Saturday, October 19, 2013

Yet Another Bird Spying Story

Headlines of fowl accused of spying for Israel are making rounds again in Middle Eastern press, with the most recent bird of espionage 'arrested' in Lebanon. Hezbollah and Iranian-affiliated websites reported today that an Israeli 'spy eagle' had been caught this past weekend in Lebanon. 

According to one Lebanese news site, the eagle had been caught in the town of Achkout by local hunters who alerted authorities after discovering that the bird had an ID ring attached to its leg with the words "Israel" and "Tel Aviv University" printed on it. (really bad spycraft :) 

"On the lookout for bird spies here."
The Hezbollah- affiliated Al-Manar TV, whose news site's section on Israel is simply called "Enemy Entity," claimed that the eagle was one of many birds sent by Israel to spy and gather information via GPS transmitters across the Middle East. The report pointed to the "arrest of birds carrying similar devices" in Saudi Arabia, Turkey and most recently in Egypt. (more) (sing-a-long)

Gordon Ramsay Knows What's Cooking... in His Daughter's Bedroom... using a SpyCam

Gordon Ramsay has admitted to being all kinds of inappropriate by revealing he put a video camera in his 15 year old daughter's bedroom to see what she gets up to with her boyfriend.

It seems Ramsay is not the first. Last year an American college student was granted a civil stalking order against her overprotective parents after they installed spying software on her electronic devices.(more)

Business Espionage - Top Businessman Bugs Other Top Businessman

Australia - When prominent Melbourne businessmen Grant Custance and David Morrell first crossed paths in 1975 as students at prestigious Geelong Grammar, neither could have foreseen that almost 40 years later they would be locked in a brutal feud involving police, lawyers, tracking devices and crisis management consultants.

The public stoush between the Toorak heavyweights, which dates to a business deal between the two in 2010 that landed Mr Custance in the Magistrates Court, has taken a new twist, with allegations Mr Custance paid for a private detective to shadow Mr Morrell and scrutinise his ''business practices and moral conduct''.
An electronic tracking device was fitted to Mr Morrell's luxury car in March last year, with other plans to ''manipulate and extract information from mobile phones, computers and listening devices'', according to a report prepared for Mr Custance by private investigator and former police officer Damian Marrett. The two-week surveillance was code-named Operation Bulldog and included extensive background checks, company searches and tailing Mr Morrell, who is a buyer's advocate with an extensive list of wealthy and powerful clients. (more)

Thursday, October 17, 2013

Three Tips to Keep Your Mobile Data Safe

Keeping your mobile gear secure while you’re zipping across the grid is tricky business. Laptops and tablets—veritable gold mines of personal information—are popular targets for thieves. Law enforcement officials, meanwhile, could confiscate your smartphone and then examine the data—merely as a result of a routine traffic stop.

If you’re packing an Android device, it gets even trickier, because with such a device, you stand a better chance of falling prey to the booming mobile malware market. Independent malware testing lab AV-Test had less than 10,000 Android malware samples in its database by late 2011. Now, two years later, that number has blossomed to around 1.3 million.

Step One:
Encrypt everything

One of the easiest things you can do to protect an Android or iOS device is to take advantage of built-in hardware encryption. This feature will turn the data on your phone into nearly unreadable junk—unless it's properly unlocked with your password.

Let's start with the easy one: iOS. Owners of iPhones or iPads can rest easy knowing the data is already encrypted, provided you create a passcode from the lock screen.

Step Two:
Keep malware at bay


Android users are particularly vulnerable to malware. Google, unlike Apple, doesn’t vet applications before they go live on Google Play. This has proven an easy way for malware creators to sneak malicious apps onto Google’s app store. Malware-laden apps range from those offering free device wallpaper to games, and even to impostors that try to look like popular apps.

That’s why security vendors such as Avast, Kaspersky, and Lookout offer antivirus and security apps for Android to help keep you secure online. But how good are these apps, really? Back in late 2011, results from the AV-Test lab found that the free solutions were nearly useless.

Step Three:
Go Covert


You can protect your data from being nabbed by a Customs agent and downloaded into some massive data silo in the Utah desert. The Electronic Frontier Foundation suggests an interesting option: Leave the hard drive at home and boot your laptop from an SD card.

(Full instructions on how to create a Ubuntu boot disk or USB boot drive in Ubuntu guide for displaced Windows users.) ...Even if you don’t have any sensitive data to protect, this is such a great, secret-agent-style use for your laptop that you might want to try it simply for the cool factor. (more)

Wednesday, October 16, 2013

Eavesdropping on the Brain: Mind-Reading Devices Could be Possible in the Future

Could we read minds? Scientists are certainly one step closer after this latest study. Researchers have managed to collect the first solid evidence that the pattern of brain activity seen in someone performing a mathematical exercise under experimentally controlled conditions very similar to that observed when the person engages in quantitative thought in the course of daily life. The findings could lead researchers to a way to "eavesdrop" on the brain in real life. 

