone knows exactly what's going on and what to look out for. Transition from living in isolation to connectivity by bringing your neighborhood into the 21st century." 

Does it work?
"Sims Estates, a once-struggling neighborhood in northwest Atlanta, has experienced a 73% reduction of crime due to the Village Defense real-time crime alert system." (more)

FutureWatch - Watch for this concept to spread from crime alerts, to alerts of all kinds (lost pets, door-to-door salespersons alerts, neighbor needs help, road conditions, for sale items, etc.). This would be an especially valuable service if local government joined in (recycle pick-up reminders, police news, posting town events, etc.). Think of it as a micro-Internet.

007 Rocks!

 UK - In a television program aired on Russian state television in 2006, Russia's FSB security service accused Britain of using the gadget for top secret communications in Moscow, but London did not admit to the charge at the time.

Now Jonathan Powell, who was chief of staff to then Prime Minister Tony Blair, has confirmed the Russians were correct.

"They had us bang to rights," Powell says in a BBC documentary to be aired on Thursday...
A combination of video grabs from footage broadcast by Russian state-run television in 2006 allegedly shows a man, said to be a British spy, in a park outside Moscow collecting a fake rock being used as a high-tech version of the spy's traditional letter-box or dead drop in which agents can anonymously deliver or retrieve information. (more)
 

Russian television claimed there was proof British spies used electronic equipment hidden inside a fake rock to exchange information between agents and embassy staff.

An agent would pass by and download data from his portable computer, while a diplomat would later collect it in a similar way. Four Britons involved in the spy ring have been identified by the Federal Security Service.

Christopher Pierce, the diplomat who was said to have installed the secret link, was also responsible for financing Russian non-governmental organizations with British grants, and so was one of the other alleged spies, Mark Doe...

Britain expressed “concern and surprise” over the allegations at the time. The “spy rock scandal” was taken with skepticism by many people, including Russians. They said it was either a scam or simply blown out of proportion in what was described as a Kremlin assault on NGOs. (more)
Click to enlarge.

Security Director Tips: Tell Employees about these Safety Apps

If you’re concerned that someone you care about could be in danger, or if you worry about safety yourself, here are a handful of apps that can help... 

bSafe
This free app lets users select personal Guardians, the people who will be notified when help is needed. All users’ guardians are alerted with an emergency SOS message that includes the sender’s location, while a direct call is placed to one specified contact.

StreetSafe
Unlike other safety apps that alert friends or family who may not be able to help in the event of an emergency, this iPhone app features a silent alarm that, when triggered, dispatches emergency help to your exact location. If you are feeling uneasy and want someone to stay on the phone with you until you arrive safely at your destination, you can also activate StreetSafe’s Walk With Me feature, which connects you with a trained Safety Advisor

MyForce
Before using this one you need to complete an online profile that includes your photo and any medical issues you may have. Then when MyForce receives an alert from you, it dispatches the nearest emergency responders and transmits to them your profile information. MyForce also records audio coming from your phone and reports any updates or movement to the authorities.

SecuraFone
This free iPhone and Android app provides free GPS tracking and monitoring that can be helpful when dealing with children, aging parents or employees. Once the app is downloaded to a phone, the SecuraFone account creator can log in to locate any phone registered to the account. (more)

And, of course, one featured here recently, Help!

Wednesday, January 18, 2012

SpyCam Story #637 - Games at the Party Store

MA - A business owner was arrested after he was caught watching his female employees via a video camera in the restroom. Police said Marco Silva, 40, of 1028 Rock St., Fall River, installed a covert video camera in the bathroom of Kolby Rentals, 2452 GAR Highway.

A female employee made a complaint to Swansea Police. She reported to Det. Marc Haslam that every time she and other female employees went to the restroom, Silva would go to his office and shut the door. The employee then noticed the bathroom view on Silva’s computer monitor in his office and notified police.

Police seized a covert camera in the bathroom during the search along with a VCR and monitor from Silva’s office. (more)

SpyCam Story #636 - "Just puttin' out personnel fires, Chief."

OH - The second in command in the fire department has been placed on administrative leave following accusations that he spied on the department through webcams...

...the investigation began after complaints ''that fire department personnel believed their personal activities and conversations while working at the department were being subject to video and / or audio surveillance.''

Firefighters told the chief and trustees that they believed that cameras on fire department computers were configured to remotely video and or audio record departmental personnel without their knowledge. (more)

Business Sports Espionage: 4th Olympic Arrest

UK - British police arrested a fourth man on Wednesday as part of an investigation into allegations of spying during a fiercely contested bid process to select who will move into London's Olympic stadium after the 2012 Games.

A 45-year-old man was detained in south London by officers from the Economic and Specialist Crime Command on suspicion of fraud. Material was seized during a search of a house, Scotland Yard said in a statement.

It is the fourth arrest since November following allegations by soccer club West Ham United and the public body the Olympic Park Legacy Company (OPLC) in respect of the unlawful obtaining of information.

OPLC chairwoman Margaret Ford has accused Premier League soccer club Tottenham Hotspur of putting all her 14 board members under surveillance. (more)

Wiretapping and Divorce Advice from a Lawyer

You think your wife is cheating on you? 
You remember the password to her Gmail account because you set it up for her? 
 You log into her account and discover emails between her and her new lover? 
Think that’s legal? 
Think that’s admissible evidence in court? 
Not so fast. 
Before you log onto your spouse’s email account or intercept any messages whatsoever whether email, voicemail, etc., consult with a lawyer about wiretapping laws. In your passion to discover what your spouse is doing, you might just violate federal wiretapping laws. This could backfire on you and could be more costly to you than the information you would otherwise discover is worth. Again, talk to a lawyer about this. (more)

Shawn L. Reeves is a Columbia, SC family lawyer. His office is located at 1201 Main Street, Suite 1980, Columbia, South Carolina.

Business Sports Espionage: KC Chiefs - Wiretaps & Bugs

KS - Buried amidst the hoopla of the divisional playoffs last weekend was an eyebrow-raising report in The Kansas City Star detailing some very serious accusations about life behind closed doors at Chiefs headquarters.


 
According to a report, Todd Haley was one of many ex-employees who thought the Chiefs' facility was bugged. (John Rieger/US Presswire)

According to the report, a culture of fear and paranoia has developed since Scott Pioli was hired as general manager in 2009, including claims of wire-tapping and room bugging. The suspicions were held by many former employees of the organization, including former coach Todd Haley.

One former high-ranking staffer said the level of paranoia "was probably the highest that I had ever seen it anywhere." Haley -- who wasn't quoted in the story -- reportedly stopped talking on his personal cell phone during the past year -- fearing it to be bugged -- and repeatedly checked his office for listening devices. (more)

P.S. The original headline for this report is: League not investigating bugging claims at Chiefs headquarters.
Can you think of any good reason why? 
Can you think of any nefarious reason why?
Credit to Todd Haley who had the sense to conduct TSCM (debugging) inspections.