Android Cell Phone Users Security Alert

Malware targeting Android users has nearly quadrupled since 2011. As you can see in the graph, 10 Android malware families were detected in Q1 2011. This number increased for two quarters in a row, then dipped for one, and then finally settled at 37 in Q1 2012. That means a year-over-year growth of 270 percent.

The data comes from security firm F-Secure. The trend was revealed today in the company’s 47-page Mobile Threat Report Q1 2012 (PDF).

It makes sense that both the number of malware families and malicious Android APKs is increasing, but it’s still staggering to see that the latter number is now over 3,000, whereas last year it was just above 100.

The increase in malware numbers is indicative of a wider increase in mobile threats, according to F-Secure. Even more worrying, however, is that the Finnish security firm warned many of the apps are targeting Android users’ financial data, noting that 34 of the current malware families are designed to steal money from infected smartphones. (more)


Tip: Do not download, open or install anything unless you absolutely need it and are 100% confident it is coming to you from a trusted source. ~Kevin

Password Evaluation Program Will Surprise You

Think your password is effective. You might just want to test it and think again.

Passfault evaluates the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple. 

When setting a password, Passfault examines the password, looking for common patterns. Passfault than measures the strength of the patterns and combinations of patterns. The end result is a more academic and accurate measurement of password strength. (more) (test your password)

You might think a password like 123!@#qweQWE would provide excellent protection. Wrongo. It can be cracked in a day according to Passfault. Why? Because it contains a readily identifiable pattern of keystrokes. Now try something easy to remember like ToBeOrNotToBe. Surprised? Thought so. ~Kevin

America Begins to Strike Back Publicly Against Trade Secret Thefts (Plus, an idea for a change in the law.)

The Federal Bureau of Investigation's spy hunters usually shy away from drawing attention. But they're hoping the public takes notice of a new campaign trying to stop foreign spies from stealing trade secrets from U.S. companies. 

The FBI, which is responsible for investigating breaches by foreign intelligence agencies, Friday will unveil billboards in nine cities around the country with the message: Protect America's Trade Secrets. The billboards direct the public to a section of the FBI website where the bureau provides warning signs to look for in the cubicle next to you.

Behind the campaign is the government's view that state-sponsored espionage targeting companies is growing so fast it is a national security concern. Lost trade secrets lead to lost jobs and in a time of economic struggle poses a national threat, says Frank Figliuzzi, the FBI's assistant director for counterintelligence. (more)

Note to FBI... Awareness is good, but it is not enough. Some private-sector intellectual property is so vital it should be classified as a National Security Resource.  

The centuries-old, lopsided, 'punish the spy' model of protecting intellectual property has never worked. (more) (more) Caretakers of national security level proprietary information need to be held legally accountable for its protection. Doing this will give the law the balance and weight it needs to be effective.

Recommendation: Amend the Espionage Act to include mandatory, pro-active, business counterespionage security requirements. ~Kevin

Cell Phone Tracking Insight - You're In Sight

This week at the CTIA show in New Orleans, Polaris Wireless unveiled Altus Mobile, an application that lets law-enforcement personnel track suspects via their cellphone numbers or mobile equipment identifier — a 56-bit identification number that is burned into the device and is extremely difficult to modify. The application leverages Polaris’s Wireless Location Signatures platform, which simultaneously can locate all subscriber devices on a wireless network, both in real time and historically.

That means law-enforcement officers will know where a suspect is, where he has been and where he is heading at any given moment, said Mahesh Patel, Polaris’s senior vice president of products and technology.

“Previously, this information was available to them on their desktops through our Altus surveillance solution, but now officers can take this information into the field with them,” Patel said. “Real-time access to this kind of intelligence will be a big plus for tactical operations.” (more)

Verizon Mates With Cellcrypt - Bet You Can't Hear Me Now

UK mobile security firm Cellcrypt is partnering with carrier giant Verizon to sell its voice encryption technology for mobiles and smartphones to the US Government, the pair have announced.

Already in testing with unnamed US Government departments the service will be formally released later in 2012 as a co-branded product that marks a major foot in the door for Cellcrypt.

Working on Android, iPhone and BlackBerrys, the company’s software encrypts GSM mobile, WiFi and satellite phone calls to FIPS 140-2 level between handsets running the same software, defeating the potential for man-in-the-middle eavesdropping. (more)

FBI - Beware of Software Update Messages when Traveling

Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms.

Recently, there have been instances of travelers' laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available. 

The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. (more)

Spook Summer School Saturday

Spy School — a Tampa Bay History Center program specially designed for teens — will instruct youngsters about surveillance, information gathering and disguise

Agents and experts will teach children ages 12 to 18, offering tips on how to enter the espionage career field.

The program costs $60 per student but history center members get a $5 discount. Spy School begins Saturday and offers a guided tour with curator Rodney Kite-Powell.

The Tampa Bay area might not seem like an obvious spy hub. But many retired FBI, CIA and military members live in the area, and one of the nation's more high-profile spy court cases unfolded in 2001 in a U.S. District Court in Tampa. Also, United States Special Operations Command is based in Tampa.

