2007 and Still Smokin'

Researchers have uncovered a sophisticated cyber spying operation that has been alive since at least 2007 and uses techniques and code that surpass any nation-state spyware previously spotted in the wild.

The attack, dubbed “The Mask” by the researchers at Kaspersky Lab in Russia who discovered it, targeted government agencies and diplomatic offices and embassies, before it was dismantled last month. It also targeted companies in the oil, gas and energy industries as well as research organizations and activists. Kaspersky uncovered at least 380 victims in more than two dozen countries, with the majority of the targets in Morocco and Brazil.

The attack — possibly from a Spanish-speaking country — used sophisticated malware, rootkit methods and a bootkit to hide and maintain persistence on infected machines. The attackers sought not only to steal documents, but to steal encryption keys, data about a target’s VPN configurations, and Adobe signing keys, which would give the attackers the ability to sign .PDF documents as if they were the owner of the key. (more)

TSCM Find - Police Ombudsman Headquarters' Conference Room & Wi-Fi Bugged

Ireland - The headquarters of the Garda Ombudsman Commission has reportedly been targeted by a secret bugging operation. 

According to a report in today's Sunday Times, the watchdog's phone and internet were compromised in a highly sophisticated hacking incident...

The spying operation was uncovered when the Ombudsman hired security consultants to investigate whether its office had been bugged.
The investigation found that a phone in a meeting room had been rigged to eavesdrop on confidential conversations.

The room was used to hold case conferences related to investigations being carried out by the commission.

The Wi-Fi network at the Garda Ombudsman office had also been hacked - allowing emails and confidential material to be intercepted. (more)

UPDATE:
Mr Shatter has asked the Commission for a report on its decision to hire a British Security company last year to investigate if it had been placed under electronic surveillance.

A source within GSOC has confirmed to RTÉ that the company told it that it had found evidence of electronic surveillance in one of its meeting rooms and that its wi-fi system may have been compromised. (more)

Today's Chinese Espionage Revenge Had Roots in Tea (among other rip-offs)

Darjeeling tea, the Champaigne among teas, owes its genesis to an industrial espionage of epic proportions. Planned by the East India Co and executed by a daring Scot, the early 19th century operation gave the world the thin-bodied, light-colored infusion with a floral aroma that is revered by tea connoisseurs the world over. 

British tea expert Malcolm Ferris-Lay said...

"For nearly 200 years, the East India Co sold opium (derived from Papaver Soniferum) to China and bought tea with the proceeds... in May 1848, Robert Fortune (born in Eldrom village in Berwickshire, Scotland) was approached by East India Co to collect valuable information on tea industry in China.

"Fortune learned Mandarin, shaved his head, adopted a pigtail as worn by Manchus, dressed in local clothes and disguised himself as a Chinese from a distant province. He sneaked into remote areas of Fujian and Jiangsu province, forbidden parts of China. Fortune managed to collect 20,000 plants and seedlings and had then transported it to Kolkata in Wardian cases, small greenhouses which kept the plants healthy due to condensation within the case," Ferris-Lay explained.

These seedlings were planted in Darjeeling and grew into bushes that over the time produced the unique tea. "Many of the teas that Fortune brought back perished. But the knowledge that he brought back from China together with plants were instrumental in what is today a huge flourishing tea industry in India," he said. (more)

Swiss Swatch on Swish Laws in Russia. Neutral. And by the way U.S...

The eccentric chief executive officer of Swatch Group (Nick Hayek), one of the world's top watchmakers, was so incensed by recent allegations of mass U.S. spying that he chastised a top New York official over the matter in a letter late last year... 

Hayek's comments were released this week, along with those from five other companies that responded... (They were asked to take a stance against Russia's recent clampdown on gays ahead of the winter games in Sochi.)

Please make me one, Nick.

"As you claim you are an investor with Swatch Group you should be equally preoccupied about what has been publicized lately: the massive collection of data of the NSA worldwide including Switzerland," fumed Hayek, whose first language is not English, in a letter dated December 13.

"Swatch Group is an innovative industrial leader; at the heart of our success are very innovative products," Hayek continued. "The integrity of our confidential information is key to develop successful products. The practices that apparently have become a habit from organizations like the NSA can create huge damage to our company and our shareholders."
 
"As an investor you should have all interest to speak up loud about such potentially damaging practices coming from the USA," Hayek said. (more) (sing-a-long)

Surreptitous Workplace Recording: 2-Party Law Drops Cop

MD - A Baltimore City police officer has agreed to resign his post so charges against him in an illegal phone recording case will be dropped. 

