Sunday, March 2, 2014

Anonymous Instant Messaging - Coming Soon

The Tor Foundation is moving forward with a plan to provide its own instant messaging service. Called the Tor Instant Messaging Bundle, the tool will allow people to communicate in real time while preserving anonymity by using chat servers concealed within Tor’s hidden network.

In planning since last July—as news of the National Security Agency’s broad surveillance of instant messaging traffic emerged—the Tor Instant Messaging Bundle (TIMB) should be available in experimental builds by the end of March, based on a roadmap published in conjunction with the Tor Project’s Winter Dev meeting in Iceland.

TIMB will connect to instant messaging servers configured as Tor “hidden services” as well as to commercial IM services on the open Internet. (more)

How the Avaya Phone on Your Desk Can Be Turned Into A Bug

Security researchers have designed a stealthy eavesdropping attack that sounds like it's straight out of a James Bond movie. It starts with a booby-trapped document that compromises an unpatched laser printer, which in turn converts a popular Internet phone into a covert bugging device.

The proof-of-concept attack exploits currently unpatched vulnerabilities in the Avaya one-X 9608, a popular model of phone that uses the Internet rather than a standard phone line to make and receive calls. Researcher Ang Cui, a Ph.D. candidate at Columbia University and chief scientist at Red Balloon Security, declined to provide many details on the vulnerabilities until users have had time to install a patch that Avaya is expected to release soon. He did say the weaknesses allow devices on the same local network to remotely execute code that causes the device to surreptitiously record all sounds within earshot and transmit them to a server controlled by attackers. He demonstrated a similar bugging vulnerability last year in competing Internet phones designed by Cisco Systems, which has since patched the underlying bugs...

The compromise begins with a booby-trapped document that when printed executes malicious code on certain models of HP LaserJet printers that have not been patched against a critical vulnerability. Once compromised, the printers connect to attack servers, creating a means for outside hackers to bypass corporate firewalls. The attackers then use the printers as a proxy to enumerate and connect to other devices in the corporate network.

Once an Avaya 9608 phone is discovered, the attackers can inject code into it that infects its firmware. The compromise, which survives reboots, activates the phone's microphone without turning on any lights or otherwise giving any indication that anything is amiss. The infected phones can be set up to record conversations only after attacker-chosen keywords are detected. Recorded conversations can be sent through a corporate network onto the open Internet, but the malware also has a secondary method for exfiltration that bypasses any devices that block suspicious network traffic. In the event that such devices are detected, the malware can turn a phone's circuit board into a radio transmitter that sends the recorded conversations to a receiver that's anywhere from several inches to 50 feet away, depending on environmental variables.
 

The larger point is that bugs in electronics firmware are notoriously easy to exploit, as a small sample of recent stories shows. Even if a target isn't using the phones or printers featured in the demonstration, chances are good that the target is using some constellation of devices that are susceptible to remote hijacking. And besides, many organizations fail to apply firmware updates, so even if a patch has been released, there's a good chance that it will never get installed on many vulnerable devices. (more)

Security Director Alert: Make sure software patching is a priority on the IT department's list. Start with this list for HP printers.

Saturday, March 1, 2014

"Black" Smartphones Come of Age

The launch of not one, but two, "Black phones" 
this past week may lead people to think that secure cell phones are a hot new item. 

Hot, yes. New, no. Many other secure smartphones, not to mention a plethora of apps, have existed for years. Mostly, these phones have been sold to governments and have commanded high prices. Now, as the demand heats up, prices are dropping. 

Want a government-level secure, encrypted smartphone at a reduced price? (You know you do. Even if only to attract attention.) 

