Those awkward silences during phone calls can communicate a lot. Especially if you're sending hidden messages during them.
Computer scientists at the Warsaw University of Technology have come up with a way to secretly send nearly 2000 bits of encrypted data per second during a typical Skype conversation by exploiting the peculiarities of how Skype packages up voice data. They reported their findings this week...
First the researchers noted that even when there's silence in a Skype call, the software is still generating and sending packets of audio data. After analyzing Skype calls, they found that they could reliably identify those silence packets, because they were only about half the size of packets containing voices. SkyDe (for Skype Hide) encrypts your hidden message, grabs a certain portion of outgoing silence packets, and stuffs the encrypted message into them. (more)
Important point: Conventional steganography hides data within photos and pictures. Downside... Your hidden message may languish on servers in multiple places for a long time, where it could eventually be discovered. Sky-De reduces this vulnerability. ~Kevin
How do the digital detectives on the net snare you?
This infographic makes the mysterious, fathomable...
See the full graphic here.
Unmanned aerial vehicles (UAVs or "drones") are fast becoming an ever-present eye in the sky, potentially granting governments greater strike and surveillance capabilities than even Orwell’s fictional Big Brother could hope to wield. In response, NYC artist Adam Harvey has created a series of garments which claim to reduce the effectiveness of UAVs.
Harvey’s garments include an anti-drone hoodie and scarf, which are designed to block the thermal imaging cameras used by many airborne drones. The designer also created a burqa which appears to function in much the same way.
 |
| Click to enlarge |
Harvey is currently selling the designs, and would-be shoppers can pick up an anti-drone hoodie for £315 (or around US$500).
The Stealth Wear collection is on display in the UK at Primitive London until January 31. (more)
Worried about all those security cameras tracking your every move? Try rocking one of these visors and enjoy anonymity once again.
At least that's what Isao Echizen from Japan's National Institute of Informatics is trying to achieve with the Privacy Visor (PDF).
Developed with Seiichi Gohshi of Kogakuin University, the visor has a near-infrared light source that messes up cameras but doesn't affect the wearer's vision, according to the institute.
They're hardly fashionable, but the lights create noise that prevents computer vision algorithms from extracting the features needed to recognize a face. (more) (get the t-shirt) (sing-a-long)
via one of our Blue Blazer irregulars... (thanks!)
From Russian photoblog PhotoShtab.ru comes these great pictures of Cold War-era miniature gadgets that KGB spies and others used to monitor, smuggle, and kill (via RussiaEnglish).
Seeing as we have just seen the new adaptation of John Le Carre's Tinker Tailor Soldier Spy, these photos are a another great reminder of how paranoid and insane that whole 'Cold War' period was. (many more gadgets)
P.S. If you like seeing Cold War spy tools, your really need The Ultimate Spy Book, by historian H. Keith Melton. It is loaded with large glossy photos of the CIA's Greatest Hits, and the fascinating history of spies and their gadgets.
On January 14, 2013, President Obama signed the Foreign and Economic Espionage Penalty Enhancement Act of 2012.
The Act enhances the penalties for certain violations of the Economic Espionage Act.
The purpose of the Act was to amend title 18, United States Code, to provide for increased penalties for foreign and economic espionage.
Under the Act, the upper limit of penalties for individual offenses of Section 1831(a) are increased from $500,000 to $5,000,000 and the upper limit for corporate offenses of Section 1831(b) are increased from $10,000,000 to the greater of $10,000,000 or 3 times the value of the stolen trade secret to the organization, including expenses for research and design and other costs of reproducing the trade secret that the organization has thereby avoided. (more)
Why this approach alone has never worked, and what will work...
"A Cunning Plan to Protect U.S. from Business Espionage"
Historian Helen Fry, who has written a book called The M Room: Secret Listeners who bugged the Nazis., says the information gleaned by the eavesdropping of the German generals was vitally important to the war effort - so much so that it was given an unlimited budget by the government.
 |
| Click to enlarge. |
She believes what was learned by the M room operations was as significant as the code-breaking work being done at Bletchley Park.
"British intelligence got the most amazing stuff in bugging the conversations. Churchill said of Trent Park that it afforded a unique insight into the psyche of the enemy. It enabled us to understand the mind-set of the enemy as well as learn military secrets. "If it wasn't for this bugging operation, we may well have not won the war." (more)
...so he can outsource his job!
A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet.
Verizon investigators found that he had hired a software consultancy in Shenyang to do his programming work for him, and had FedExed them his two-factor authentication token so they could log into his account. He was paying them a fifth of his six-figure salary to do the work and spent the rest of his time on other activities...
Further investigation found that the enterprising Bob had actually taken jobs with other firms and had outsourced that work too, netting him hundreds of thousands of dollars in profit as well as lots of time to hang around on internet messaging boards and checking for a new Detective Mittens video. (more)
Not a horse-fly, a real horse.
My friend and colleague, Tim Johnson, relates the tail tale...
"I was contacted to do a debugging sweep of a company executive area and an executive residence in a midwestern state. Having concluded the examination of the offices without finding anything I proceeded to the residence where I repeated the process.
During the radio frequency examination I detected a radio frequency that I noted for additional analysis. In doing a further examination of the signal it was determined to be originating from outside the residence. This was done by moving my receiver to different locations and checking the signal strength.