Sgt. Carlos Vila was indicted in August 2012 under the state's wiretapping law after he was accused of illegally recording Baltimore Judge Joan Gordon, who sits in the city's Eastside District Court. Officials said in April 2012, Vila used his cellphone to record an argument he had with Gordon about a warrant.

Aside from the wiretapping charge, Vila was also charged with playing the recordings for his colleagues. Both charges are felonies. (more)

Maryland law requires all parties consent to being recorded. Federal law, which is followed by most states, only requires one party to consent. 

Had this happened in a workplace, in a one-party consent state, the outcome would have been much different.

Corporate Security Directors: If you still don't have a written Covert Recording in the Workplace Policy, call me. You need one. I will help you get started. No charge. No obligation. Not having one leaves you open to a multitude of problems.

State Dept. caught on tape saying ‘F*** the E.U.’; Russian bugging suspected

Two senior American diplomats, thinking their conversation about the Ukraine was secure and private, were caught disparaging the European Union in a phone call that was apparently bugged, and U.S. officials say they strongly suspect Russia of leaking the conversation.

The suspicions were aired Thursday after audio of the call was posted to the Internet...

The White House and State Department stopped just short of directly accusing Russia of surreptitiously recording the call between the top US diplomat for Europe, Victoria Nuland, and the U.S. ambassador to Ukraine, Geoffrey Pyatt. But both took pains to point out that a Russian government official was the first or among the first to call attention to the audio of the conversation that was posted on YouTube. (more)

...in other not so surprising news...

A Russian government aide who was among the first to post a video online containing a bugged phone call between two U.S. diplomats denied Friday that he or the government played a role in leaking the recording.

Dmitry Loskutov said he was surfing a social networking website on Thursday when he came across the video, in which the top U.S. diplomat for Europe, Victoria Nuland, disparages the European Union. (more)

UPDATE: Ukraine's state security service on Saturday said it was not investigating the bugging of a phone call between U.S. diplomats... (no more)

So ya think your nanny cam is spying on you, ma'am? Here's what ya do...

WA - A Lake City couple believes a burglar hacked into their cloud-based nanny cam and has been using it to monitor when they are and aren't home and possibly record their "private bedroom activities," according to the Seattle Police Department.
For the past two months, the victims have been arriving home to find items disturbed and missing in their apartment...

The victims told officers the system is easily hacked, and they believe someone has been monitoring their camera and knows when they leave the apartment...
 
Officers encouraged the couple to stop using the nanny cam and to contact building management with their concerns. (more)

Olympic Sized Gaffe - We have surveillance video of hotel showers...

Responding to the western campaign of "deliberate sabotage" in the media, Paul Sonne of WSJ reports, Russian deputy prime minister Dmitry Kozak said, "We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall and then leave the room for the whole day."

(Say What?!?!?!) 

Then an aide whisked Kozak away before he could answer any follow-up questions...

...former NSA operative John Schindler has some counter-surveillance advice for Sochi's shower users...  Shut door and run shower hot for 10 minutes. Clear spot on mirror is the cam. (more)

Click to enlarge.

Totally Invasive Video Surveillance Can Be Good For You

The US Food and Drug Administration (FDA) has now approved a device for use after an incomplete procedure (colonoscopy) that is minimally invasive and can achieve similar imaging results to a colonoscopy. PillCam Colon is a pill-sized camera that is swallowed and passes through a patient's gastrointestinal tract.

The device itself is a pill-sized video camera measuring 12 x 33 mm (0.47 x 1.3 in) that captures color video from both of its ends at 4 or 35 frames per second. An LED provides the necessary illumination for image capture and, once swallowed by the patient, it wirelessly relays footage to a recording device worn by the patient for approximately 10 hours. (more)

Quote of the Day - On retaining privacy...

"It is amazing how lame people are. In today’s world, it is easy to hide. Just unplug." ~MW

The K5 Security Robot - aka Robopanopticop, or R-2 D-brief

Knightscope officials envision its K5 system playing a role in community policing...

“Knightscope’s autonomous technology platform is a fusion of robotics, predictive analytics and collaborative social engagement utilized to predict and prevent crime,” the company states on its website. That means that in addition to sophisticated intelligence, surveillance and reconnaissance capabilities, the K5 is equipped with analytics enabling it to detect threats to people or property and summon police.