Cryptophone™ today announced. "...special prices on the first two phones of any order placed this week." (more)

Friday, February 28, 2014

Eavesdropping News of the Day

IL - Warren Township High School board member Liz Biondi claimed at a meeting this week that "someone in the district" has wiretapped her telephone. Biondi made the accusation while bantering with John Anderson, board president at Gurnee-based Warren District 121. She did not respond to emailed questions Thursday on why Warren officials would eavesdrop on her or whether she has evidence supporting the wiretap claim. (more)
 

Alert - Unless you want a public sex tape, you should probably stop using any kind of digital machine to record your intimate acts. The latest leak from Edward Snowden shows how the NSA and the British equivalent Government Communications Headquarters collaborated to intercept webcam images from innocent Internet users. (more)
 

Turkey - Prime Minister Recep Tayyip Erdoğan has hit back against unprecedented accusations of corruption after the leak of incriminating phone conversations, accusing both prosecutors and police of spying for another country. (more)

Scotland - Michelle Mone's bra firm ordered to pay former director £16k after bugging pot plant in his office. (more)

Thursday, February 27, 2014

Boeing to Launch its Own Black Phone

The world's biggest aerospace company is jumping into the business of making high-security smartphones.

Boeing Co. filed plans this week with the Federal Communications Commission for a smartphone dubbed Boeing Black, which is designed for defense and security customers and won't be available to average consumers. The phone is based on a modified version of Google Inc.'s Android operating system...

Boeing is being stealthy about the project. Without publicly announcing the product, the company posted a description on its website. It said the modular construction of the phone's 5.2-inch-tall body would allow users to attach devices that add such features as advanced location tracking, solar charging, satellite transceivers and biometric sensors.

In Monday's FCC filing, Boeing detailed plans to keep the phone's technology secret, saying it will be sold "in a manner such that low-level technical and operational information about the product will not be provided to the general public."

The filing documents also said the phone, which is about 50% heavier than Apple Inc.'s iPhone 5s and twice as thick, is designed to effectively self-destruct if tampered with: "Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable." (more)

Wednesday, February 26, 2014

New Tiny Ultrasound Camera Sees What's in Your Heart ...really

Developed by a team at the Georgia Institute of Technology, the device consists of a 1.5-mm-wide disc-shaped head, from which trails 13 tiny joined cables. The idea is that it will be inserted into a patient's coronary blood vessels or heart, snaking its way through while being pushed or pulled from outside the body via an integrated 430-micron-wide guide wire, all the while using the cables to transmit ultrasound imagery.


Its head is built around a single silicon chip, which is equipped with a dual-ring array of 56 ultrasound transmit elements and 48 receive elements. Much of the processing of the ultrasound data is performed onboard the chip itself, meaning that less information has to carried outside the body – this is why it requires no more than 13 cables, allowing its consolidated "umbilical cord" to stay skinny and flexible enough to easily move through blood vessels. (more)

Off-Hook Telecoms Call for Attorneys' Fees - Disconnected

AT&T, Verizon and other telecoms cannot recover attorneys' fees after ducking claims that they overcharged for electronic surveillance, a federal judge ruled.

Former New York Deputy Attorney General John Prather had filed the lawsuit on behalf of the U.S. government, claiming that AT&T, Verizon, Qwest Communications International and Sprint Nextel overcharged federal, state and city governments for services under the Communications Assistance to Law Enforcement Agencies Act (CALEA), which requires the companies to provide the government with electronic surveillance of their customers in exchange for reasonable expenses.


Prather claimed to have "observed eavesdropping charges increase tenfold after CALEA despite changes in technology that should have made it easier for Telecoms to provide wiretaps, and believed that the Telecoms were overcharging for wiretaps." (more)

Tuesday, February 25, 2014

Wiretapping Case Costs South Bend, IN almost $1 Million... so far

Summary: Former police communications director KarenDePaepe was fired in 2012 in the wake of an investigation into whether she and Chief Boykins violated the federal Wiretap Act by recording certain telephone conversations between Metro Homicide Commander Tim Corbett, officers Steve Richmond, David Wells and Brian Young and Young’s wife Sandy Young.
Timeline of the case.
TV report.

Brazil, Europe Plan Undersea Cable to Skirt Spying

Brazil and the European Union agreed on Monday to lay an undersea communications cable from Lisbon to Fortaleza to reduce Brazil’s reliance on the United States after Washington spied on Brasilia.

At a summit in Brussels, Brazilian President Dilma Rousseff said the $185 million cable project was central to “guarantee the neutrality” of the Internet, signaling her desire to shield Brazil’s Internet traffic from U.S. surveillance. (more)


Shhhh... Apparently, they missed reading this, this 1918 experiment and this modern day story. Not to mention... Operation Ivy Bells, Operation Tempora and Glimmerglass.