"This is exciting and a little scary," said Henry Greely who played no role in the study but is familiar with its contents, in a news release. "It demonstrates, first, that we can see when someone's dealing with numbers and, second, that we may conceivably someday be able to manipulate the brain to affect how someone deals with numbers."

In order to examine the thought processes of volunteers, the researchers monitored electrical activity in a region of the brain called the intraparietal sulcus. This part of the brain is known to be important in attention and hand motion. Previous studies have hinted that some nerve-cell clusters in this area are also involved in numerosity, the mathematical equivalent of literacy.

The scientists used a method called intracranial recording, which allowed them to monitor brain activity while people were immersed in real-life situations. The researchers tapped into the brains of three volunteers who were being evaluated for possible surgical treatment of their recurring, drug-resistant epileptic seizures; this involved removing a portion of the patient's skull and positioning packets of electrodes against the exposed brain surface. (more)

Two Arrested for Eavesdropping on Previous Employer's Conference Call

A man and a woman surrendered at Wilton Police headquarters on warrants issued by Norwalk Superior Court. They were charged with eavesdropping on a former employer.
 

The two had worked for a business at 64 Danbury Rd and been released from employment in March of 2013. During their employment they had participated in a weekly conference call with other employees beyond the site. During a June 2013 conference call, which included upwards of 50 people one of the employees picked up background noise, according to Wilton Police, and the noise was traced back to the cell phones belonging to the two former employees.

According to Wilton Police, the former employer was concerned because of the confidential nature of the conference calls, which may have included information pertaining to company strategy that might be used by a competitor and information concerning client relationships, billing and operations. (more)


Over the years, you have read many posts here about organizations being victimized by eavesdroppers on their conference calls. Hence...

Spybusters Tip # 879

CrowdCall, a specialized conference-calling app available for iOS and Android smartphones and the web. 

Instead of scheduling a dial-in line, e-mailing all parties involved and then hoping everyone calls at the appointed time, CrowdCall's interface lets users choose up to 20 participants from their contacts list and LinkedIn connections and dial them immediately (assuming the contacts have added their phone number to their LinkedIn profiles). When participants answer, they simply push "1" to enter the conference--they don't even need to have the app to participate.

...one feature in particular makes it attractive to small businesses. Because the call originator controls invitations, unauthorized participants can't use dial-in information to access the call, providing a measure of security when discussing sensitive information. (more)

Video Game CEO Throws Employees Arrested for Spying Under the Virtual Bus

Two Bohemia Interactive developers have been arrested on the Greek island of Lemnos for spying, company CEO Marek Spanel confirmed today. The executive explained on the company's official forums that the firm will not go into further details on the matter.

According to Greek reports surfacing recently, the pair were in possession of videos and photos of military compounds in Lemnos at the time of their arrest. The Greek island is the main location for Bohemia Interactive's upcoming shooter Arma III, with the two reportedly claiming they were collecting reference material for the game. 

UPDATE: Bohemia Interactive CEO Marek Spanel has released a statement about the incident, claiming the two employees were visiting the island of Lemnos "with the sole purpose of experiencing the island's beautiful surroundings".

"Since its establishment in 1999, Bohemia Interactive has created games based only upon publicly available information," Spanel said. "We always respect the law and we've never instructed anybody to violate the laws of any country. The same is true for Arma III."

Spanel said the studio is training its efforts on supporting the two employees arrested in Greece, and that he hopes the incident is nothing more than "an unfortunate misunderstanding of their passion as artists and creators of virtual worlds". (more)

Tuesday, October 15, 2013

Forget the NSA. That Smartphone Snooper May Be Your Spouse

It's not just the National Security Agency spying on smartphones. Many ordinary people are also using sophisticated software to eavesdrop on the wireless communications of their lovers, children and business rivals.

According to a new study that examined the data traffic of mobile devices operating on the Middle Eastern network of a European carrier, hundreds of people had some form of surveillance software installed on their phones.

These aren't malicious apps that the users had been tricked into downloading. They're pieces of commercially available spyware that people with physical access to the devices have installed to secretly log each text message, phone call and contact, and in some cases, eavesdrop on calls in real time. (more)

Business Espionage Cautionary Tale - How Bugs Get Planted and More

Last Christmas Eve, a man broke into Adara Networks’ San Jose headquarters, using copies of both physical and electronic keys. He seemed to know exactly what he was looking for. The thief left rows of desks untouched as he cruised toward the lab holding the source code for Adara’s proprietary data-center networking software. Fortunately for Adara, he triggered an alarm on the lab door and fled.