There was a barn located in the general direction of the signal path so I went out and did a further check." (more)
(Foal Alert Transmitter)
Vodaphone wondered too...
In The Lost Phone Experiment, Vodaphone planted 100 phones throughout the Netherlands, and tracked their
fortunes via a web site.
They came up with some interesting data about
how many are returned, where they traveled to, what they were used for, and by
who. Open the site up using Chrome and hit "Translate" so you can read it in English. (more)
Spoiler Alert: About 30% were returned to their owners.
Critical control systems inside two US power generation facilities were found infected with computer malware, according to the US Industrial Control Systems Cyber Emergency Response Team.
Both infections were spread by USB drives that were plugged into critical systems used to control power generation equipment, according to the organization's newsletter... (more)
(reiteration time) - "If you are not sure where it has been, don't stick it in."
~ Kevin
AMD has filed (and been granted) a request for immediate injunctive relief against multiple former employees that it alleges stole thousands of confidential documents. Named in the complaint are Robert Feldstein, Manoo Desai, Nicholas Kociuk, and Richard Hagen. All four left AMD to work at Nvidia in the past year.
The loss of Feldstein was particularly noteworthy, as he’d been the head of AMD’s console initiatives for years. Feldstein was behind the work that landed AMD the Wii U, PS4, and Xbox Durango.
The AMD complaint states that “He [Feldstein] transferred sensitive AMD documents, and in the next six months, the three defendants either did the same thing...
AMD claims to have forensic evidence that three of the four defendants transferred more than 10,000 confidential files in total, with the names of the files in question matching “either identically or very closely to the names of files on their AMD systems that include obviously confidential, proprietary, and/or trade secret materials related to developing technology.” (more)
Almost 25 percent of Android apps feature code that can access application permissions and cause security vulnerabilities, according to a new study by mobile security firm TrustGo.
Of the 2.3m Android apps analysed by TrustGo in the fourth quarter of 2012, 511,000 were identified as high risk, defined as being able to make unauthorised payments, steal data or modify user settings.
Not all of the apps are universally available. For example, just 10 percent of apps in the US and Western Europe had a high risk for causing security issues. While China was reported to have the most high risk apps available for download. (more)
The FBI calls it a “sensitive investigative technique” that it wants to keep secret. But newly released documents that shed light on the bureau’s use of a controversial cellphone tracking technology called the “Stingray” have prompted fresh questions over the legality of the spy tool.
Functioning as a so-called “cell-site simulator,” the Stingray is a sophisticated portable surveillance device. The equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network.
The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications. But by design Stingrays, sometimes called “IMSI catchers,” collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service—which critics say violates a federal communications law. The FBI has maintained that its legal footing here is firm. Now, though, internal documents obtained by the Electronic Privacy Information Center, a civil liberties group, reveal the bureau appears well aware its use of the snooping gear is in dubious territory...
It’s likely that in the months ahead, a few more interesting nuggets of information will emerge. The FBI has told EPIC that it holds a mammoth 25,000 pages of documents that relate to Stingray tools, about 6,000 of which are classified. The Feds have been drip-releasing the documents month by month, and so far there have been four batches containing between 27 and 184 pages each. Though most of the contents—even paragraphs showing how the FBI is interpreting the law—have been heavy-handedly redacted, several eyebrow-raising details have made it through the cut. (more) (Stingray explained)
1985 - Van Eck phreaking is the process of eavesdropping on the contents of a CRT or LCD display by detecting its electromagnetic emissions. It is named after Dutch computer researcher Wim van Eck, who in 1985 published the first paper on it, including proof of concept.[1] Phreaking is the process of exploiting telephone networks, used here because of its connection to eavesdropping.
2009 - A simple experiment showing how to intercept computer keyboard emissions.
It is notable that there is:
• no connection to the Internet;
• no connection to power lines (battery operation);
• no computer screen in use (eliminates the screen emissions possibility);
• and no wireless keyboard or mouse.
Intercepted emissions are solely from the hard-wired keyboard.
The interception antenna is located about one meter away. (This is why we look for antenna wires under desks, and metal parts on desks to which wiring is attached.)
(video 1) (video 2)
The point is, if one can get an antenna withing close proximity of your computer, what you type belongs to them.
December 2012 - Not satisfied with pulling information from your keyboard, injecting information becomes a concern (pay attention investment firms).
"The roughly half-dozen objectives of the Tactical Electromagnetic Cyber Warfare Demonstrator program are classified, but the source said the program is designed to demonstrate ready-made boxes that can perform a variety of tasks, including inserting and extracting data from sealed, wired networks.
Being able to jump the gap provides all kinds of opportunities, since an operator (spy) doesn’t need to compromise the physical security of a facility to reach networks not connected to the Internet. Proximity remains an issue, experts said, but if a vehicle can be brought within range of a network, both insertion and eavesdropping are possible." (more)
2013 is going to be an interesting year. ~Kevin
Computer scientists at the Warsaw University of Technology have come up with a way to secretly send nearly 2000 bits of encrypted data per second during a typical Skype conversation by exploiting the peculiarities of how Skype packages up voice data. They reported their findings this week...