Computer Allegedly Bugged by Ethiopians

A Maryland man is suing the Ethiopian government after it was discovered that it infected his computer with spyware, wiretapped his calls made via Skype, and monitored his family’s computers for months.

"We have clear evidence of a foreign government secretly infiltrating an American's computer in America, listening to his calls, and obtaining access to a wide swath of his private life," said Electronic Frontier Foundation staff attorney Nate Cardozo. 


"The current Ethiopian government has a well-documented history of human rights violations against anyone it sees as political opponents. (more)

Turkish Watergate - Surprise - The Guard Gets Blamed for Bugging the Place

Turkey - A police officer only known as S.D., allegedly responsible for placing a bugging device in Prime Minister Recep Tayyip Erdoğan's study inside his Ankara residence, has reportedly been working as a bodyguard for Saudi Arabian businessman Yasin al-Qadi, the Taraf daily claimed on Tuesday.

“It has come out that S.D., who has been accused in connection with the bugging device discovered in Prime Minister Erdoğan's Ankara house, was assigned to protect Yasin al-Qadi,” Emre Uslu wrote in his Taraf column, which was also the daily's headline story.

Four covert listening devices, as Erdoğan explained in December 2012, had been discovered in the office of his Subayevleri home in Ankara, without detailing exactly when the devices had been found, adding that an investigation was being launched. (more)

Netflix New Drone Delivery Service

Another nail in the Post Office's Coffin...
 
Sorry, this just couldn't wait until April 1st.

Going Down - Goldman Elevator Eavesdropper Exposed

The author of the anonymous Twitter feed purportedly recounting conversations in the elevators of Goldman Sachs has been unmasked as a former bond executive living in Texas who has never worked at the bank. The revelation hasn't affected John Lefevre's six-figure book deal with Simon & Schuster based on the feed @GSElevator. (more)

Monday, February 24, 2014

"My ankle bracelets are so good, I wear one myself!"

CA - FBI agents arrested a Mexican tycoon named Jose Susumo Azano Matsura at his Coronado, Calif. home on Wednesday as part of a political bribery investigation based on captured emails, seized banking records, and covertly recorded conversations.

The unfolding scandal is soaked in irony: Azano is a surveillance evangelist whose company won a secret, no-bid contract with the Mexican military for computer and mobile phone hacking and spying technology in 2011. He is chairman of a company called Security Tracking Devices SA de CV, and he is now chained to a tracking device—on house arrest. (more)

Privacy Art that Tells You a Story... really

This company (lithographs.com) turns the text of various books into a piece of appropriately themed text-art and makes lithographs, tees and tote-bags out of it. 

Cory Doctorow announced that the company has produced a line of Lithographs based on his novel Little Brother, with a gorgeous anti-surveillance design by Benjy Brooke. (more)

via wikipedia.com...
Little Brother is a novel by Cory Doctorow, published by Tor Books. It was released on April 29, 2008. The novel is about four teenagers in San Francisco who, in the aftermath of a terrorist attack on the San Francisco – Oakland Bay Bridge and BART system, defend themselves against the Department of Homeland Security's attacks on the Bill of Rights. The novel is available for free on the author's website under a Creative Commons license, keeping it accessible to all.

The book debuted at No. 9 on The New York Times Best Seller list, children's chapter book section, in May 2008. As of July 2, it had spent a total of six weeks on the list, rising to the No. 8 spot. Little Brother won the 2009 White Pine Award, the 2009 Prometheus Award. and the 2009 John W. Campbell Memorial Award. It also was a finalist for the Hugo Award for Best Novel. Little Brother received the Sunburst Award in the young adult category. 


The New York Times says, “Little Brother isn't shy about its intent to disseminate subversive ideas to a young audience. The novel comes with two afterword essays by cryptographer and computer security specialist Bruce Schneier, and hacker Andrew "bunnie" Huang, and has a bibliography of techno-countercultural writings, from Jack Kerouac's "On the Road" to Schneier’s "Applied Cryptography." (more)