• Able to scan an area in 270-degree sweeps to photographically map it. 
• Four mid-mounted cameras can scan up to 1,500 license plates per minute
• 5-foot high, 300-lb.
• Equipped with optical character recognition, omnidirectional imaging, thermal imaging, microphones, air quality sensors, ultrasonic and infrared sensors, radar for determining the range, altitude, direction or speed of objects and lidar technology for measuring distance to an object. (more)

Athletes, Beware the Sochi Spy Games

The telecommunications, e-mail and social network presence of athletes and others attending the Olympics will be under intense scrutiny before, during and after the events. These communications will be exploited for competitive advantage, political-economic intelligence, hints of sedition, identity theft and manufacturing future access...

Obfuscation idea.

Athletes can expect to have been profiled from the moment they are named to a team... There may be attempts to entrap or break into a circle of trusted friends or groups. Athlete and their electronics will have already been exposed... Simply visiting Sochi-related websites may be enough to infect a computer with spyware.
During the Games, it is reasonable to assume that all phone calls, e-mail, texts, web browsing, online banking and access to voice mail will be intercepted and exploited. Athletes who hope to take home medals may be taking home something else on their laptop instead...

Strategy discussed in team dressing rooms or over the airwaves will be subject to eavesdropping, whereas team radio communications are also vulnerable to electronic warfare tactics: deception, spoofing, interference or jamming at critical moments during play...

Consider that Russian security services share a cozy relationship with organized crime, who stand to benefit from information collected from the state espionage infrastructure. Consequently, banking and identification information are at also at risk. (more)

Data Spying: Feb. 11 To Become “The Day We Fight Back”

The ACLU, Greenpeace, Reddit, Mozilla and a number of other organizations have banded together to fight back against data spying.

Data spying has become a hot topic in the U.S., ever since Edward Snowden blew the whistle on the National Security Agency’s data mining programs... Now a group of organizations and businesses are uniting in an effort to raise awareness about data spying. 

The ACLU, Greenpeace and other organizations have put together the website TheDayWeFightBack.org, letting everyone know that they’re planning to make a big statement on Feb. 11. That’s the date when we will see a bunch of Internet ads protesting the U.S. government’s data spying programs...

According to the site, U.S. Internet users will see banners which urge them to call or email Congress about the data spying issue. (more)

Bugging Lawyer Sentenced to Two Years

A former California divorce lawyer who admitted bugging a car was sentenced on Monday to two years in prison for illegal eavesdropping and tax evasion.

Mary Nolan, 62, of Oakland pleaded guilty to charges of evading more than $400,000 in federal taxes and causing her staff to plant a listening device in the vehicle of “N.F.,” identified as a client’s estranged spouse... Nolan gave up her law license and agreed to repay $469,000 in back taxes, according to an FBI press release.

Nolan was among the defendants caught up in the so-called “dirty DUI” scandal in which a private investigator hired alluring women to drink with the husbands of divorce clients at bars. The women would then invite the men to follow them in their cars, and police would be called to investigate a DUI. (more)

Spy History: Business Espionage in the 18th Century

UK - Derby and Derbyshire have been known for cutting-edge technology since the early 18th century.

ESPIONAGE was the murky business that kick-started Britain's industrial revolution and made Derby the world's first industrial town.

In the 17th and the first couple of decades of the 18th century, silk woven in Derby could not compete with Italian rivals.

John Lombe traveled to Piedmont (Italy) to find out how the fine-quality silk there was spun.
He made drawings of Italian machinery and smuggled them back to the UK to patent kit that would wind, spin and twist silk.

On his return to England, he arranged for engineer George Sorocold to construct a five-story factory to be powered by water from the Derwent.

Lombe's Mill, viewed across the River Derwent, 18th century.

It was the first operation of its kind in the country and has a strong claim to be the world's first successful use of the factory system. (more)

...and then...

Samuel Slater, an early English-American industrialist known as the "Father of the American Industrial Revolution", the "Father of the American Factory System" and "Slater the Traitor" (in the UK) ...because he brought British textile technology to America with a few modifications fit for America. 

He learned textile machinery as an apprentice to a pioneer in the British industry.

He brought the knowledge to America where he designed the first textile mills, went into business for himself and grew wealthy.

By the end of Slater's life he owned thirteen spinning mills and had established tenant farms and towns around his textile mills such as Slatersville, Rhode Island.
 
Guess where Sam was born...

Derbyshire, England June 9, 1768. (more)