“Snatch and grab” crimes, in which crooks enter an office and carts off a few loose laptops, happen occasionally in Silicon Valley. Chief Executive Officer Eric Johnson sensed that his case was more serious, though. Adara’s next-generation networking technology could be attractive to nations hoping to capture more of the global telecommunications market. So Johnson brought in contractors to sweep the offices for bugs, in case a foreign government was listening...

To make it harder for the thieves, some companies are paying for “penetration testing,” hiring security consultants to probe their defenses... Silicon Valley has a long history of thievery and espionage. (more)

Many of my reports for clients contain details and photos about how an after-hours espionage/eavesdropping attack can easily happen to them. They receive recommendations for remediation, too. 

Spybuster Tip #004: Periodic inspections help deter penetrations and information losses. Conduct them once per quarter.

D-Link Promises Fix for Home Router Firmware Flaw by End of the Month

A backdoor has been found in firmware used in several models of D-Link and Planex home routers. The flaw can easily be exploited to take control of vulnerable devices and spy on browsing activity. D-Link is aware of the issue and says a fix will be available by the end of the month. (more)

How NSA Breakthrough May Allow 'Burner' Phone Tracking

via Dan Goodin, Ars Technica 
In the HBO hit series The Wire, disposable cell phones were the bane of detectives' lives. Drug dealers obtained these prepaid "burners" in mass quantities with cash at multiple stores hundreds of miles away from where they were used.

After a week or two of use, a crook would destroy one cheap handset and fetch a new one. The Baltimore Police detectives' inability to tap the phones stymied their investigation into one of the city's most ruthless crime families — until they found a way to track the devices.

The National Security Agency may have made a similar breakthrough. Cato Institute researcher Julian Sanchez recently pulled a few sentences from a 2009 declaration by NSA Director Keith Alexander. They describe an unnamed tool that routinely accessed the vast database of call records assembled by the NSA. Sanchez argues that the purpose may be to identify burner phones used by NSA targets. (more) (via Schneier)

The Taliban's Ultimate Bug? - A Bomb in a Microphone!

A bomb planted inside a mosque killed the governor of Afghanistan's eastern Logar province as he was delivering a speech Tuesday morning to mark the Muslim holiday of Eid al-Adha, officials said...

Tuesday's explosion took place as Jamal was speaking inside the mosque to worshipers gathered for one of Islam's holiest days, said Logar's deputy police chief, Rais Khan Abbul Rahimzai.

The bomb was apparently planted inside a microphone in the front part of the mosque, said two officials, speaking on condition of anonymity because they were not authorized to speak to the media. (more)

The Rube Goldberg Toy I Want for My Birthday

Monday, October 14, 2013

The CIA’s Most Highly-Trained Spies Weren’t Even Human

There would be a rustle of oily black feathers as a raven settled on the window ledge of a once-grand apartment building in some Eastern European capital. The bird would pace across the ledge a few times but quickly depart. In an apartment on the other side of the window, no one would shift his attention from the briefing papers or the chilled vodka set out on a table. Nor would anything seem amiss in the jagged piece of gray slate resting on the ledge, seemingly jetsam from the roof of an old and unloved building. 

Those in the apartment might be dismayed to learn, however, that the slate had come not from the roof but from a technical laboratory at CIA headquarters in Langley, Virginia. In a small cavity at the slate’s center was an electronic transmitter powerful enough to pick up their conversation. The raven that transported it to the ledge was no random city bird, but a U.S.-trained intelligence asset. 


Half a world away from the murk of the cold war, it would be a typical day at the I.Q. Zoo, one of the touristic palaces that dotted the streets of Hot Springs, Arkansas, in the 1960s. With their vacationing parents inca tow, children would squeal as they watched chickens play baseball, macaws ride bicycles, ducks drumming and pigs pawing at pianos. You would find much the same in any number of mom-and-pop theme parks or on television variety shows of the era. But chances are that if an animal had been trained to do something whimsically human, the animal—or the technique—came from Hot Springs. 

Two scenes, seemingly disjointed: the John le Carré shadows against the bright midway lights of county-fair Americana. But wars make strange bedfellows, and in one of the most curious, if little-known, stories of the cold war, the people involved in making poultry dance or getting cows to play bingo were also involved in training animals, under government contract, for defense and intelligence work. (more)

Sunday, October 13, 2013

NIST - Not Indelibly Secure & Trustworthy?

The National Institute of Standards and Technology (NIST) has an image problem. 

Last month, revelations surfaced indicating that the National Security Agency (NSA) may have planted a vulnerability in a widely used NIST-approved encryption algorithm to facilitate its spying activities. And cryptographers are also questioning subtle changes that might weaken a new security algorithm called Secure Hash Algorithm-3, or SHA-3. 

Encryption experts say NIST’s reputation has been seriously undermined but that the security community would like to continue using it as a standards body if it can show that it has reformed. (more)