For information on Spy School, call (813) 675-8960 or email Jennifer Tyson, the center's assistant curator of education, at jtyson @tampabayhistorycenter .org. (more)

P.S. This is part of the International Spy Museum's traveling road show, "Spies, Traitors, Saboteurs: Fear and Freedom in America." One of the show's features are historical artifacts on loan from Murray Associates / Spybusters, LLC; an APL Badge and ID Card (1917) carried by operatives of the American Protective League (APL) who spied on their fellow Americans on behalf of the U.S. Justice Department during World War I. (see them here)

Spybusters Tip #834 - Singing the Butt-Dialing Blues

Spybusters Tip #834 - Stop butt-dialing by using your phone's password feature.

Here's what happens when you don't...

World's worst butt-dialing story. 

Druggie butt-dials police. Busted.
T-Mobile's Butt Dialing commercial.
"Butt" Dialing Becoming A Problem For 911 Dispatchers.

Brilliant Video Game Thieves Butt-Dial 911 and Brag.
Police bust butt-dialer thanks to a crack in the case.

...and it gets worse.

Free Security e-Book of the Week

FREE book: Fundamentals of Media Security (110 pages)

The most interesting chapters...

• Steganography

• Digital Watermarking

• Digital Scrambling

• Digital Surveillance  

Enter your email address in #1. (The other three questions are benign.) The ebook will download as a pdf.

"The secret of life is honesty and fair dealing. If you can fake that, you've got it made."

India - Government today dismissed as "outrageous lie" a media report that at the behest of Home Minister P Chidambaram and his ministry telephones of key government functionaries were bugged. An official statement said attention of the Government has been drawn to a news story published in 'Chauthi Duniya' recently. "The story contains outrageous, baseless and defamatory allegations. There is no truth in the story whatsoever. The allegations that telephones were bugged at the instance of the Home Minister or the Ministry of Home Affairs is an outrageous lie," it said. The statement said that the government reserves its right to take appropriate action against the offending newspaper. Government would like to caution other newspapers and media not to reproduce or repeat the aforesaid story, it said. (more) (alternate quote)

Town Clerk Charged for Recording Colleagues

MI - Augusta Township Clerk Kathy Giszczak has been charged with eavesdropping for tape recording a conversation between the township supervisor and former deputy treasurer.

She turned herself in for the warrant on these charges by coming to the walk-in arraignment...Giszczak is free on a personal recognizance bond.

She has been charged with one count each of eavesdropping and using or disclosing information obtained through eavesdropping. Both counts each carry a maximum penalty of two years in prison and a $2,000 fine. (more)

Ra-Parents Forcing Kids to Live Undercover

Kids are desperate to flee from their parents’ spying, reports the Wall Street Journal. In a piece about “Tweens’ Secret Lives Online,” the Journal tracks the online lengths kids are going to in order to get away from their stalkerish parents.

Digital anthropologist danah boyd told me last year that teens then were fleeing from Facebook to Twitter to escape the prying eyes of adults. WSJ journo Katherine Rosman says that Instagram is now one of the tools kids use to exchange messages in a semi-public way (where the public doesn’t include nosy adults)... 

My own parents certainly didn’t have that luxury. I would disappear with my bike (Me too. With no freakin' helmet, of course.) on a Saturday and be completely out of touch, my whereabouts unknown for hours at a time.

Let’s hope that digitally enabled overparenting doesn’t completely crush kids’ freedom of exploration. Let tweens actually have a little bit of a secret life. (more)

Illegal Watergate Wiretaps Requsted to be Released

A historian of the Richard Nixon presidency wants to review sealed wiretap materials stemming from the 1972 burglary at the Watergate hotel and subsequent criminal prosecutions.

In a pending case in Washington's federal trial court, the U.S. Justice Department on May 3 said "the request for the content of illegally obtained wiretaps poses an unusual legal issue that the department intends to address in its response."

Justice Department lawyer Elizabeth Shapiro asked Chief Judge Royce Lamberth of U.S. District Court for the District of Columbia for two more weeks to respond to the request from Luke Nichter, an assistant professor of history at Texas A&M University. The earlier deadline was May 5.

“These and other sealed materials may be the key to determining why the Watergate break-in occurred, who ordered it, and what the burglars were looking [for],” Nichter, who specializes in American political history, wrote in a letter (PDF) to Lamberth in 2010. Nichter is researching whether exposing a prostitution ring was the real reason for the Watergate burglary. (more)

Weakness of U.S. Counterespionage Law Examined

...a recent US court ruling that dealt a blow to the fight against corporate espionage in saying the download of proprietary data does not amount to a criminal offense. (more)

Would you use spy gadgets in order to get custody of your kids?

On Thursday, "ABC World News with Diane Sawyer" explored the increasing use of surveillance equipment among exes in divorce and custody cases, from hiding a camera in a child's teddy bear to installing tape recorders in the home of an ex. (more)